Management of ESG Risk Model

1. Risk Model Definition

It allows you to create the ESG Risk Model or update the ERM Risk Model with the ESG ones. Integration with the ERM Module.

2. Methodologies and Criteria

Definition of an ad hoc methodology. Metrics of Sustainability, metric ESG of the Impact on the 4 areas and generation of the Heat Map.

3. Identification, Analisys and Evaluation of the ESG Risk

All phases from the Risk Identification (new event sheet) to the Analysis and Evaluation phase characterized by the definition of the four impact areas (Health and Safety, Environment, Community and Human Rights) on which the exercise of evaluation and other provisions of Legislative Decree 254/16 (Generated or suffered scenario) and of the five Areas (Social, Personal, Respect for Human Rights, Environment and Corruption).
Integration with Environment Module.

4. Processing and Schedule

The Treatment phase (Residual Risk) makes it possible to activate the Treatment Strategy and the related Plans with the allocation of responsibilities. Activity management dashboard, progress status. Schedule of the activities of the single profile and view of the schedule of all the subjects.

5. Communication and Report

It allows the targeted management of the communication and information process towards the interested parties. The main risks, generated or suffered, related to the topics covered by the decree constitute the content of the report.

6. Indicators

It allows you to create indicators and graphics that are managed in dynamic reports/templates and based on the analysis, the decisions taken and the relational actions are traced.

7. Home Privileges and Notification

It allows you to manage the definition of the Home and notifications, and privileges for individual users.


Regulatory Cogency

D.Lgs. 254/16

The decree establishes the subjects obliged to draft the ESG information, the types of information to be communicated, the modality of drafting and communication of the information, the subjects in charge of the control and the relative methods, and the sanctions envisaged.

Subjects required to drafting the information

  1. Pubblic interest bodies that: 
    1. have a number of employees over five hundred, during the financial year; 
    2. have exceeded at least one of the following two dimensional limits, at the balance sheet date:
      • total balance sheet: 20 million euros (where the total balance sheet is considered to mean the total assets of the balance sheet);
      • total net sales and service revenues: 40 million euros.
  2. Parent companies, having the status of public interest entities (holding companies), of a group that: 
    1. have a total of more than five hundred employees during the financial year; 
    2. have consolidated financial statements that meet at least one of the following conditions:
      • total balance sheet assets greater than 20 million euros;
      • total net sales and service revenues in excess of € 40 million.

Types of information to be communicated

The non-financial declaration must contain information:

  1. of an environmental nature: specifically, indications regarding the use of energy resources, the use of water resources, the emissions of greenhouse gases and the present and presumable impact of environmental and health risk factors that cannot be missing distinguish the company's activity;
  2. of a social nature;
  3. inherent the HR management: in particular, information must be included regarding the actions undertaken to ensure gender equality, the measures envisaged to implement the conventions of international and supranational organizations, administrative, management and control bodies. Operational approach, business practices and the role of professionals;
  4. inherent the protection of human rights, indicating at least the measures used to avoid the related violations and the actions taken to prevent discriminatory conduct;
  5. concerning the fight against active and passive corruption, signaling the instruments chosen and adopted for this purpose.

This information, which should possess the requisite of relevance, assessed in relation to the business and the characteristics of the company, must be provided by describing at least:

  • the company management, organization and control model, including the model adopted pursuant to Legislative Decree n. 231/2001, also with reference to the management, in this model, of the issues referred to in Legislative Decree no. 254/2016;
  • the policies applied by the company, the results achieved and the fundamental non-financial performance indicators;
  • the main risks, generated or suffered, related to the topics covered by the decree.