Assess the risks and opportunities & define a risk response plan - INTERMEDIATE

Cost
LOW
Cost
MEDIUM
Cost
HIGH
EFFORT
low
EFFORT
medium
EFFORT
HIGH
IMPACT
low
IMPACT
MEDIUM
IMPACT
HIGH

Many organisations are already familiar with the Enterprise Risk Management (ERM) frameworks, like the COSO or ISO 31000 (links provided below). They identify new risks and opportunities and manage them through the Risk Register. To assess the risks and opportunities, they typically use the Risk Matrix Approach, whereby the likelihood of occurrence and intensity (severity) of financial impact within a given time horizon (usually short-term) are assessed. Following the generic risk formula: risk = likelihood x intensity (severity), hotspots can be identified and prioritised for a risk response plan.

Because of the uncertainty around the exact timing and severity of climate change impacts, and the challenges and complexities associated with the transition to a low-carbon economy, the Task force on Climate-related Financial Disclosure (TCFD) recommends the use of forward-looking climate scenario analysis. Companies can use some of the pre-defined scenarios, like IPCC's RCPs and SSPs for physical risks, or IEA's scenarios for transition risks.

A response strategy is a mapping of actions to priority topics.  

Threat response actions can be:

a) Avoid the risk

b) Mitigate the risk

c) Transfer the risk

d) Accept a risk that occurs periodically

e) Escalate the risk.

Opportunity response actions can be:

a) Exploit the opportunity

b) Enhance the opportunity

c) Share the opportunity

d) Accept the opportunity

Organisations use their Enterprise Risk Management structures and processes to identify, assess, manage, monitor and communicate risks. Climate-related risks should be integrated into the traditional ERM function/tool.

2016 and 2019

were the hottest years recorded so far in Singapore
(MSE)

+1.4 °C up to +4.6°C

projected daily mean temperature's increase by 2100 compared to 2000's.
(MSE)

ADDITIONAL RESOURCES

The main used Enterprise Risk Management frameworks are:

* The COSO Integrated ERM Framework (it can be be supplemented by COBIT in the area of information security)

* The ISO 31000 ERM framework

TCFD guidance and recommendations on how to conduct a scenario analysis

For further reading: research paper on ERM

* The Casualty Actuarial Society (CAS) ERM Framework