Page 590 - COSO Guidance
P. 590
3. Performance for ESG-related risks
Examples include:
• Internal and external audit from which findings may be ESG related (e.g., environmental health and safety,
greenhouse gas emissions, certification audits performed by third parties)
• Due diligence activities from mergers, acquisitions and divestments
• Due diligence activities from new product or new market assessments
• ESG analyses performed for investment decisions (particularly for the financial services and
manufacturing sectors)
• Project management activities (particularly for construction; information, technology and communication;
professional services)
• Supply chain due diligence
• Media monitoring, web scraping Guidance
• Data tracking and analysis of events or issues faced in the past
Convene meetings with both risk
• Monitoring regulatory changes
management and sustainability
• Megatrend analysis practitioners to understand
• SWOT analysis ESG-related risks
• Impact and dependency mapping
• ESG materiality assessment
• Stakeholder engagement
Some of these processes are described in detail in Chapter 2. In the risk identification stage, the critical
question is which of these issues are threats or opportunities to the entity. This is illustrated in Figure 3a.1.
Figure 3a.1: Connecting the business context and strategy to risk identification
Understanding of internal and external environment
• Megatrend analysis
• SWOT analysis
• Impact and dependency mapping Risk identification: threats or
• Stakeholder engagement opportunities to achieving strategy
• Materiality assessment and business objectives
• ESG-related resources
(see Chapter 2: Strategy and objective-setting Risk inventory
for ESG-related risks)
The Task Force on Climate-related Financial Disclosures (TCFD), formed by the Financial Stability Board
in December 2015, recommends companies “describe their risk management processes for identifying
and assessing climate-related risks,” including “whether they consider existing and emerging regulatory
requirements related to climate change.”
6
Risk management and sustainability practitioners can overlay the
outputs of these activities or processes on the business strategy Pro Paper & Packaging
and objectives to identify ESG-related risks or opportunities.
Some examples of this are provided in Table 3a.3.
See Appendix VIII for illustrative
example of identifying the
ESG-related risks that may impact a
strategy or business objectives.
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 43
