Page 587 - COSO Guidance
P. 587

3. Performance for ESG-related risks




            3a. Identifies risk


            Introduction

            Risks are present in all business activities. They often come into focus due to changes in business strategy,
            objectives, context or risk appetite. Chapter 2 describes how entities can better understand ESG-related
            shifts, impacts and dependencies that may affect a business’s ability to achieve its strategy or objectives.
            Management can leverage the outcomes from these activities to gain a more complete understanding of their
            entity’s ESG-related risks.





                                                   1        GOVERNANCE & CULTURE
                                                            FOR ESG-RELATED RISKS

                                                   2        STRATEGY & OBJECTIVE-SETTING
                                                            FOR ESG-RELATED RISKS

                                                   3        PERFORMANCE
                                                            FOR ESG-RELATED RISKS

                                                         a  IDENTIFIES RISK
                                                         b  ASSESSES & PRIORITIZES RISKS

                                                         c  IMPLEMENTS RISK RESPONSES

                                                   4        REVIEW & REVISION
                                                            FOR ESG-RELATED RISKS

                                                   5        INFORMATION, COMMUNICATION & REPORTING
                                                            FOR ESG-RELATED RISKS




            This sub-chapter relates to the following COSO ERM Framework principle:
                                                                          1
            10  Identifies risk: The organization identifies risk that impacts the performance of strategy and
               business objectives.
            It is important to remember that not all ESG issues present an enterprise-level risk. Managers need to translate
            external trends and drivers into identified risks and assess the impact and severity on the organization.
            Although many entities have processes in place to do this, ESG-related risks can be more challenging to
            identify because they are often:
            • New or emerging and may unexpectedly threaten an organization’s ability to achieve its strategy and
             business objectives
            • Not well known to the business and include “black swans” or other unforeseen events that can challenge the
             entity’s short-term or long-term performance or even survival
            • Longer term, going beyond the timeline with which strategy is set or risks have been considered historically
            • Difficult to quantify and communicate in the context of business language and objectives
            • Beyond the scope of one entity and therefore require response at industry or government levels
















        40                             Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018
   582   583   584   585   586   587   588   589   590   591   592