Page 632 - COSO Guidance
P. 632

5. Information, communication and reporting for ESG-related risks




               5. Information, communication and

                    reporting for ESG-related risks



               The final chapter of this guidance relates to the communication and reporting of ESG-related risk information
               to stakeholders. Risk information serves as an input to many strategic, operational, investment or
               purchasing decisions made by both internal and external stakeholders. Organizations should leverage
               existing communication channels in order to provide timely, relevant and quality ESG-related information
               to target audiences. 1





                                                   1       GOVERNANCE & CULTURE
                                                           FOR ESG-RELATED RISKS

                                                  2        STRATEGY & OBJECTIVE-SETTING
                                                           FOR ESG-RELATED RISKS

                                                  3        PERFORMANCE
                                                           FOR ESG-RELATED RISKS
                                                        a  IDENTIFIES RISK

                                                        b  ASSESSES & PRIORITIZES RISKS

                                                        c  IMPLEMENTS RISK RESPONSES

                                                  4        REVIEW & REVISION
                                                           FOR ESG-RELATED RISKS

                                                  5        INFORMATION, COMMUNICATION & REPORTING
                                                           FOR ESG-RELATED RISKS




               This chapter relates to the COSO ERM Framework component on Information, communication and reporting
               and the three associated principles: 2
                18  Leverages information technology: The organization leverages the entity’s information and technology
                  systems to support enterprise risk management.
                19  Communicates risk information: The organization uses communication channels to support enterprise
                  risk management.
                20  Reports on risk, culture and performance: The organization reports on risk, culture and performance at
                  multiple levels and across the entity.
               The primary aim of internal communication and reporting is to provide decision-useful information on an entity’s
               risk management approach and performance. Internal communication and reporting can enhance awareness of
               ESG-related risks to the appropriate level of the entity, communicate how well the risks are being managed and
               provide information to support better decision-making across the entity.
               External communication and reporting on risk management are regulatory requirements in many jurisdictions,
               requiring entities to report on the risk management process and disclose key risks to a selection of defined
               stakeholders. An increase in demand for ESG-related information from investors is also driving organizations to
               voluntarily disclose ESG-related information publicly.













               Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018  85
   627   628   629   630   631   632   633   634   635   636   637