Page 596 - COSO Guidance
P. 596
3. Performance for ESG-related risks
The financial impact of deforestation-free supply chains on Brazilian beef production
Brazil is the world’s largest exporter of beef, making up almost 20% of the world market. However, the
impact on Brazil’s natural resources – and global GHG emissions – is significant. With only 1% of beef
production in Brazil certified as sustainable, NYU Stern’s Center for Sustainable Business led a research
project to assess the financial benefits (e.g., productivity and profitability) of shifting to sustainable beef
production. This analysis assessed the benefits for all players in the industry’s value chain – namely,
ranchers, slaughterhouses and retailers.
2
The project looked at the benefits of sustainable and deforestation-free practices across five areas:
cost reduction, revenue increase, risk avoidance, financial and valuation, and other. Using research,
data analysis and interviews, benefits were calculated based on market demand, probabilities and penalty
costs consistent with each indicator.
3
The results are powerful for decision-makers, with evidence that sustainable agricultural practices lead
to improved profitability across the value chain. The uptake of sustainable agricultural practices provided
the most financial benefit, while the uptake of deforestation-free commitments reduced risk. In particular,
ranchers reaped the most benefits as a percentage of total income – between USD$18 million and USD$34
million (12% and 23% of revenues) net present value over 10 years. 4
1.1 Risk prioritization criteria
A range of quantitative and qualitative measures can be used to estimate Guidance
the severity of risks while comparing and prioritizing them. Risk severity
is commonly expressed in terms of impact and likelihood. However, some Understand the
organizations are expanding their risk severity criteria (using, for example, entity’s criteria
velocity and recovery) to improve risk management of ESG-related risks. for prioritizing risks
The COSO ERM Framework defines impact as “the result or effect of a risk”
and explains that there may be a range of possible impacts associated with a risk. Further, those impacts may
be positive or negative relative to the strategy or business objectives. Table 3b.2 provides some examples of
5
criteria used to assess the impact of risk.
Table 3b.2: Examples of impact prioritization criteria
Risk rating Definition
Catastrophic • Financial loss: [ ]% of earnings before interest, taxes, depreciation and amortization (EBITDA) or more than
[ ]% impact on share price
• International negative media coverage for more than six months that results in at least [ ]% revenue loss
• More than [ ]% employee turnover
• Prosecution, fines and litigation greater than [ ]% of expenses
• Threatened or actual loss of [ ]% or more strategic customers
High • Financial loss: [ ]% of EBITDA or share price
• Reputation damage from media coverage that persists for one to six months and results in [ ]% nonrecurring revenue loss
• Results from employee survey showing staff morale more than [ ]% less than peer organizations
• Threatened or actual loss of [ ]% strategic customers
Medium • Financial loss: [ ]% of EBITDA or share price
• Reputation damage from media coverage that persists for less than one month and results in [ ]% nonrecurring
revenue loss
• Results from employee survey showing morale [ ]% less than peer organizations
• Threatened or actual loss of [ ]% strategic customers
Low • Financial loss: less than [ ]% of EBITDA or share price
• Local reputation damage from NGO or media resulting in less than [ ]% revenue loss
• Individual feedback from employees on low staff morale
• Customer complaints from less than [ ]% of strategic customers
Please note percentages are not specified as they are for illustrative purposes only.
6
The COSO ERM Framework defines likelihood as “the possibility that a given event will occur.” In determining
the likelihood, management may consider the following questions:
• What is the probability of the risk occurring? This may be qualitative (e.g., low, medium, high), quantitative
(e.g., 20% likelihood in the next 5 years or 50% in the next 50 years) or frequency (e.g., once every 12 months).
• How quickly will the risk progress to the impact identified (e.g., considers velocity)?
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 49
