CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites

TheCorporateCounsel

TheCorporateCounsel.net

A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.

Visit
DealLawyers

DealLawyers.com

An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.

Visit
CompensationStandards

CompensationStandards.com

The “one stop” resource for information about responsible executive compensation practices & disclosure.

Visit
Section16.net

Section16.net

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.

Visit
PracticalESG

PracticalESG.com

Keeping you in-the-know on environmental, social and governance developments

Menu

Topics Close

Assurance
Climate
Compliance
Diversity
Environment
Equity
ESG
Guest Post
Human Rights
Investors
New Subject Area2
NEw Topic test
Social
Supply Chain
TeigaTech
TestSocial
View All Blog Posts

Table of Contents

Risk Identification

The first step is to identify environmental aspects of your company’s operations that may create business risks. In some ways, this step resembles a materiality assessment, although this is generally more granular. The assessment may be broad (e.g., all environmental risks) or focused (e.g., environmental risks related only to fuel use/GHG).

The most important thing to keep in mind during risk identification is to be objective. This means avoiding biases of “this won’t really happen” or making quick judgements about the severity of a risk or event that lead you to exclude matters. To avoid overlooking relevant events, identification is best made apart from the assessment of the likelihood of the event occurring or the impact or effectiveness of control systems. At this point, you should identify risks in their “gross” (or uncontrolled) state. Risks are best initially identified assuming no controls are in place, or that controls will fail.

While equipment may pose the physical source of most environmental risks, management systems, programs and priorities are a major factor in how operating equipment performs and how employees deal with both expected and unexpected conditions. Inadequacies in these programs can manifest as environmental incidents and risks.

To develop an environmental risk inventory, review existing information including, but not limited to:

  • Site operations (what does the site do; what chemicals, fuel and equipment are used; where is the site, what environmental permits and regulations are applicable; what waste products are generated and how are they managed; physical condition/age of equipment; maintenance and operations records)
  • Corporate operating programs
  • Site-level implementation of those programs
  • Regulatory compliance and enforcement information from the company and regulatory databases
  • Environmental permit requirements
  • Environmental management systems and procedures
  • Environmental incidents that have occurred in at least the past five years (leaks, spills or emissions of material that may or may not be regulated)
  • Third-party claims and lawsuits related to environmental matters
  • Environmental clean-up/remediation projects
  • Insurance policies that cover or exclude environmental conditions or occurrences
  • Environmental compliance documents
  • Facility inspections
  • Raw materials/chemicals lists
  • Employee training records
  • Job descriptions of key individuals
  • Emergency response plans
  • Wastewater/waste management documentation
  • Purchasing/procurement procedures
  • Supplier codes of conduct
  • Contracts with and from vendors/suppliers
  • Supply chain ESG risk assessments and audits
  • ESG ratings information
  • Responses to surveys/questionnaires from investors and ESG ratings organizations
  • NGO/media reports about the company, locations or industry including chemicals used, community activism/complaints
  • Corporate ESG/sustainability reports
  • Corporate financial reports
  • Shareholder proposals or activism related to ESG matters
  • Climate action plan or transition plan, including the use of credits/offsets
  • External communications about the company’s environmental or sustainability attributes, including sales/marketing/advertising initiatives

This should be augmented with interviews of key staff and reviews of additional relevant documents that may be identified. Interviews should include executives, operations management, environmental, procurement/purchasing, supply chain, investor relations, risk management and legal staff.

Other matters to consider and evaluate include merger, acquisition and divesture plans and other major business or product changes.

In reviewing the data, gain information on:

  • Perspectives and history with regard to environmental losses and exposures
  • The frequency of environmental events or incidents
  • Compliance issues and third party risks at operating sites
  • Management culture and communications
  • Performance metrics/expectations regarding environmental management
  • Supplier risk management controls
  • Reponses to environmental events by the company and third parties
  • How the company expresses environmental risks in financial terms and reports
  • The vision of the company’s future that may impact its environmental risk
  • Control mechanisms, oversight and governance related to environmental operations, reporting and communications.
Next: Risk Inventory and Categorization Or, return to all guidebooks