Page 602 - COSO Guidance
P. 602
3. Performance for ESG-related risks
2. Analytical choices
In assessing the risk severity in terms of the business context and strategy,
management makes a series of choices to determine an appropriate Guidance
assessment approach and select the data, parameters and assumptions
required for the risk assessment. Select appropriate
assessment
2.1 Assessment approaches
approaches to
This section highlights four approaches that can be used to measure measure risk severity
ESG-related risk severity qualitatively or quantitatively as outlined in
Table 3b.6. This list is not exhaustive. There are a variety of other tools to
support an evidence-based approach to risk severity assessment, such as competitor analysis, stakeholder
assessments and peer benchmarking as well as specific data-driven approaches supported by technology
and big data.
Table 3b.6: Measurement approaches
Approach Description Advantages and disadvantages
Expert input Expert input refers to a forecasting method • Relatively quick, limited analysis
that relies on a panel of experts (e.g., Delphi • Not always effective for ESG-related risks when relevant experts are
approach) or interviews and discussions not available to participate
with subject-matter specialists.
• May be appropriate for emerging risks, where data is sparse
• Allows criteria other than “likelihood” and “impact” such as velocity
or resilience to be included in the risk assessment discussion
Forecasting Forecasting and valuation predicts the • Requires forecasting skills and internal or external data
and impact of a future event based on past and • Requires large amounts of data and probabilistic modeling tools
valuation present data. Traditional ERM tools such
as statistical regression and Monte Carlo
simulation, as well as tools that leverage big
data and artificial intelligence, can support
quantification of ESG-related risks.
Scenario Scenario analysis develops plausible • Requires forecasting and research of future outcomes
analysis pathways to describe a future state. • Allows simulation of events or disruptions
ESG-specific Tools and approaches are available in the • Leverages ESG issue and geography-specific assessment methods
tools Natural Capital Protocol Toolkit and Social • Varying degrees of quality and maturity among the available tools
27
& Human Capital Protocol Toolkit. 28
Selecting the appropriate assessment tool
The selected assessment tool should depend on a range of factors – such as the organization’s prioritization
approach, preference for severity metrics, time horizon of the risk and the type of risk being assessed.
For example, if a monetary assessment is appropriate, risk owners may leverage monetization approaches
(e.g., climate-related risks based on scenario analysis, internal pricing mechanisms). Alternatively, risk owners
may use existing and reputable non-monetary assessments (e.g., greenhouse gas emissions) or qualitative
measures. Table 3b.7 shows the range of approaches organizations use to assess risk severity.
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 55
