Embedding ESG risk into the ERM framework - ViClarity

June 22, 2023

In a recent article by ViClarity’s Donal Lawlor, the company discussed the impact of ESG on the Chief Risk Officer (CRO).

The article focuses on three topical areas, which include embedding of ESG risk into the organisational ERM framework, ESG Reporting and disclosure obligations and integrating scenario-analysis into the risk framework.

Despite the new reporting requirements, it is not imperative for companies to develop new methodologies in order to manage their ESG risk. Nor does ESG risk have to manifest itself in the form of a major environmental disaster. Climate risk may be transmitted into the risk taxonomy via the traditional risk pillars – operational, strategic, financial, and compliance risk.

Below are examples as to how climate risks transmit through the pillar of operational risk;

  • Policy risk: government mandated energy efficiency requirements may result in increased transformation costs. Increased compliance costs associated with new regulation.
  • Technology risk: changing technology may be a driver of transition risk for firms whose technology has become obsolete
  • Reputational risk: firms with a climate-unfriendly reputation industry may be excluded from lending or investment.
  • Market: reduced demand due to shift in consumer demand

A key change for the CRO is the requirement or expectation, depending on the jurisdiction, to include climate-related disclosures as part of its annual financial filings. The latest regulation in Europe, Corporate Sustainability Reporting Directive (CSRD) will require nearly 50,000 companies to enhance their reporting around sustainability. As a guidance the TCFD (Task Force on Climate-related Financial Disclosures) recommend that firms disclose climate-related risk data under four pillars;


firms are expected to disclose board and management roles in relation to climate-related risks,

  • How the board monitors and oversees goals & targets for addressing climate related issues
  • The processes by which the board are informed about climate related issues
  • The assignment of climate related responsibilities to specific management positions
  • The management’s role in assessing and managing climate-related risks and opportunities
  • How management monitors climate related issues
  • Process by which management is informed


firms are expected to disclose the actual and potential impacts of climate-related risks on the business,

  • Describe the actual climate related risks identified for the organisation in the short, medium, and long term
  • Describe the impact of climate-related risks and opportunities on the organization’s businesses
  • Describe the resilience of the organization’s strategy, taking into consideration different climate-related scenarios

Risk Management

the TCFD recommends that firms describe their process for,

  • Identifying and assessing climate-related risks and their potential financial impacts
  • Managing climate-related risks, including how they make decisions to mitigate, transfer, accept, or control those risks
  • Identifying, assessing, and managing climate-related risks are integrated into their overall risk management

Metrics and Targets

provide the key metrics used to measure and manage climate-related risks and opportunities.

  • Organisations should describe how/whether ESG performance metrics are incorporated into renumeration policy
  • Disclose Scope 1, Scope 2 and if appropriate, scope 3 GHG gases and the related risks. Should be calculated in line with the GHG protocol methodology
  • Sector specific for example asset managers should describe extent to which AUM are aligned to a 1.5 degree or 2-degree scenario

By adopting a reporting framework such as the TCFD, organisations should be in a better position to evolve their ERM frameworks to assist in managing ESG risk. The framework will help facilitate;

  1. Coordinate all responsible parties
  2. Prioritise and rank ESG risks
  3. Determine risk tolerances
  4. Define ESG goals including timelines and defined metrics
  5. Monitor risks and adjust as necessary

The use of scenario analysis is also viewed as useful, especially in the financial sector. It allows firms to is to examine portfolio-level exposures, and gauge how these would vary in different climate outcomes. As regulators such as the Bank of England start implementing climate stress tests, an increasing number of financial institutions, especially banks, are choosing to voluntarily conduct stress tests internally and not just when mandated by a regulator.

Often, the results are then published and used as a way for institutions to communicate their soundness and solid ERM practices to their own investors and other stakeholders.

Discover more about ViClarity's Risk Management Solution here.



Recent/Related Articles

Building an Operational Resilience Framework

November 03, 2022

In recent years, regulators have made operational resilience a focus point. Donal Lawlor shares how organisations are approaching the development of Operational Resilience Frameworks.

Diversity & Inclusion Through a Regulatory Lens

May 24, 2022

Urged by the Central Bank of Ireland (CBI), risk officers and senior leaders over the last few years are analysing the impact that a lack of diversity has on an organisation's overall risk profile. While there are important societal benefits, mitigating a firm’s risk is quickly emerging as one of the top reasons to focus on diversity and inclusion within the operations and culture of a company.