Page 614 - COSO Guidance
P. 614

3. Performance for ESG-related risks




               3c. Implements risk responses


                Introduction

                For risks identified in sub-chapter 3a, management should select and deploy an appropriate risk response,
                which may be to accept, avoid, pursue, reduce or share. As described in the COSO ERM Framework, when
                considering a response, management should consider attributes such as the severity and prioritization as well
                as the business context and associated business objectives.
                                                                  1





                                                   1        GOVERNANCE & CULTURE
                                                            FOR ESG-RELATED RISKS


                                                   2        STRATEGY & OBJECTIVE-SETTING
                                                            FOR ESG-RELATED RISKS

                                                   3        PERFORMANCE
                                                            FOR ESG-RELATED RISKS
                                                         a  IDENTIFIES RISK
                                                         b  ASSESSES & PRIORITIZES RISKS

                                                         c  IMPLEMENTS RISK RESPONSES

                                                   4        REVIEW & REVISION
                                                            FOR ESG-RELATED RISKS


                                                   5        INFORMATION, COMMUNICATION & REPORTING
                                                            FOR ESG-RELATED RISKS




                This sub-chapter relates to the following COSO ERM Framework principles:
                                                                               2
                13   Implements risk responses: The organization identifies and selects risk responses.
                14   Develops portfolio view: The organization develops and evaluates a portfolio view of risk.
                As discussed in sub-chapter 3b, many ESG-related risks are inherently difficult to predict and have a lower
                likelihood of occurring – albeit with potentially significant impacts or a longer time horizon over which impacts
                materialize. For this reason, reducing or eliminating the potential impact or likelihood of the risk occurring may
                be a challenge. For these risks, entity responses may choose to focus on adaptive strategies and operational
                plans that build resilience to prepare organizations to address risks as they unfold.
                Of particular importance is assigning clear ownership for each risk response to the appropriate risk owner.
                The risk owner is responsible for assembling resources for designing and implementing a risk response.
                Where appropriate, addressing risks and building resilience can be bolstered with a collaborative approach
                that engages subject-matter experts from inside and outside the organization. A cost-benefit analysis can help
                select the best response and obtain buy-in for implementation. It can then be used to review the risk response
                for efficacy (see Chapter 4 for guidance on review and revision).


















               Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018  67
   609   610   611   612   613   614   615   616   617   618   619