Page 624 - COSO Guidance
P. 624
4. Review and revision for ESG-related risks
4. Review and revision for
ESG-related risks
Introduction
Chapters 2 and 3 focus on how organizations can leverage ERM activities to better understand and respond to
ESG-related risks. ERM, however, is not a “one and done” activity. It is a dynamic process that requires ongoing
review and revision of both individual risks and the ERM process overall. In many jurisdictions, monitoring
the effectiveness of an entity’s internal control and risk management process is required by regulation. For
example, Norway’s financial sector regulation on risk management requires the CEO to “continuously monitor
changes in the entity’s risks and ensure that the firm’s risks are properly addressed in accordance with the
board’s guidelines.” 1
1 GOVERNANCE & CULTURE
FOR ESG-RELATED RISKS
2 STRATEGY & OBJECTIVE-SETTING
FOR ESG-RELATED RISKS
3 PERFORMANCE
FOR ESG-RELATED RISKS
a IDENTIFIES RISK
b ASSESSES & PRIORITIZES RISKS
c IMPLEMENTS RISK RESPONSES
4 REVIEW & REVISION
FOR ESG-RELATED RISKS
5 INFORMATION, COMMUNICATION & REPORTING
FOR ESG-RELATED RISKS
This chapter relates to the COSO ERM Framework component on reviewing and revising risk and the three
associated principles: 2
15 Assesses substantial change: The organization identifies and assesses changes that may substantially
affect strategy and business objectives.
16 Reviews risk and performance: The organization reviews entity performance and considers risk.
17 Pursues improvement in enterprise risk management: The organization pursues improvement of
enterprise risk management.
All entities experience continual changes to their internal and external environments. From these changes, new
risks may arise, new data or assessment tools may emerge or risk responses may turn out to be ineffectual in
addressing an identified risk or opportunity. By establishing indicators to review these activities, entities can
recognize these changes before the risks lead to a negative impact on the business strategy or objectives and
revise accordingly.
This chapter outlines the following actions to help risk management and sustainability practitioners review and
revise responses to ESG-related risks:
Identify and assess internal and external changes that may substantively affect the strategy or
business objectives
Review ERM activities to identify revisions to ERM processes and capabilities
Pursue improvements in how ESG-related risks are managed by ERM
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 77
