Risk Disclosure

Risk disclosure provides investors and stakeholders with information about the principal risks facing a company, how those risks are managed, and the potential impact on the company's financial position and performance, enabling more informed decision-making.

Effective risk disclosure goes beyond listing risk factors to explain the company's risk appetite, the likelihood and potential severity of key risks, the effectiveness of mitigation measures, and how risks are evolving. The expansion of risk disclosure to include climate-related and broader sustainability risks represents a significant evolution in corporate reporting practice.

Climate and Sustainability Risk Disclosure

The TCFD framework (now subsumed into ISSB standards) established the expectation that companies disclose climate-related risks and opportunities across four pillars: governance, strategy, risk management, and metrics and targets. IFRS S2 requires disclosure of climate-related physical risks (acute and chronic) and transition risks (policy, technology, market, reputation). ESRS E1 requires disclosure of climate-related risks, their financial effects, and the company's resilience under different climate scenarios.

Enterprise Risk Management

Best practice risk disclosure is grounded in effective enterprise risk management (ERM). The COSO ERM Framework and ISO 31000 provide widely used frameworks for identifying, assessing, and managing risks. Boards are expected to oversee the risk management framework, set risk appetite, and ensure that emerging risks — including ESG-related risks — are identified and addressed.

Further Reading

• TCFD — Climate risk disclosure framework
• Risk Management — Enterprise risk management

Key Resources

• TCFD Recommendations (now ISSB)
• COSO Enterprise Risk Management Framework

Related Topics

• Risk Management
• TCFD
• Transition Plans