Earlier this week, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council on Sustainable Development (WBCSD) issued an exposure draft supplementing COSO’s updated enterprise risk management (ERM) framework, Enterprise Risk Management: Integrating with Strategy and Performance, which was issued in 2017.
The Exposure Draft, Enterprise Risk Management: Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks, (the ED) provides justification and guidance for integrating a company’s environmental, social, and governance (ESG) reporting practices with their ERM practices and processes.
The proposal responds to concerns that disclosures in companies’ ESG reports fail to align with their more formal financial report disclosures addressing similar risks.
In the ED, COSO and WBCSD note findings from a 2017 WBCSD survey indicating “that less than one in every three ‘material issues’ (29%) disclosed in a company’s sustainability report were deemed to be material for the purposes of disclosure in the company’s legal risk filing.” That study also observed that “35% of companies [surveyed] had no alignment between the risks deemed “material” in the sustainability report and the risks disclosed in [their] legal filing.”
While acknowledging numerous reasons for the observed lack of alignment, such as difficulty in quantifying the financial impact of ESG-related risks and differences in materiality assessments between traditional financial reporting disclosures and ESG-related disclosures, the ED points out that investors and other users of ESG reports expect consistency among a company’s various publicly available financial risk reports and disclosures whether those are contained in legal/regulatory filings or the disclosures are provided in a separate, but clearly related, sustainability report.
In essence, the ED argues that information contained in various corporate reports will be better integrated and aligned when companies prepare their public financial and corporate risk reports from a single source, their ERM.
The ED proposes a 7-step model/process for integrating ESG-related risks into an entity’s ERM. As pointed out in the overview of the process, an entity should establish governance structures and processes for effective risk management, which is the initial step in the 7-step process, and then apply the ERM to ESG-related risks to:
- Understand the business context and strategy;
- Identify ESG-related risks;
- Assess and prioritize ESG-related risks;
- Respond to ESG-related risks;
- Review and revise ESG-related risks; and
- Communicate and report ESG-related risks.
And, of course, these steps (or modules, as described in the ED) are iterative and should be developed consistent with an entity’s overall business strategies and objectives.
Lastly, COSO and WBCSD discuss several potential benefits for entities that effectively integrate their ERM with ESG-related risk management and reporting, including:
- Development of a common language for articulating both identified corporate risks and strategies for addressing those risks
- Realized efficiencies of scale in considering ESG-related risks entity-wide, i.e. a better allocation of corporate resources when addressing identified material risks and in developing strategies to mitigate those risks
- Enhanced management understanding of ESG-related risks that will support improved transparency and disclosure to investors both in voluntary ESG reports and in the more formal and statutorily mandated corporate reports.
- Enhanced company resilience resulting from an entity’s ability to identify and respond to risks that threaten the entity’s medium- and long-term strategies and business objectives.
The Exposure Draft is available on the COSO website. Comments on the proposals are due to COSO no later than June 30, 2018.