Internal audit can partner with the organization in climate scenario planning.
Organizations are increasingly relying on climate risk scenario analysis.
Articles Steve Bochanski, FSA, CERA, MAAA Jun 10, 2024
Organizations are increasingly relying on climate risk scenario analysis.
In May, Europe’s Copernicus Climate Change Service reported that April and the 10 months preceding it have each been the planet’s warmest months on record. Meanwhile, the U.S. National Oceanic and Atmospheric Administration announced that global carbon emissions hit a record high in 2023, and atmospheric CO₂ is now 50% higher than pre-industrial levels.
Many organizations are now recognizing the importance of evaluating climate-related risks — whether they are working to comply with regulatory requirements or looking to incorporate climate in their ongoing, overall business strategy. To address these challenges and respond to inquiries from investors and regulators, organizations are increasingly relying on climate risk scenario analysis.
Internal audit can be a valuable contributor in this emerging area of practice. Recognizing the importance of strong governance, controls, and regulatory compliance in their climate risk programs, organizations can engage internal audit to assess their climate risk scenario analysis.
As businesses embark on their climate planning journey, many have adopted the recommendations of the Financial Stability Board’s Task Force on Climate-related Financial Disclosures (TCFD). The TCFD recommendations, recognized by regulators globally as the leading basis for climate risk disclosures, provide a comprehensive framework for companies to use in disclosing climate-related risks.
The TCFD framework recommends a company perform scenario analysis or planning to develop a more comprehensive picture of the impact of climate-related risks it may be facing. Using the framework, an organization typically begins with a qualitative assessment of climate risk, conducting a high-level evaluation of the areas of the business most susceptible to being impacted. Companies with more resources can take the next step, performing quantitative analyses to identify the potential costs of climate-related risks.
When applying the TCFD framework, a business should assess climate risks in terms of both the short-term (one to five years) and long-term (10 to 20 years) and consider multiple climate scenarios. For example, a “low warming” scenario might assume emissions won’t exceed the goals of the 2015 Paris Agreement, while a “high warming” scenario might have emissions continue their current trajectory. The TCFD guidance does not prescribe specific timelines and scenarios, but some companies are disclosing the results of their own scenario analyses.
Acute physical climate risks. Extreme weather events such as storms, floods, and wildfires are increasing in severity and frequency and represent the most obvious climate risks businesses are dealing with today. The potential challenges can include damage to facilities and corporate infrastructure, supply chain disruptions, and rising costs, and are cause for concern for business leaders, investors, and consumers, alike.
Chronic physical climate risks. Rising sea levels and higher mean temperatures can affect corporate strategy and have implications for capital expenditures as organizations shift focus to asset resilience.
Transition risks. The risks that emerge as the planet transitions to a lower carbon economy are growing in prominence. Changes in market behavior, technology shifts, more stringent climate regulation, and costs such as carbon taxes or rising utility prices all represent transition risks.
Other risks. With public awareness and demand for sustainable products and services increasing, organizations are assessing the impact these stakeholder demands can have on their reputations. As regulators and activists call for greater transparency around the impact a company’s operations have on the climate, the businesses that fail to adopt, implement, and disclose a coherent climate risk management plan could face a backlash or even regulatory penalties.
By simulating the varying degrees of severity outlined by the scientific community, a company can better evaluate potential financial impact, more accurately pinpoint areas where the business may be especially vulnerable, enhance its resilience against climate risk, and seize opportunities presented by the transition to a low-carbon economy.
Climate scenario planning is generally performed by an organization’s sustainability or enterprise risk management (ERM) function, which collaborates with other areas of the business to gather data on the organization’s climate risks and opportunities. Gathering this information requires input from many stakeholders, and the topics span insurance, operations, supply chain, procurement, investor relations, legal issues, and more. For example, an ERM leader might interview operations personnel to get a sense of the organization’s geographical footprint and the areas most susceptible to climate risk, as well as any mitigation or business continuity plans already in place.
The general progression of steps to take can be applied across industries and use cases. While the level of detail may vary, the testing process remains consistent whether the analysis is quantitative or qualitative.
Determine a concrete objective. Given the wide range of considerations that form a climate scenario analysis, it’s important that companies begin the planning process with a clear objective and focused question in mind. By starting with a specific objective, the analysis can become more streamlined and effective.
Select relevant climate scenarios. Determining what scenarios to analyze will depend on the climate risks relevant to the business. For example, a company interested in how floods or wildfires could impact their portfolio holdings might choose scenarios available from the Intergovernmental Panel on Climate Change, which can be used to quantify physical climate-related risks. Another resource to tap is the Network for Greening the Financial System, which provides a leading transition risk framework that can provide guidance on the secondary effects of physical risks.
No matter which climate-related risks a company identifies as most pressing, scenario analysis is about planning for many future possibilities, not choosing a single “most likely” future. Industry leaders in the climate scenario planning space will likely combine two or three distinct scenarios to help them devise strategies that address climate risks involving both higher and lower CO₂ emissions in the future.
Identify the organization’s approach. After a company decides on the scenario frameworks that best address its needs, it will want to choose a methodology to conduct the analysis. If a quantitative analysis is required, businesses will need to identify the KPIs to model, such as impacts to revenue or expenses — and which variables should be changed in the scenario analysis, like the cost of carbon or size of the market. The next step is addressing structural questions, such as time horizons and which parts of the business to include. Once these variables are identified, companies can begin conducting their analysis.
Gather the necessary data. Reliable, holistic data is important for any effective climate scenario analysis, but accessing that internal data may present a challenge. As climate risks impact many areas of a business, it will be important for companies to create cross-functional teams to communicate with each other, easing the flow of information. Sensitive data such as expected capital expenditures, financial projections, and physical characteristics of facilities will require this type of collaboration.
Internal audit plays several roles in this process, none more integral than as an enterprisewide facilitator. Many climate risk programs are still in their infancy and as such, reporting functions may be siloed, with key messages not always making it to the board level. By reviewing the internal controls and reporting infrastructure needed to drive alignment across a company, auditors can pave the way for collaboration among stakeholders involved in the process.
Understand the business impacts. After establishing a cross-functional team to understand the business’s internal data, companies can begin assessing how their information aligns with available climate data. Where financial variables exist, calculating the impact may be as simple as multiplying projected energy demand by regional projections of energy prices under different emissions scenarios.
In other cases, however, modeling might be involved and may include complex engineering or calculations. These quantitative analyses might render an estimate of the probability of potential business interruptions caused by acute weather events over a 10-year period, or they may indicate a change in projected revenues from a growing demand for a particular product.
Companies performing a qualitative analysis may be helped by categorizing assets or results as high, medium, or low risk, based on available climate data. These categories could be used to prioritize further quantitative modeling.
Leverage the results in strategy and disclosure planning. Once a business has conducted a scenario analysis and better understands the impacts of its climate-related risks, a core TCFD guiding principle indicates it should integrate the findings into its reporting and wider business strategy.
Companies that are leading the way in the sustainability space are using the results of their scenario analyses in daily decision-making. These organizations are combining them with their overall corporate strategy — rather than viewing scenario analysis as simply a compliance activity. Climate-related projections will likely continue to evolve as state, federal, and international bodies adopt additional regulations and as new findings emerge. Organizations that adopt climate scenario testing and unite it with financial planning will be better prepared to adapt to a changing future.
By working with the risk or sustainability teams tasked with developing the organization’s climate scenarios, internal auditors can determine whether the organization is accurately assessing climate risks. Internal audit can contribute to the overall climate risk analysis by:
Reviewing internal data and assumptions. Internal auditors can review the internal data and assumptions used in climate risk assessments to confirm their accuracy, rationality, and reliability, which might involve evaluating the quality of data sources, the modeling techniques, and the strength of underlying assumptions used. Any data used in climate risk analyses should be reviewed and compared against industry standards or those required by regulatory agencies. They should be vetted for consistency with other planning and risk management processes.
Reviewing external assumptions and frameworks used to evaluate climate risks. Internal auditors can assess the soundness of external assumptions used by the climate risk modeling team. These are key to determining the company’s material climate risk. Internal auditors can check that the scenarios used in the analysis are aligned with leading external climate scenarios, such as those published by the Intergovernmental Panel on Climate Change or the Network for the Greening of the Financial System. While organizations may have unique circumstances, having an internal auditor review the general approach for consistency with leading external frameworks provides a level of comfort that the methods and external data used in the organization’s model are sound.
Comparing climate scenario design to regulatory requirements. As specialists in regulatory requirements, internal auditors have the perspective needed to reconcile their organization’s climate scenario design with external requirements. That ability is even more important now as climate disclosure regulations from the U.S. Securities and Exchange Commission, the state of California, and international bodies such as the European Financial Reporting Advisory Group and the International Sustainability Standards Board are implemented. Internal auditors can determine whether their organization’s approach to scenario design is consistent with the requirements of state, federal, and international standards with respect to time horizons, organizational boundaries, and materiality determinations.
Evaluating risk response and mitigation strategies. Armed with an understanding of the climate risks facing the organization, along with the data, assumptions, and methodology underlying the analysis, internal auditors can evaluate the organization’s response to the identified climate risks. This could include assessing the adequacy of controls, evaluating the mechanisms used for monitoring and reporting, and verifying the organization’s response plans. An organization with this process in place can understand, manage, and report on its climate risk management program and effectively deploy capital while engaging with external stakeholders.
Organizations are increasing their efforts to evaluate the physical and transition risks impacting the business and its relationships. Given internal audit’s ability to simplify collaboration across the organization, it can be of great value to scenario planning initiatives. As regulatory scrutiny in this area continues to grow, internal auditors may act as the final line of defense against one of the most significant transition challenges — reputation risk. By confirming governance, controls, and reporting are in place during climate scenario planning, internal auditors can lead the way for comprehensive organizational understanding, oversight, and mitigation of climate-related risk.