Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library IFRS / ISSB IFRS S1 s1-44-a
IFRS S1: General Requirements for Disclosure of Sustainability-related Financial Information · 2024
Paragraphs 44–a

Processes for sustainability-related risks

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official IFRS source.

Dr Ross Kurinko, Sustainability Reporting Trainer
Reviewed by Dr Ross Kurinko · Sustainability Reporting Trainer LRA educational guidance · Not issued or endorsed by IFRS
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to explain the processes it uses to identify, assess and manage sustainability-related risks. In practice, the report should show how those processes work in the business, not just that they exist on paper. The focus is on the organisation’s actual approach to spotting and handling risks that could affect its sustainability performance or prospects.

The practical question is whether those processes cover the organisation as a whole, including relevant operations, business units and locations, or whether they are limited to a few flagship sites or selected activities. A useful explanation will make clear the scope of coverage, how often the processes are used, and whether they are embedded in day-to-day decision-making across the business.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official IFRS source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Period-on-period changes A plain summary of what has changed since the last reporting cycle, including the main differences, additions, removals, or restatements that affect this disclosure. Prior-period draft, change log, and sign-off notes showing what was updated and why. Reporting / disclosure owner
Nature risk criteria The internal rules used to judge how serious a nature-related issue is, how likely it is to happen, and how large the effect could be. Risk methodology, scoring matrix, and assessment guidance approved by the relevant risk or sustainability team. Risk management / sustainability
Coverage and data scope Which parts of the business, sites, entities, or activities are included in the data set, and which are left out, for this disclosure. Boundary memo, entity list, operational map, and data collection instructions showing the covered population. Reporting / data governance
Model inputs and settings The source figures, assumptions, and calculation settings used to produce the reported result, including any key parameters that drive the output. Calculation workbook, model notes, source extracts, and parameter log with version control. Finance / analytics / reporting
Monitoring method How the organisation tracks the issue over time, including what is watched, how often it is checked, and what triggers follow-up. Monitoring plan, dashboard specification, control schedule, and review records. Risk / controls / sustainability
Risk ranking basis How this risk is ranked against other enterprise risks, including the basis for its place in the overall risk picture and any comparison criteria used. Enterprise risk register, ranking methodology, and committee papers showing how the risk was prioritised. Enterprise risk management
Scenario analysis use Whether scenario analysis is used when identifying the risk, and if so, a short description of how it is applied in practice. Scenario analysis paper, risk assessment template, and meeting notes showing the yes/no decision and method used. Risk management / strategy
+ Show s1-44-a sub-elements (LRA working checklist)

How to prepare it

1Set the boundary first: decide which parts of the business, operations and time period are in scope, and make sure the same boundary is used consistently across the disclosure.
2Define the screening rules you used to decide what matters: explain the factors you applied to judge whether an issue was significant, including how you weighed its character, how likely it was, and how large the effect could be.
3Gather the underlying support: pull together the data sources, working inputs, assumptions and other parameters that sit behind the assessment, and keep them traceable to the figures or narrative you will report.
4Build the disclosure from the evidence: prepare the numbers or written explanation, and include how you monitor the matter over time, whether you used scenario analysis to help identify it, and how it was ranked against other business risks.
5Record any differences from the previous period and any limits in the coverage: note what changed since last time, and explain any exclusions, scope gaps or changes in method so the reader can see why the current result is not directly comparable.
6Check the draft against the source material before sign-off: confirm the wording and content still match the official requirement, and resolve any gaps, inconsistencies or unsupported statements before finalising.
Request the data

Request the risk process evidence from ERM

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

How do we identify, assess, monitor and prioritise sustainability-related risks, and what changed from the previous period?

Please use your organisation’s own risk-management language first, then map it to the disclosure terms for review. For example, if you talk about risk registers, heatmaps, control reviews or issue logs internally, use those labels rather than framework wording in the first draft. Check the official source before sign-off.

Weak request

Please provide the sustainability risk process disclosure wording and the criteria, sources, inputs, monitoring, prioritisation and scenario analysis details.

Why it fails: This is too close to framework language and does not tell the owner what to pull from their own systems. It also does not specify the boundary, period, source records or the internal labels they should use, so the response is likely to be incomplete or hard to map.

Better request

Please send the current risk-register extract and supporting notes for [reporting period] covering [entity / boundary]. We need your own wording for how risks are identified, scored, reviewed and ranked, plus what changed since [prior period], what data feeds and assumptions are used, and whether scenario testing is part of the identification step. Include the source system, owner, last update date and any caveats.

Formal email template
Subject: Request for risk process evidence for [reporting period]

Hi [name/team],

We are preparing the sustainability reporting pack and need your help with the risk-process evidence for [reporting period]. Please send the information below for [entity / boundary]:

- How the risk process works in your own terms
- Any changes compared with [prior period]
- The criteria you use to judge risk type, likelihood and size of impact
- The data sources and parts of the business covered
- The inputs, assumptions and parameters used in the assessment
- How the risks are monitored and reviewed
- How sustainability-related risks are ranked alongside other business risks
- Whether scenario testing is used when identifying risks, and a short description of how

Please include the source file(s), the owner, the date last updated, and any notes needed to interpret the information.

If helpful, you can return this in your usual format and we will map it for the disclosure. Please check the official source before sign-off.

Thanks,
[preparer name]
Short Teams / Slack version
Hi [name/team] — could you share the risk-process evidence for [reporting period] for [entity / boundary]? Please include your usual wording for: changes since last period, assessment criteria, data sources/scope, inputs/parameters, monitoring, ranking against other risks, and whether scenario testing is used in risk identification. Please attach the source file(s) and note the owner/date last updated. We’ll map it for the disclosure and check the official source before sign-off. Thanks.
Industry examples
Manufacturing

Context. A group with multiple plants and a central ERM function

Adapted request. Please share the plant and group risk-register evidence for [reporting period], using your normal terms for site risks, corporate risks and escalation levels. We need the change log versus [prior period], scoring rules, data feeds from operations and maintenance, review cadence, ranking against other business risks, and any scenario testing used when new risks are added.

Example response. Returned pack includes the ERM export, a one-page method note, a change log showing three new risks and two re-scored items, monthly review minutes, and a short note confirming scenario workshops were used for supply disruption and water stress.

Financial services

Context. A regulated firm with a central risk team and business-line risk owners

Adapted request. Please provide the enterprise risk evidence for [reporting period] for [entity / boundary], using your own labels for conduct, operational, market and climate-related risks. We need the basis for scoring, the systems and reports used, how the risks are monitored, how they are prioritised against other firm risks, and whether scenario analysis is used in the identification process.

Example response. Returned pack includes the risk taxonomy, quarterly risk committee pack, source extracts from the risk dashboard, a methodology note on scoring thresholds, and a memo confirming scenario analysis is used for selected emerging risks.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

Set out, in plain terms, how the assessment was built: what counted as the issue, what threshold or judgement points were used, which parts of the business were included, what inputs and assumptions fed the analysis, and how the team monitored it.

Context note

Explain what the figures mean for the business by linking the assessment to the wider risk picture, including how it compares with other priorities and whether forward-looking testing helped identify it.

Fluctuation statement

Describe the main reasons the assessment moved from the prior period, focusing on the practical drivers of any change in scale, likelihood or significance and noting any shift in the way it was monitored or evaluated.

Content index entry
s1-44-a Processes for sustainability-related risks — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for s1-44-a — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Go deeper · s1-44-a
Learn to prepare this disclosure end-to-end

This guide covers one requirement. The IFRS S1 & S2 Reporting course walks the full ISSB workflow — governance, strategy, risk management and metrics — with exercises on your own data.

Available as Guided Flex, Live Cohort, 1:1 Expert Mentorship or Corporate Programme.

Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
We explained what changed in our approach since the last reporting cycle, and we kept a short note of why those changes were made.The assurer may ask whether the comparison with the prior year is real, complete, and based on the same method rather than a reworked presentation.Prior-period methodology note; change log; version history for the working papers; management sign-off showing the revised approach and the reason for it.
We set out the practical steps we use to spot, judge, rank, and keep track of the risks, using our own internal process notes rather than a generic template.The assurer may probe whether the process description is specific to the business and whether it actually covers all stages claimed.Risk process map; policy documents; workshop outputs; risk register excerpts; evidence that the described steps were used in the reporting period.
We described the basis we used to judge how serious each risk could be, including the factors we looked at when weighing impact and chance of occurrence.The assurer may challenge whether the assessment basis is defined clearly enough and applied consistently across the risks included.Assessment criteria or scoring guide; risk rating methodology; examples of completed assessments; calibration or review notes showing consistent use.
We identified the data feeds and other inputs behind the figure, and we noted which parts of the business were included in the calculation.The assurer may ask whether the stated scope matches the underlying data and whether any sites, entities, or activities were left out without explanation.Data source list; scope boundary memo; entity or site inclusion schedule; system extracts; reconciliation between the scope statement and source data.
We used the same internal process description to show how the figure was built, and we kept evidence that the inputs were taken from approved sources.The assurer may test whether the inputs were authorised, current, and traceable back to source records.Approved source register; data lineage documentation; system access or extraction logs; source files; evidence of review of input completeness and accuracy.
We explained how the figure is kept under review during the year, including who looks at it and what triggers a re-check.The assurer may probe whether monitoring is more than a statement and whether it is actually performed on a regular basis.Monitoring schedule; control checklist; review meeting minutes; exception logs; evidence of follow-up actions and ownership.

Evidence pack to prepare

Common reporting gaps

The information is presented without a date or as-at point.The scope or boundary of the statement is left undefined.Key terms are used inconsistently across the report.Material changes since the previous period are not disclosed.Assertions are made without supporting detail or a source record.Boilerplate is used that does not actually answer what is asked.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner
The team asks the sustainability lead for a process that actually sits with risk, finance, operations, or another business owner, so the evidence comes from the wrong place.
Framework language only
People collect answers using reporting jargon instead of the organisation’s own process names, which makes the source material hard to trace back to day-to-day controls.
Scope left vague
The data pull does not pin down which sites, entities, or activities are in scope, so the final pack mixes covered and uncovered operations.
+ Show 5 more

Where judgement is often needed

Acquisitions and disposals during the year
Set a clear cut-off for when newly bought or sold operations enter or leave the risk review, and explain any year-on-year movement caused by those boundary changes.
Different local definitions for the same risk topic
Where country teams use different labels or thresholds, choose one group-wide basis for the write-up and note any local variations that affect how the risk is spotted or tracked.
Operations close to the inclusion boundary
Decide how to treat sites, ventures or activities that sit just inside or just outside the review perimeter, and disclose the rule used so readers can see why they were included or left out.
+ Show 7 more
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — manufacturing

We updated our climate, energy and supply-chain risk write-up this year because higher electricity prices, tighter customer delivery windows and a new supplier concentration in one region changed both the size and timing of several exposures. For each item we judge how likely it is to arise, how large the effect could be, and whether the evidence comes from plant data, procurement records, incident logs, management estimates or external climate scenarios; we cover our own sites, key contractors and the logistics routes that support them. - We track these matters through monthly risk reviews, operational dashboards and board reporting, and we compare them with other business threats so the most material items are not crowded out by finance, cyber or safety issues. - Scenario work is part of how we spot and rank the risks: yes, we use it by testing a low-carbon transition case and a severe weather case against our current footprint, then feeding the results into our assumptions, thresholds and mitigation plans.

Illustrative only; shows how a reporter might explain year-on-year changes, the basis for judging each exposure, the information used, how it is watched, how it is weighed against other risks, and how scenario work informs identification and ranking.

Illustrative (synthetic) example — retail

Compared with last year, our customer-demand, data-security and store-disruption risks were reweighted because online sales grew faster than expected and a small number of distribution hubs now carry a larger share of volume. We assess each risk using a simple set of tests: how probable it is, how severe the impact could be, and whether the evidence comes from sales data, IT alerts, lease records, weather feeds or management judgement; the scope includes our stores, e-commerce platform, warehouses and third-party fulfilment partners. - The company monitors these exposures through weekly operational checks, monthly risk committee papers and exception reporting, while also setting them against other enterprise threats so they are not treated in isolation from liquidity, compliance or people risks. - Scenario analysis is used in the identification stage: yes, we run a high-inflation case and a prolonged outage case to see which risks become more significant, which assumptions need changing and where extra controls are needed.

Illustrative only; shows how a reporter might describe changes since the previous period, the basis used to judge significance, the sources and operational perimeter, the monitoring rhythm, the relative place of these risks in the wider risk set, and the role of scenario analysis in spotting and prioritising them.

Company reportsReal published reports
Compare side by side →Get it free

How companies report S1-44-a in practice

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Hang Lung Properties Limited
Real Estate · Hong Kong · 2025
Open report →
Hang Lung Properties Limited’s Sustainability Report 2025 provides evidence of processes to identify, assess, prioritise, and monitor sustainability-related risks and opportunities, including integration of these processes (p.218). The report also details the use of scenario analysis in risk identification, describing inputs used for climate-related scenarios (p.227). However, the report lacks clear information on changes versus prior periods, criteria for nature likelihood and magnitude, data sources and scope of operations covered, and inputs and parameters, with some ambiguity around how sustainability risks are prioritised relative to other enterprise risks (p.219).
Hyundai Glovis Co., Ltd.
Water Transportation · South Korea · 2025
Open report →
Hyundai Glovis Co., Ltd.’s 2025 Sustainability Report covers its processes to identify and assess material climate-related impacts, risks, and opportunities, referencing the TCFD framework on page 129. The report also details its monitoring approach, including on-site inspections for high-risk business sites and major operations on page 63. However, the report lacks clear disclosures on changes versus prior periods, inputs and parameters, and scenario analysis in risk identification, while the scope of data sources and prioritisation of nature-related risks versus other enterprise risks are mentioned but remain unclear (pages 138 and 58 respectively).
Hyundai Engineering & Construction Co.,Ltd.
Construction and Engineering · South Korea · 2025
Open report →
Hyundai Engineering & Construction Co., Ltd.’s 2025 Sustainability Report includes a scenario analysis conducted within the reporting period, specifically referencing a low-emission scenario aligned with the IEA NZE 2050 pathway (p.46). The report also provides related context on risk management processes used to identify, assess, prioritise, and monitor sustainability-related risks and opportunities (pp.138-139, 141, 148). However, the report lacks clear disclosures on changes versus prior periods, criteria for nature likelihood and magnitude, data sources and scope of operations covered, and monitoring approaches, with inputs and parameters and prioritisation versus other enterprise risks only partially addressed and unclear (pp.25, 138).
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get practical answers for your reporting context. Your first two answers are free — join LRA Community for free to continue without a limit.
TryHow do I prepare s1-44-a?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
2 free answers
Check your understanding

Scenarios to work through

A group has updated its climate and water risk review after a dry winter affected one region more than the others. The finance team wants to keep last year’s wording because the overall risk ranking did not change.

QShould the narrative explain what has changed since the previous reporting period, even if the headline ranking is unchanged?
Reveal model answer →

A preparer has two internal models for judging a supply-chain heat stress risk. One uses only direct suppliers in Europe, while the other also includes key contract manufacturers in Asia and a different threshold for what counts as severe impact.

QWhat should the team do before describing the basis for identifying the risk?
Reveal model answer →

A company monitors sustainability risks through monthly dashboards, but only for sites in its owned operations. It also has joint ventures and outsourced logistics, which are reviewed separately in a different risk forum.

QHow should the preparer describe the monitoring and the scope covered so the disclosure is not misleading?
Reveal model answer →

During year-end drafting, the sustainability team notes that a transition risk is now being watched alongside cyber and liquidity risks in the enterprise risk register. The board wants to know whether it is treated as a top-tier issue or simply logged with the rest.

QHow should the team explain the place of this risk relative to other business risks, and should it mention scenario analysis if that was part of the identification work?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

IFRS / ISSB
s1-44-a
within IFRS S1: General Requirements for Disclosure of Sustainability-related Financial Information
Open official source →
Primary
Related & explore
Go deeper · s1-44-a
Learn to prepare this disclosure end-to-end

This guide covers one requirement. The IFRS S1 & S2 Reporting course walks the full ISSB workflow — governance, strategy, risk management and metrics — with exercises on your own data.

Available as Guided Flex, Live Cohort, 1:1 Expert Mentorship or Corporate Programme.

FAQ

Questions this page answers

For s1-44-a, what should I gather before drafting the disclosure, and how do I use the page’s step-by-step preparation section?+
What data do I need to collect for s1-44-a if I am the ESG manager or data owner?+
How do I decide the scope and methodology for s1-44-a using this page?+
Who should own the s1-44-a disclosure work, and what should each person contribute?+
What evidence pack do I need to make s1-44-a assurance-ready?+
What are the six assurance claims I need to verify for s1-44-a?+
What are the common reporting gaps or mistakes on the s1-44-a page, and how do I avoid them?+
How do I use the Prep & Assurance workbook for s1-44-a?+
What is the printable Library Card for s1-44-a, and when should I use it?+
How can I turn the s1-44-a data into a draft disclosure?+
Can I reuse data from ESRS 2 (General Disclosures) for s1-44-a?+
More questions this page can help with
How this library is built 312 published reports indexed 63171 pages with page-level citations 247 practitioner guides