RM2.3: Governance Risk Assessment

The intent of this indicator is to assess the entity’s process for assessing material governance risk, and its understanding and mitigation of material these risks. Systematic responses to governance issues include effective risk assessment, thoughtful mitigation planning, and implementation of action plans.

Select Yes or No: If selecting 'Yes', select applicable sub-options.

Elements of risk assessment process: Select one of the available options. These have been aligned with the ISO 31000 Risk Management standard.

Material governance issues: Select all issues that are covered by the entity’s risk assessment process(es). It is possible to report using the ‘Other’ answer option. Ensure that the ‘Other’ answer provided is not a duplicate or subset of another option. It is possible to report multiple ‘Other’ answers.

Contractor and/or operator engagement: In some cases, an indicator addresses an activity that applies to the reporting entity, yet is undertaken by an assigned contractor, operator and/or contracted entity. This is often the case, for example, for PPP type arrangements. In these cases, when providing evidence, the participant should specify the entity undertaking the activity and the relationship to that entity, to verify how these actions are applicable to the reporting entity. Copies of redacted contractual agreements/clauses to verify these relationships are acceptable.

Terminology

Audit committee structure/independence

A corporate board of directors establishes an audit committee to assist in discharging its fiduciary responsibility. An effective audit committee is an important feature of a strong corporate governance culture and should have a clear description of duties and responsibilities.

Board composition

Composition of the board and its committees by (i)Executive or non-executive, (ii) Independence, (iii) Tenure on the governance body, (iv) Number of each individual’s other significant positions and commitments, and the nature of the commitments, (v) Gender, (vi) Membership of under-represented social groups, (vii) Competences relating to economic, environmental and social impacts, (viii) Stakeholder representation.

Board oversight of sustainability

The highest committee or position that formally reviews and approves the organization’s sustainability report and ensures that all material topics are covered.

Board-level issues

Governance issues that should be recognized at board-level by the entity.

Bribery

The offering, giving, receiving or soliciting an item of value to influence the actions of an official or other person in charge of a public or legal fiduciary duty.

Compensation committee structure/independence

Compensation decisions are central to the governance of many entities. Compensation committees or analogous organizations are established to govern employee compensation and ensure employee remuneration decisions are made in a fair, consistent and independent manner. An independent compensation committee may be one indicator of effective governance.

Conflicts of interest

Situations where an individual is confronted with choosing between the requirements of his or her function and his or her own private interests.

Corruption

Abuse of entrusted power for private gain. Policies should be consistent with the United Nations Convention against Corruption.

Cybersecurity

The protection of internet-connected systems, including hardware, software, and data, from any unauthorized use or access. Malicious attacks in particular can pose a significant threat to infrastructure assets.

Data protection and privacy

Customer privacy includes matters such as the protection of data; the use of information or data for their original intended purpose only, unless specifically agreed otherwise; the obligation to observe confidentiality; and the protection of information or data from misuse or theft.

Delegating authority

The process for delegating authority for environmental, and social topics from the highest governance.

Executive compensation

The financial and non-financial compensation of executives, in a manner that motivates executives to perform their roles in alignment with the entities objectives and risk tolerance.

Fraud

Wrongful deception intended to result in financial or personal gain.

Independence of Board chair

A non-executive member of the board who does not have any management responsibilities within the organization and is not under any other undue influence, internal or external, political or ownership, that would impede the board member’s exercise of objective judgment.

Lobbying activities

Any activity carried out to influence a government or institution’s policies and decisions in favor of a specific cause or outcome.

Operational issues

Governance issues that should be recognized on operational-level by the entity.

Political contributions

Disclosure of and guidelines for political contributions, such as the amounts and recipients of all monetary and non-monetary contributions made by an organization, which include political contributions made through third parties. Financial or in-kind support given directly or indirectly to political parties, their elected representatives, or persons seeking political office.

Risk analysis

Studying probabilities and consequences given the existing controls, to identify the level of residual risk.

Risk assessment

Careful examination of the factors that could potentially adversely impact the value or longevity of an infrastructure asset. The results of the assessment assist in identifying measures that have to be implemented in order to prevent and mitigate the risks.

Risk evaluation

Comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable.

Risk identification

Identifying what could prevent an organization from achieving their objectives.

Risk treatment

Control / mitigation of the risk.

Assessing the potential risk of breaking or working against the entity’s contractual shareholder rights. Shareholder rights are defined in the company’s charter and bylaws.

Shareholder rights

Assessing the potential risk of breaking or working against the entity’s contractual shareholder rights. Shareholder rights are defined in the company’s charter and bylaws.

Whistle-blower mechanism

A process that offers protection for individuals that want to reveal illegal, unethical or dangerous practices. An efficient whistle-blower mechanism prescribes clear procedures and channels to facilitate the reporting of wrongdoing and corruption, defines the protected disclosures, outlines the remedies and sanctions for retaliation.

Evidence

The evidence provided will not be subject to manual validation.

Evidence does not necessarily need to be provided in full. Rather, the evidence needs to be sufficient to verify the existence of the claimed risk assessment for each issue.

The provided evidence must include the following elements:

• Confirms that a governance risk assessment was conducted and clearly presents the outcomes of the risk assessment.

• Includes all selected elements of the risk assessment process, for all selected governance issues, highlighting or bringing attention to these where possible.

• Include all selected governance issues within the assessment, highlighting or bringing attention to these where possible.

• Relates to an assessment that has taken place within the last three years, up to and including the end of the reporting year identified in EC4.

Evidence examples may include but are not limited to:

• Documents or section of documents, in their original or redacted form, such as:

  • Corporate risk registers

  • Governance-specific risk register or a section of a governance, Board, ethics, cybersecurity plan/report

  • H&S inspections and audits

  • Impact registers

  • Corporate/Governance internal audits

  • Monitoring reports

  • Annual reports

  • Meeting minutes or company presentations

• Procedure or process document(s) (e.g. from a risk management system) when supported with documentation that details the outcome of the risk assessment for selected issues.

See below for an example of a risk register structure:

The GRESB / B Capital Due Diligence tool (ESG DD Tool) contains such a register in the sheet named "ESG Risk & Opps Assessment".

Note: If certain governance issues are embedded in law and/or regulation in the countries of operation, the entity may select the issue and evidence can be provided as a reference to the specific law or regulation and how it has been complied with, on the provided Evidence template.

Contractor and/or operator engagement: In some cases, an indicator addresses an activity that applies to the reporting entity, yet is undertaken by an assigned contractor, operator and/or contracted entity. This is often the case, for example, for PPP type arrangements. In these cases, when providing evidence, the participant should specify the entity undertaking the activity and the relationship to that entity, to verify how these actions are applicable to the reporting entity. Copies of redacted contractual agreements/clauses to verify these relationships are acceptable.

Other

The ‘Other’ answer provided will be subject to manual validation.

List social issues that apply to the entity but are not already listed. Ensure that the ‘Other’ answer provided is not a duplicate or subset of another option (e.g. “Health & Safety: Customers” when “‘Health & Safety: Users” is selected). It is possible to report multiple ‘Other’ answers. If multiple ‘Other’ answers are accepted, only one will be counted towards scoring. Answers referencing evidence and/or other indicators will not be accepted.

Validation Basics

The scoring of this indicator is equal to the fraction assigned to the selected option, multiplied by the total score of the indicator.

Scoring Basics

ISO 31000 Risk Management standard

Alignment with External Frameworks

DJSI CSA 2021 - 3.3.2 Emerging Risks

DJSI CSA 2021 - 3.3.3 Risk Culture

RI Disclosures Standards 2021 - 2-13: Delegation of responsibility for managing impacts