ERM - ESG

Allows governing the risk management process in all its phases as governed by the international guidelines ISO 31000 and COSO FRAMEWORK, and related to ESG risk assessment criteria

Try KRC

 

CONTEXT DEFINITION​​​​​​

It allows you to manage the company's configuration and all the elements characterizing the internal and external context. With regard to the internal context, in addition to being able to enter corporate information and financial data, you can manage organizational aspects and governance elements (processes, roles, procedural system). With regard to the external context, the platform allows you to define and manage the scope of suppliers and stakeholders, as well as other important information for the subsequent qualitative and quantitative risk analysis phase.

DEFINITION AND UPDATE OF THE ERM METHODOLOGY

It allows the Risk Manager to build/manage the ERM methodology that guides the process of identifying, analyzing, and managing risks and opportunities.
Specifically, the platform allows you to define:

  • the taxonomy of risks and opportunities, the so-called Risks and Opportunities Model, through a multi-level structure and with the ability to update its main attributes (e.g., ESG, nature, objective, family of belonging, etc.);
  • the risk and opportunity assessment scales in terms of Impact/Benefit and Probability of Occurrence, as well as any other variables defined according to the applicable methodology. The assessment scales can be defined according to variable levels and criteria chosen by the Risk Manager.

DEFINITION AND UPDATING OF THE RISK APPETITE FRAMEWORK

It allows the definition and relative updating of the Risk Appetite Framework with broad flexibility in configuring appetite and risk tolerance levels, both for individual risks and aggregated by family/area, as well as with respect to the qualitative and/or quantitative criteria associated with them.

IDENTIFICATION OF RISKS AND OPPORTUNITIES

The Risk Model can be flexibly defined according to a tree structure (family, macro-area, area, and risk). Various attributes can be associated with the risk, including whether it can be classified as ESG, even during the definition phase.

It allows the Risk Manager, independently or with the direct involvement of company management (i.e., Risk Owner), to define the relevant risks and opportunities at a given date and periodically update the relevant register. Opportunities are collected and managed in a dedicated Register and can be defined in relation to and/or independently of risks.

The risk and opportunity register provides a series of elements and information specifically selected by the Risk Manager (e.g., priority, description, scope, ESG classification, etc.). Furthermore, within this section, it is also possible to define and manage the corporate objectives associated with the identified risks and opportunities.

 

 

 

QUALITATIVE AND QUANTITATIVE RISK/OPPORTUNITY ASSESSMENT THROUGH SCENARIO ANALYSIS

It allows for the qualitative and quantitative assessment of inherent and residual risk, taking into account different time horizons (i.e. short-medium-long term, aligned with the requirements of the CSRD) and the adequacy of a set of measures and controls associated with the risk in question.

Both inherent and residual assessments are performed by considering different types of impact based on previously defined risk assessment scales (e.g., economic, reputational, operational) and information from data already present in the platform and/or predefined external sources. Furthermore, if the risk is flagged as ESG, the ESG scale (i.e., environmental, social, governance) can also be added.

Using the platform's quantitative analysis tool, it is also possible to perform single- or multi-risk scenario analyses, obtaining the probability distribution of expected economic amounts in terms of predefined economic-financial metrics (e.g., EBIT, cash flow, etc.) if the projected scenario materializes. Statistical simulations are performed using the Monte Carlo method.

Following the overall assessment, the Risk Manager will be able to immediately verify whether the residual risk assessment is in line or not in line with the predefined risk appetite framework.

Using the same approach, the platform also allows you to map and subsequently evaluate the "positive" component of risk, i.e., opportunities.

MULTIPLE RISK ASSESSMENT

It allows you to jointly assess a set of interrelated risks/opportunities, taking into account geographic, process, or other significant factors, whether from data already present in the platform or from predefined external sources. For each joint assessment, it is then possible to provide risk management/prevention recommendations.

RISK PROCESSING AND MANAGEMENT

Once the risk or opportunity assessment is complete, the Risk Manager can choose to define a specific treatment action (mitigation, transfer, reduction, elimination) by defining a detailed action plan that can involve and engage other organizational figures with specific deadlines that can be associated with different stakeholders.
The platform provides features and dashboards for monitoring the progress of treatments and specific action plans.

 

MONITORING RISK AND OPPORTUNITY


It allows you to configure and manage, with a high degree of flexibility, indicators for monitoring both risks and opportunities. These indicators can be customized, used within the Risk Appetite Framework, and consulted online through dedicated dashboards or in dedicated reporting.
Specifically, the platform allows you to:

  • monitor the performance of the risk portfolio, tracking changes in terms of emerging/obsolete risks, as well as risk exposure over a given period;
  • define and monitor the performance of key risk indicators (KRIs) with the aim of identifying any red flags in a timely manner so they can be mitigated. These indicators can be customized, associated with the defined risk appetite, and consulted online through dedicated dashboards or in the dedicated reporting.

COMMUNICATION AND REPORTING

Based on the information and analyses carried out in the previous phases, the platform automatically generates heat maps, dashboards, and maps summarizing the main information on objectives, risks, opportunities, processes, indicators, and action plans. 

Reports generated from structured dynamic data can be used for internal and external communication and reporting at various levels. Furthermore, when implementing multiple platform modules, the information is automatically connected and transferred according to predefined logic, enabling Integrated Risk Management (IRM).

 

THE ADVANTAGES OF DIGITIZING THE ERM-ESG MODULE

In KRC® the integration of the ERM-ESG Module is native with:

  • The ISO management system modules provide a synthetic view of the main findings that emerge from risk management and in this way the vertical risk system becomes transversal;
  • The Sustainability Strategy and Reporting module allows you to meet the ESRS requirements on Double Materiality by providing an assessment of the risks and opportunities linked to ESG factors and therefore to understand the impact on the company's financial performance.

Read the article L'importanza di ERM-ESG per una maggiore Sostenibilità aziendale

 

 

 

 

 

 

Modules

Whistleblowing
Internal Audit
Integrated Risk Management
Model 231
Anticorruption
Privacy
Business Continuity
Quality
Information Security
Human Resources
Health and Safety
Facility Management
Environment
Plaint Maintenance
Behavior Based Safety
Corporate Social Responsibility
ERM - ESG
Project Risk Management
Insurance Risk Management
Sustainability Strategy and Reporting
Sustainability strategy and reporting
Integrated Management Systems