Climate risk management is not just about identifying and assessing risks. It also covers opportunities, prioritisation against competing risks, and integration with the enterprise-wide risk framework. This lesson covers the remaining risk management disclosure requirements and the principle of avoiding unnecessary duplication.
Paragraph 25(b): Processes for Climate-Related Opportunities
Building on the TCFD framework, IFRS S2 explicitly requires disclosure of processes for identifying and managing climate-related opportunities, not just risks. Paragraph 25(b) requires the entity to describe:
- How climate-related opportunities are identified, assessed, and prioritised
- Whether and how scenario analysis is used to identify opportunities
- How opportunities are integrated into the entity's overall risk management processes
This reflects the ISSB's recognition that climate change creates genuine commercial opportunities for renewable energy companies, green building developers, climate technology providers, and many others. A complete picture of an entity's climate exposure must include both sides of the ledger.
Example: Opportunity identification process
"Our climate opportunity assessment is conducted annually by the Strategy team, using the same three scenarios we apply to risk assessment (IEA NZE, APS, STEPS). We assess opportunities across three categories:
Resource efficiency: We identify energy cost reduction opportunities by benchmarking facility consumption against best-in-class peers and modelling the NPV of efficiency investments at our internal carbon price.
New products: Our Product Development function maintains a pipeline of low-carbon product concepts assessed for market readiness in each scenario. Under the NZE scenario, we estimate 25% of 2030 revenue could come from zero-emission product lines currently in development.
Market access: We monitor green procurement requirements from our top 50 customers, mapping their stated sustainability requirements to our product roadmap. Eight of our top 20 customers have introduced supplier emissions requirements effective 2025."
Paragraph 25(c): Integration into Overall Risk Management
Paragraph 25(c) requires disclosure of the extent to which the climate risk identification and management processes are integrated into the entity's overall risk management framework.
This is one of the most important indicators of climate risk management maturity. The spectrum runs from:
- Siloed: Climate risk is managed by a dedicated sustainability team that operates separately from the main risk function. Outputs are not systematically incorporated into the enterprise risk register.
- Partially integrated: Climate risks are identified by the sustainability team and then reviewed by the risk function annually. They appear in the enterprise risk register but use different scoring criteria.
- Fully integrated: Climate risks are identified, assessed, and monitored using the same frameworks, scoring criteria, and governance structures as all other enterprise risks. They sit alongside credit, operational, and reputational risks in the same register and are escalated through the same governance channels.
| Integration Level | Key Characteristics | Investor Perspective |
|---|---|---|
| Siloed | Separate sustainability team; separate risk register; no cross-functional review | Climate risks may be understated; limited board visibility |
| Partially integrated | Annual transfer to enterprise risk register; different scoring methodology | Improving but inconsistent treatment; governance gaps possible |
| Fully integrated | Same team, tools, scoring, and governance; real-time monitoring | Climate risks given appropriate weight; board receives consistent risk picture |
Paragraph 26: Avoiding Unnecessary Duplication
Paragraph 26 applies an efficiency principle: if a company uses the same enterprise process to track climate risk, water risk, and human rights risk, it can describe that process once and point out the climate-specific details rather than duplicating the description for each topic.
For example, if climate risks are managed on an integrated basis with other sustainability risks (water risk, biodiversity risk), the entity need not provide separate risk management disclosures for each topic. An integrated description, clearly indicating which elements apply to climate, is sufficient.
This provision also connects to IFRS S1: if the entity's overall approach to sustainability risk management is described in detail under IFRS S1, the climate-specific risk management disclosures under IFRS S2 can reference that description and only add climate-specific incremental detail.
The integration requirement is analogous to the relationship between a company's cybersecurity risk management and its general IT risk management. A company with mature IT governance does not manage cybersecurity risk in a separate silo. It integrates cyber into its enterprise risk framework. IFRS S2 expects the same for climate: not a parallel universe of climate risk management, but climate risks embedded in the mainstream risk management architecture.
Connecting Risk Management to the Other Pillars
Risk management disclosures do not stand alone. They must be consistent with and connected to the other three pillars:
- Governance: The risks identified and monitored in the risk management section should be the same risks that the governance body is informed about (Para 6(a)(iii)) and that inform target-setting (Para 6(a)(v))
- Strategy: The significant risks identified in risk management should correspond to the risks disclosed in the strategy section (Para 10 to 12)
- Metrics and Targets: The monitoring processes (Para 25(a)(v)) should link to the metrics used to track climate risk and opportunity performance (Para 29)
Key Takeaways
- 1IFRS S2 explicitly requires disclosure of processes for identifying and managing climate-related opportunities, not just risks
- 2Integration level with enterprise risk management is a key quality signal - fully integrated (same tools, scoring, governance) is more credible than siloed sustainability processes
- 3Para 26 allows integrated risk management disclosures across sustainability topics (climate, water, biodiversity) to avoid duplication
- 4The risks identified in risk management must match those in strategy, and the monitoring processes must link to the metrics used to track performance
- 5Opportunity identification should use the same scenarios and processes as risk identification, ensuring both sides of climate exposure are systematically assessed