- Tools & insights
- Climate Change Risk Management service
- Using risk management to help you address climate change
Organisations that apply their existing risk management framework to analyse climate change risks will be better equipped to manage these risks. They’ll be able to consider and address the impacts that affect them, address government expectations and make more informed decisions. By managing their climate change risks, they’re adapting to a warming world.
If you’re new to the risk process, or need a refresher, see our topic on Identifying, analysing and evaluating risks. In this section we’ll give you tips on how to apply that risk process to climate change.
Download the PDF version of this topic [PDF, 843KB].
On this page
- When do you need to do the assessment?
- Set the right scope and timeframe
- Applying your existing framework is applying the risk management standard
- Identify your climate change risks
- Analyse your climate change risks
- Evaluate your climate change risks
- Record and report your climate change risks
- Next steps
When do you need to do the assessment?
Assessing climate change risks should be treated like every other risk. Start by assessing your climate change risks according to your existing framework. Assessments would typically occur when you and/or other members of your organisation:
- develop or update business plans or projects
- consider decisions that materially affect the organisation’s objectives, functions and activities
- develop or review a strategy
- review organisational risks (e.g. the content of risk registers).
Set the right scope and timeframe
Before carrying out risk assessments, you need to prepare. This involves deciding which part of your organisation you’ll look at, what’s included and what’s out-of-scope.
Many organisations typically develop plans for the next 2–5 years and identify risks over the same period. Make sure your scope includes potential climate change risks beyond your normal planning timeframes.
Your aim is to highlight the most important climate change risks affecting your organisation. These questions can help you set your scope:
- Which specific area of your organisation (objectives, regions, functions, teams) are you going to focus on?
- Use the Victorian Climate Projections to find out how the climate will change your region and use our topic, Exploring Victoria’s climate change risks, to explore potential physical and transition risks. The projections might not address your risks in detail and further analysis might be necessary.
- How does your organisation currently contribute to climate change, both positively and negatively?
- What data do you need to understand your exposure to physical and transition climate change risks? This could include records of your: buildings, infrastructure and equipment – locations and vulnerabilities
- staff, volunteers and the community you serve
- energy consumption and emissions
- dependencies on third party providers
- business and strategic plans
- environmental and sustainability plans.
- Who do we need to consult with to gather and validate this information?
Quick tip: You can help to raise the profile and your organisation’s understanding of climate change risk by equipping your risk owners in each business function with training or information-sharing. We’ve prepared this informative climate change risks presentation [PPTX, 287KB] that you can use to start your risk conversations.
Applying your existing framework is applying the risk management standard
We’ll take you through the process recommended by the risk management standard ISO31000:2018 to show how to consider climate change risks and identify where you might need to tailor your existing approach.
To learn more about identifying, analysing and evaluating risks, read our tools on managing risk.
Identify your climate change risks
There are two ways to identify the climate change risks you’ve defined within scope:
- describe specific climate change risks affecting your business objectives
- apply the foreseeable effects of climate change as a multiplier on your existing risks (shown in Exploring Victoria’s climate change risks).
To describe a specific risk, use our Exploring Victoria’s climate change risks and work with relevant managers and executives. Begin by identifying the event that, if it happened, could affect their plans. Events can include chronic risks – future situations that unfold slowly, such as temperature or sea level rise – not just specific events.
Example - physical risk
Sharif is a risk manager for a health service who meets with medical staff to identify physical risks of climate change.
They identified that over the past decade, heatwaves had led to a spike in patients presenting to the hospital with illnesses, such as dehydration. An increase in the frequency and severity of heatwaves could push the service beyond its current capacity, resulting in harm to patients.
Example - transition risk
Liying is the CEO of an agency that has set targets to significantly reduce carbon emissions within five years. She asked her executive team to come up with energy efficiency and emissions reduction plans for each business function.
As part of this planning process, each executive also identified the main risks to achieving these targets and the impacts of these plans on existing operations.
Quick tip: Focus on sources of risk related to your organisation’s role, purpose and vulnerabilities (e.g. assets already exposed to weather-related hazards). You may also want to consider what you can do to influence the wider causes of risk beyond your direct control.
Analyse your climate change risks
Analysing risk involves describing how the event affects you. You’ll typically consider the impact and likelihood of the risk. You’ll also analyse the effectiveness of your controls to address the risks using your organisation’s risk management procedures.
Understanding the causes of an event helps you decide on appropriate action to take to control the risk.
You might need to analyse long-term risks differently
The timeframe for considering some climate change risks is longer than it would take for normal risks. The timing of physical and transition risk events occurring is highly uncertain and difficult to predict. This makes assessing likelihood of these risks challenging. Instead, you can:
- analyse climate change risks based on their impact and your vulnerability
- consider the point in time when it might be too late to act
- create a separate category of longer-term risks that are ‘uncertain but too important to ignore’.
Evaluate your climate change risks
Compare your analysis against your organisation’s risk appetite. Is this a risk your organisation can tolerate and is your organisation prepared to be responsible for its consequences?
You’ll need to decide how to treat the risk. Visit our topic on Identifying, analysing and evaluating risks for examples. Is this a risk that you can address independently? Do you need to engage with partners or third parties?
If the risks you’ve identified are significant, you may want to seek detailed guidance on assessing climate change risks. Further information may be found at one of the following sources:
- Victorian Climate Science Report and Victorian Climate Projections
- The Task Force on Climate-related Financial Disclosures (TCFD)
- NSW Climate Risk Ready
- Climate Compass.
Record and report your climate change risks
Reporting climate change risks to your board and executive can help influence decisions about resource allocation and future priorities. Risk owners can present on the work they’re doing to address the risks they’ve identified and the actions they're taking to respond to the risks.
Use your risk register to record climate change risks. In doing so, you’ll raise awareness of climate change and the actions you are taking with decision-makers. You might add specific climate change risks or amend existing risks to reflect the multiplier effect of climate change.
You can report climate change risks by using your existing reporting tools. This can include:
- ranking your highest organisational risks
- reporting risks by business function, project or objective
- providing a thematic report on climate change (alongside reporting on other themes such as fraud, cyber risk, etc.)
- reporting on changes to risks with comparisons to previous reports, for example, how an assessment of climate change as a multiplier has affected risk descriptions and ratings.
Quick tip: Avoid starting from scratch where you can. If your organisation has existing climate change adaptation, environment and/or sustainability plans, consult with the owners of these plans and record a risk in the risk register referring to the work already being done.
Having assessed your climate change risks we recommend you check whether you need to:
- update your risk register
- escalate to the appropriate business unit, management level, committee or the board
- act on shared or state-significant risk
- communicate with those affected by the risk or the changes you’ve made in your strategy, plan or controls
- put in place treatments or adjust existing controls.