The board sets the tone, but management runs the systems. IFRS S2 requires separate disclosure of management's operational role in climate risk governance, including how internal controls and procedures are structured and integrated with other functions.
Management's Role: Two Specific Disclosures
Paragraph 6(b) requires disclosure of management's role in climate risk governance, specifically:
- (i) Whether the role has been delegated to a specific management-level position, committee, or individual, and if so, details of that role: the specific management-level position or committee with day-to-day responsibility, and how that role relates to the governance body (for example, reporting lines)
- (ii) Whether management uses controls and procedures to support oversight, and if so, how those controls and procedures are integrated with other internal functions and processes
Delegation of Responsibility
In practice, most entities delegate climate risk management to a specific senior management role or committee. Common structures include:
| Structure | Description | Reporting Line |
|---|---|---|
| Chief Sustainability Officer (CSO) | Dedicated executive responsible for climate strategy, reporting, and risk management | Reports to CEO; updates board quarterly |
| Management Sustainability Committee | Cross-functional committee of C-suite executives | Chaired by CEO or CFO; reports to Board Committee |
| CFO or Finance Director | Finance leader integrates climate risk into financial planning and reporting | Reports directly to board; connects climate to financial statements |
| Chief Risk Officer (CRO) | Enterprise risk function integrates climate alongside other risk categories | Reports to board risk committee |
IFRS S2 does not prescribe any particular management structure. It simply requires transparency about whatever structure exists.
Internal Controls and Procedures
The second management disclosure (controls and procedures) is particularly important for investors who want assurance that climate data is reliable. This requirement asks entities to explain:
- What controls exist over climate data collection (for example, GHG emissions measurement)
- How those controls align with financial reporting controls
- Whether climate risk management is integrated with broader risk functions (legal, treasury, strategy, operations)
- How information flows from operational teams to management to the board
Management-level climate controls are analogous to internal financial controls. Just as a company has controls over how revenue is recognised and reported, a company with mature climate governance has controls over how emissions data is collected, verified, and reported. IFRS S2 asks you to describe those climate controls in the same way a financial auditor would ask about financial controls.
Integration with Other Functions
A key quality indicator is whether climate risk management is integrated with or siloed from other business functions. IFRS S2 requires entities to describe the extent of this integration:
- Treasury and Finance: Is climate risk factored into financing decisions, debt covenants, or insurance arrangements?
- Legal and Compliance: Are regulatory developments (carbon pricing, physical disclosure requirements) monitored and integrated into risk management?
- Operations: Do operational managers have climate risk responsibilities embedded in their KPIs?
- Strategy: Is climate risk analysis embedded in strategic planning processes?
- Procurement: Is supply chain climate risk assessed as part of supplier management?
Example: A global manufacturer discloses that its Chief Sustainability Officer chairs a monthly Climate Risk Management Committee, which includes the CFO, CRO, and heads of Operations and Procurement. The Committee is responsible for maintaining the climate risk register, approving the annual GHG emissions report, and presenting quarterly updates to the Board Audit and Risk Committee.
The entity also discloses that it has integrated climate risk controls into its internal control framework, with the emissions calculation methodology reviewed annually by the internal audit function. GHG data is certified by site managers and aggregated by the sustainability team before external assurance.
Avoiding Unnecessary Duplication (Paragraph 7)
Paragraph 7 contains an important practical relief: if an entity manages climate-related risks on an integrated basis with other sustainability risks, it need not provide separate governance disclosures for each topic. It can provide integrated governance disclosures that cover all sustainability topics together, clearly indicating which parts apply to climate.
This reduces reporting burden without reducing transparency.
Key Takeaways
- 1Identify the specific management-level position or committee with day-to-day climate responsibility and its reporting lines to the governance body
- 2Describe internal controls over climate data collection (especially GHG emissions) and how they align with financial reporting controls
- 3Show whether climate risk management is integrated across treasury, legal, operations, strategy, and procurement - or siloed in a sustainability team
- 4Paragraph 7 allows integrated governance disclosures across sustainability topics if climate risks are managed alongside other ESG risks, reducing reporting burden
- 5The quality indicator investors look for is whether management controls create reliable information flows from operational teams to the board