ERM for ESG risks: Companies have new guidance to ponder

COSO is looking for feedback on draft guidance regarding how its Enterprise Risk Management framework can be used to manage risks in environment, social and governance areas.

The Committee of Sponsoring Organizations of the Treadway Commission has partnered with the World Business Council for Sustainable Development to draft the guidance. The goal is to help draw a connection between the conventions of ERM and the objectives of managing a broader set of sustainability-type risks, looking for improvements in responsible business practices, decision-making and disclosures.

The draft guidance addresses issues like methods to overcome challenges associated with ESG-related risks, identifying and assessing the severity of risks that have uncertain financial consequences, developing innovative responses for addressing ESG-related risks, and seizing opportunities that might be posed by ESG-related risks. “This guidance leverages existing decision-useful frameworks, company examples, and tools to provide risk and sustainability managers with practical approaches for managing ESG-related risks,” COSO says.

COSO earlier published a draft executive summary of the ESG guidance, then recently published the entire draft guidance, asking for public feedback. The board will accept comments through at least the end of June.

The draft says investors have shown increased interest in corporate performance with respect to ESG issues, along with an interest in understanding how companies manage such risks. COSO and WBCSD cite survey data indicating institutional investors in particular believe companies have not considered environmental and social risks and opportunities as core to the business, despite real and quantifiable impacts over time.

COSO’s ERM framework was developed in 2004 to give companies a means of adopting a formal, comprehensive approach to ERM in organizations. In 2017, COSO published an updated version of the framework to reflect the way business has evolved over that time period. The 2017 framework challenges entities to more carefully consider risk in both the strategy-setting process and in driving performance of the organization.