Mastering CDP Scoring
ESG/Module 4: IRO process (CDP Module 2)/Lesson 2 of 3/6 min read

Time horizons and substantive thresholds

Lesson 3.2

Key takeaway

Time horizons sound like a definitional question. They are actually one of the most strategic answers in the questionnaire. The horizons you commit to in Module 2 dictate the period over which you have to model risk and opportunity in every later module. Choose horizons that are too short and you understate strategic risk. Too long and you overstate it. This lesson explains how CDP frames time horizons, what substantive thresholds really mean, and how to set both in a way that scores well and is operationally honest.

CDP's three horizon buckets

CDP asks you to use three time horizons consistently throughout your response.

HorizonTypical periodWhat it captures
Short term0 to 3 yearsOperational disruptions, near-term policy, current capex cycle
Medium term3 to 10 yearsAsset lifecycles, transition policy ramps, market shifts
Long term10 to 30 years (or longer)Physical climate change, deep transition, cross-generational risk

These are CDP's typical brackets, but the questionnaire lets you define your own as long as the boundaries are explicit. The expectation is that the long-term horizon stretches at least to 2050 (matching the typical net-zero target window) and ideally to 2100 for physical climate scenarios.

Why horizons drive every later module

Once you set your three horizons, every later question that asks about risks, opportunities, or financial impact has to be answered for each horizon. So a single risk gets disclosed three ways:

  • Short term: how the risk manifests in the next three years
  • Medium term: how it evolves through 2035
  • Long term: where it lands in 2050

If you set horizons that are too short, your long-term risk disclosure becomes shallow because you do not have a 30-year view to populate. If you set horizons that are too far out, your short-term answers feel underdeveloped because you have not done the operational planning detail.

Analogy

Setting time horizons is like choosing the focal length on a camera. A wide lens captures everything but loses detail at the edges. A telephoto captures detail at the cost of context. CDP wants you to use three lenses on the same subject (your business and its environmental exposure) and produce three coherent images.

Aligning horizons with your business reality

The horizons should reflect how your business actually plans, not arbitrary CDP defaults. Some practical anchors:

  • Capital cycle. If your business has a 25-year asset life (cement, steel, real estate), your medium and long horizons should reflect that.
  • Strategic plan window. Most companies have a 5-year strategic plan and a 10-15 year vision document. Use those windows.
  • Net-zero target year. If you have committed to net-zero by 2050, your long-term horizon must extend to at least 2050.
  • Risk function methodology. The corporate risk function may have its own horizon definitions (often 1-3 years operational, 3-7 years strategic). Align with them where possible.

Worked example

SteelCo Limited (synthetic, India). Their cement and steel plants have 30-40 year asset lives. They commit to net-zero by 2050. Their strategic plan runs in 5-year increments.

Their CDP horizons:

  • Short term: 0-5 years (matches strategic plan)
  • Medium term: 5-15 years (covers next two strategic cycles)
  • Long term: 15-30 years (covers asset retirement and 2050 net-zero)

This setup means they can answer every later question against horizons that map to real planning windows. The grader sees coherence between strategy and disclosure.

A common mistake. A consumer goods firm uses the CDP defaults (0-3, 3-10, 10-30) without thinking. Their actual strategic plan is a rolling 3-year window with a 10-year aspirational vision. They have nothing concrete to say about the 10-30 year horizon, so their long-term disclosure is full of vague language. The grader penalises the lack of specificity. The fix is to extend the planning vision document, not to shorten the disclosed horizon.

Substantive thresholds, the second strategic answer

The IRO module also asks you to define what counts as a "substantive" risk or opportunity. We covered the principle in the previous lesson; this lesson goes deeper on how to set the threshold.

CDP wants three components in your threshold definition:

  • A quantitative impact level. A number, in your reporting currency, or a percentage of a financial metric (revenue, EBITDA, replacement value).
  • A probability dimension. Substantive does not just mean large; it means likely enough to act on. Many companies use a 50 percent or higher likelihood threshold.
  • A timeframe. The threshold can vary by horizon. A risk that is small in the short term but large in the long term should still be flagged.

A defensible threshold statement reads:

"We classify a risk or opportunity as substantive if its expected financial impact, weighted by likelihood, exceeds 1 percent of group EBITDA in the short term, 2 percent in the medium term, or 5 percent in the long term, or if it could materially impact a single business unit's continuity."

Notice what this does:

  • It is quantitative (1 percent, 2 percent, 5 percent)
  • It varies by horizon (short tighter, long looser)
  • It includes a continuity safety net for asset-specific risk

How thresholds connect to risk and opportunity disclosure

Once you have a threshold, every risk and opportunity you disclose in Module 3 has to be measured against it. The grader expects:

  • Risks above threshold are disclosed. If your threshold is 1 percent of EBITDA short term and you report only one short-term risk worth 0.3 percent, the grader assumes either you have no real risks or you are filtering out below-threshold items.
  • Risks below threshold are explained, not ignored. A line saying "we identified 14 climate-related risks across the value chain; 4 met our substantive threshold and are detailed in Module 3; the remainder are tracked in our internal risk register" is a Leadership-tier signal.
  • The threshold itself is benchmarked. Top scorers cite peer practice or framework guidance (TCFD, IFRS S2) to justify their threshold level.

Some companies set their threshold extremely low (0.1 percent of revenue) hoping to "show CDP we take everything seriously." This backfires. With a low threshold, every minor weather event becomes a substantive risk, and your risk disclosure becomes a wall of noise. Graders read this as either lack of materiality discipline or attempted gaming. Set the threshold at the level your board actually uses, not lower.

Coherence across horizons, the test the grader applies

After reading your horizons and threshold, the grader applies a coherence test on the rest of your response. They ask:

  • Do your short-term risks match your operational reality? (Acute weather events, current policy, near-term commodity prices)
  • Do your medium-term opportunities reflect your strategic plan? (Product launches, geographic expansion, capacity additions)
  • Do your long-term risks include physical climate change at your asset locations? (Drought, sea-level rise, heat stress)

If any of these are missing, the grader infers that your IRO process does not actually run across horizons. Your disclosed horizons are then judged as theatrical.

The protective practice: before submitting, walk a grader-shaped reviewer through every risk and opportunity you disclosed. Ask them: "could this risk reasonably exist in this horizon? Are we missing one?" The exercise catches gaps that get caught in scoring otherwise.

Worked example

InfraCorp India. Their CDP draft listed 8 risks. After internal review:

  • Short-term risks: covered cyclones (Indian east coast plants) and grid instability. Realistic.
  • Medium-term: covered policy carbon pricing and CBAM. Realistic.
  • Long-term: only listed "physical climate change generally." The reviewer flagged this as too generic. They added specific long-term risks: heat stress shutting down outdoor construction in 2 of 4 regions, sea-level rise affecting one coastal port asset, drought affecting hydropower-dependent operations.

The added specificity moved their long-term risk disclosure from C-band to B-band quality, without inventing new risks; the risks were already known internally.

Key Takeaways

  1. CDP uses three time horizons (short, medium, long) and the periods you choose dictate every later disclosure
  2. Align horizons with your real business: capital cycle, strategic plan, and net-zero target year
  3. Substantive thresholds need three components: quantitative impact, probability, and timeframe-specific levels
  4. Set thresholds at the level your board actually uses, not lower; too-low thresholds backfire as noise
  5. The grader applies a coherence test across horizons; missing risks at a given horizon signals the IRO process is theatrical, not real

Knowledge Check

Test what you just learned

6 questions ยท check each one as you go

0 of 6 answered

How many time horizons does CDP use, and what are they?

What should a long-term horizon typically extend to?

True or false: Your time horizons should match how your business actually plans, not arbitrary CDP defaults.

What is the danger of setting too low a substantive threshold?

Which components must a defensible substantive threshold include?

Select all that apply

Match each horizon to typical content.

Match each item to its pair

Short term (0-3 years)

Medium term (3-10 years)

Long term (10-30 years)

Previous lesson

The IRO process CDP wants to see

Next lesson

Climate, water, and forests overlap

We simplify.
We show you the source.
We make the work easy for you.

This is the whole deal.

โ€” GREENTRYST

Start freeSee pricing