Risk Management assesses the enterprise-wide framework for identifying, assessing, prioritising and mitigating all categories of risk - including ESG:

• ERM architecture: Board-approved frameworks (COSO, ISO 31000), risk appetite statements and governance committees.
• Risk process: identification (horizon scanning), quantification (scenario analysis, stress testing) and aggregation of top risks for executive/board review.
• Integration & disclosure: embedding risk considerations into strategy, capital planning and disclosures via TCFD/ISSB, ESRS cross-cutting rules and internal controls.