GRI vs ISSB – risk management and stakeholder engagement

This week, we are publishing the fourth installment on the similarities and differences between GRI and ISSB. Last time we discussed how both standards approach disclosures on the overall sustainability strategy. Before that, we also discussed what is covered by GRI’s universal (also known as general) disclosures (the ones everyone must report) vs what is covered by ISSB’s S1, and how both frameworks address disclosures on corporate governance. This week we will cover how both standards approach risk management and stakeholder engagement.

Risk management

• For starters, ISSB has a section that specifically discusses risk management. It asks companies to disclose significant details on the processes and related policies the entity uses to identify, assess, prioritize, and monitor sustainability-related risks. This includes information on the inputs it considers and the methodologies it uses (scenario analysis, qualitative methods, quantitative methods).
• GRI only asks more broadly on risk management systems and policies (as part of the disclosures on policy commitments).

Stakeholder engagement

• ISSB has no specific disclosure related to how companies engage with stakeholders.
• GRI asks with significant detail the approach companies use to engage with them. This includes at least how companies categorize stakeholders, what the purpose of the engagements is, and how companies seek to make those engagements meaningful. It also mentions types of engagement and resources used for such engagements.

As can be seen, the standards take quite different approaches to these topics. Organizations that are already reporting under GRI’s disclosures, may have to provide new information on risk management if their disclosures so far are broad (which could be the case given the lack of requirements in GRI).

Having said that, disclosing additional information on risk management may not be that hard for most companies because they typically already have established processes for identifying, assessing, and mitigating risks as part of their operational and strategic planning. This information is often documented and reviewed regularly to ensure business continuity and compliance with regulatory requirements.

Furthermore, with growing stakeholder interest in transparency, many companies have already integrated risk management disclosures into their reporting frameworks, making it a routine aspect of their communications with investors, regulators, and the public.

I hope you found this interesting. As usual, if there is anything we can help you with, or if there is an ESG topic you would like to know more about, please let us know.

Best,

Marimar

CEO, Miranda ESG