The following diagram presents the leading Dutch tank storage company Royal Vopak’s control framework applying the principles of the COSO Integrated Framework.

Mexican precious metals mining company Fresnillo PLC describes how typical elements of a company’s internal control system are interlinked with risk management and oversight (including financial, operational, and compliance controls and risk management) and how they are the responsibility of individuals and groups throughout the company.

Mondi is a global packaging company headquartered in the United Kingdom. The audit committee’s report on internal audit is comprehensive. The company had an external third party review the internal audit function in 2020, following best practice for periodic review. The review covered the internal audit function’s resources, leadership, culture, and methods and made recommendations for improvement.

Aggreko, a global supplier of mobile and modular power, temperature control equipment, and energy services, includes in its report areas of focus for the audit committee for the forthcoming year. The company’s activities will be measured against the focus areas.

The Kenya Commercial Bank Integrated Report provides a summary of the role of audit and risk committee, its members, and key activities during the reporting period.

Swiss corporation Georg Fischer Ltd. (GF is the preferred partner of its customers for the safe transport of liquids and gases, lightweight casting components in vehicles, and high-precision manufacturing technologies) explains in its report the relationships between the external auditor and the audit committee, particularly the audit committee’s process for evaluating the auditor’s effectiveness.

CLP, an electricity company in Hong Kong, provides in its annual report an overview of the audit committee functions and schedule by months.

CLP Holdings’ audit committee oversees the company’s code of conduct and whistleblowing policies that reflect the company’s values and culture.

Most companies follow the Institute of Internal Auditors’ Three Lines Model in managing risk. Fresnillo PLC, a Mexican precious metals mining company, reports on its risk management, applying the Three Lines Model.

The National Bank of Kuwait reports how it applies the Three Lines Model to its credit risks.

CLP, an electricity company in Hong Kong, provides in its annual report an overview of the material risks to the group and details how CLP manages those risks.

The following diagram depicts the group risk management structure of the Kenya Commercial Bank Group.

A risk appetite statement should include qualitative and quantitative targets that can be cascaded through the company. BMO Financial Group, a an investment banking company, explains its risk appetite and how the company is tracking an enterprise-level climate-related Risk Appetite Key Risk Metrics.

Kenya’s telecommunication provider Safaricom’s risk identification and mitigation processes are designed to be responsive to the ever-changing environment in which the company operates.

The company identified key risks through its Enterprise Risk Management Framework with support from an embedded enterprise risk management process, giving the executive committee and board an assessment of the company’s principal risks. The board reviewed and approved the risk appetite for each principal risk to enable informed risk-based decision-making.

The Malaysian financial services company Maybank indicates in the following figure that the strength of its risk management framework is the eight building blocks of risk practices and processes and the group risk governance structure per the Three Lines of Defense.

Energias de Portugal (EDP) is an energy producer that also transports, distributes, and markets energy. With an emphasis on transition to renewables, its stated goal is to be 100 percent green by 2030. The following excerpt from its report indicates that its focus on ESG risks encompasses climate, biodiversity, the circular economy, people and human rights, and the community. EDP proactively notes its risk mitigating actions.

Gold Fields Ltd., a South African gold mining firm, analyzes each identified risk and determines its response. In the following figure, the company reports on the impact of climate-related risks and its actions regarding energy and carbon emissions over five years, including quantitative assessments of its greenhouse gas Scope 1–3 emissions. The risk assessment includes catastrophic risks (flooding, geotechnical, fire, and explosion) and emerging risks (political risks, increase of insurance, not reaching the net zero targets) and the top five risks for each region. Gold Fields reports its climate change impacts, risks, governance, and policies in line with the Task Force on Climate-Related Financial Disclosures guidelines. The company’s fifth climate change report can be found on its 2022 Annual Report Suite web page.

Unilever reports in several places the expectation of compliance with laws, regulations, and company commitments and with the company code of business conduct. It ensures that compliance is built into risk management and annually seeks assurance of adherence to the code from company management.

Materials company Covestro AG is unequivocal about compliance with laws, regulations, and company policies and drives compliance through to its supply chain in a supplier code of conduct. It uses its internal control system to ensure that compliance rules are followed. Led by its chief compliance officer, compliance is reported directly to the board of management (in the German two-tier governance system) and detailed in the report.

Olam Group is a leading global food and agribusiness located and listed in Singapore. The report indicates that Olam is committed to sustainability and compliance with relevant ESG standards (some of which are listed in the report’s risk section). The report also shows how Olam deals with breaches of the company’s fair employment policy.

Mining company Gold Fields has committed to compliance with the requirements of its metals and mining industry body (the International Council on Mining and Metals) regarding environmental and social matters. The company has committed to applying the provisions of the Task Force for Climate-Related Financial Disclosures. This excerpt indicates how the management system structures the responsibilities to ensure holistic compliance and achievement of outcomes.

The subsidiaries of the Kenya Commercial Bank Group comply with the Group Board Charter at all times, subject only to local legal requirements.

Novo Nordisk, a Danish multinational pharmaceutical company, presents sustainable tax in the annual report’s strategy section as part of the company ESG material issues. The board of directors has approved the tax policy.