5. Information, communication and reporting for ESG-related risks




               Internal stakeholders: Communicating and reporting
               Communication of risk information is critical to improving decisions relating to strategy-setting and day-to-day
               operations. Internal communication of ESG-related risks in particular can help to:
               •  Inform the board of directors and management how
                  ESG-related risks will impact the business strategy and     Guidance
                  objectives: This can help the board and management to
                  make informed decisions and seize opportunities.            Communicate and report relevant
               •  Promote awareness of critical ESG-related risks to         ESG-related risk information
                  the entity: Such awareness can support better day-to-day      internally for decision-making
                  decision-making and allocation of adequate resources to
                  address the risk.
               •  Encourage a culture of risk awareness and employee engagement throughout the organization:
                  For example, an airline may communicate aggregated safety data to employees to allow them to understand
                  how they contribute to the airline’s or airport’s safety performance. A typical safety newsletter captures both
                  leading (e.g., number of employees trained on safety) and lagging (e.g., incident rate) indicators.
               Communication on risk varies depending on the audience (e.g., board of directors versus operational
               management) and information needs of each stakeholder (e.g., the need to understand the details of an
               entity’s risk response versus overall effectiveness). Table 5.1 provides examples of the considerations that risk
               management and sustainability practitioners should consider when preparing communications for specific
               audiences based on the escalation paths defined by the organization.

               Table 5.1: Internal stakeholder groups, information and communication

                Stakeholder group   Example information needs      Example communication methods
                Board of directors  • Significant changes to the internal and   • Board meeting pre-reads and presentations
                                     external business environment and the
                Provides strategic    organization’s approach to these changes   • External/third-party materials (e.g., industry, trade and
                oversight for critical                              professional journals, media reports, peer company
                risks to the entity  • Risks that are falling outside the risk    websites, key internal and external indices)
                                     appetite or tolerance
                                    • Overall effectiveness of risk responses
                Operational management  • Significant changes to the internal and   • Written internal documents (e.g., briefing documents,
                                     external environment impacting strategy   dashboards, performance evaluations, presentations,
                Oversees day-to-day   and risk appetite             questionnaires and surveys, policies and procedures, FAQs)
                operations that
                incorporate risk    • Significant changes to a risk or risk profile   • Informal/verbal communications (e.g., one-on-one
                responses           • Status and effectiveness of risk responses  discussions, meetings)
                Employees           • Nature of the risk responses and impacts  • Training and seminars (e.g., live or online training,
                                     on roles and responsibilities   webcast and other video forms, workshops)
                Perform day-to-day
                operations that     • Importance of the risk response    • Materials, meetings or interactions
                incorporate risk     activities to the organization  • Electronic messages (e.g., emails, social media, text
                responses                                           messages, instant messaging)
                                                                   • Public events (e.g., road shows, town hall meetings,
                                                                    industry/technical conferences)


               External stakeholders: Communicating and reporting

               External stakeholders are interested in understanding how an organization is managing its ESG-related risks
               to create and maintain shareholder value or address ESG issues that may impact society or the environment.
               While there are requirements for reporting risk-related information in many jurisdictions, organizations
               also recognize the benefits in communicating and reporting ESG-related risks externally to demonstrate
               responsibility, accountability and corrective action on risks that stem from impacts and dependencies the entity
               has identified.
               As such, external communications and disclosure on ESG-related risks should align to an entity’s mandatory
               and voluntary reporting obligations.










               Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018  87