Page 629 - COSO Guidance
P. 629
4. Review and revision for ESG-related risks
Roles and responsibilities for review activities
Risk owners are typically responsible for reviewing risk responses, developing indicators to review risks and
tracking performance. Sustainability practitioners may support this with their knowledge of ESG issues. For
example, a risk owner responsible for monitoring water scarcity may leverage a sustainability practitioner’s
knowledge of geography-specific water regulation and appropriate tools and resources for tracking water risk
by region.
Pursuing improvement
Even those entities that have effectively integrated ESG-related risk
management into ERM processes can continue to become more Guidance
efficient. The COSO ERM Framework offers opportunities to revisit
and improve efficiency in ERM – starting with the overall processes Pursue improvements
and structure and cascading to other ERM activities. Some areas that in how ESG-related risks
9
provide opportunities to revisit efficiency of the management of are managed by ERM
ESG-related risks may include:
• New technology: ESG-related software platforms may offer an
opportunity to compile higher-quality data (e.g., water, waste, greenhouse gas emissions, and safety
incidents) in a centralized system. Data monitored through satellites (e.g., deforestation patterns) or social
media platforms (e.g., shifting customer preferences or campaigns, union strikes) may be used to provide
real-time information on risk performance to the organization.
• Organizational change: An organization that is expanding operations into emerging markets may expect
to face more ESG-related risks (e.g., human rights) in the future and therefore may appoint a subject-matter
expert to the board, executive or management team. Mergers and acquisitions may result in a new facility that
does not immediately meet the standards or expectations of the organization.
• Risk appetite: Reviewing performance provides clarity on factors that affect the entity’s risk appetite. It also
gives management an opportunity to refine its risk appetite. For example, risk management and sustainability
practitioners may implement a public deforestation policy for sourcing of palm oil. Once management is
comfortable that the organization can comply with the commitments for one commodity, it may expand the
policy to cover beef, pulp and paper, and soy.
• Peer comparison: Reviewing industry peers can help an organization determine if it is operating outside of
industry performance boundaries. For example, a global food and beverage company discovered during a
peer review that several competitors had established a strategy and targets for reducing sugar inputs across
the product portfolio to meet a fast-growing customer segment. Consequently, the company reviewed and
revised its strategy to increase its competitiveness and, therefore, performance in this customer segment.
• Historical shortcomings: Organizations that have failed to identify or manage ESG-related risks in the past
may conduct a “lessons learned” exercise to understand how ESG can be better integrated throughout the
ERM process.
82 Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018
