RM2.3: Governance Risk Assessment

This indicator intends to assess the entity’s implemented process for assessing material governance risk, and its understanding and mitigation of these risks. Systematic responses to governance issues include effective risk assessment, thoughtful mitigation planning, and implementation of action plans.

Select Yes or No: If selecting 'Yes', select applicable sub-options.

Material governance issues: Select all issues that are covered by the entity’s risk assessment process(es). It is possible to include an ‘Other’ answer option.

Terminology

Audit committee structure/independence

A corporate board of directors establishes an audit committee to assist in discharging its fiduciary responsibility. An effective audit committee is an important feature of a strong corporate governance culture and should have a clear description of duties and responsibilities.

Board composition

Composition of the board and its committees by (i)Executive or non-executive, (ii) Independence, (iii) Tenure on the governance body, (iv) Number of each individual’s other significant positions and commitments, and the nature of the commitments, (v) Gender, (vi) Membership of under-represented social groups, (vii) Competences relating to economic, environmental and social impacts, (viii) Stakeholder representation.

Board ESG oversight

The highest committee or position that formally reviews and approves the organization’s sustainability report and ensures that all material topics are covered.

Board-level issues

Governance issues that should be recognized at board-level by the entity.

Bribery

The offering, giving, receiving or soliciting an item of value to influence the actions of an official or other person in charge of a public or legal fiduciary duty.

Compensation committee structure/independence

Compensation decisions are central to the governance of many entities. Compensation committees or analogous organizations are established to govern employee compensation and ensure employee remuneration decisions are made in a fair, consistent and independent manner. An independent compensation committee may be one indicator of effective governance.

Conflicts of interest

Situations where an individual is confronted with choosing between the requirements of his or her function and his or her own private interests.

Corruption

Abuse of entrusted power for private gain. Policies should be consistent with the United Nations Convention against Corruption.

Cybersecurity

The protection of internet-connected systems, including hardware, software, and data, from any unauthorized use or access. Malicious attacks in particular can pose a significant threat to infrastructure assets.

Data protection and privacy

Customer privacy includes matters such as the protection of data; the use of information or data for their original intended purpose only, unless specifically agreed otherwise; the obligation to observe confidentiality; and the protection of information or data from misuse or theft.

Delegating authority

The process for delegating authority for environmental, and social topics from the highest governance.

Executive compensation

The financial and non-financial compensation of executives, in a manner that motivates executives to perform their roles in alignment with the entities objectives and risk tolerance.

Fraud

Wrongful deception intended to result in financial or personal gain.

Independence of Board chair

A non-executive member of the board who does not have any management responsibilities within the organization and is not under any other undue influence, internal or external, political or ownership, that would impede the board member’s exercise of objective judgment.

Lobbying activities

Any activity carried out to influence a government or institution’s policies and decisions in favor of a specific cause or outcome.

Operational issues

Governance issues that should be recognized on operational-level by the entity.

Political contributions

Disclosure of and guidelines for political contributions, such as the amounts and recipients of all monetary and non-monetary contributions made by an organization, which include political contributions made through third parties. Financial or in-kind support given directly or indirectly to political parties, their elected representatives, or persons seeking political office.

Risk analysis

Studying probabilities and consequences given the existing controls, to identify the level of residual risk.

Risk assessment

Careful examination of the factors that could potentially adversely impact the value or longevity of an infrastructure asset. The results of the assessment assist in identifying measures that have to be implemented in order to prevent and mitigate the risks.

Risk evaluation

Comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable.

Risk identification

Identifying what could prevent an organization from achieving their objectives.

Risk treatment

Control / mitigation of the risk.

Assessing the potential risk of breaking or working against the entity’s contractual shareholder rights. Shareholder rights are defined in the company’s charter and bylaws.

Shareholder rights

Assessing the potential risk of breaking or working against the entity’s contractual shareholder rights. Shareholder rights are defined in the company’s charter and bylaws.

Whistle-blower mechanism

A process that offers protection for individuals that want to reveal illegal, unethical or dangerous practices. An efficient whistle-blower mechanism prescribes clear procedures and channels to facilitate the reporting of wrongdoing and corruption, defines the protected disclosures, outlines the remedies and sanctions for retaliation.

The evidence and ‘Other’ answer provided will be subject to manual validation.

Evidence

The provided evidence must include the following elements:

• Confirm that a governance risk assessment was conducted and clearly present the outcomes of the risk assessment.

• Covers all elements of the risk assessment process aligned with the ISO 31000 Risk Management standard, including risk identification, analysis, evaluation, and treatment, for all selected governance issues, highlighting or bringing attention to these where possible.

• Include all selected governance issues within the assessment, highlighting or bringing attention to these where possible.

• Relate to an assessment that has taken place within the last three years, up to and including the end of the reporting year identified in EC4.

Evidence examples may include, but are not limited to:

• Documents or sections of documents, in their original or redacted form, such as:

  • Corporate risk registers

  • Governance-specific risk register or a section of a governance, Board, ethics, cybersecurity plan/report

  • H&S inspections and audits

  • Impact registers

  • Corporate/Governance internal audits

  • Monitoring reports

  • Annual reports

  • Meeting minutes or company presentations

• Procedure or process document(s) (e.g., from a risk management system) when supported with documentation that details the outcome of the risk assessment for selected issues.

See below for an example of a risk register structure:

Contractor and/or operator engagement: In some cases, an indicator addresses an activity that applies to the reporting entity, yet is undertaken by an assigned contractor, operator, and/or contracted entity. This is often the case, for example, for PPP-type arrangements. In these cases, when providing evidence, the participant should specify the entity undertaking the activity and the relationship to that entity, to verify how these actions apply to the reporting entity. Copies of redacted contractual agreements/clauses to verify these relationships are acceptable.

Other Answer

Ensure that the ‘Other’ answer provided is not a duplicate or subset of another option selected. It is possible to report multiple ‘Other’ answers. If multiple ‘Other’ answers are accepted, only one will be counted towards scoring. Answers referring to evidence and/or other indicators will not be accepted.

Validation Basics

Materiality-Based Scoring

The scoring of this indicator is equal to the sum of the fractions assigned to the selected options and respective sub-options, multiplied by the total score of the indicator. The fractional points assigned to each option depend on their material relevance (as determined by the GRESB Materiality Assessment).

The entity must select all issues of ‘Medium relevance’ and ‘High relevance’ to obtain the maximum score.

Specific materiality weightings are assigned to the entity for each sustainability issue. The weightings are set at one of four levels for each of the issues:

• No relevance (scoring weight: 0)

• Low relevance (scoring weight: 0)

• Medium relevance (scoring weight: 1)

• High relevance (scoring weight: 2)

For more details, refer to the Asset Scoring Basics page or download the Asset Materiality & Scoring Tool.

Evidence

The evidence is manually validated and assigned a multiplier, according to the table below. The evidence must support the validation requirements. If any requirements are not met, the evidence may be partially accepted or not accepted, depending on the level of alignment with the requirements.

Other Answer

The 'Other' answer is manually validated and assigned a score, which is used as a multiplying factor, as per the table below. Any accepted ‘Other’ answers will be scored at ‘Medium' material relevance (i.e., with a scoring weight of 1).

ISO 31000 Risk Management standard

Alignment with External Frameworks

SAM Corporate Sustainability Assessment (CSA) - 3.3.3 Emerging RisksSAM Corporate Sustainability Assessment (CSA) - 3.3.4 Risk Culture

GRI Standards 2016 - 102-29: Identifying and managing economic, environmental and social impacts