Skip to content


Organisations that apply their existing risk management framework to analyse climate change risks will be better equipped to manage these risks. They’ll be able to consider and address the impacts that affect them, address government expectations and make more informed decisions. By managing their climate change risks, they’re adapting to a warming world.

If you’re new to the risk process, or need a refresher, see our topic on Identifying, analysing and evaluating risks. In this guide, we’ll give you tips on how to apply that risk process to climate change.

Download the PDF version of this topic [PDF, 843KB].

On this page

When do you need to do the assessment?

Assessing climate change risks should be treated like every other risk. Start by assessing your climate change risks according to your existing framework. Assessments would typically occur when you and/or other members of your organisation:

  • develop or update business plans or projects
  • consider decisions that materially affect the organisation’s objectives, functions, and activities
  • develop or review a strategy
  • review organisational risks (e.g. the content of risk registers).

Set the right scope and timeframe

Before carrying out risk assessments, you need to prepare. This involves deciding which part of your organisation you’ll look at, what’s included and what’s out-of-scope.

Many organisations typically develop plans for the next two to five years and identify risks over the same period. Make sure your scope includes potential climate change risks beyond your normal planning timeframes.

Your aim is to highlight the most important climate change risks affecting your organisation. These questions can help you set your scope:

  • Which specific area of your organisation (objectives, regions, functions, teams) are you going to focus on?
  • Use the Victorian Climate Projections to find out how the climate will change your region and use our topic, Exploring Victoria’s climate change risks, to explore potential physical and transition risks. The projections might not address your risks in detail and further analysis might be necessary.
  • How does your organisation currently contribute to climate change, both positively and negatively?
  • What data do you need to understand your  to physical and transition climate change risks? This could include records of your: 
    • buildings, infrastructure and equipment – locations and vulnerabilities
    • staff, volunteers and the community you serve
    • energy consumption and emissions
    • dependencies on third party providers
    • business and strategic plans
    • environmental and sustainability plans.
  • Who do we need to consult with to gather and validate this information?

Quick tips: You can help to raise the profile and your organisation’s understanding of climate change risk by equipping your risk owners in each business function with training or information-sharing. We’ve prepared this informative climate change risks presentation [PPTX, 286KB] that you can use to start your risk conversations.

Applying your existing framework is applying the risk management standard

We’ll take you through the process recommended by the risk management standard ISO31000:2018 to show how to consider climate change risks and identify where you might need to tailor your existing approach.

To learn more about identifying, analysing and evaluating risks, read our tools on Designing processes to manage risk.

Identify your climate change risks

There are two ways to identify the climate change risks you’ve defined within scope:

  • describe specific climate change risks affecting your business objectives
  • apply the foreseeable effects of climate change as a multiplier on your existing risks (shown in Exploring Victoria’s climate change risks).

To describe a specific risk, use our Exploring Victoria’s climate change risks guide and work with relevant managers and executives. Begin by identifying the event that, if it happened, could affect their plans. Events can include chronic risks – future situations that unfold slowly, such as temperature or sea level rise – not just specific events.

  • Example - physical risk

    Sharif is a risk manager for a health service who meets with medical staff to identify physical risks of climate change. They identified that over the past decade, heatwaves had led to a spike in patients presenting to the hospital with illnesses, such as dehydration. An increase in the frequency and severity of heatwaves could push the service beyond its current capacity, resulting in harm to patients and liability for damages.

  • Example - transition risk

    Liying is the CEO of an agency that set targets to significantly reduce its carbon emissions within five years. She asked her executive team to come up with energy efficiency and emissions reduction plans for each business function. As part of this planning process, each executive identified the main risks to achieving these targets and the impacts of these plans on existing operations.

    In both of these examples, organisations may also identify liability risk including:

    • increases in claims raised against organisations perceived as ‘responsible’ for causing or contributing to physical climate change events (i.e. flooding)
    • where institutions and Boards haven’t adequately considered and responded to climate change impacts.

    For additional information, refer to VMIA claims guidance:

    How key risk indicators help you manage risk

    Minimising your exposure to insurable risk

Quick tips:

  1. Focus on sources of risk related to your organisation’s role, purpose, and vulnerabilities (e.g. assets already exposed to weather-related hazards). You may also want to consider what you can do to influence the wider causes of risk beyond your direct control.
  2. Revisit your goals and objectives. Are they about contributing to creating a better Victoria? Do they incorporate emissions reduction and helping our community better adapt to the impacts of climate change?

Analyse your climate change risks

Analysing risk involves describing how the event affects you. You’ll typically consider the impact and likelihood of the risk. You’ll also analyse the effectiveness of your controls to address the risks using your organisation’s risk management procedures.

Understanding the causes of an event helps you decide on appropriate action to take to control the risk.

You might need to analyse long-term risks differently

The timeframe for considering some climate change risks is longer than it would take for normal risks. The timing of physical and transition risk events occurring is highly uncertain and therefore difficult to predict. Assessing the likelihood of these risks is challenging. Instead, you can:

  • analyse climate change risks based on their impact and your  
  • consider the point in time when it might be too late to act
  • create a separate category of longer-term risks that are ‘uncertain but too important to ignore’.

Evaluate your climate change risks

Compare your analysis against your organisation’s risk appetite. Is this a risk your organisation can tolerate and is your organisation prepared to be responsible for its consequences?

You’ll need to decide how to treat the risk. Visit our topic on Identifying, analysing and evaluating risks for examples. Is this a risk that you can address independently? Do you need to engage with partners or third parties?

If the risks you’ve identified are significant, you may want to seek detailed guidance on assessing climate change risks. You can find further information here:

Record and report your climate change risks

Reporting climate change risks to your board and executive can help influence decisions about resource allocation and future priorities. Risk owners can present on the work they’re doing to address the risks they’ve identified and the actions they're taking to respond to the risks.

Use your risk register to record climate change risks. In doing so, you’ll raise awareness of climate change and the actions you are taking with decision-makers. You might add specific climate change risks or amend existing risks to reflect the multiplier effect of climate change.

You can report climate change risks by using your existing reporting tools. This can include:

  • ranking your highest organisational risks
  • reporting risks by business function, project, or objective
  • providing a thematic report on climate change (alongside reporting on other themes such as fraud, cyber risk, etc.)
  • reporting on changes to risks with comparisons to previous reports, for example, how an assessment of climate change as a multiplier has affected risk descriptions and ratings.

Quick tip: Avoid starting from scratch where you can. If your organisation has existing climate change adaptation, environment and/or sustainability plans, consult with the owners of these plans and record a risk in the risk register referring to the work already being done. 

Next steps

Having assessed your climate change risks, check whether you need to:

  • update your risk register
  • escalate to the appropriate business unit, management level, committee or the board
  • act on shared or state-significant risk
  • communicate with those affected by the risk or the changes you’ve made in your strategy, plan, or controls
  • put in place treatments or adjust existing controls.