I have provided below (at the bottom of this post) a link to new draft guidance for applying enterprise risk management (ERM) and the new COSO (Committee of Sponsoring Organizations of the Treadway Commission) 2017 ERM framework to environmental, social and governance (ESG) risks. The draft guidance is prepared by COSO and the World Business Council for Sustainable Development (WBCSD). The draft guidance is provided for comment, and it rather lengthy.
Usually I do not comment about drafts or proposals; however, I find this draft and approach very interesting. I’m also awaiting the update of ISO 31000 to see how these and similar topics are covered.
All of this having been said, and as I have previously stated, I believe that people and businesses generally only undertake activities of this type (i.e., ERM and ESG) if they are legally required to do so such as by law, statute, regulation or rule, or if it becomes sufficiently expected or advocated that they will do so by influential people, groups or organizations such as by investors, creditors, executive officer or board member groups or organizations, or other stakeholders.
At this point it is established that the board must oversee risk management and in many organizations the audit committee is involved in that oversight, there are a number of reporting or disclosure requirements for risk management, ESG, or environmental matters, and there are laws at least relating to environmental contamination. I certainly expect that requirements in these areas will be increasing over time – the question is how quickly that will occur. Please see my other posts on risk management and ERM and related topics including the 2017 COSO ERM framework and its provisions relating to culture and governance.
David Tate, Esq.
Here is the link to the draft COSO and WBCSD ERM and ESG guidance,