Page 600 - COSO Guidance
P. 600
3. Performance for ESG-related risks
Table 3b.5: Example hierarchy for risk severity measures
Measure Example risk severity metrics
Quantitative Revenue: Projected or identified impact on revenue or expenditures
(monetary) Expenditures: Projected or identified impact on expenditures or costs
EBITDA: Projected or identified impact on EBITDA
Assets and liabilities: Write-off, asset impairment and early retirement of existing assets
Capital and financing: Impact to cost of capital or access to capital, operating losses
Share price: Impact (%) in share price c
Customer/reputation: Reduction in customer confidence (%) (may also be measured in revenue)
Safety: Lost time due to injuries
Quantitative Social media coverage: Number of viewers of the entity’s video
(non-monetary) Business continuity: Maximum allowable outage
Greenhouse gas emissions: Total emissions by type of greenhouse gas (GHG); carbon intensity (GHG/USD $ million)
Energy/fuel: Total energy consumption in megawatt hours
Water: Total freshwater withdrawn in cubic meters from water-stressed regions
Land use: Percentage change in land cover type (e.g., grassland, forest, cultivated, pasture, urban)
Location: Number of locations within a designated flood zone
Capital and financing: Increase or decrease in ability to raise capital
Reputation: Type of complaints received from stakeholders
d
Qualitative Staff morale/turnover: Engagement survey results/level of engagement
Where possible, ESG-related risks should be assessed and framed in the preferred denominators of the
organization. For many entities, it means that risk management and sustainability practitioners or risk owners
will need to, if possible, assess the severity of an ESG-related risk in terms of revenue, costs or EBITDA.
However, the need for monetary assessments can present some challenges. Many entities’ interactions with
ESG issues do not yet have an easily measurable impact on market value or the price of products, materials or
cash flows. For some ESG-related risks, this can be addressed by including a non-financial measure directly
in the prioritization criteria. For example, some organizations prioritize risks that lead to any significant safety
incidents as ‘‘high’’ regardless of whether a financial impact can be quantified.
For other ESG-related risks, organizations may need to develop or leverage tools and capabilities for
quantification. The Natural Capital Protocol and the Social & Human Capital Protocol can support this
17
18
quantification. These protocols are designed to help organizations identify, measure and value impacts and
dependencies on natural and social capital (respectively) in terms of costs and benefits for business and society.
Although the costs and benefits to the entity should be the primary focus of this analysis, external costs and
benefits to society can also contribute to the long-term value of an entity. Consider the example of JetBlue (below).
After identifying a dependency on natural capital (i.e., pristine beaches at its destinations) in its business model,
JetBlue adopted an approach to quantify the risk and return relating to this dependency. These impacts and
dependencies are becoming increasingly relevant due to an increasing drive from customers, NGOs and other
stakeholders for transparency or voluntary action by businesses to recognize these costs and benefits.
JetBlue: EcoEarnings — a shore thing
Leisure travel to the Caribbean is a key part of JetBlue’s business model, with 1.8 million customers per
year flying to the 23 countries in the region to enjoy beautiful, clean oceans and beaches. However, large-
scale environmental degradation puts the business model at risk.
It is well known that airlines depend on natural resources, such as jet fuel, to operate and meet business
objectives. Less explored, and certainly less quantified, is how airlines rely on natural and well-preserved
destinations to drive tourism and encourage customers to buy tickets. If natural surroundings that draw
tourists to the region are destroyed, the airlines and the local communities would lose a vital revenue stream.
JetBlue conducted an analysis to quantify both the risk and return from the Caribbean’s natural attractions
– effectively, an understanding of the risk associated with its natural capital dependency. The results
indicated positive correlations among water quality, mangrove health, limited waste on shorelines and
revenue per available seat mile (RASM). 19
. . . . . . . . . . . . . . . .
c Although fluctuation in share price can provide an indication of the impact of an event on how a company is perceived by the market; these fluctuations are often short
term and may not have a long-term implication for the performance of the company.
d Using qualitative reputational metrics can also be problematic. Although companies are concerned about reputational impacts of risk, it is preferable that these are
expressed in terms of a monetary or quantifiable impact on the strategy.
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 53
