Page 606 - COSO Guidance
P. 606
3. Performance for ESG-related risks
Technology company: product safety and recall costs
A technology company assessed the potential severity of product safety risk resulting in a product recall.
The company used data from Dell/Sony’s 2006 lithium ion computer battery recall in which the company
paid USD$400 million for 4.1 million recalled batteries. The company considered this a reasonable
39
comparison because it produces the same type of battery and has a similar manufacturing process.
Using the comparable average recall data for Dell/Sony, the company determined that in the event of a
recall, the cost per recalled battery is approximately $98 per laptop battery (USD$400 million/4.1 million
laptop batteries recalled).
The company has sold 5 million batteries, leading to a potential cost of USD$490 million (USD$98 x 5 million).
The managers understand that this estimated risk severity for product safety is not precise. However, the
potential risk to the company and evidence of the event happening to peers were sufficient to elicit action
from the company. It hired three additional personnel to implement controls over product safety, which
reduced the company’s risk and protected its customers.
Utility company: Monte Carlo simulation for severe weather risk
An electric utility company owns many generation plants. The company identified the risk of severe
weather such as tornadoes impacting operating ability of generation plants for up to several weeks.
This risk impacts revenue and customer confidence. The time horizon for risk assessments is five years,
consistent with the company’s strategic plan. It assessed the severity of the risk as follows:
• The risk managers obtained historical plant availability data for the past ten years. Using this data and
the Monte Carlo simulation, they created a “historical profile.”
• The risk management and sustainability practitioners worked together to obtain meteorological
projections of expected storms in the next five years. They used this projection to determine the
“risk-adjusted profile.”
Generation plant availability
Frequency 100% Most likely Overly
optimistic
projection
75% projection
50%
25%
0%
63 65 67 69 71 73 75 77 79 81 83 85 87 89 91 93 95 97
Percentage availability Risk-adjusted profile Historical profile
Based on this analysis, the managers observed that the plants were at a greater risk of deteriorating
performance than history indicated. This warranted additional investment to prevent service degradation.
Using this information, the company was able to prioritize the risk and develop and model its responses.
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 59
