The four pillars of IFRS S2 form a closed loop: governance sets the accountability structure, strategy identifies risks and responses, risk management provides the analytical process, and metrics measure the outcomes. This lesson maps those connections and explains why the ISSB designed them to be mutually reinforcing.
Why the Four Pillars Must Connect
The ISSB's design intent, articulated in the Basis for Conclusions (BC70 to BC72), was that the four pillars of IFRS S2 should form a coherent, interconnected disclosure framework, not a series of independent checklists. Each pillar generates information that feeds into and is informed by the others.
An investor reading a complete IFRS S2 disclosure should be able to follow a logical chain:
| Pillar | Information Generated | Flows Into |
|---|---|---|
| Risk Management | Identified and assessed climate risks and opportunities | Strategy (which risks to respond to), Governance (what to report to the board) |
| Governance | Accountability structure; board-approved targets; remuneration linkage | Strategy (board-approved direction), Metrics (what to measure and report) |
| Strategy | Risk responses; transition plan; financial effect analysis | Metrics (targets to measure against), Risk Management (new risks from strategic choices) |
| Metrics and Targets | Performance data; target progress | Governance (progress reporting to board), Risk Management (monitoring of risk KPIs) |
Scenario Analysis as the Connecting Thread
Scenario analysis appears in multiple pillars, acting as a bridge between them:
- Risk Management (Para 25(a)(ii)): Scenario analysis is used to identify climate risks and opportunities
- Strategy, Climate Resilience (Para 22): Scenario analysis is used to test the entity's strategy against different futures
- Strategy, Financial Effects (Para 15 to 21): Scenario analysis informs the anticipated financial impacts of climate risks
- Governance (Para 6(a)): The board oversees the scenario analysis programme as part of its climate risk oversight
This means a company conducting scenario analysis should be able to explain how the same analytical work feeds into all four pillars: the risk register, the resilience assessment, the financial impact estimates, and the board's oversight agenda.
The Risk Management to Strategy Connection
The Basis for Conclusions (BC70) notes that the ISSB added a specific requirement (Para 25(a)(ii), disclosure of whether and how scenario analysis is used in risk identification) precisely to connect risk management to the strategy's resilience assessment.
Before this addition, there was a risk that entities would conduct scenario analysis for the strategy section and conduct risk management using entirely different, disconnected processes. The explicit requirement forces entities to show that their risk identification and their strategic resilience assessment are informed by the same analytical foundations.
Think of the four pillars as the four legs of a table. Each leg must be strong individually, but the table is only stable when all four are present and connected. A disclosure that has a sophisticated strategy section but a perfunctory risk management section suggests the strategy is not grounded in systematic risk analysis. A robust metrics section without governance linkage suggests the metrics are reported but not acted on. IFRS S2's design forces entities to build all four legs and connect them.
Avoiding Duplication Without Losing Coherence
The ISSB balanced two competing concerns in designing the risk management requirements (BC71 to BC72):
- Consistency with IFRS S1: Risk management requirements under IFRS S2 are closely aligned with IFRS S1 to ensure entities applying both standards do not face contradictory requirements or need to duplicate their risk management processes.
- Avoiding unnecessary duplication: Entities can describe their overall sustainability risk management approach once (under IFRS S1 or in an integrated manner) and add climate-specific incremental detail in the IFRS S2 section.
The key principle is that avoiding duplication should reduce reporting burden without reducing information quality. Referencing another section is acceptable; omitting material information on the grounds of avoiding duplication is not.
A Self-Assessment Checklist
A well-constructed IFRS S2 disclosure should pass this coherence test:
- The risks identified in risk management match the risks disclosed in strategy
- The board oversight described in governance covers the same risks and targets described in strategy and metrics
- The monitoring processes in risk management use the same KPIs disclosed in metrics
- The scenario analysis described in climate resilience (strategy) is the same analysis that informs risk management risk prioritisation
- The targets in metrics are the same targets the board is described as monitoring in governance
- Progress on the transition plan (strategy) corresponds to the metrics trend data in the metrics section
Key Takeaways
- 1The four pillars form a closed loop: risk management feeds strategy, governance provides accountability for metrics, and metrics measure what strategy planned
- 2Scenario analysis is the connecting thread - it appears in risk management (identification), strategy (resilience), financial effects (anticipated impacts), and governance (board oversight)
- 3A coherence self-check: risks in risk management should match strategy, board oversight in governance should cover the same targets as metrics, and monitoring KPIs should align across pillars
- 4The ISSB added Para 25(a)(ii) specifically to force entities to connect their risk identification process to the strategic resilience assessment
- 5Avoiding duplication should reduce reporting burden without reducing information quality - referencing another section is acceptable, omitting material information is not