Page 627 - COSO Guidance
P. 627
4. Review and revision for ESG-related risks
Infosys Limited – monitoring water scarcity risk
Infosys, a multinational conglomerate, considers water scarcity a significant risk to its business operations
in India. The company has implemented a monitoring process to identify factors in the external environment
that could modify the risk severity assessment. Management identified the following enterprise-wide and
campus-specific indicators:
• Water table levels for each geographic area
• Storage capacity of rainwater on each campus
• Availability and cost of water via water tankers for delivery
The risk owner reviewed and set thresholds for each of the above indicators. When indicator results exceeded
an individual threshold, the risk owner alerted management for follow-up.
a
Activity or outcome indicators can be used to monitor a risk and identify
when revisions are required. Activity indicators allow organizations to Pro Paper & Packaging
assess the effectiveness of the implementation (such as the number of
training events conducted), while outcome indicators focus on performance See Appendix VIII for
and overall risk exposure (such as the human rights performance of illustrative example of
suppliers). Table 4.2 introduces activity and outcome indicators and shows setting thresholds to monitor
how they may be used for monitoring an entity’s supply chain program.
ESG-related risks.
Table 4.2: Example activity and outcome indicators for monitoring a supply chain program
Activity indicators Outcome indicators
Inputs Processes Outputs Outcomes
Resources used or spent Activities undertaken The results from activities Impact of the results or changes on social or
on a business activity with the resources (e.g., undertaken (e.g., number environment capital (e.g., participants have better
(e.g., cost of initiative) number of training events) of participants trained) skills or are more employable and enter workforce)
Both activity and outcome indicators may be used to monitor trends over time. See Figure 4.1 for illustrative
example trends of activity (percentage of supplier audits) and outcome (lost-time injury rate) trending.
Figure 4.1: Example trending of risk indicators (activity and outcome)
Percentage of suppliers audited on the supplier code of conduct Lost-time injury rate
70 6
60
50
4
40
30
2
20
10 US China Average
0 0
2012 2013 2014 2015 2016 2017 2018 2012 2013 2014 2015 2016 2017 2018
These indicators can be used to communicate to internal and external stakeholders how an organization is
responding to a particular risk and the effectiveness of that risk response (see Chapter 5).
. . . . . . . . . . . . . . . .
a A full case study is available at wbcsd.org. (WBCSD (2017). “Infosys: Mitigating water risk at India-based hubs.”)
80 Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018
