第1页 / 共156页
第2页 / 共156页
第3页 / 共156页
第4页 / 共156页
第5页 / 共156页
第6页 / 共156页
第7页 / 共156页
第8页 / 共156页
COSO-基于2017ERM的环境、社会和治理风险管理框架-2018.2.pdf
Enterprise Risk Management
Applying enterprise risk management to environmental,
social and governance-related risks
F e b r u a r y 2 0 1 8
PRELIMINARY DRAFT
This document was developed by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) and the World Business Council for Sustainable Development (WBCSD).
This draft guidance: Enterprise risk management: Applying enterprise risk management to environmental,
social and governance-related risks is designed to supplement COSO’s updated enterprise risk
management (ERM) framework, Enterprise risk management - Integrating with strategy and performance.
This supplemental guidance addresses an increasing need for companies to integrate environmental, social
and governance (ESG)-related risks into their ERM processes.
This project is funded by the Gordon and Betty Moore Foundation.
Call for public comment on preliminary draft
WBCSD and COSO are calling for public comment. The consultation period will commence in February
2018 and end June 30, 2018. Comments may be submitted through a survey available at COSO.org
or via email to risk@wbcsd.org.
Content
Introduction
1. Establish governance for effective risk management
2. Understand the business context and strategy
3. Identify ESG-related risks
4. Assess and prioritize ESG-related risks
5. Respond to ESG-related risks
6. Review and revise ESG-related risks
7. Communicate and report on ESG-related risks
Appendices
References
3
15
33
53
65
95
111
123
133
143
1
IntroductionFebruary 2018PRELIMINARY DRAFT
2
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risksFebruary 2018PRELIMINARY DRAFT
Introduction
Businesses face an evolving landscape of emerging environmental,
social and governance (ESG)-related risks that can impact a company’s
profitability, success and even survival. COSO and WBCSD believe that
leveraging a company’s enterprise risk management governance and
processes can support identification, assessment and mitigation
of ESG-related risks. This guidance is designed to facilitate the process.
Over the past decade, the prevalence of ESG-related risks has steadily increased while the more traditional
economic, geopolitical or technological risks are less dominant.
Companies worldwide have experienced measurable impacts after product safety recalls, worker fatalities,
child labor, polluting spills and weather-related supply chain disruptions. Many of these have translated to
financial or reputational harm – in some cases to the point of no recovery.
Considering ESG challenges at an enterprise level offers an opportunity for business leaders to expand
their understanding of a company’s risk profile and the value creation model – while enabling them to
consider how these issues impact shareholders and society.
What is ESG?
ESG refers to environmental, social and governance issues that investors consider in the context of
corporate behavior.1 There is a growing body of evidence that companies that manage ESG issues benefit
from improved financial performance.2
The evolving landscape of ESG-related risks
Business faces threats in the form of ESG-related risks that need attention. The World Economic Forum’s
Global Risks Report 2018 outlines the growing severity and frequency of ESG-related risks over the past
10 years.
As shown in Table 0.1 on the next page, in 2008, only one societal risk - pandemics - was reported
in the top five risks in terms of impact. Ten years later in 2018, four of the top five risks were societal
or environmental, including extreme weather events, water crises, natural disasters and failure of
climate change mitigation and adaptation. The World Economic Forum also highlights the depth of the
interconnectedness that exists both among the environmental risks and between them and risks in other
risk categories—such as water crises and involuntary migration.3
3
IntroductionFebruary 2018PRELIMINARY DRAFT
Table 0.1: Top risks according to the World Economic Forum’s Global Risks Report 2018
2008
2013
2018
Top 5
global
risks in
terms
of
likelihood
Asset price collapse
Middle East instability
Failed and failing states
Oil and gas price spike
Chronic disease, developed world
Severe income disparity
Extreme weather events
Chronic fiscal imbalances
Natural disasters
Rising greenhouse gas emissions
Cyberattacks
Water supply crises
Mismanagement of
population aging
Data fraud or theft
Failure of climate-change
mitigation and adaptation
Top 5
global
risks in
terms of
impact
Asset price collapse
Major systemic financial failure
Weapons of mass destruction
Retrenchment from globalization (developed) Water supply crises
Extreme weather events
Slowing Chinese economy (<6%)
Chronic fiscal imbalances
Natural disasters
Oil and gas price spike
Pandemics
Diffusion of weapons of mass
destruction
Failure of climate-change
mitigation and adaptation
Failure of climate-change
mitigation and adaptation
Water crises
Economic
Environmental
Geopolitical
Societal
Technological
In the business world, this evolving landscape means ESG-related risks that were once considered
“emerging” or “black swans” are now far more common. Further, these are issues that can no longer be
left to government or nongovernmental organizations to solve on their own. This is clear from the 2015
UN Sustainable Development Goals (SDGs), which established unprecedented expectations on the
private sector to supplement global development efforts through innovation and collaboration.a
Thus business needs to take a more active role in understanding and addressing ESG-related issues
– whether that means reducing or removing the risk, adapting and preparing the company for if and
when it occurs or simply being more transparent about what the business is doing. Table 0.2 shows
how these megatrends translate to ESG-related issues, risks and opportunities that companies need to
acknowledge and address.
Table 0.2: Common ESG issues and related risks and opportunities impacting business
Environmental
Issues
• Energy use and efficiency
• Climate change impacts
• Use of ecosystem services
Social
Issues
• Employee engagement
• Labor conditions in the supply chain
• Poverty and community impacts
Governance
Issues
• Code of conduct and business principles
• Accountability
• Transparency and disclosures
Risks
• Higher-than-
average energy
costs result in
missed profit
targets
• Greater
frequency
of extreme
weather events
impacting
operations
Opportunities
• Internal carbon
pricing scheme
to reduce
greenhouse gas
emissions and
energy costs
• By-products in
waste process
used in adjacent
industry to
create new
income streams
Risks
• Low engagement
and high turnover
result in increased
costs and missed
profit targets
• Lack of support for
local communities
results in
challenges with
local governments
to maintain
operating permits
Opportunities
• Greater loyalty and
inclusive work force
attract the best
talent in the industry
• Increasing the
education of crop
farmers improves
yields, providing a
greater standard and
quality of life - plus
increased sales
Risks
• Limited board
oversight results
in negative
company
performance
• Limited
transparency
results in reduced
access to equity
financing
Opportunities
• Open and
transparent board
decisions for
key ESG-related
topics provide
investors with
greater sense of
security in their
investments
leading to
increased and
longer equity
positions
. . . . . . . . . . . . . . . .
a This collaboration includes the UN Global Compact and Impact 2030, which support the private sector through knowledge sharing
and capacity building. The United Nations Guiding Principles for Business and Human Rights released in 2011 also highlights a
shift away from the traditional approach for human rights expectations to be set and enforced by the states to establishing
an expectation for business to “protect,” “respect” and “remedy” human rights.
4
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risksFebruary 2018PRELIMINARY DRAFT
Consequences from failure to manage ESG-related risks
At a global level, businesses have felt the impacts of this evolving risk landscape for many years, and at an
increasing rate. From small startups to large multinationals, recent history provides extensive examples in
which companies have failed to identify or respond to ESG-related risks. These failures result in significant
impacts on the bottom line, society and the environment,4 spanning industries, geographies and risk
categories. Table 0.3 highlights some publicly available examples of ESG-related events that resulted in
significant financial and reputational impacts.
Table 0.3: Examples of risk events and their consequences
Year
2018
Company
Wells Fargo
Event
Business impact
The Federal Reserve found that Wells Fargo
workers responded to the high pressure sales
culture by creating as many as 3.5 million fake
accounts. The bank also forced up to 570,000
customers into unneeded auto insurance.5
The punishment included a requirement to remove four board
members and imposed a cap on the growth of the company
until sufficient improvements are put in place6
2017
Uber
Multiple reported incidents pointed to a
pervasive culture of alleged sexual harassment7
Reputational damage
2016
Samarco (Vale
and BHP)
2016
7-Eleven
2015
Volkswagen
A dam collapse killed 19 people and sent
iron ore mining debris through the southeast
region of Brazil8
Company workers were being paid less than
the legal minimum wage10
Millions of cars were recalled worldwide
after the company admitted to falsifying
emissions tests12
USD $6.2 billion settlement9
At least USD $26 million in back pay to 680 workers11
USD $14.7 billion settlement13
2015
3M
NGO ForestEthics alleged that 3M suppliers
provided products from endangered forests
around the world14
Led 3M to revise its policy on pulp and paper sourcing to
improve environmental and social practices in more than 70
countries with 5,000 suppliers15
2014
2013
General Motors
(GM)
A faulty ignition switch that caused airbags
to fail in a crash prompted the recall of 1.6
million vehicles16
USD $35 million civil penalty after the National Highway Traffic
Safety Administration determined GM delayed reporting the
ignition switch defect17
More than 25
brands including
Primark, Benetton
and Walmart
More than 1,100 workers were killed and
1,000 were injured in Bangladesh’s Rana
Plaza factory collapse18
USD $15 million of USD $40 million target raised by the
International Labor Organization, a UN agency, to compensate
impacted families19
2011
Automotive
industry
Flooding in Thailand resulted in over 500
deaths and significant disruptions to supply
chain networks, particularly in the automotive
and technology industry sectors
The impact has been felt at the regional level, with the Thai
central bank reducing its gross domestic product growth
forecast for 2011 from 4.1% to 1.5%, and the Thai baht
depreciating by about 3.9% in three months20
2010
BP
Oil spill in the Gulf of Mexico
BP paid USD $5.5 billion in Clean Water Act penalty and up to
USD $8.8 billion in natural resource damages21
2000s
Mattel
1990s
Nike
1980s
Nestle
1970s
Ford
Mattel experienced a number of product
recalls, in 2007 recalled toys due to lead paint
contamination
Recalled 967,000 toys22
Company paid its factory workers, including
children, less than minimum wage and forced
them to work overtime23
Reputational damage and loss of sales from protests at
the Barcelona Olympics in 1992 and multiple exposés
of labor practices24
Infant Formula Action Coalition launched a
boycott of Nestle for its marketing and sale of
baby formula in emerging countries25
The boycott caught on in France, Finland, Norway, Ireland,
Australia, Mexico, Sweden and the UK26
After the company learned its Pinto model was
prone to fires, 1.9 million Pintos were recalled27
Initially one claimant was awarded USD $125 million in
damages, which was later reduced to USD $3.5 million28
5
IntroductionFebruary 2018PRELIMINARY DRAFT
Investor interest in ESG-related risks
Institutional investors are also taking an interest in how companies are navigating the changing business
environments and addressing social and environmental challenges to achieve long-term, sustained
growth. An EY survey of institutional investors revealed that more than 80% of institutional investors
surveyed agreed that for too long, companies have failed to consider environmental and social risks and
opportunities as core to their business. They believe that ESG issues have “real and quantifiable impacts”
over the long term and that generating sustainable returns over time requires a sharper focus on ESG
factors. Of the ESG-related risks, poor governance, human rights-related risk from operations and lack
of independent verification (assurance) over data and claims were the most likely risks to alter investor
decisions (refer to Figure 0.1).29
Figure 0.1. Impact of ESG-related risks on investor decision-making
Risk or history of
poor governance
Human rights risk
from operations
Limited verification
of data and claims
ESG risks in supply chain
that is unmanaged
Risk or history of poor
environmental performance
Risk from resource
scarcity - e.g., water
Absence of a direct link between ESG
initiatives and business strategy to create
value in the short, medium and long term
Risk from
climate change
39
32
20
15
15
12
12
8
58
57
63
68
76
75
59
71
3
11
17
17
9
13
29
21
0%
20%
40%
60%
80%
100%
Rule out investment immediately
Reconsider investment
No change in investment plan
Investors have experienced past consequences from failing to anticipate ESG-related risk events, and
they expect these to continue in the future. Particularly related to climate change, new research findings
call for regulators, governments and investors to re-evaluate energy business models against carbon
budgets. Without action, a USD $6 trillion carbon bubble is predicted in the next decade because
companies are not taking the cost of climate change into account.30
6
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risksFebruary 2018PRELIMINARY DRAFT
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
