Page 586 - COSO Guidance Book

P. 586

3. Performance for ESG-related risks

3. Performance for

ESG-related risks

Performance focuses on practices that support the organization to make decisions in the pursuit of its strategy
and objectives. This chapter relates to the COSO ERM Framework component on Performance and the five
associated principles: 1
10 Identifies risk: The organization identifies risk that impacts the performance of strategy and
business objectives.
11 Assesses severity of risk: The organization assesses the severity of risk.
12 Prioritizes risks: The organization prioritizes risks as a basis for selecting responses to risks.
13 Implements risk responses: The organization identifies and selects risk responses.
14 Develops portfolio view: The organization develops and evaluates a portfolio view of risk.

These principles cover the areas over which sustainability practitioners often need the most guidance –
effectively quantifying ESG-related risks in a common language and developing innovative responses in the
a
face of challenges presented by an evolving risk landscape.
This chapter is divided into three sub-chapters:
3a. Identifies risk: Using the understanding of strategy and context from Chapter 2, management identifies the
risks or events that impact performance of strategy and business objectives (COSO Principle 10).
3b. Assesses and prioritizes risks: For each risk or event, management identifies the possible outcomes
based on the understanding of the business context and strategy to feed into the assessment and
prioritization of the risks (COSO Principles 11 and 12).
3c. Implements risk responses: From this assessment, management determines which of those events and
outcomes are a priority to manage and how to respond (COSO Principles 13 and 14).
This chapter also discusses the role of organizational biases in identifying, prioritizing and responding to
ESG-related risks (see sub-chapter 3b).

1 GOVERNANCE & CULTURE
FOR ESG-RELATED RISKS

2 STRATEGY & OBJECTIVE-SETTING
FOR ESG-RELATED RISKS

3 PERFORMANCE
FOR ESG-RELATED RISKS
a IDENTIFIES RISK

b ASSESSES & PRIORITIZES RISKS
c IMPLEMENTS RISK RESPONSES

4 REVIEW & REVISION
FOR ESG-RELATED RISKS

5 INFORMATION, COMMUNICATION & REPORTING
FOR ESG-RELATED RISKS

. . . . . . . . . . . . . . . .
a In a survey of risk professionals, more than 65% indicated their company did not use any scientific methods to quantify and evaluate sustainability issues. An
additional 23% did not know whether or not quantification methods were used. Similarly, in a survey of sustainability professionals, approximately 70% indicated their
organizations did not have a process for quantifying sustainability risks. Professionals indicated they required help to develop and improve such processes. (According
to surveys of approximately 70 sustainability and risk professionals at the WBCSD Liaison Delegate Meeting in April 2017 and the Institute of Internal Auditors General
Audit Management (GAM) Conference in March 2017.)
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 39

581 582 583 584 585 586 587 588 589 590 591