TCFD Risk Management

This page explains how Criora satisfies TCFD’s Risk Management disclosure pillar, recommended disclosures (a), (b), and (c): for every analyzed location. Because the analysis pipeline is uniform across users and locations, the same methodology applies to all reports.

(a) How risks are identified

Climate-related risks are identified by a catalogue of 15 site-level risk types (12 Climate + 3 Nature) plus 3 country-level dimensions (Social, Governance, Adaptation), drawn from the TCFD framework and the IPCC AR6 hazard taxonomy. Each site risk maps to one of three TCFD categories: Physical (Acute), Physical (Chronic), or Transition.

Per location, identification runs the following data pipeline:

Identification frequency: on every location analysis trigger (manual recalc or new location onboarding). The pipeline is idempotent, re-running on unchanged data yields identical scores.

(b) How risks are assessed

Assessment combines probability, impact, and confidence into a single 0-100 risk score, with an optional LLM sanity check.

risk_score = base_score(probability, impact)  ×  modifier_chain  →  level (very_low … critical)

• Probability: derived from historical frequency, projected frequency under SSP2-4.5, and koppen-class baseline rates. Each parameter contributes a weighted factor.
• Impact: weighted by location attributes (urban density, coastal distance, slope, elevation, terrain ruggedness). Asset-level overrides take effect when the user supplies financial / physical data via the org settings.
• Confidence: aggregated from data-source quality flags, completeness, and the variance between regional and site-level signals.
• Modifiers: a sequence of multiplicative adjustments (e.g. coastal proximity boosts SLR impact). The full modifier chain is auditable per risk via the breakdown view.
• LLM sanity check: an optional pass that flags scores outside an expected range and lists missing factors. Status is surfaced as valid / warning / invalid on each risk row.

Materiality threshold: scores ≥ 60 are flagged as High, ≥ 80 as Critical. Risks below 20 are summarized but not surfaced as actionable on the TCFD page.

(c) How risk integrates into ERM

Per location, the risks roll up to:

1. Five environmental dimensions (Climate, Nature, Social, Governance, Adaptation), each with its own dimension score.
2. Severity summary: counts of critical / high / medium / low / very low across all 15 site risk types.
3. Combined rating A++ to F, mapped from the weighted dimension scores.

The combined rating drives the TCFD report’s “Risks Assessed” panel and feeds the per-location TCFD Strategy(a) view (counts by TCFD category and top-impact risks).

For org-level integration into enterprise risk management, the user describes their internal escalation process under Settings → TCFD disclosures → Processes → Integration. That narrative appears in the TCFD report’s Risk Management pillar alongside the per-location signals from this pipeline.

Audit trail

Every risk row stores:

• factor_context: the full factor list, weights, and modifier audit
• llm_validation: model name, score assessment, factors-to-add, factors-to-remove
• updated: timestamp of last computation

These appear in the per-risk breakdown view, accessible from the location report.