IWA 48:2024

PRF IWA 48
ISO/WS ESG
Date:  2024-11
CD IWA 48(en)
Secretariat:  BSI
Date: 2024-10-29
Framework for implementing environmental, social and governance
(ESG) principles
CDPRF IWA 48:2024(en)
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
E-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
CDPRF IWA 48:2024(en)
Contents
Foreword . iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles and practices in ESG. 2
4.1 Overarching principles . 2
4.2 Risks and opportunities . 2
4.3 Accountability and transparency . 7
4.4 Identification and engagement of interested parties . 7
4.5 Materiality . 10
4.6 KPI measurement framework for ESG standardized reporting . 13
4.7 Further information . 15
5 Environmental . 15
5.1 General . 15
5.2 Environmental framework . 16
5.3 Examples of actions in relation to environmental considerations . 18
5.4 Environmental KPIs . 19
5.5 Further information . 20
6 Social . 21
6.1 General . 21
6.2 Social framework . 22
6.3 Examples of actions that can be undertaken in relation to social dimensions . 23
6.4 Social KPIs . 26
6.5 Further information . 27
7 Governance . 28
7.1 General . 28
7.2 Governance framework . 28
7.3 Examples of actions based on governance aspects . 30
7.4 Leadership . 32
7.5 Organizational culture and commitment . 34
7.6 ESG communications . 35
7.7 Governance KPIs . 38
7.8 Further information . 39
8 Compliance and conformity . 39
8.1 General . 39
8.2 Difference between compliance and conformity . 40
8.3 Conformity assessment . 40
9 Reporting . 42
9.1 General . 42
9.2 Reporting principles and quality . 43
9.9 Assurance . 49
9.10 ESG and reporting schemes/directives . 50
9.11 Further information . 51
10 Continual improvement . 51
Annex A (informative) Assurance and conformity assessment . 53
Annex B (informative) Workshop contributors . 58
Bibliography . 59

iii
CDPRF IWA 48:2024(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights
in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s)
which may be required to implement this document. However, implementers are cautioned that this may not
represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
International Workshop Agreement IWA 48 was approved at a workshopvirtual workshops hosted jointly by
the Brazilian Technical Standards Association (ABNT, ), the British Standards Institution (BSI) and the
Standards Council of Canada (SCC, held via Zoom), in October 2024.
In order to respond to urgent market requirements, International Workshop Agreements are prepared
through a workshop mechanism outside of ISO committee structures, following a procedure that ensures the
broadest range of relevant interested parties worldwide have the opportunity to participate, and are approved
by consensus amongst the individual participants in the workshops. If there is an existing ISO committee
whose scope covers the topic, the published International Workshop Agreement is automatically allocated to
this committee for maintenance. An International Workshop Agreement is reviewed three years after its
publication and can be further processed to become a Publicly Available Specification, a Technical
Specification or an International Standard, according to the market requirement. An International Workshop
Agreement can exist for a maximum of six years, following which it is either withdrawn or converted into
another ISO document.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
CDPRF IWA 48:2024(en)
Introduction
0.1 What is ESG?
Environmental, Socialsocial and Governancegovernance (ESG) – is a strategic and operational framework that
aims to assist organizations, of any size and type, to implement and report on their activities, products,
services and commitment to support the achievement of sustainable development, social justice and good
governance. Adopting ESG brings a clearer focus on an organization’s impacts on the environment and the
society, including contribution to the delivery of the United Nations (UN) Sustainable Development Goals
[1]
(SDGs), alongside an evaluation of) , as well as evaluating the impacts of the environment and society on the
organization.
ESG is distinctive for organizations partly because it guides decision-makers attention more on the impacts
and accountability of organizations with respect to communities, the environment and everyday lives.
Regulatory bodies, policy makers, and investors are particularly interested in ESG for this precise reason and
because, everyone has the potential to be an interested party in the outcomes of ESG activities.
Being open, honest, and factual about all aspects of the organization is a positive ESG trait which underpins
good governance, the ‘G’ of ESG, that takes full account of the direct and indirect, individual and collective ‘end-
outcomes’outcomes of organizations’ activities, products and services, and has regard for external influences,
regardless of their source, type, size, or jurisdiction, including their supply chains and customers.
ESG involves accurate and regular reporting of financial and non-financial material impacts. But ESG is not
just about reporting. The focus of this document is deliberately on the implementing and embedding of ESG
practices and values throughout an organization’s culture and activities.
EXAMPLE 1 ESG can include:
— “E”:Environmental (E): climate change mitigation and adaptation, sustainable resource use and energy efficiencies,
circular economy, prevention of pollution and waste management, protection of the environment, biodiversity and
restoration of natural habitats.
— “Social (S”:): internal and external social factors and impacts, including human rights, labour practice, decent work,
consumer issues, community relations and engagement (including involvement in, influencing and embedding the
organization's ESG activities), privacy and data protection, health, well-being and safety, supply chain management,
other human capital and social justice issues.
— “Governance (G”: governance) of the organization, including the governing of the “environmental (E”) and the “social
(S”) categories -: corporate board composition and structure, strategic sustainability oversight and compliance,
executive compensation, anti-corruption, responsible political involvement, fair competition, promoting social
responsibility in the value chain, respect for property rights and interrelationship with communities and society.
[1] [1]
ESG draws on and supports the UN Sustainable Development Goals ((SDGs)) to help define
‘positive’positive social and environmental outcomes. Furthermore, ESG can be considered as connected to
and convergent with Sustainable Developmentsustainable development.
ISO recognizes the connectivity between development and use of ISO standards in achieving the UN SDGs 2030
agenda.
This document is intended as a contribution for organizations considering impacts of and on the 17 SDG goals
and how they can optimize the linkages between ESG activities within selected SDGs.
EXAMPLE 2 SDG Goal 6 Ensureis to ensure the availability and sustainable management of water and sanitation for
all. Access to safe water, sanitation and hygiene can be a material consideration for the organization and the communities
[2]
it is engaged with. ISO has standards covering almost every aspect associated with water, including ISO 46001 Water
v
CDPRF IWA 48:2024(en)
[2]
Efficiency Management where an organization 46001 can help organizations or communitycommunities who heavily
rely on the organizations water activities and may wish to demonstratewith demonstrating their ESG credentials through.
This document is intended as a contribution for organizations considering impacts of and on the 17 SDG goals
and how they can optimize the linkages between ESG activities within selected SDGs.
[3]
ISO has alsoin collaboration with UNDP have developed in conjunction with the ISO/UNDP PAS 53002 , Guidelines for
[3]
Contributingcontributing to UNthe United Nations Sustainable Development Goals ISO/UNDP PAS 53002:2024 .(SDGs).
0.2 ESG landscape
ESG’s broad perspective necessitates a wider set of reporting standards, both financial and increasingly non-
financial, that allowsallow organizations to demonstrate their ESG current state of ESG achievement, progress
or ‘maturity’maturity and to ensure certain levels of regulatory compliance or conformity with national or
internationally agreed ESG standards. Many interested parties need to be able to rely on and understand the
ESG reports. Therefore, more than ever, the measurement and reporting of environmental and social
outcomes need to be undertaken and performed in a standardized, credible and verifiable way.
The ESG landscape is currently complex. There are many overlapping and competing ESG standards and
frameworks, some mandatory requirements, some voluntary, and some commercial. Different methodologies
and forms of measurement, varied definitions and competing approaches result in confusion, and this has
undermined the trust in ESG claims which, in turn, has tended to discourage investment and further
engagement in ESG by organizations in ESG.
0.3 The evolving ESG landscape
As regulation and legislation on ESG develops around the world, there is an increasing awareness that
mandatory disclosure and market transparency around ESG outcomes, impacts, risks and opportunities will
continue to expand. ContinuedThe continued expansion of ESG and sustainability reporting and disclosure
requirements over the next few years are likely to focus organizationsorganizations' attention on how to
manage the increasing demands.  For example, senior finance and sustainability executives in large
corporations are increasingly recognizing the need to be well prepared in ESG reporting on ESG as new
requirements unfold.
The overall ESG landscape is evolving and extending.:
— Senior executives are understandingunderstand that to respond tomeeting ESG there is a demand
forrequirements requires engagement with a broad range of interested parties. Though theWhile ESG
demands, typically, come from investors, board members, shareholders and customers, it is critical to
consider the interests of all interested parties including personnel, customers, supply and value chain
partners, regulatory bodies and the communities in which they locate inare located and serve.
Increasingly, shareholders (including the more vocal activist shareholders) are demanding more emphasis
on sustainability and ESG impacts.
— The number of organizations that ESG covers is expanding, including smaller interested parties (e.g. small
and medium enterprises [SMEs]) who are seeking or developing similar ESG goals similar to those of large
corporations, on a voluntary basis. They require as much support, guidance and attention as those who
are mandated to report and disclose.
— The tendency has been to focus mainly on climate-related risks, resource use and circularity, such as,
achieving net zero and other environmental reporting requirements. The Environmental focus has
dominated ESG in corporate settings. Increasingly Socialsocial and Governancegovernance factors need to
strengthen given the recognition that the Environmentalenvironmental and Socialsocial factors have to
coexist and be incorporated into the Governancegovernance of an organization.
vi
CDPRF IWA 48:2024(en)
— There is recognition of how ESG information and frameworks are implemented and practised.
Organizations of all types and sizes are determining how to build ESG information.
— The important directions for organizations include:
— how to maximize the potential of ESG data and information for building organizational ESG profiles,
managing impacts, improving sustainability, and providing evidence for functional accountability;
— monitor and evaluate the quality of their ESG performance;
— improve their organization’s decision-making,
— identify trends and employ analytics to monitor their policies and direction for ESG improvements.
Implementing the ESG framework can improve and accelerate organizational strategies and actions on
sustainability by shaping policies and practices related to the environment, social values and conditions. The
increased value resulting from adopting the ESG framework is demonstrated through ESG strategies, actions
and how ESG reporting is conducted; thus. Therefore, ESG strengthens both the organization and the
community.
There is a growing recognition that ESG can and should be viewed as a core lever in organization’s success, by
expanding their economic, environmental and social development pathways, building competitive advantage
and accelerating sustainability and prosperity.
0.4 ESG framework
This document and supporting materials form the first stage in ISO's, as an ESG framework. The document,
provides overarching principles, a coherent structure and guidance for ESG, so that all interested parties can
be reassured that they are working within the same set of principles. This ESG framework is intended to be
flexible so it can be applicable to organizations of all sizes, sectors and jurisdictions, while reflecting changes
in emphasis that may emerge within ESG more widely. This document allows for regional and economic
differences, including flexibility for organizations in developing regions and those with limited resources. For
example, the framework is designed to be accessible forto SMEs and organizations in developed and
developing countries, and whether they are required to report on ESG or are entering into anengaging in ESG
journey on a voluntary basis.
The document offers incremental pathways for organizations with limited regulatory oversight or technical
capacity, ensuring thatenabling all organizations canto engage in ESG practices.
An ESG strategy and implementation are intended to propel sustainability. Pursuing this document's ESG
principles couldcan add significant value to an organization in terms of:
— Raisingraising capital –: ESG can be a requirement / /rating criteria.;
— Regulatoryregulatory relationships –: ‘green’ labelling and marketing are already or are becomingin
the process of being regulated and requirements for climate-related disclosure requirements for many
organizations isare likely to increase.;
— Customers –customers: increasingly customers can buy or be retained on the basis of ESG ‘values’;
— Personnel – attractedpersonnel: drawn to organizations with a pro-ESG culture.;
— Shareholders –shareholders: potential improved returns, future- proofing, reducing reputational risk;
— Resourceresource utilization –: improving the circularity of finite resources.;
vii
CDPRF IWA 48:2024(en)
— Climateclimate mitigation and adaptation actions -: promoting climate transition and enhancing
resilience.
ISO aimsThe aim of this document is to assist as wide a group of interested parties as possible, and to help
organizations of all types and sizes, to start, deepen, or mature their ESG journey in a clear, accessible and
straightforward manner. ISO constructs, consults on and updates all its international standards and
frameworks on the basis of consensus.
The ESG framework is intended to be complementary to and interoperable with existing voluntary and
regulatory reporting frameworks in order to facilitate global harmonization and alignment toon ESG
principles and approaches. The ESG framework (see Figure 1) draws on relevant existing International
Standards to bring together trusted materials in an overarching structure of principles and is not in and of
itself setting out to be an international reporting requirements document.cross-cutting themes supported by
key performance indicators (KPIs).
The ESG framework draws on existing, relevant ISO standards, many of which will be familiar to millions of
ISO standards users and are tried and tested (and have already been consulted on) throughout the world. The
framework (see Figure 1) has an overarching structure of principles and cross-cutting themes and is
supported by key performance indicators (KPIs), key elements of ‘E’, ‘S’ and ‘G’. Other ISO standards allow a
more in-depth examination of these areas and organizations can chose to undertake and adopt any and as
many of the existing ISO standards as they would find helpful. Importantly, ISO is not seeking to re-write
existing materials, but to bring together trusted materials and standards.
NOTE The framework also aligns with ISO’s London Declaration on Climate Change – see
https://www.iso.org/ClimateAction/LondonDeclaration.html .
This document provides a high-level framework and set of principles to address how to implement and embed
ESG within the culture of an organization to support management of ESG performance, and to support
measurement and reporting under existing frameworks. This enables consistency, comparability, and
reliability of ESG reporting and practices globally.
This document provides guidance by identifying high-level existing requirements which cover all elements of
‘E’, ‘S’ and ‘G’ in a holistic way, providing integrated solutions, identifying key performance indicators which
support the evaluation of maturity levels within the organization.
This document responds directly to the identified needs of interested parties, including businesses, investors,
communities, governments, and consumers, who in turn need to respond to regulatory requirements. This
document is outcome-focused and performance-based, enabling a holistic and measurable approach,
facilitating sustainable change.
ThisThe principles framework in this document focuses on the non-financial aspects of claims, reporting and
disclosure and not solely theon accounting practices. Tangibles and intangibles should be integrated within
the evaluation of risks and opportunities evaluation.
The main components of this document are as set outpresented in Figure 1Figure 1.
viii
CDPRF IWA 48:2024(en)
Figure 1 — Main components of the ISO ESG framework
0.5 Maturity
The ESG framework is clearly not just aboutgoes beyond reporting, but recognizesrecognizing that positive
outcomes will be more effective, productive and sustainable if a supportive ESG culture is embedded
throughout anthe organization. Good Governance (‘G’governance (G) enables the development of a coherent
ESG culture. ESG is not a fixed position with a pass/fail result, but a journey of growinggrowth and deepening
ESG maturity, integrating continual improvement.
A maturity matrix is included in 7.57.5, showing the differential outcomes for communities (social) and the
environment at four levels of maturity. The ISO frameworkThis document is designed to accommodate
organizations just starting their ESG journey, those underway but not sure where to go next, and those with
some experience but who wish to ‘keep going’going or push boundaries, becoming leaders in thisthe field.
Maturity should also be considered in terms of how ESG credibility and trust are embedded. ESG claims and
reports should be true, fair and not misleading (see 9.2.3).9.2.3). ESG implementation should always follow
the intent (i.e. spirit) behind the words and not just the literal reading of any statements, requirements, rules,
laws, or specificationsstatement, requirement, rule, law or specification.
Greater maturity in ESG should bring increased value, added innovation in tackling
Environmentalenvironmental and Socialsocial impacts, both at an organizational level, and, externally, to the
wider communities and the environment.
ix
CDPRF IWA 48:2024(en)
Framework for implementing environmental, social and governance
(ESG) principles
1 Scope
This document provides a high-level framework and set of principles to provide guidance on how to
implement and embed environmental, social, governance (ESG) within the culture of an organization to
support management of ESG performance, measurement and reporting, enabling consistency, comparability,
and reliability of ESG reporting and practices globally.
This document provides guidance that identifies high-level principles and thinking that cover all elements of
ESG, thus providing integrated solutions, with measurable key performance indicators (KPIs) to support the
evaluation of maturity levels within the organization.
This document is relevant for a wide range of organizations of all types and sizes across the globe including
SMEs and organizations in low- and middle-income countries. It is complementary and interoperable with
existing voluntary and regulatory reporting frameworks to facilitate global harmonization and alignment on
ESG principles and approaches and is not in itself a reporting framework.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. ISO and IEC maintain
terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
3.1
sustainability
state of the global system, including environmental, social and economic aspects, in which the needs of the
present are met without compromising the ability of future generations to meet their own needs
[4] [4]
[SOURCE: ISO Guide 82:2019 ,ISO Guide 82:2019, 3.1, notemodified — Note 1 to entry and noteNote 2 to
entry have been deleted].]
3.2
sustainable development
development that meets the needs of the present without compromising the ability of future generations to
meet their own needs
[5] [5]
[SOURCE: ISO 26000 ,ISO 26000, 2.23, notemodified — Note 1 to entry has been deleted].]
3.3
interested party
stakeholder
intended user
person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity
CDPRF IWA 48:2024(en)
EXAMPLE Customers, owners, people in an organization, providers, bankers, regulators, unions, partners or society
that can include competitors or opposing pressure groups.
[6] [6]
[SOURCE: ISO 9000:2015 ,ISO 9000:2015, 3.2.3, modified, — "intended user" has been added; interested
party is preferred term; and Note 1 to entry has been deleted.]
3.4
personnel
individuals in a relationship recognized as a work relationship in national law or practice, or in any contractual
relationship that depends on its activity from the organization
[7] [7]
[SOURCE: ISO 37301:2021 ,ISO 37301:2021, 3.22]
4 Principles and practices in ESG
4.1 Overarching principles
The principles in this document are central to its development and should be applied throughout its
application, reporting and assessment.
a) Integrity. Apply: Applying commonly- shared ethics, utilizing elements of independence, the ability to be
objectiveobjectivity, openness and transparency in all ESG decision-making and reporting; with effective
accountability mechanisms based on sound leadership, systems and controls, including feedback from
interested parties.
b) Outcomes-focused. Identify, evaluate: Identifying, evaluating and managemanaging the direct and
indirect, strategic and operational outcomes, in addition toas well as the outcomes of the environmental
and social impacts based on the decisions and activities, including intended and unintended consequences
on and from the organization.
c) Equity. Ensure: Ensuring shared values and a balancing of the interests balance of interested parties
parties’ interests in as objective, fair, and impartial way as possible, bearing in mind long and short-term
risks and opportunities, practicalities such as resource availability, dimensions of materiality dimensions
and the interests of all relevant interested parties, including future generations.
d) Risks and opportunities . The organization should integrate: Integrating the identification,
understanding and management of risks and opportunities into ESG strategies and operations, including
across the value chain and broader impacts on and from the environment and society.
e) Evidence-based.: Identifying and evaluating outcomes in as scientificscientifically or analytical
wayanalytically as possible, using reliable, verifiable evidence, prioritized onprioritizing external and
internal risks and opportunities and their materiality.
f) Maturity.: Continuous improvement, embedding and updating of good practice to integrate ESG as a core
value within the organization with effective risks and opportunities management, measurement and
reporting, ensuring that ESG becomes integrated and ‘owned’owned as part of the DNA, core values,
drivers and learning, rather than an external one-off, tick-box requirement.
4.2 Risks and opportunities
4.2.1 General
Identifying and understanding risks and opportunities within ESG is fundamental when considering ESG
impacts on the organization or by the organization; and should be captured by senior management who set
the tone for their organization. Once identified and understood, the organization should manage risks and
CDPRF IWA 48:2024(en)
opportunities; or have processes and procedures in place to handle risks and opportunities that have been
determined as significant by the organization.
Many risk management experts consider risks as being both positive and negative and therefore base risks
[8]
and opportunities under the term ‘risk’ (ISO 31000 ).
For the purposepurposes of this document and to aid the understanding of risks and opportunities, risks are
negative and opportunities are positive, (e.g. the risk of losing lives or property, in a flood is negative.). An
opportunity (positive) created by flooding could be to develop new flood defence mechanisms, sell more flood
sacks, or to create more natural flood defences, effectively nurturing habitat recovery.
Many risk management experts consider risks as being both positive and negative and therefore base risks
[8]
and opportunities under the term ‘risk’ (ISO 31000 ).
Risks and opportunities relate to an uncertain event or condition that, if it occurs, can change the effects on
one or more factors or impacts of ESG. Opportunities as a type of risk can represent the potential for positive
outcomes or benefits.
The uncertainty of the risks and opportunities should be identified and/or determined and assessed if they
are to contribute as material impacts. The significance and magnitude of the risks and opportunities
determines whether further action should be taken. Risk and opportunity assessment in an ESG context
maycan lead to mitigation, adaptation, or acceptance of the consequences or potential consequences with no
action. Risk and opportunity thresholds vary individually and organizationally, therefore the identification
and assessment of risks and opportunities, including the likelihood of something happening, within a given
time horizon, can be subjective.
The response to the assessment can be determined with:
— evaluating the assessment;
— dependency on the risks and opportunities appetite of the organization or individuals making the
decisions;
— considering and respecting all relevant interested parties’ knowledge and understanding of the risks and
opportunities through engagement (4.4.3);
— consideration of the inherent characteristics of the system (e.g. organization, process, environment, social
systems) –): systemic attributes;
— systems-thinking approach to the consequences of the actions taken (or not), i.e. understanding the knock-
on effects (e.g. mitigating or adapting to the flood risks in one area creating upstream or downstream
catchment effects).
ESG risks and opportunities are determined in the context of:
— ESG factors and their associated impacts;
— materiality (financial materiality and/or impact materiality, inside out / /outside in impacts);
— significance and magnitude of each impact;
— whether they are direct or indirect impacts;
— interested parties’ views of actual and/or perceived risks and opportunities
— opportunities and their associated benefits
CDPRF IWA 48:2024(en)
Embedding a strategic, ‘risks- and opportunities’ opportunities-based approach to ESG, often alongside
sustainable development, within the organization’s activities supports effective and coherent planning in
managing negative and positive outcomes in the short, medium and long term.
Risks and opportunities should be considered across the whole organization, throughout the product, service
life cycle and value chain, both internally and externally.
Both risks and opportunities and their consequences can be identified from performing either a risk and
opportunity or materiality assessment. When risks are identified, decision-makers should treat the direct
cause, root cause or indirect cause(s). When opportunities are identified, decision-makers should be
proactive and look for emerging opportunities. In both cases, this ESG framework is an aid for producing
solutions.
4.2.2 Principles and Frameworkframework
4.2.2.1 Principles
4.2.2.1.1 General
Risk and opportunity principles are based on the creation and protection of value. The characteristics of
effective and efficient risk and opportunity management have been identified as having an approach which is:
— Integrated –: a holistic approach considering the organization’s activities in relationship to society and
environment.
— Structured and comprehensive –: contribute to consistent and comparable results.
— Customized –: customizable and proportionate to the context of the organization’s ESG-related objectives.
— Inclusive –: appropriate and timely involvement of interested parties, ensuring their views are heard and
taken into consideration when developing and implementing ESG-related strategies and actions.
— Dynamic –: anticipating, detecting, acknowledging and responding to changes in real time and as
circumstances dictate, remembering to report significant changes that change the magnitude of material
impacts in a timely manner.
And considers:
— Best available information –: using scientific and credible information where possible, while identifying
and communicating assumptions, limitations and uncertainties.
— Human and cultural factors –: considering behaviour and culture as having a significant influence on risk
and opportunity assessment impacting all levels (e.g. individual, team or group, organizational, societal,
cultural) and stages (e.g. identification, assessment, mitigation or response, communication), including
those outside the organization and geographical regions.
— Continual improvement –: using the learning and experience to hone the risk and opportunity
evaluation, strategies and implementation of actions.
[8]
NOTE See ISO 31000 ]
[8]
NOTE See ISO 31000.
CDPRF IWA 48:2024(en)
4.2.2.2 Framework
4.2.2.2.1 General
ESG adds an additional dimension to risks and opportunities and their management: the organization should
identify, assess or evaluate, manage (and report) risks and opportunities posed by the organization to the
environment and society, notably to the organization’s immediate and potentially widespread communities
that may be affected or supported by its activities.
A key aspect of a risk and opportunity management framework is to facilitate engagement and analysis with
interested parties, integrating their views and expectations into significant activities, functions, and systems
thinking, to inform decision-making and drive strategic outcomes.
The effectiveness of managing risks and developing opportunities will depend on the effectiveness of
engagement with interested parties. Risk and opportunity management should draw on the differing
perspectives of all relevant interested parties. Where the organization is carrying out ESG-related activities
and reporting, this should reflect the risks and opportunities, not only to their organization but also the other
interested parties that may be affected.
Adequate resources should be committed by senior management, enabling safe management of harms and the
ability to seize suitable opportunities. A robust ESG roadmap should support the decision-maker allocating
resources in accordance with the ESG needs.
There are many ISO standardsInternational Standards to help organizations manage risks and opportunities
(see 4.2.44.2.4).
The explicitly external-facing perspective in assessment of ESG risks and opportunities requires additional
tools to define and evaluate the environments and communities potentially affected (e.g. environmental risk
assessment and/or social impact assessment).
Given that much of ESG, especially social impact, could be new to organizations, there is an even greater
necessity to work collectively with organizations in the sector. Decision-makers need to evaluate the impacts
within sectors and wider interested parties. Firstly, establishing what is reliable and credible evidence
sources, and secondly how one can test and evaluate data and information shared. Innovative organizations
will follow the ESG framework to prepare and refine data having new data sets related to Key Performance
Indicators (KPIs),KPIs, learning how to reject erroneous data, or unsuitable results.
Horizon scanning is important as regulatory requirements, social expectations and generally accepted norms
are likely to continue to evolve and change focus.
Market scanning, trend analysis, predictive modelling and forecasting can also assist in determining the
organization’s exposure to emerging or foreseeable ESG risks and opportunities.
Aspects such as climate change, biodiversity, human rights, modern-day slavery, equality, diversity, and
inclusion, associated not only with the organization but also its value chain and customers (i.e. upstream and
downstream), should be evaluated.
Appropriate communications and engagement by organizations with relevant interested parties should
empower those interested parties to become active contributors in the creation and protection of value.
4.2.2.2.2 Risk and opportunity framework development
Risk and opportunity framework development is a function of good governance and should be considered in
terms of:
...