Page 591 - COSO Guidance
P. 591
3. Performance for ESG-related risks
Table 3a.3: Example of overlay of strategic vision for risk identification
Overlay of business strategy Examples of ESG-related risks or opportunities
and objectives
Megatrend How might the emergence of a global risk • Consider the impact of global risks identified by the Allianz Risk
analysis or megatrend impact the entity’s strategy Barometer 2018:
7
and operations? - The impact of extreme weather events and water crises on
the company
- The impact of natural disasters on the ability of the supply chain to
operate efficiently to meet customer expectations
SWOT What are the ESG-related strengths, • Consider how the entity can leverage technology and innovation to
analysis weaknesses, opportunities and threats? improve the sustainability of its product offering
• Consider the impact of a safety incident
Impact and What are the impacts and dependencies • Consider the entity’s impacts and dependencies on local communities
dependency relating to the business model (inputs, • Consider the entity’s dependency on scarce resources for many of the
mapping business activities, outputs, outcomes)? packaging products
• Consider the entity’s impact on the safety of its employees
and customers
Stakeholder Engaging internal and external stakeholders • Consider the NGOs that have launched campaigns against the entity
engagement can help identify risks that are related to due to ESG-related concerns
a broader group of stakeholders or have • Consider engagement with unions regarding labor relations
been overlooked by internal
management. It is important to consider: • Consider how to leverage the relationship with stakeholders to build
• Who is sharing the information? goodwill and stay ahead of emerging trends and preferences
• Why is it important to the stakeholder?
• How does it impact the strategy?
Materiality The significant issues identified through • Consider significant issues identified in the ESG materiality assessment
and ESG the company’s ESG materiality (e.g., climate change, circular economy, human rights) and which of
assessments assessment or other ESG risk assessment these may translate into ESG-related risks
tools should be considered for their • Consider the salient human rights issues identified through the Human
impact on the business. Rights Impact Assessment
• Consider the greenhouse gas emissions profile and the resulting
exposure of the organization to future carbon liabilities
It is every employee’s responsibility to manage risk. Although often led by ERM, everyone in the
organization – whether a project manager, sustainability manager, investment analyst or procurement
manager – is responsible for identifying risks.
Framing risks
When identifying risks, it is important to go beyond simply “listing” the risks;
rather, risks should be articulated precisely in terms of the impact to the Guidance
strategy and business objectives as well as understanding the nature and
root cause of the risk. Identify the ESG-related
risks that may impact
Understanding impact to business strategy
the organization's
COSO defines risks as possible events that can affect the achievement of strategic and
strategy and business objectives. Therefore, any risk identified needs to operational plans
8
be considered, described and framed in the context of how it will impact
the strategy. Identified risks are translated into impacts at all levels of an
organization (e.g., entity, business unit, division or other functional level).
44 Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018
