Next Article in Journal
Distributionally Robust Bi-Level Optimization of Distribution Network and Charging Stations for Sustainable Operation Under Climate–Charging Load Uncertainty
Previous Article in Journal
A Strategic Methodological Roadmap for Designing Circular Economy Data Systems: From Integrated Architecture to Indicator Prioritization
Previous Article in Special Issue
Prioritizing National and Fiscal Risks in Bulgaria: An Expert-Based Assessment of Sovereign Resilience
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 18
Issue 12
10.3390/su18125900
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Systematic Review

How Is the Integration of Climate-Related Risk into Enterprise Risk Management at Firm Level? A Systematic Literature Review

by
Laura Albuquerque
1,2,*,
Sofia Helena Zanella Carra
1,
Luan Santos
1,3,
Giovanna Tosto
3 and
Heloisa Dornelles
2
1
Production Engineering Program, Federal University of Rio de Janeiro, Rio de Janeiro 27930-560, Brazil
2
Future Climate Group, São Paulo 04552-040, Brazil
3
Faculty of Business Administration and Accounting Sciences, Federal University of Rio de Janeiro, Rio de Janeiro 22290-240, Brazil
*
Author to whom correspondence should be addressed.
Sustainability 2026, 18(12), 5900; https://doi.org/10.3390/su18125900 (registering DOI)
Submission received: 17 April 2026 / Revised: 30 May 2026 / Accepted: 3 June 2026 / Published: 9 June 2026
(This article belongs to the Special Issue Risk Management and Economic Development of Sustainable Enterprises)
Browse Figures
Review Reports Versions Notes

Abstract

Although climate change is increasingly recognized as a material risk for firms, the extent to which climate-related risks are operationally integrated into enterprise risk management (ERM) processes remains unclear. This article presents a structured literature review to answer the question of how firms have integrated climate risk assessment, considering both physical and transition risks, into ERM processes. Following the PRISMA 2020 protocol, 22 published articles from Web of Science and Scopus, published between 2018 and 2026, were included in the review. Articles covering financial institutions, as well as policy-only and sectoral-only studies, were excluded. The articles were screened through five eligibility criteria: firm-level focus, governance, risk assessment, climate risk management and/or ERM, and type of climate risk. All articles were assessed by two researchers to reduce bias, and Cohen’s kappa was calculated. Following coding and qualitative analysis, the findings indicate that firms have advanced governance structures, disclosure practices, and analytical assessment tools for climate risk assessment, while operational integration into ERM systems remains limited. Results also reveal persistent integration gaps, including strategic–operational disconnection, temporal and methodological mismatches, symbolic implementation, and systemic and knowledge barriers. These challenges constrain the effective translation of climate risk information into risk management practices and strategic planning. Overall, the study, based only on academic literature, concludes that climate risk integration is still incomplete and weakly embedded within ERM systems. In the expanding regulatory landscape, particularly with IFRS S2, the study provides a baseline for understanding current firm-level practices and future developments in climate risk integration at the academic level.

1. Introduction

Climate change is increasingly recognized as a material source of economic and financial risk for corporations and financial systems. Global risk assessments consistently highlight climate-related threats among the most severe long-term challenges. For instance, the Global Risks Report published by the World Economic Forum identifies environmental risks, particularly the failure of climate action and extreme weather events, among the most likely and impactful global risks in recent years [1,2]. These assessments reflect growing awareness that climate change can generate substantial economic consequences through physical damage, supply chain disruptions, and broader systemic impacts. Empirical estimates further reinforce this concern. Climate pathways consistent with limiting warming to 1.5 °C or 2 °C could generate cumulative global economic impacts of USD 259 trillion and USD 292 trillion, respectively, between 2015 and 2100, highlighting the magnitude of the financial implications of climate change [3].
Alongside this growing recognition of financial materiality, the regulatory landscape surrounding climate-related financial disclosure has evolved. In 2017, the Financial Stability Board (FSB) established the Task Force on Climate-related Financial Disclosures (TCFD) to improve the transparency and consistency of climate-related financial reporting for financial institutions and enterprises [4]. The TCFD recommendations marked a shift in perspective from focusing solely on how enterprises affect the climate to emphasizing how climate change affects business performance and financial stability [5]. This regulatory momentum intensified with the establishment of the International Sustainability Standards Board (ISSB), which in 2023 issued the IFRS S1 and IFRS S2 standards to create a global baseline for sustainability and climate-related financial disclosures [6,7]. These developments reflect a broader transition from voluntary disclosure toward more structured and decision-useful climate-related financial information.
In response to these regulatory developments, an increasing number of jurisdictions, including Australia, Brazil, China, the European Union, India, Japan, New Zealand, Switzerland, Thailand, the United Kingdom, and the United States, have established regulatory frameworks or incentives to implement climate-related disclosure practices. Empirical evidence indicates a growing trend in both the number of firms disclosing climate-related risks and the sophistication of risk indicators [8]. For instance, corporate climate risk exposure in China has shown notable increases aligned with major regulatory milestones [9], while compliance levels in France have improved over time [10]. Similarly, the European Union has advanced toward mandatory disclosure through the Corporate Sustainability Reporting Directive (CSRD) [11].
Despite this progress, the literature highlights persistent limitations in the quality and usefulness of climate-related disclosures. Many corporations continue to indicate low levels of compliance with established standards, often relying on unclear data sources and inconsistent calculation methodologies [12]. As a result, disclosures are frequently incomplete or lack reliability, limiting their usefulness for decision-making [8]. Furthermore, some firms may use climate reporting strategically to enhance legitimacy rather than to provide substantive risk information [13,14]. These limitations suggest that increased disclosure does not necessarily translate into effective risk management.
Climate risks are typically categorized into physical risks, associated with acute and chronic climate impacts, and transition risks, arising from policy, market, and technological changes [4,15,16,17]. At the same time, Enterprise Risk Management (ERM) is understood as an integrated approach to managing organizational risks, aiming to systematically identify, assess, and respond to risks across the enterprise, resulting in organizational benefits [18,19,20,21].
Enterprise Risk Management (ERM) is conceptualized as a holistic and integrated approach designed to identify, evaluate, and respond to all types of risks faced by an organization across all its levels and functions [22,23,24]. Departing from traditional risk management, which often operates in isolated “silos,” ERM examines risks jointly to recognize their interrelationships and provide a comprehensive view of the enterprise’s risk profile [22,23]. This framework, often structured according to global standards like COSO and ISO 31000, aims to align an organization’s risk appetite with its mission, strategy, and business objectives [22,23,24,25].
Beyond mere regulatory compliance, effective ERM implementation is associated with increased firm value, improved financial reporting quality, and enhanced organizational resilience against systemic global challenges [22,24,25]. Moreover, when facing complex pressures such as climate risk exposure, ERM drives firms to restructure their strategic positioning, often leading to a trade-off between strategic aggressiveness and passive defensiveness, while prompting proactive shifts toward active vertical integration to mitigate systemic shocks and ensure long-term stability [26].
However, despite the growing emphasis on climate risk disclosure, the extent to which these risks are operationally integrated into ERM processes remains unclear. Existing research indicates a lack of unified assessment frameworks and limited consideration of risk transmission mechanisms, opportunities, and adaptive capacity [27,28,29,30]. In addition, previous studies have reported that organizational silos between sustainability and risk management functions persist, contributing to the continued fragmentation of approaches to climate risk integration [11,31,32].
The operational integration of risk within an Enterprise Risk Management (ERM) framework is conceptualized as the holistic and systematic embedding of risk identification, assessment, and response across all organizational levels and functional units [22,24,25]. This approach moves beyond traditional functional “silos” to ensure that risk management becomes an integral part of the firm’s business strategy, aligning risk appetite with mission and core values to improve strategic decision-making [23]. Effective operationalization transforms risk management from a reactive compliance exercise into a proactive, performance-enhancing mechanism that reduces operational surprises and future performance volatility [22,24].
In response to systemic challenges, operational integration also extends to strategic structural adjustments, such as adopting vertically integrated supply chain strategies to increase control over resources and mitigate volatility [26]. Ultimately, this comprehensive integration strengthens organizational resilience and secures a competitive advantage by embedding a proactive risk culture into the daily execution routines of the business [24].
Despite the increasing regulatory momentum and expansion of disclosure practices, the literature provides limited evidence on how non-financial corporations operationalize climate risk assessment within ERM systems. This study is guided by the following research question: How has peer-reviewed academic literature addressed the integration of climate-related risks into enterprise risk management at the firm level? To address this question, a systematic literature review and bibliometric analyses were conducted to assess the extent to which climate risks are operationally integrated into ERM systems, based exclusively on peer-reviewed articles.
The article is structured as follows: Methods (Section 2) describes the methodologies applied to conduct the literature review; Results and Discussion (Section 3) present the main findings from the structured literature review, highlighting aspects of climate risk integration into ERM; Implications for ERM Practice (Section 4) provides a business-oriented interpretation of the results in light of the research question, proposing integration pathways and a conceptual interpretation of maturity levels derived from the literature; and the Conclusion (Section 5) summarizes the key contributions and recommendations for future research.

2. Methods

In this study, a combined methodological approach was adopted, integrating a structured literature review (SLR) with a bibliometric analysis. This approach enables the quantitative assessment of selected articles while supporting the development of a scientifically grounded and critical understanding of the research topic [33]. Similar methodological approaches have been adopted in other studies within the climate research field [33,34,35,36,37,38].
The review process was guided by the PRISMA 2020 (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) method [39], and the PRISMA checklist was completed (File S1). The checklist provides a set of checkpoints to ensure methodological rigor in systematic literature reviews (SLR), thereby enhancing the robustness of the findings. This method has been widely adopted in studies related to sustainability and management [33,36,37,38]. The review did not have its protocol registered.
The literature review process following the PRISMA method was structured into three main stages: 2.1 Identification, 2.2 Screening, and 2.3 Inclusion.

2.1. Identification

Peer-reviewed articles were identified through systematic searches in the Scopus and Web of Science (WoS) databases, selected due to their extensive coverage of peer-reviewed academic journals and relevance to the fields of sustainability, risk management, and corporate studies. The search strategy combined keywords related to climate risk (physical and transition), corporate context (company, business, enterprise), and ERM (risk: i. management, ii. assessment, iii. framework, and iv. strategy). Subject area exclusions were applied to remove studies from disciplines not directly relevant to the research focus, such as medicine and the arts.
Only peer-reviewed journal articles and review papers were included to ensure scientific rigor and reliability. Grey literature, book chapters, and editorials were excluded due to their limited methodological consistency and lack of standardization, which would make comparability among studies difficult. This emphasizes the importance of standardization and proper reporting in systematic reviews [40,41].
The temporal scope (January 2015–March 2026) was defined to capture the period following the signing of the Paris Agreement, when the climate risk agenda and its incorporation by the corporate sector became more prominent. The review considered articles published up to 30 March 2026. No restrictions were applied regarding geographic scope, allowing for a globally representative perspective.
Through the initial screening, 190 peer-reviewed articles (Scopus: 67; WoS: 123) were identified following the search criteria (Table 1). All identified records were exported and consolidated into a single database, and duplicate entries across the two sources were identified and removed prior to the screening stage. A total of 16 articles were eliminated due to duplicate records.

2.2. Screening

Eligibility criteria were defined to provide guidance and alignment for the screening stage. They were established a priori to ensure alignment between the research question, the conceptual scope of the review, and the subsequent coding and synthesis procedures. In accordance with PRISMA 2020 [39], the eligibility criteria specified the inclusion and exclusion boundaries used during title/abstract screening and full-text assessment, thereby supporting transparency and replicability in the selection process.
The eligibility criteria were grounded in five analytical dimensions derived from the objective of the review: (i) firm-level focus, (ii) governance, (iii) risk assessment, (iv) climate risk management and/or enterprise risk management, and (v) type of climate risk. The firm-level focus delimited the unit of analysis to non-financial corporations and productive sectors of the real economy. Governance and risk assessment captured the organizational processes through which climate risks are identified, evaluated, addressed, assigned, and overseen. The climate risk management and/or ERM criterion ensured alignment with the review’s focus on risk-management integration, while the type of climate risk criterion enabled differentiation and mapping between physical and transition risks. Table 2 presents these dimensions. These criteria were used exclusively to determine study eligibility; the final included studies were subsequently subjected to quality appraisal and thematic coding (Section 2.4).
The first screening was conducted on the records obtained from the identification stage (Scopus: 67 articles; WoS: 107), through title and abstract screening, with the aim of removing those focused on (i) recommendations for financial institutions or financial use cases, (ii) explicit mention of policy building or recommendations, or (iii) sectoral view only (non-eligibility criterion). It is important to clarify that “sectoral view only” means that companies were not included and that only the broader sectoral perspective was considered. The exclusion of financial institutions was a deliberate scope definition to ensure analytical consistency linked to firms. Risk management practices in financial institutions follow distinct regulatory and methodological logics, which differ substantially from non-financial corporations. This process resulted in the exclusion of 52 records (Scopus: 18 articles; WoS: 34). Only one record from the insurance sector was retained because of its abstract explicitly reported results from companies.
Subsequently, articles selected for retrieval were analyzed through abstract screening (Scopus: 49 articles; WoS: 73), following the methodology adopted in similar studies [37,42], to identify the qualitative relevance of the selected studies based on the predefined dimensions. This process was designed to ensure that only studies aligned with the scope of the review and the research question were included. The identification of qualitative relevance during the screening process followed a binary approach, in which only articles meeting at least one predefined qualitative element (Table 2) were considered. Among the abstracts reviewed, 54 reports (Scopus: 9; WoS: 45) were excluded because they did not meet the eligibility criteria (Table 2).
Finally, a total of 68 peer-reviewed articles (Scopus: 40; WoS: 28) were selected for full-text in-depth analysis. This final screening stage was guided by the identification of the predefined qualitative elements (Table 2) in the full texts, enabling a deeper understanding of the integration of climate risk into ERM in relation to the research question. The authors used a summary table presenting extracted data generated by NotebookLM, detailed in Supplementary Material (File S2), which also includes additional reference supporting the discussion on climate risk management and sectoral adaptation [43]. This table was used to confirm whether the articles presented qualitative information for each criterion. In addition, reports that mainly consisted of compliance analyses of frameworks were excluded. After the eligibility assessment, 46 articles were excluded (Scopus: 29; WoS: 17). Six reports were excluded because full-text access was not available due to institutional access limitations.
Inter-rater reliability was assessed during the eligibility screening stage using Cohen’s kappa (k). Two reviewers independently applied the eligibility criteria to 68 records selected for full-text in-depth analysis. The reviewers agreed on 22 included and 40 excluded records, resulting in κ = 0.812, indicating almost perfect agreement. Disagreements were resolved through discussion before defining the final sample.

2.3. Inclusion

After the full-text in-depth analysis, a total of 22 peer-reviewed articles (Scopus: 11; WoS: 11) that met all the eligibility criteria were considered for this study. Figure 1 (PRISMA flow diagram) shows the PRISMA stages strictly followed in this systematic literature review.
All articles excluded from the initial set of 190 articles are presented in File S3 for transparency.
An overview of the evolution and distribution of the research was conducted for the 22 selected peer-reviewed articles (Table 3) using the bibliometrix package version 5. 3.0 [36] in the R environment, complemented by the interactive graphical interface biblioshiny.
Analyses were performed on annual scientific production, word clouds, thematic maps, and term co-occurrence networks, enabling a systematic mapping of the literature on the topic. Graphs were generated to present the results and are detailed in File S4, together with additional references that are cited exclusively in the Supplementary Material [63,64,65]. Although the search strategy in the databases covered the period from 2015 onward, after the PRISMA screening process, the included studies covered the period from 2018 onward.

2.4. Data Extraction, Coding and Thematic Synthesis

While the eligibility criteria were used to determine whether articles were included in the review, the coding categories were applied after full-text selection to examine how the included studies addressed each analytical dimension of the search strategy and eligibility criteria, with particular attention to depth, mechanisms, integration, and limitations, as adopted in other studies [33,37].
After the final sample of 22 articles was defined, each article was analyzed using a standardized data extraction matrix. The extraction fields were designed to ensure that information relevant to the research question was collected consistently across studies. These fields reflected the analytical dimensions that guided the search strategy and eligibility criteria, including firm-level focus, governance, risk assessment, climate risk management and/or ERM, and type of climate risk. Table 4 summarizes the extraction fields used in the review and their analytical function in supporting the subsequent coding and synthesis.
The coding and synthesis procedure followed a sequential and iterative logic composed of four steps. First, the standardized extraction matrix was completed for each article to organize descriptive information and relevant textual evidence according to the predefined analytical dimensions. Second, the extracted material was categorized using a deductive coding framework derived from the review scope and research question. These deductive categories captured whether and how each study addressed firm-level focus, governance, risk assessment, climate risk management/ERM, and climate risk typology. Third, during full-text reading, the authors added inductive analytical codes to capture recurrent patterns that were not fully anticipated by the initial framework, such as strategic–operational disconnection, temporal misalignment, methodological uncertainty, disclosure-driven implementation, symbolic implementation, and knowledge barriers. Fourth, the coded evidence was consolidated by comparing recurring code combinations across the final sample and grouping them into second-order analytical categories and higher-order themes.
In practical terms, the categorization process moved from article-level evidence to cross-study synthesis. Descriptive codes were first used to identify the presence, absence, or partial treatment of specific dimensions, such as board oversight, scenario analysis, physical risk assessment, transition risk assessment, or ERM integration. Interpretive codes were then applied when the extracted evidence indicated a broader analytical pattern, such as formal governance without operational embedding or disclosure-oriented implementation without clear evidence of decision-making effects. The synthesis was developed by comparing these descriptive and interpretive codes across the 22 studies, identifying repeated combinations, and consolidating them into broader themes. This procedure enabled the review to distinguish between isolated article findings and recurrent patterns supported by multiple studies.
The coding framework was developed from the analytical dimensions that guided the review. These dimensions were used as deductive coding categories because they represented the core constructs required to answer the research question. However, coding was analytically distinct from screening under PRISMA. While screening determined whether articles met the inclusion criteria, coding examined how each included article addressed the dimensions in terms of depth, mechanisms, integration, and limitations. Inductive analytical codes were created to capture recurrent patterns not fully anticipated by the initial framework, such as strategic–operational gaps, temporal misalignment, methodological uncertainty, disclosure-driven implementation, symbolic implementation, and knowledge barriers. The operational codes were defined based on the dimension’s content presented and identified by the authors during the full abstract reading. Table 5 presents the main coding categories and operational codes used to classify the extracted evidence.
To ensure reliability and consistency in the coding process, the same extraction matrix, codebook, and operational definitions were applied to all included articles. Coding was based only on explicit evidence reported in the articles, and each code was assigned according to predefined inclusion rules in the codebook. When an article contained ambiguous evidence or overlapped across categories, the authors compared the extracted passage with the code definitions and resolved the classification through discussion and consensus. The coding matrix was subsequently reviewed to verify consistency across articles, identify redundant or overlapping codes, and confirm that the final themes were supported by recurring evidence rather than isolated examples. The Supplementary Materials provide the full data extraction table, codebook, and coding matrix to enhance transparency, reproducibility, and evidence-to-claim traceability.
To enhance transparency and demonstrate how the coding framework was applied, selected examples of coded evidence are provided in Table 6. The application of the coding framework was performed following the full article reading through the individual code application by dimension in each article. Subsequently an analytical interpretation of the code combination was translated to the theme supported as presented in Table 6.
The table illustrates the analytical movement from extracted evidence to applied codes, interpretation, and theme support. These examples were selected to show how the coding procedure moved beyond a binary presence/absence classification used during the PRISMA method and evolved to support the identification of recurrent patterns across the reviewed literature providing consolidated results and discussions.
After coding the extracted evidence, recurring combinations of codes were compared across the final sample. These code combinations were grouped into second-order analytical categories and then synthesized into higher-order themes. This process enabled the review to move from article-level evidence to cross-study patterns. Table 7 summarizes the analytical pathway from first-order codes to second-order categories and final themes, which structure the presentation of the results.
The consolidation of evidence was therefore not limited to counting the occurrence of individual codes. Instead, the synthesis considered how codes appeared together and what these combinations indicated about the maturity, depth, and limitations of climate risk integration into corporate risk management and ERM. For example, the simultaneous presence of governance and risk assessment codes, combined with partial or absent ERM integration, supported the interpretation of strategic–operational disconnection. Similarly, the recurrence of scenario, metrics, data, and methodological limitation codes supported the theme of temporal and methodological gaps. This approach allowed the review to generate an analytical synthesis while preserving traceability between the original extracted evidence, the applied codes, and the final themes.
These themes provide an analytical structure for the results. “Strategic–operational disconnection” captures the gap between climate risk recognition and operational integration. “Temporal and methodological gaps” reflect the challenges associated with long-term scenarios, data uncertainty, metrics, and methodological comparability. “Symbolic implementation” captures cases in which climate risk practices are primarily disclosure-oriented or formally adopted without clear evidence of substantive decision-making effects. Finally, “systemic and knowledge barriers” refer to the broader capability, institutional, and methodological constraints that limit the integration of climate risk into corporate risk management and ERM. Full data extraction table, codebook, and a coding matrix are provided at File S5.
Generative artificial intelligence was used to support the organization of extracted data. NotebookLM Plus was employed to structure information such as titles, abstracts, keywords, and qualitative elements into tables. All AI-assisted outputs were critically reviewed, validated, and refined by the authors. The authors retain full responsibility for the interpretation, analysis, and conclusions presented in this study. The authors acknowledge the use of ChatGPT (OpenAI) for brainstorming, refining research questions, and structuring the literature review section of this study. All final conceptual decisions and interpretations are those of the authors. ChatGPT-5.4 Thinking was specifically used to build Figures 2–4. Supplementary Material (File S6) provides a table reporting the tools used, the purpose of use or figure supported, the prompt applied, the nature of the output generated, and the validation procedure for each AI tool used.

2.5. Limitations of the Research

This review is strictly intended to describe academic literature in order to understand the science-based landscape regarding the research question. Therefore, broad regulatory standards and corporate reports, such as TCFD/ISSB guidance, COSO materials, risk-management frameworks, and practitioner methodologies, were consciously not included in this review. The authors acknowledge that excluding practitioner and regulatory documents restricts the extent to which the findings can be generalized to actual corporate practice.
Although the sample is consistent with the focused eligibility criteria adopted in this review, it should be interpreted as a concentrated body of evidence rather than as a comprehensive representation of the entire field. Therefore, the findings are better understood as analytically informative patterns emerging from the selected literature, rather than statistically generalized conclusions.
As this field of knowledge is still developing, some of the categories and themes identified in the Results and Discussion should be interpreted with caution. The proposed themes, including organizational disconnection, symbolic implementation, and systemic or knowledge-related barriers, are derived from the available evidence but may evolve as more empirical studies are published.

3. Results and Discussions

This section presents the results obtained from the SLR with a qualitative synthesis of the studies included. Building on this, the section advances the qualitative analysis based on the five predetermined analytical dimensions. This approach enables a systematic examination of how firms incorporate climate risk into their risk management processes, linking observed practices presented to implications for risk identification, prioritization, and strategic decision-making. The combined analysis provides a basis for identifying cross-dimensional patterns and gaps in the integration of climate risk into ERM in peer-reviewed articles.

3.1. Systematic Literature Review (SLR)

The SLR was conducted in accordance with the predefined eligibility criteria. The results regarding the research analysis are presented in subsections corresponding to the five dimensions described in Table 2, covering, respectively: 3.1.1. Firm-Level Focus and Sectoral Scope; 3.1.2 Governance of Climate Risk; 3.1.3 Climate Risk Assessment Practices; 3.1.4 Integration with ERM; and 3.1.5 Treatment of Physical and Transition Risks. A structured synthesis of the main findings from the literature for each eligibility criterion dimension is presented in Table 7, highlighting the elements identified through the systematic literature review (SLR). Additionally, the key observations in terms of the integration patterns are presented in Section 3.1.6, and, finally, Section 4 presents the identification of the main gaps presented by the literature. As established in the methods section, the analysis reflects exclusively the findings from the peer-reviewed literature and reflects the analytical themes. As referenced in the Introduction, this study frames climate risk integration into ERM as an organizational alignment problem across governance, risk assessment practices, and ERM processes, rather than a lack of tools or frameworks.

3.1.1. Dimension 1: Firm-Level Focus and Sectoral Scope

The results indicate that climate risk is being studied extensively across a wide range of industries and operational functions within the real economy, reflecting its status as a material and systemic threat that impacts corporate assets, infrastructures, and value chains [50,51,66]. The literature covers both high-emission carbon-intensive industries and vulnerable non-financial sectors [48,50,62]. Sectoral coverage is broad, including industrial, economic, and public sectors.
The analyzed articles focused on broad multisectoral groups of firms across different regions. For instance, Chinese listed firms [62], well-known Taiwanese firms [8], diversified US firms [46], among others. The energy sector emerges as a central focus in literature, representing 18% of the reviewed studies. It was covered from natural gas to renewable energy, reflecting its dual role as both a high-emitting sector and a set of assets exposed to climate risks. More broadly, the energy sector is identified as one of the most exposed to climate risks, followed by sectors such as basic materials [50]. Five main sectoral groupings emerge as particularly prominent:
Energy and Extractive Industries: This is a primary area of focus due to the sector’s high exposure to transition risks (policy and regulation) and physical risks to infrastructure [43,47,50].
Fossil Fuels: Extensive research covers oil and gas (exploration, production, and refining), natural gas, and coal and consumable fuels [12,45].
Renewable Energy: Studies investigate the wind energy sector, including offshore wind in Japan and energy firms in Finland, and the broader renewable energy market [59,60].
Power Generation: Research evaluates thermoelectric power plants, electric utilities, and the electric power sector [47].
Mining: Large-scale metals and mining operations are studied for their environmental impact and vulnerability to extreme weather [45].
Overall, while sectoral analyses provide important insights into the distribution and nature of climate risks across industries, they remain largely focused on exposure and vulnerability. As such, they offer limited evidence on how climate risks are incorporated into ERM processes at the firm level.

3.1.2. Dimension 2: Governance of Climate Risk

The literature identifies structured governance arrangements for climate risk. It presents a hierarchy that begins with the Board of Directors, extends through specialized committees and high-level executives, and includes cross-functional teams and outside experts integrated into firms’ committees. In principle, these governance arrangements aim to ensure that climate-related financial risks and opportunities are identified, evaluated, and embedded into long-term strategic and financial planning and into firms’ core business strategies [50,59,60]. The governance framework is structured to bridge the gap between high-level strategic commitment and day-to-day financial and operational management. However, evidence also points to a persistent gap. The literature finds significant disconnection between high-level strategic commitment and operational implementation at the middle-management level [57]. In addition, the TCFD framework is frequently referenced as a guiding structure for climate-related governance and reporting, being explicitly mentioned in approximately half of the reviewed studies. To further examine governance practices for climate risk, the research findings were organized into three analytical layers: A. Organizational Structures; B. Roles and Responsibilities; and C. Decision-Making Integration.
Organizational Structures
The literature presents a multi-tiered organizational framework in which responsibility for climate risk is clearly defined across different layers of the corporate hierarchy. This structure reflects an attempt to formalize climate risk governance within existing organizational systems. However, the existence of formal structures does not necessarily imply effective integration into ERM processes, as coordination across levels remains disconnected. The four key structures are:
The Board of Directors (BoD): The BoD is consistently identified as the highest governing body for climate-related issues, responsible for overseeing the definition of the organization’s response to climate change and ratifying critical decisions [11,45]. While this positioning reflects strong top-level commitment, its influence on operational risk management processes is not always evident.
Board-level Specialized Committees: Many firms establish dedicated board-level committees with independent directors, such as Sustainability Committees, Risk Management Committees, or ESG Committees, to provide more focused oversight of climate-related issues [11,12]. These committees enhance governance visibility but do not necessarily ensure integration into enterprise-wide risk management processes.
Management-level Committees: Many firms establish dedicated management-level committees to function at the senior executive or operational level to translate board-level strategy into daily business practices [11,12]. However, the effectiveness of this translation varies, and alignment with ERM processes is not consistently achieved.
Hybrid and External Support: Due to internal expertise gaps, many firms utilize hybrid structures that involve external specialists for specific tasks such as modeling and scenario analysis [57]. While this enhances technical capacity, it may also reinforce the separation between climate analytics and internal risk management systems.
Roles and Responsibilities
Governance roles and responsibilities are typically divided between board-level oversight and management-level execution, reflecting a separation between strategic direction and operational implementation, with specific roles emerging as critical sponsors for corporate climate action, alongside contributions from external experts. This division, while structurally logical, may contribute to gaps in the integration of climate risk into ERM processes. The main tasks identified include:
BoD: The board is tasked with ratifying all major decisions related to climate risk and overseeing the definition of the firm’s climate response strategy. They are responsible for setting performance objectives, overseeing capital expenditures, and monitoring progress to ensure that climate issues serve as an input to financial planning [11,45,51]. The BoD mandate includes strategic approval and ratification; policy and objective setting; financial oversight; monitoring and accountability; and external participation formalization.
Board-level Specialized Committees: The committee is tasked with driving efficiency, monitoring targets, and providing a cross-functional vision across multiple geographies and business units [11]. It is considered one of the most effective tools for pressuring firms to involve themselves substantively in climate management [45,50]. The Specialized Committee’s mandate includes execution oversight, risk review, and target tracking; cross-functional integration; and reporting support.
Management-level Committees: The committee is tasked with operational ownership. Responsibility is often assigned to management-level positions, such as the Chief Financial Officer (CFO), who frequently serves as the executive sponsor for all climate-risk-related matters. The Chief Executive Officer (CEO) is highlighted as a champion whose leadership is essential for ensuring that climate governance logic is embedded throughout the organization [54,57]. The management committee mandate includes executive accountability, internal capacity building, multidisciplinary collaboration, resource allocation, and the identification and resolution of climate-related risks and opportunities.
Hybrid and External Support: External support is tasked with addressing the complexity of scenario modeling and fulfilling the current lack of internal climate change expertise. Many firms require reliable suppliers for technical climate risk assessments, including roles for external experts and consulting firms [57].
Management Accountants: These professionals are identified as having an important role in providing data for identifying liabilities, conducting cost–benefit analyses, and developing performance metrics. However, the articles note a current accounting gap, where middle-level management accountants are often not meaningfully involved in climate activities, which are incorrectly viewed as the exclusive domain of sustainability experts [57]. Additionally, the literature highlights a gap in their involvement, suggesting that climate risk activities remain insufficiently embedded in core financial and risk management functions [54,57].
Decision-Making Integration
A central objective of climate governance is to integrate climate-related information into corporate strategic and financial decision-making processes, shifting from a defensive posture to proactive planning. Despite this objective, the extent to which climate considerations are systematically embedded into ERM-driven decision-making remains limited. The decision-making instruments identified as enabling improvements in climate governance are listed below; however, the identification of instruments does not mean they have been effectively implemented.
Strategic and Financial Planning (Transition Plans): Governance structures must ensure that climate-related issues serve as inputs to the financial planning process. This involves identifying how the business model might change to address potential risks or to capitalize on opportunities in a low-carbon economy. In other words, firms are increasingly required to develop climate transition plans that align corporate emission reduction targets, or decarbonization pathways, climate risk management, and strategic planning with ambitious climate science recommendations. It involves reviewing climate-related issues when assessing annual budgets, business plans, and capital expenditures [11].
Scenario Analysis: This is an important tool used by governance bodies to explore future climate conditions (e.g., 1.5 °C vs. 3 °C warming) and assess the resilience of the organization’s strategy. Effective integration ensures these scenarios feed directly into the planning cycle to inform long-term investment horizons. Unlike traditional financial projections that typically focus on short-term, 3-to-5-year cycles, climate scenario analysis forces management to think about the future over long-term horizons, such as 2040 and 2050 [51,57]. Nevertheless, its integration into formal ERM processes is not consistently demonstrated.
Financial Incentive Alignment and Accountability: A key mechanism for ensuring accountability is the integration of climate-related targets into executive compensation through management incentive schemes. For instance, some firms weigh climate targets and key performance indicators (KPIs), such as carbon footprint reduction targets, at 15% to 25% of the total management objectives for bonuses [11]. Moreover, firms are encouraged to establish executive accountability systems for climate governance, integrating climate risk management into performance evaluations, board reviews, and enterprise-wide risk control frameworks [61].
Procedural Constraints Definition: Reviewing purchasing policies in the supply chain includes the adoption of stricter green compliance standards in supply chain management and the selection of suppliers based on shared low-carbon values. Additionally, it includes establishing institutionalized arrangements, such as long-term contracts with environmental performance metrics [61].
Capital Allocation: By identifying climate-related risks, including which assets are most vulnerable through quantitative risk assessment or anticipating regulatory changes such as carbon pricing policies, governance bodies can prioritize resource allocation toward mitigation or adaptation projects, rather than just reacting to shocks after they occur [50]. Similarly, they can reallocate capital toward green innovation, energy efficiency, and research and development (R&D), viewing these not only as compliance costs but also as essential for maintaining market value and competitive advantage [50,55,58]. Yet, these practices are not systematically linked to enterprise risk prioritization frameworks.

3.1.3. Dimension 3: Climate Risk Assessment Practices

Climate risk assessment practices were examined across four analytical layers: A. Frameworks; B. Tools; C. Monitoring practices; D. Strategic approaches. These dimensions capture how firms identify, evaluate, and respond to climate-related risks in practice. These practices serve different functions, from structuring disclosure to supporting risk evaluation. The examples presented are not intended to be exhaustive but to illustrate how those practices are implemented across firms and contexts.
Frameworks
The literature shows that firms rely on a multi-layered set of frameworks for climate risk assessment, ranging from high-level global disclosure standards to technical protocols and specialized analytical methodologies [11,47]. These frameworks are designed to identify vulnerabilities, evaluate financial implications, and inform long-term strategic resilience. The following types of frameworks were found in the research; the quality of the use of the frameworks has not been assessed.
Global Standardized Disclosure Frameworks: These frameworks provide the structural backbone for how firms report climate-related risks to investors and regulators. For instance, the TCFD Framework is mentioned as a step-change in the climate risk agenda [59]. Building on the TCFD, IFRS S2 requires firms to disclose material information regarding climate-related risks and opportunities that could affect their cash flow and access to capital. Correspondingly, many firms use the CDP questionnaire as an internal assessment framework to identify “inherent risks” with significant financial or strategic impact [50]. While these frameworks enhance standardization and comparability, their application remains largely disclosure-oriented and does not necessarily translate into operational integration within ERM systems.
Technical Risk and Adaptation Frameworks: Few peer-reviewed articles were found to identify firms that integrate climate considerations into established operational and risk management standards to ensure daily business continuity as exemplified by the use of standard norms such as: ISO 31000 (Risk Management) [67], used to define the nature and characteristics of risks and evaluate organizational levels of tolerance; ISO 14090 (Adaptation to Climate Change) [68], used for pre-planning, impact assessment, and the implementation of adaptation plans; ISO 14001 (Environmental Management Systems) [69] and ISO 50001 (Energy Management Systems) [70] for environmental and energy management systems that provide protocols for monitoring and reviewing long-term climate governance; and COSO (Committee of Sponsoring Organizations of the Treadway Commission) Framework, which is often used alongside ISO 31000, provides a multidisciplinary approach for assessing strategic and operational risk events [11,46,47]. Although these frameworks offer a pathway for embedding climate risk into organizational processes, their application remains limited and is not consistently integrated across enterprise-wide risk management systems.
Specialized Tailor-Made Methodological Frameworks: In addition to standardized frameworks, the literature shows that firms apply tailored methodologies to address the complexity of climate risk assessment. One example was found: an 11-Stage Systemic Methodology, which is a cyclical process developed for power plants to map Cause-and-Effect Flowcharts, downscale climate models to regional resolutions and validate findings with stakeholders [47]. While these approaches enhance analytical precision, they are typically applied in isolated contexts providing standalone inputs to decision-making and are not systematically linked to ERM processes.
Emerging Regulatory and Regional Frameworks: The literature also highlights the growing influence of regulatory and regional frameworks, showing that firms adapt their assessments to comply with specific jurisdictional mandates. The Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS) require firms to disclose detailed climate transition plans aligned with the 1.5 °C goal. AASB S2 (Australian Sustainability Reporting Standards) is a mandated standard modeled on IFRS S2 that specifically requires Australian firms to disclose climate-related financial risks; NOU 2018 (Norwegian Official Report, in English) is a pioneering national framework that guides public and private sector entities in disclosing climate risks to infrastructure, health, and finances [11,54,57,59]. These frameworks contribute to the institutionalization of climate risk assessment practices; however, their impact is primarily concentrated on reporting and compliance, with limited evidence of direct integration into ERM processes.
Tools
The literature identifies that firms use an ecosystem of modeling and analytical tools to navigate the complexities of climate risk assessment, with scenario analysis emerging as a central instrument. These tools range from high-level to granular scientific models and applications designed to quantify physical threats and transition uncertainties. While these tools enhance analytical sophistication, their application is often project-based, and their outputs are not consistently integrated into enterprise-wide risk management processes, as presented below:
Scenario Analysis: Scenario analysis is considered the “cornerstone” of climate risk disclosure, particularly under the TCFD and IFRS S2 frameworks. It relies on forward-looking pathways, such as the Shared Socioeconomic Pathways (SSP) and Representative Concentration Pathways (RCPs) from the IPCC for limiting warming to 1.5 °C and a high-emissions business-as-usual scenario to test the resilience of their business models. For transition risks, firms frequently adopt the International Energy Agency (IEA) Net Zero scenario to evaluate the impact of rapid decarbonization on asset values and operating costs [12,47,50,59].
Climate Modeling: To translate global trends into site-specific data, firms employ various scientific modeling tools: Global Climate Models (GCMs) to project spatiotemporal variability in temperature and precipitation; Downscaling Techniques for regional models (such as the Eta/HadGEM2-ES) to downscale GCM data into regional grids of 1 to 10 km resolution, providing the spatial precision needed for asset-level risk management; Specialized Hazard Models, including STORM (synthetic tropical cyclone datasets) and the Global Wind Atlas, help energy firms assess historical and future risks related to typhoons and wind energy production; Probabilistic Platforms, such as the open-source platform CLIMADA, allow firms to integrate hazard maps, exposure data, and vulnerability functions to calculate expected financial losses and the averted losses provided by adaptation measures [47,49,50,53].
Public Platforms and Data Repositories: Moreover, firms often rely on external datasets to ground their internal assessments, namely: National Institute for Space Research (INPE) and National Institute of Meteorology (INMET) in Brazil, which provide downscaled climate models (such as the Eta Model) and meteorological data for industrial risk assessments; Taiwan Climate Change Projection Information and Adaptation Knowledge Platform (TCCIP) and Joint Credit Information Center (JCIC) Platforms where firms access high-resolution, peer-validated physical risk data [47,60].
Third-Party Indices: The research found that firms utilize the Germanwatch Climate Risk Index (CRI) and CDP questionnaire scores to benchmark their performance and perception against global peers [48,61].
Despite their analytical sophistication, these tools are often applied as standalone exercises, and their outputs are not consistently integrated into enterprise-wide risk management processes.
Monitoring Practices
Monitoring practices are intended to link climate risk assessment with ongoing operational decision-making. They are intended to bridge the gap between sensing environmental change and reconfiguring corporate resources to meet that change. Without substantive monitoring routines, corporate climate responses risk being purely symbolic rather than effective. The literature identifies a limited set of monitoring practices in terms of KPIs and risk metrics, in addition to those already listed in the global disclosure frameworks. Most of them are linked to operational and site-specific monitoring indicators, such as: (i) Thresholds: The number of hours per year that specific parameters, such as temperature or humidity, remain above a critical threshold (e.g., 38.3 °C) that affects asset efficiency [47]; (ii) Energy Production: Tracking expected energy output under both normal and extreme weather conditions for renewable sectors [53].
As presented, monitoring practices remain fragmented and are not consistently aligned with ERM systems, limiting their role in supporting continuous risk evaluation.
Strategic Approaches
The literature provides selected examples of how climate risk assessment informs strategic decision-making. Most of the literature points to the importance of integration, thus providing recommendations based on benefits that could potentially arise from integration. The specific cases of strategic integration found were:
Asset Relocation and Sourcing: Practical strategic responses were found, including the avoidance of new locations prone to flooding or hurricanes and the relocation of existing operations to less vulnerable areas and the integration of climate data into scenario planning for material supply, selecting partners who are actively addressing climate risks to ensure supply chain continuity in the agricultural sector [46].
Budgeting and Capital Allocation: One of the most critical practices is using climate scenarios as an input for budgeting and capital allocation decisions. For example, an energy firm in Australia uses scenario results to re-evaluate capital expenditure (CapEx) and operational expenditure (OpEx), ensuring that investments are resilient to future climate states [57].
While these examples suggest an emerging link between climate risk assessment and strategic decision-making, they remain limited in quantity and scope. Most studies emphasize the importance of integration rather than documenting its systematic implementation. As a result, the incorporation of climate risk into strategic and financial decision-making remains uneven and not yet fully embedded within ERM frameworks.

3.1.4. Dimension 4: Integration with ERM

The literature highlights a clear distinction between the conceptual recognition of climate risk within ERM frameworks and its operational integration into corporate risk management processes. This distinction is central to understanding the current state of climate risk integration, as conceptual alignment does not necessarily translate into effective implementation within ERM systems, as reinforced in each layer of analysis.
Therefore, the results indicate explicit references to ERM and its instruments in a few cases. ERM is positioned as the fundamental structure for administrative oversight, asset protection and as a process that provides administrators with the information necessary to effectively manage risks and optimize organizational outcomes, thereby protecting the entity’s assets and integrity. However, the literature also argues that traditional ERM and Risk Assessment practices have long been established but often lack the forward-looking climate projections required to address modern environmental threats, such as climate [47]. Furthermore, ERM is identified as a multidisciplinary firm-wide identification, assessment, and management process with firm-level practical examples of using an ERM model developed in accordance with the COSO framework to assess strategic, external, and operational risk events across all levels of the organization; integrating the analysis of ESG factors and climate change directly into its ERM methodology to foster an effective organizational culture based on risk prevention, and highlighting ERM processes that incorporate the identification and monitoring of climate-related risks [11]. These examples suggest the potential for integration, but they remain limited in scope and are not representative of extensive practice. Finally, the use of risk registries is presented as a practical step in integration, through the creation of a separate risk register for climate risk or the inclusion of climate-specific line items in the general register. These registries help track the likelihood and magnitude of impacts over different time horizons [50,54]. While this practice represents a meaningful step toward formalizing climate risk within ERM systems, it is not yet consistently implemented across firms.
Overall, the literature indicates that while ERM provides a theoretically robust framework for managing climate risk, its practical implementation remains limited. The integration of climate risk into ERM can therefore be characterized as emerging but incomplete, with isolated examples of operationalization coexisting alongside widespread conceptual alignment and persistent structural barriers.

3.1.5. Dimension 5: Treatment of Physical and Transition Risks

The literature consistently identifies both physical and transition risks as central components of climate risk assessment, with these risks being presented in 90,9% of the peer-reviewed articles and often emphasizing the importance of addressing them jointly within corporate strategies.
The main physical risks identified across the research include: (i) Acute Extreme Weather Events: Storms and Cyclones; Flooding; Extreme Temperatures; Wildfires; (ii) Chronic Long-Term Climate Shifts: Rising Sea Levels; Precipitation Pattern Changes; Temperature Increases; Ecosystem and Resource Degradation. Ecosystem degradation and biodiversity loss are also noted as long-term physical consequences [49,50,55,62].
The main transition risks include the following: (i) Policy and Legal Risks: Carbon Pricing and Taxes; Emission Reporting and Limits; Renewable Energy Regulations; and Climate-Related Litigation. (ii) Technology Risks: Substitution of Existing Products; R&D and Capital Costs; and Stranded Assets. (iii) Market Risks: Shifts in Consumer Behavior; Supply Chain Disruptions; and Resource Scarcity and Price Volatility. (iv) Reputational and Social Risks; Stakeholder Trust; Greenwashing Backlash; and Access to Capital [11,50,51,52,54,59,62].
Regulatory or policy risk was the most frequent specific subcategory, appearing in 17 studies, followed by reputational risk in 14 studies and market risk in 12 studies. Legal or liability risk was identified in 9 studies, while systemic or cascading risk appeared in only 3 studies, suggesting that systemic risk remains comparatively less developed in the firm-level climate risk peer-reviewed literature.
Although the results present a concept of holistic strategic integration required by TCFD/IFRS S2, which encourages a future-forward mindset that integrates both types of climate risks into core business strategy and financial planning and is often managed through ERM systems, physical and transition risks are presented in varying depth and are treated both jointly and independently. Transition risks are often more prominently integrated. Research on Chinese firms indicates that while both types improve resilience, the effect of transition risk is more prominent because its policy-driven and mandatory nature touches the core of firm development. Similarly, transition risk is effective at compelling firms to undergo transformation, whereas the influence of physical risk on such strategic shifts is often statistically insignificant [55,62]. Physical risk appears more like a reactive trigger. Physical risks are often realized over shorter timeframes and may be met with reactive or adaptive measures that do not necessarily trigger a full strategic transformation [55]. This asymmetry further contributes to the fragmentation of climate risk integration within ERM processes.
In conclusion, the full analytical process across the five dimensions has been strategically synthesized. The main results regarding what the peer-reviewed academic literature presents in each assessed dimension are consolidated in Table 8.

3.1.6. Cross-Dimensional Synthesis: Patterns

The analysis of the five analytical dimensions reveals a set of recurring patterns that characterize how climate risk is assessed and managed across this literature. These patterns reflect reported field-level dynamics shaped by regulatory pressures, sectoral exposure, and methodological developments marked by a shift toward standardization through international frameworks, a significant discrepancy between firm sizes and sectors, and the emergence of symbolic rather than substantive reporting practices. Together, they provide insights into the extent to which climate risk is expected to be integrated into ERM processes.
Dominance of International Frameworks and Standards: A recurring pattern across the literature is the reliance on international frameworks to structure the assessment and disclosure of climate risks. Frameworks such as TCFD and IFRS S2 are identified as central references for private sector disclosure, shaping how firms approach governance, strategy, risk management, and metrics and targets [11,59]. In parallel, technical standards such as ISO 31000 and ISO 14090 are used for foundational risk identification and as structured guides for climate change adaptation [11,47]. Firms in the real economy frequently blend these reporting frameworks with established risk management standards.
Common Drivers Affecting Assessment Quality: Across different geographic contexts, the literature consistently identifies firm-level characteristics as key determinants of climate risk assessment practices, for example, firm size, industry profile, and regulation [43,50,56]. Larger firms are more likely to conduct formal climate risk assessments and provide detailed disclosures. They possess the financial resources and visibility to handle the high costs associated with sophisticated modeling and external consulting [45,50,55]. Similarly, firms in high-impact environmental sectors such as energy, mining, and utilities indicate more advanced assessment practices due to higher exposure to reputational, physical, and regulatory risks. The regulatory environment further reinforces these patterns through mandatory reporting requirements, which act as a driver of increased assessment quality. Firms in developed countries tend to disclose more due to stronger regulatory signals. These findings highlight the importance of the firm-level focus dimension in shaping both governance structures and risk assessment practices.
Transition and Physical Risk Profiles: There is an asymmetric treatment of transition and physical climate risks. Transition risks arising from policy, legal, technology, and market shifts are more frequently assessed and disclosed because they directly affect the near-term performance or position of the firm and are often subject to regulatory requirements [50,59,62]. In contrast, physical risks such as extreme weather events and long-term climate shifts such as sea-level rise remain comparatively underreported. This is largely attributed to their long-term nature and the methodological challenges associated with quantifying physical impacts in specific monetary terms for financial statements [49].
Behavioral and Competitive Patterns: The literature indicates that as climate disclosure becomes more widespread, new behavioral and competitive dynamics are emerging among firms. Firms may resist full disclosure of severe risks due to concerns over reputational damage, market reaction, litigation, and legal exposure, leading to cautious standardized reporting. At the same time, competitive pressures can encourage firms to display visually sophisticated scenarios and elaborate graphics in their reports, which do not necessarily improve the quality or usability of risk information [60]. These dynamics influence both the governance and risk assessment dimensions, which may potentially weaken the connection between analytical outputs and their application in decision-making. As a result, the integration of climate risk into ERM processes remains limited.
Technical and Methodological Trends: The literature further highlights significant advances in the technical and methodological approaches used for climate risk assessment. These include the use of quantitative modeling, AI, and deep learning algorithms to predict extreme climate events [49]. In addition, more systemic approaches are being adopted to assess cascading risks. These developments strengthen the risk assessment dimension by enhancing analytical sophistication and precision [47]. However, these advances are not consistently accompanied by corresponding developments in integration within ERM processes, resulting in a persistent disconnection between analytical capability and its application in ERM systems.
Finally, the literature reveals a set of structural gaps that cut across the five analytical dimensions. These include limited attention to small and medium-sized enterprises, the predominance of firm-level analyses that overlook systemic and interdependent risks, and the persistent disconnect between strategic commitments and operational implementation [50]. In addition, current patterns focus on entity-level risks in isolation, failing to capture systemic, cascading risks, cross-border impacts, or supply chain interdependencies [59]. Furthermore, an operational disconnection gap is clear, as commitments established at the governance level are not consistently translated into the routines and processes managed at the operational level [12,51,57]. These gaps reflect broader misalignments between firm-level context, governance structures, risk assessment practices, and their integration into ERM systems. Collectively, they reinforce the conclusion that climate risk integration remains incomplete and uneven across organizations.

4. Implications for ERM Practice

The section identifies and synthesizes key integration gaps that hinder the effective incorporation of climate risk into Enterprise Risk Management (ERM) systems. It highlights structural misalignments across governance, operations, methodology, and organizational processes, including the disconnect between strategic commitments and operational practices, temporal and methodological limitations in traditional ERM frameworks, and the prevalence of symbolic rather than substantive implementation. Additionally, it discusses systemic and knowledge barriers, as well as organizational constraints, which lead to fragmented and partial integration. The integration gaps align with the analytical themes identified during the coding process.

Identification of the Integration Gap

Building on the cross-dimensional patterns identified in the previous section, the literature reveals a set of persistent integration gaps that constrain the operational incorporation of climate risk into ERM systems. These gaps reflect structural misalignments between governance arrangements, analytical practices, organizational processes, and decision-making routines. The following subsections synthesize the most recurrent integration gaps identified across the reviewed literature.
Strategic and Operational Disconnection: A central integration gap identified in the literature is the persistent disconnect between high-level strategic commitments and their translation into operational practices. While boards may commit to climate goals in strategic plans, such commitments often fail to translate into the daily routines and decision-making processes of middle management [43,57]. Climate risk is frequently delegated to sustainability experts rather than being managed as a multidisciplinary business concern [12,57]. As a result, sustainability experts often assume an advisory role, with limited influence over core business decisions, which continue to be driven by short-term financial priorities. This reflects a pattern of hierarchical siloing [12,57]. In addition, there is a significant lack of involvement by management accountants and mid-level finance teams in climate risk management. This prevents the effective identification of risks and liabilities and the translation of climate data into actionable financial metrics within ERM systems [57].
Temporal and Methodological Gaps: The literature also highlights a set of temporal and methodological gaps that limit the capacity of traditional ERM frameworks to incorporate climate-related risks. Traditional ERM frameworks are structurally limited in their ability to absorb the long-term, non-linear nature of climate change. Standard business planning typically operates on short-term cycles, while climate change requires assessing horizons out to 2040 or 2050 [57]. Meanwhile, traditional risk models often focus on the present or past, whereas climate risk management requires a shift toward forward-looking, uncertain scenarios [12,51,57]. As a result, while governance and disclosure practices may appear advanced, the underlying integration of climate risk into ERM processes remains limited.
Symbolic vs. Substantive Implementation: A further gap emerges in the distinction between symbolic and substantive implementation of climate risk management practices. The increasing pressure to comply with global standards has led many firms to adopt symbolic gestures rather than deep internal governance changes. In this context, climate disclosures are often used as tools for reputational management rather than as an input to enterprise risk decision-making [54,57]. In some markets, firms compete to display visual sophistication and elaborate graphics in their reports, which may obscure critical risk information and lead to greenwashing [60]. Moreover, firms frequently hire external consultants to develop scenario analyses, limiting the development of internal strategic and analytical capabilities [57]. This reliance prevents the development of internal strategic capacity and may result in superficial engagement with climate risk, further weakening its integration into ERM systems.
Systemic Oversight and Knowledge Barriers: The literature also identifies systemic and knowledge-related barriers that constrain the effective integration of climate risk into ERM frameworks. Current approaches often treat climate risk as an isolated, firm-level issue, failing to capture broader systemic interdependencies, such as supply chain disruptions and cross-sectoral impacts. This approach limits the ability of firms to assess cascading and interconnected risks. In addition, the role of public institutions is frequently overlooked, despite their importance in shaping infrastructure resilience, adaptation capacity, and funding [54]. Furthermore, there is a lack of literacy required to translate climate indicators (e.g., consecutive dry days) into concrete operational or financial consequences, among BoD members and financial professionals [54,57].
Overall, the literature identifies a broad sustainability-context gap where traditional ERM cycles struggle to align with the radical uncertainty and extended timeframes of climate reality. This gap reflects the difficulty of aligning short-term, financially driven risk management processes with the long-term, uncertain, and systemic nature of climate change. Bridging these gaps requires organizational changes, including stronger integration between sustainability and finance functions, enhanced analytical capabilities, and the incorporation of climate risk into core decision-making processes. Without such transformations, climate risk is likely to remain only partially embedded within enterprise risk management systems. In conclusion, the literature suggests that firms have integrated climate risk into ERM primarily through governance, disclosure, and analytical assessment practices, while operational embedding into enterprise-wide risk management remains limited and fragmented.
Figure 2 is proposed by the authors to illustrate the core integration gaps from the peer-reviewed academic literature that constrains the incorporation of climate risk into ERM processes. By showing how these gaps interfere with the expected ERM flow, the figure provides a practical and visual representation of the main barriers identified in the literature. It can also provide firms with an exercise to recognize where organizational, methodological, and operational improvements are needed to strengthen the integration of climate risk into risk management routines and decision-making processes.
Sustainability 18 05900 g002
Figure 2. Core Gaps in the integration of Climate Risk into ERM.
Figure 2. Core Gaps in the integration of Climate Risk into ERM.
Sustainability 18 05900 g002
How peer-reviewed academic literature addresses the integration of climate-related risks into ERM at the firm level: The literature indicates that firms have integrated climate risk assessment with ERM primarily through governance structures, disclosure-oriented frameworks, and analytical tools, rather than through full operational embedding in ERM systems. Although both physical and transition risks are increasingly recognized, their incorporation remains uneven, with transition risks being more frequently linked to strategic and financial considerations and physical risks more often being addressed through isolated or reactive assessments [50,55,62]. As a result, literature suggests climate risk integration remains partial, fragmented, and weakly embedded in enterprise-wide risk management processes.
This finding suggests that integration occurs predominantly at the levels of recognition, disclosure, and assessment, while the incorporation of climate risk into core ERM routines, such as risk prioritization, aggregation, and decision-making, remains limited. Translating climate risk into traditional planning and financial variables is challenging. Consequently, climate risk is not systematically incorporated into enterprise risk management systems and capital allocation processes, reducing its influence on strategic and operational decisions [12,51,54,56,57].
To further illustrate how climate risk is integrated into ERM, Figure 3 contrasts the expected integration pathway with the observed practices identified in the literature, presenting the steps of the currently observed practices. While the ideal pathway assumes a sequential process from risk identification to monitoring and decision-making, the evidence reveals a fragmented reality characterized by weak embedding in ERM systems and limited influence on corporate decisions.
Sustainability 18 05900 g003
Figure 3. Expected Climate Risk Integration Pathway versus Observed Corporate Practice.
Figure 3. Expected Climate Risk Integration Pathway versus Observed Corporate Practice.
Sustainability 18 05900 g003
Organizational Barriers to Effective Climate Risk Integration: The uneven nature of climate risk integration can be explained by a set of structural and organizational constraints. A key barrier is the misalignment between strategic commitments and operational practices, which limits the translation of governance-level objectives into day-to-day risk management routines, potentially causing execution risk [51,57]. This is reinforced by the functional separation between sustainability, risk management, and finance functions, which restricts the integration of climate-related information into financial analysis and enterprise risk processes [51,54,57]. In addition, the temporal and methodological mismatch between long-term uncertain climate risks and the short-term orientation of traditional ERM frameworks constrains their incorporation into existing systems. The fragmented treatment of risks further limits comparability and aggregation, causing an inability to aggregate enterprise exposure, while the weak embedding of climate risk within ERM cycles reduces its role in risk prioritization and decision-making [50,57,59]. Together, these factors explain why advances in governance and assessment do not result in full operational integration, leading to delayed risk response and implications of risk visibility at the executive level.
What Corporate Practices from Peer-Reviewed Academic Literature Reveal about Climate Risk Integration: The observable corporate practices identified in the Results section reflect how climate risk is currently incorporated into corporate risk management systems. The dominance of international frameworks illustrates the central role of disclosure in shaping integration practices [59], while the increasing use of analytical tools suggests growing technical capacity [44,49,60]. However, the persistence of symbolic reporting practices, which means limited strategic signaling and real risk control, and fragmented risk treatment highlight the limited translation of these developments into operational ERM processes. These observable corporate practices therefore represent different expressions of partial integration rather than evidence of fully embedded risk management.
Beyond Frameworks—Climate Risk Integration as an Organizational Challenge: This study contributes to the literature by connecting theory to organizational design and governance effectiveness, demonstrating that climate risk integration is not primarily constrained by the absence of frameworks or analytical tools, but by misalignment across organizational dimensions. The findings highlight that integration depends on the coherence between governance structures, risk assessment practices, and ERM processes. This reframes climate risk integration as an organizational and structural challenge, rather than a purely technical or disclosure-driven issue. Firms are not failing due to a lack of tools, but due to a lack of integration into business processes. Research demonstrating the effectiveness of ERM integration provides a theoretical foundation for corporate practice [71,72].
Operationalizing Climate Risk in Corporate Risk Management Practices: From a practical perspective, advancing climate risk integration requires firms to move beyond disclosure-oriented approaches and embed climate considerations within core ERM processes. This includes strengthening collaboration between sustainability, risk management, and finance functions, adapting ERM frameworks to long-term uncertainty, and developing internal analytical capabilities. This means integration into capital allocation processes and risk-adjusted performance metrics. Without such alignment, climate risk is likely to remain confined to reporting and assessment activities, limiting its role in enterprise-wide decision-making and distancing it from CEO and CFO levels. Furthermore, the progressive consolidation of IFRS S2 may also increase pressure on firms to move beyond disclosure and strengthen the operational integration of climate risk into ERM systems with decision-useful risk metrics.
The State of Climate Risk Integration in Firms from Peer-Reviewed Academic Literature—Key Takeaways: Overall, based on peer-reviewed academic literature captured by the search strategy, climate risk integration in corporations is best understood as a fragmented and evolving process. While governance, disclosure, and analytical practices have advanced, their alignment with ERM systems remains limited. Addressing this gap is essential for enabling firms to effectively incorporate climate-related risks into strategic and operational decision-making. Based on the core integration gaps presented in the climate risk integration pathway and in the observed corporate practice from the research, the authors propose three categories for firm maturity in ERM integration: Fragmented, Partial, and Embedded Integration, each characterized by the level of gaps and barriers overcome described in the maturity model below (Figure 4). This Climate Risk Integration Maturity Model should be understood as a conceptual interpretation derived from the literature captured by the search strategy, and it is made available by the authors for firms to perform qualitative self-assessment and, indicatively, improve their capacity to deal with their integration barriers. This model has not been empirically validated, or it is a direct adaptation of an existing maturity framework.
Sustainability 18 05900 g004
Figure 4. Climate Risk Integration Maturity Model.
Figure 4. Climate Risk Integration Maturity Model.
Sustainability 18 05900 g004
Further consideration regarding the integration gaps concerns the evidentiary boundaries of this review. The apparent predominance of studies focused on climate-related disclosure, governance structures, and risk assessment tools may not necessarily indicate the absence of more advanced internal ERM practices within firms. Peer-reviewed articles may underreport internal ERM processes because these practices are often embedded in confidential corporate routines, proprietary risk models, board-level deliberations, or commercially sensitive decision-making systems. As a result, literature may capture more visible and externally reportable dimensions of climate risk integration, while underrepresenting internal management practices that are not publicly disclosed or are only partially described in academic publications. In addition, the search strategy adopted in this review, although appropriate for identifying academic work on climate risk, corporate governance, risk assessment, and ERM, may have favored studies that rely on disclosure frameworks, sustainability reports, and externally available information. Therefore, the findings should be interpreted as evidence of how climate risk integrates into ERM represented in the peer-reviewed literature, rather than as a definitive measure of the actual maturity of corporate ERM practices.

5. Conclusions

This research examined how peer-reviewed academic literature has addressed the integration of climate-related risks, including both physical and transition risks, into enterprise risk management systems at the firm level. The findings indicate that integration occurs primarily through governance structures, disclosure-oriented frameworks, and analytical tools, rather than through consistent operational embedding in ERM processes. Although climate risks are increasingly recognized and assessed, their incorporation remains disconnected, with transition risks more frequently integrated into strategic and financial considerations and physical risks more often addressed through fragmented or reactive approaches.
A central contribution of this study is the identification of an integration gap, characterized by misalignments across governance, risk assessment practices, risk typologies, and ERM processes. A comparison between expected integration pathways and the observed practices identified was developed, providing evidence of these gaps in peer-reviewed articles. These misalignments suggest constraints in the effective operationalization of climate risk within broader ERM systems.
The findings suggest that climate risk integration is not primarily limited by the absence of frameworks or analytical tools, but by organizational and structural barriers that prevent their alignment within ERM processes. As a result, climate risk remains only partially embedded in corporate risk management, which is why a conceptual climate risk maturity model is proposed to help firms perform their own self-assessments. Advancing integration requires firms to move beyond disclosure and assessment toward the systematic incorporation of climate risk into core risk management routines and decision-making processes.
Future Research on Climate Risk Integration in Corporate ERM: The findings highlight the need for further empirical research on how climate risk is operationally integrated into ERM systems, particularly in non-financial sectors and in financial models. Future studies should explore how physical and transition risks can be incorporated into unified frameworks and how organizational structures influence integration outcomes. Expanding the scope to include small and medium-sized enterprises and systemic risk perspectives represents an important avenue for advancing the field. In addition, considering the limitations associated with the exclusion of grey literature, future research could evolve to include practitioner-based intelligence in academic literature to better approximate this emerging field of knowledge. Finally, as noted in the Introduction, the regulatory effects associated with IFRS S2 are likely to intensify, pressuring the evolution of maturity levels and influencing future developments in climate risk management and ERM integration. In this sense, the present study establishes a baseline for understanding how firms have integrated the assessment of physical and transition climate risks into enterprise risk management prior to the full adoption and regulatory consolidation of IFRS S2. This creates an important opportunity for future research to replicate the method and compare subsequent changes in relation to the patterns and integration gaps identified in this review.

Supplementary Materials

The following supporting information can be downloaded at: https://www.mdpi.com/article/10.3390/su18125900/s1, File S1. PRISMA Checklist_Laura Albuquerque (1); File S2. Data Extraction; File S3. Articles excluded_PRISMA; File S4. Bibliometric Results; File S5. Coding; File S6. AI Use.

Author Contributions

Conceptualization, L.A.; methodology, L.A., S.H.Z.C. and L.S.; software, G.T.; validation, L.S., and S.H.Z.C.; formal analysis, L.A.; data curation, L.A., S.H.Z.C., and H.D.; writing—original draft preparation, L.A.; writing—review and editing, L.A., and L.S.; visualization, L.A.; supervision, L.A., and L.S.; project administration, L.A. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The review dataset generated and analyzed during this study is available as Supplementary Material. It includes the search and screening records and eligibility decisions, extraction fields, quality appraisal results, codebook, and coding matrix used to support the systematic review.

Acknowledgments

During the preparation of this manuscript/study, the authors used Biblioshiny version 5.3.0 for the purposes of the bibliometric graphics; NotebookLM Plus was used for the purposes of structuring information such as titles, abstracts, keywords, and qualitative elements into tables; and GPT-5.4 Thinking was specifically used to build figures. The authors have reviewed and edited the output and take full responsibility for the content of this publication. Supplementary Material is provided with a trail regarding each AI use.

Conflicts of Interest

Laura Albuquerque and Heloisa Dornelles are employees at a Brazilian consultancy firm namely Future Climate Group, which provides climate advisory services to companies. Both are directly involved in the climate agenda with corporations. This relationship is disclosed for transparency. No external party funded, commissioned, reviewed, approved, or influenced the study design, search strategy, screening process, coding, analysis, interpretation, or conclusions. The authors are solely responsible for the content of the manuscript.

Abbreviations

The following abbreviations are used in this manuscript:
AASB S2Australian Sustainability Reporting Standards
AIArtificial Intelligence
BoDBoard of Directors
CapExCapital expenditure
CDPCDP
CEOChief Executive Officer
CFOChief Financial Officer
COSOCommittee of Sponsoring Organizations of the Treadway Commission
CRIClimate Risk Index
CSRDCorporate Sustainability Reporting Directive
ERMEnterprise Risk Management
ESGEnvironmental, Social and Governance
ESRSEuropean Sustainability Reporting Standards
FSBFinancial Stability Board
GCMsGlobal Climate Models
IEAInternational Energy Agency
IFRSInternational Financial Reporting Standards
IFRS S1General Requirements for Disclosure of Sustainability-related Financial Information
IFRS S2Climate-related Disclosures
INMETNational Institute of Meteorology
INPENational Institute for Space Research
IPCCIntergovernmental Panel on Climate Change
ISSBInternational Sustainability Standards Board
ISOInternational Organization for Standardization
JCICJoint Credit Information Center
KPIsKey performance indicators
OpExOperational expenditure
PRISMAPreferred Reporting Items for Systematic Reviews and Meta-Analyses
R&DResearch and Development
RCPsRepresentative Concentration Pathways
SLRSystematic literature review
SSPShared Socioeconomic Pathways
SWOTStrengths, Weaknesses, Opportunities, and Threats
TCCIPTaiwan Climate Change Projection Information and Adaptation Knowledge Platform
TCFDTask Force on Climate-related Financial Disclosures

References

  1. World Economic Forum. The Global Risks Report 2020; World Economic Forum: Geneva, Switzerland, 2020. [Google Scholar]
  2. World Economic Forum. Global Risks Report 2025; World Economic Forum: Geneva, Switzerland, 2025. [Google Scholar]
  3. Chen, Y.; Liu, A.; Cheng, X. Quantifying economic impacts of climate change under nine future emission scenarios within CMIP6. Sci. Total Environ. 2020, 703, 134950. [Google Scholar] [CrossRef]
  4. Task Force on Climate-Related Financial Disclosures. Available online: https://www.fsb-tcfd.org/ (accessed on 10 March 2026).
  5. Chenet, H.; Ryan-Collins, J.; van Lerven, F. Finance, climate-change and radical uncertainty: Towards a precautionary approach to financial policy. Ecol. Econ. 2021, 183, 106957. [Google Scholar] [CrossRef]
  6. ISSB and TCFD. Available online: https://www.ifrs.org/sustainability/tcfd/ (accessed on 10 March 2026).
  7. Introduction to the ISSB and IFRS Sustainability Disclosure Standards. Available online: https://www.ifrs.org/sustainability/knowledge-hub/introduction-to-issb-and-ifrs-sustainability-disclosure-standards (accessed on 12 March 2026).
  8. Lee, C.-C.; Kuo, S.-Y.; Lee, S.-Y.; Hsu, H.-H.; Chou, K.-T.; Mo, T.-L.; Pien, C.-P.; Kuo, Y.-T.; Chang, E.-Y.; Huang, K.-C.; et al. Evaluating corporate climate risk assessment results: Lessons learned from Taiwan’s top 100 enterprises. Clim. Risk Manag. 2024, 46, 100668. [Google Scholar] [CrossRef]
  9. Yi, R.; Zhang, Y.; Chen, A. Does corporate climate risk promote climate response actions? Empirical evidence from China. Mitig. Adapt. Strateg. Glob. Change 2026, 31, 21. [Google Scholar] [CrossRef]
  10. Amar, J.; Demaria, S.; Rigot, S. Enhancing financial transparency to mitigate climate change: Toward a climate risks and opportunities reporting index. Environ. Model. Assess. 2022, 27, 425–439. [Google Scholar] [CrossRef]
  11. Xhindole, C.; Tarquinio, L.; Sierra-García, L. Climate change and Task Force on Climate-related Financial Disclosures (TCFD) reports. A comparison between Italy and Spain. J. Account. Organ. Change 2025, 21, 1–28. [Google Scholar] [CrossRef]
  12. Pang, X.; Zhang, P.; Guo, Z.; Jia, X.; Tan, R.R.; Zhang, Y.; Qu, X. Information disclosure in the context of combating climate change: Evidence from the Chinese natural gas industry. Sustainability 2025, 17, 4315. [Google Scholar] [CrossRef]
  13. Lyon, T.P.; Maxwell, J.W. Corporate social responsibility and the environment: A theoretical perspective. Rev. Environ. Econ. Policy 2008, 2, 240–260. [Google Scholar] [CrossRef]
  14. Mahoney, L.S.; Thorne, L.; Cecil, L.; LaGore, W. A research note on standalone corporate social responsibility reports: Signalling or greenwashing? Crit. Perspect. Account. 2013, 24, 350–359. [Google Scholar] [CrossRef]
  15. Cormican, K. Integrated enterprise risk management: From process to best practice. Mod. Econ. 2014, 5, 401–413. [Google Scholar] [CrossRef]
  16. Stasse, L.J.A.; Hilhorst, C.A.R.; ten Rouwelaar, J.A. Enterprise risk management revisited: A study to identify the elements of ERM. J. Risk Res. 2025, 28, 768–793. [Google Scholar] [CrossRef]
  17. Mishra, B.K.; Rolland, E.; Satpathy, A.; Moore, M. A framework for enterprise risk identification and management: The resource-based view. Manag. Audit. J. 2019, 34, 162–188. [Google Scholar] [CrossRef]
  18. Wu, D.; Olson, D.L.; Dolgui, A. Decision making in enterprise risk management: A review and introduction to special issue. Omega 2015, 57, 1–4. [Google Scholar] [CrossRef]
  19. Dickinson, G. Enterprise risk management: Its origins and conceptual foundation. Geneva Pap. Risk Insur. Issues Pract. 2001, 26, 360–366. [Google Scholar] [CrossRef]
  20. Jankensgård, H. A theory of enterprise risk management. Corp. Gov. 2019, 19, 565–579. [Google Scholar] [CrossRef]
  21. Nocco, B.W.; Stulz, R.M. Enterprise risk management: Theory and practice. J. Appl. Corp. Financ. 2006, 18, 8–20. [Google Scholar] [CrossRef]
  22. Gao, S.; Hsu, H.-T.; Liu, F.-C. Enterprise risk management, financial reporting and firm operations. Risks 2025, 13, 48. [Google Scholar] [CrossRef]
  23. Biresaw, T.M.; Sibindi, A.B. The assessment of enterprise risk management practices of Ethiopian commercial banks. Risks 2025, 13, 51. [Google Scholar] [CrossRef]
  24. Al Lawati, A.; Hussin, B.M.; Abdul Kadir, M.R.; Khudari, M. The impact of enterprise risk management on firm competitiveness: The mediating role of competitive advantage in the Omani insurance industry. Risks 2025, 13, 199. [Google Scholar] [CrossRef]
  25. Klumpes, P.J.M. Enterprise risk management adoption practices by US and European multinationals. Account. Audit. 2025, 1, 5. [Google Scholar] [CrossRef]
  26. Hou, D.; Wu, Z.; Chen, Y. Climate risk exposure and corporate strategic dualism: Passive defensiveness and active integration. Sustainability 2025, 17, 6040. [Google Scholar] [CrossRef]
  27. Arribas, A.; Fairgrieve, R.; Dhu, T.; Bell, J.; Cornforth, R.; Gooley, G.; Hilson, C.J.; Luers, A.; Shepherd, T.G.; Street, R.; et al. Climate risk assessment needs urgent improvement. Nat. Commun. 2022, 13, 4326. [Google Scholar] [CrossRef]
  28. Katopodis, T.; Adamides, E.D.; Sfetsos, A.; Mountouris, A. Incorporating future climate scenarios in oil industry’s risk assessment: A Greek refinery case study. Sustainability 2021, 13, 12825. [Google Scholar] [CrossRef]
  29. Cains, M.G.; Henshel, D. Parameterization framework and quantification approach for integrated risk and resilience assessments. Integr. Environ. Assess. Manag. 2021, 17, 131–146. [Google Scholar] [CrossRef]
  30. Zhao, Z.; Tang, S.; Huang, J.; Yang, J.; Ma, Z.; Fang, W.; Liu, M.; Bi, J. Firm-level climate risk assessment: Recent progress and future research agenda. Risk Sci. 2025, 1, 100012. [Google Scholar] [CrossRef]
  31. Eccles, R.G.; Krzus, M.P.; Ribot, S. Implementing the Task Force on Climate-related Financial Disclosures recommendations: An assessment of corporate readiness. Schmalenbach J. Bus. Res. 2019, 71, 287–293. [Google Scholar] [CrossRef]
  32. Gupta, P. Mandatory TCFD disclosure and corporate financial performance: Evidence from UK non-financial firms. Bus. Strategy Environ. 2026, 35, 3826–3842. [Google Scholar] [CrossRef]
  33. Rodrigues Loiola, R.; Kimura, H.; Melo Souza, L. Sustainable finance, green bonds and financial performance—A literature review. Int. J. Financ. Stud. 2025, 13, 233. [Google Scholar] [CrossRef]
  34. Wang, B.; Pan, S.-Y.; Ke, R.-Y.; Wang, K.; Wei, Y.-M. An overview of climate change vulnerability: A bibliometric analysis based on Web of Science database. Nat. Hazards 2014, 74, 1649–1666. [Google Scholar] [CrossRef]
  35. Li, L.; Sun, W.; Hu, W.; Sun, Y. Impact of natural and social environmental factors on building energy consumption: Based on bibliometrics. J. Build. Eng. 2021, 37, 102136. [Google Scholar] [CrossRef]
  36. Santos, L.; Steininger, K.; Balma, L.; Vogel, J. Current status and future perspectives of carbon pricing research in Austria. Sustainability 2022, 14, 9684. [Google Scholar] [CrossRef]
  37. de Castro Vieira, J.R.; Barboza, F.; Cajueiro, D.; Kimura, H. Towards fair AI: Mitigating bias in credit decisions—A systematic literature review. J. Risk Financ. Manag. 2025, 18, 228. [Google Scholar] [CrossRef]
  38. Airout, R.M. Systematic review of emerging trends and developments in sustainability accounting. J. Risk Financ. Manag. 2025, 18, 621. [Google Scholar] [CrossRef]
  39. Page, M.J.; McKenzie, J.E.; Bossuyt, P.M.; Boutron, I.; Hoffmann, T.C.; Mulrow, C.D.; Shamseer, L.; Tetzlaff, J.M.; Akl, E.A.; Brennan, S.E.; et al. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ 2021, 372, n71. [Google Scholar] [CrossRef]
  40. Liberati, A.; Altman, D.G.; Tetzlaff, J.; Mulrow, C.D.; Gøtzsche, P.C.; Ioannidis, J.P.A.; Clarke, M.; Devereaux, P.J.; Kleijnen, J.; Moher, D. The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate healthcare interventions: Explanation and elaboration. BMJ 2009, 339, b2700. [Google Scholar] [CrossRef] [PubMed]
  41. Zumsteg, J.M.; Cooper, J.S.; Noon, M.S. Systematic review checklist: A standardized technique for assessing and reporting reviews of life cycle assessment data. J. Ind. Ecol. 2012, 16, S12–S21. [Google Scholar] [CrossRef] [PubMed]
  42. Peters, M.D.J.; Marnie, C.; Tricco, A.C.; Pollock, D.; Munn, Z.; Alexander, L.; McInerney, P.; Godfrey, C.M.; Khalil, H. Updated methodological guidance for the conduct of scoping reviews. JBI Evid. Synth. 2020, 18, 2119–2126. [Google Scholar] [CrossRef] [PubMed]
  43. Juhola, S.; Laurila, A.-G.; Groundstroem, F.; Klein, J. Climate risks to the renewable energy sector: Assessment and adaptation within energy companies. Bus. Strategy Environ. 2024, 33, 1906–1919. [Google Scholar] [CrossRef]
  44. Thistlethwaite, J.; Wood, M.O. Insurance and climate change risk management: Rescaling to look beyond the horizon. Br. J. Sociol. 2018, 69, 279–298. [Google Scholar] [CrossRef]
  45. Kouloukoui, D.; Marinho, M.M.O.; Gomes, S.M.S.; de Jong, P.; Kiperstok, A.; Torres, E.A. The impact of the board of directors on business climate change management: Case of Brazilian companies. Mitig. Adapt. Strateg. Glob. Change 2020, 25, 127–147. [Google Scholar] [CrossRef]
  46. Huang, H.H.; Kerstein, J.; Wang, C.; Wu, F. Firm climate risk, risk management, and bank loan financing. Strateg. Manag. J. 2022, 43, 2849–2880. [Google Scholar] [CrossRef]
  47. Sousa, D.S.; Neves, C.F.; Silva, H.V.O.; Schaffel, S.B.; Luigi, G.; La Rovere, E.L. A systemic approach for climate risk assessment applied to thermoelectric power plants in northeastern coast of Brazil. Clim. Risk Manag. 2022, 36, 100424. [Google Scholar] [CrossRef]
  48. Ren, X.; Li, Y.; Shahbaz, M.; Dong, K.; Lu, Z. Climate risk and corporate environmental performance: Empirical evidence from China. Sustain. Prod. Consum. 2022, 30, 467–477. [Google Scholar] [CrossRef]
  49. Singh, S.; Goyal, M.K. Enhancing climate resilience in businesses: The role of artificial intelligence. J. Clean. Prod. 2023, 418, 138228. [Google Scholar] [CrossRef]
  50. Kouloukoui, D.; Gomes, S.M.S.; Torres, F.A.; Torres, E.A. Business climate risk management: International perspectives and strategic determinants. Environ. Dev. Sustain. 2025, 27, 4683–4724. [Google Scholar] [CrossRef]
  51. Megeid, N.S.A. The impact of climate risk disclosure on financial performance, financial reporting and risk management: Evidence from Egypt. Future Bus. J. 2024, 10, 21. [Google Scholar] [CrossRef]
  52. Tang, Y.; Gao, D.; Zhou, X. Green Response: The Impact of Climate Risk Exposure on ESG Performance. Sustainability 2024, 16, 10895. [Google Scholar] [CrossRef]
  53. Bachmann, L.; Lex, R.; Regli, F.; Vögeli, S.; Mühlhofer, E.; McCaughey, J.W.; Bresch, D.N.; Kropf, C.M. Climate-resilient strategy planning using the SWOT methodology: A case study of the Japanese wind energy sector. Clim. Risk Manag. 2024, 46, 100665. [Google Scholar] [CrossRef]
  54. Hazelhurst, T.; Foote, J.; Norris, D. Dollars and Sense; Reviewing Industry Implementation of the Climate-Related Disclosures Mandate in New Zealand. Eur. J. Sustain. Dev. 2024, 13, 1. [Google Scholar] [CrossRef]
  55. Fang, X. Can climate risk exposure compel companies to undergo a green transformation? J. Clean. Prod. 2024, 434, 140310. [Google Scholar] [CrossRef]
  56. Georgiou, A.; Bednárová, L.; Kudelas, D. Climate Change Risk and Financial Performance in Cyprus: Management Perceptions. Acta Montan. Slovaca 2024, 29, 920–932. [Google Scholar] [CrossRef]
  57. Kumarasiri, J.; Morrison, L.; Maran, L. Climate-Related Risk Reporting and the Role of Management Accountants. Aust. Account. Rev. 2025, 35, 324–341. [Google Scholar] [CrossRef]
  58. Zhang, L.; Yang, C.; Luo, K. The impact of climate risk on sustainability performance of enterprises: Evidence from China. Financ. Res. Lett. 2025, 83, 107645. [Google Scholar] [CrossRef]
  59. Karatzoudi, K.; Denham, T.; Aven, T. Conceptual perspectives on climate risk disclosures for businesses and public sector. Clim. Change 2025, 178, 220. [Google Scholar] [CrossRef]
  60. Lee, C.-C.; Lee, S.-Y.; Kuo, S.-Y.; Hsu, H.-H.; Kuo, Y.-T.; Lin, M.-X.; Pien, C.-P.; Chou, K.-T.; Tsai, Y.-T. Corporate competition in climate scenario analysis: Current challenges and solutions. Clim. Serv. 2025, 40, 100604. [Google Scholar] [CrossRef]
  61. Ren, Y.; Yuan, P.; Dong, X. Before the rain falls: Corporate climate risk perception and supply chain stability. Environ. Dev. Sustain. 2026. [Google Scholar] [CrossRef]
  62. Dou, Y.; Zhang, L.; Wang, H.; Wang, Y. Does climate risk inhibit enterprise resilience? Evidence from Chinese listed companies. Theor. Appl. Climatol. 2026, 157, 80. [Google Scholar] [CrossRef]
  63. Allison, E.H.; Perry, A.L.; Badjeck, M.-C.; Adger, W.N.; Brown, K.; Conway, D.; Halls, A.S.; Pilling, G.M.; Reynolds, J.D.; Andrew, N.L.; et al. Vulnerability of national economies to the impacts of climate change on fisheries. Fish Fish. 2009, 10, 173–196. [Google Scholar] [CrossRef]
  64. Mirza, M.M.Q. Climate change and extreme weather events: Can developing countries adapt? Clim. Policy 2003, 3, 233–248. [Google Scholar] [CrossRef]
  65. Cobo, M.J.; López-Herrera, A.G.; Herrera-Viedma, E.; Herrera, F. An approach for detecting, quantifying, and visualizing the evolution of a research field: A practical application to the Fuzzy Sets Theory field. J. Informetr. 2011, 5, 146–166. [Google Scholar] [CrossRef]
  66. Abhayawansa, S.; Adams, C.A. Towards a conceptual framework for non-financial reporting inclusive of pandemic and climate risk reporting. Meditari Account. Res. 2022, 30, 710–738. [Google Scholar] [CrossRef]
  67. ISO 31000:2018; Risk Management—Guidelines, 2nd ed. International Organization for Standardization (ISO): Geneva, Switzerland, 2018.
  68. ISO 14090:2019; Adaptation to Climate Change—Principles, Requirements and Guidelines. International Organization for Standardization (ISO): Geneva, Switzerland, 2019.
  69. ISO 14001:2026; Environmental Management Systems—Requirements with Guidance for Use. International Organization for Standardization (ISO): Geneva, Switzerland, 2026.
  70. ISO 50001:2018; Energy Management Systems—Requirements with Guidance for Use, 2nd ed. International Organization for Standardization (ISO): Geneva, Switzerland, 2018.
  71. Li, W.; Luo, D.; Cheng, T.-Y. Strategy choices in strategic risk-taking: Does climate risk matter? Int. Rev. Financ. Anal. 2025, 97, 103861. [Google Scholar] [CrossRef]
  72. Sarraf, H. Climate change risk: The next frontier in banking risk management. J. Risk Manag. Financ. Inst. 2021, 15, 85–92. [Google Scholar] [CrossRef]
Sustainability 18 05900 g001
Figure 1. Results of literature review following PRISMA 2020.
Figure 1. Results of literature review following PRISMA 2020.
Sustainability 18 05900 g001
Table 1. Criteria applied in the databases search.
Table 1. Criteria applied in the databases search.
Criterion Description
1.
Time period
From 2015 to March 2026.
2.
Document type
Original research articles and review papers published in peer-reviewed scientific journals.
3.
Language
English.
4.
Search fields
Title, abstract, and keywords
5.
Scopus query string
(TITLE-ABS-KEY((“corporation*” OR “company*” OR “business*” OR “enterprise*”) AND (“physical climate risk” OR “transition climate risk” OR “climate risk”) AND (“Enterprise Risk Management” OR “ERM” OR “risk management” OR “risk assessment” OR “risk framework” OR “risk strategy”)) AND PUBYEAR > 2014 AND PUBYEAR < 2027) AND (climate risk management) AND (climate risk assessment) AND (enterprise) AND (firm) AND (climate risk) AND (LIMIT-TO (PUBSTAGE,”final”)) AND (EXCLUDE (SUBJAREA,”MEDI”) OR EXCLUDE (SUBJAREA,”ARTS”) OR EXCLUDE (SUBJAREA,”PHYS”) OR EXCLUDE (SUBJAREA,”BIOC”) OR EXCLUDE (SUBJAREA,”PSYC”)) AND (LIMIT-TO (DOCTYPE,”ar”)) AND (LIMIT-TO (LANGUAGE,”English”))
6.
Web of Science query string
(TOPIC((“corporation*” OR “company*” OR “business*” OR “enterprise*”) AND (“physical climate risk” OR “transition climate risk” OR “climate risk”) AND (“Enterprise Risk Management” OR “ERM” OR “risk management” OR “risk assessment” OR “risk framework” OR “risk strategy”)) AND YEAR PUBLISHED (2014–2027) AND DOCUMENT TYPE (Article) AND LANGUAGE (English) NOT WEB OF SCIENCE CATEGORIES (“MEDI” OR “ARTS” OR “PHYS” OR “BIOC” OR “PSYC”)
Table 2. Qualitative elements used as eligibility criteria during screening.
Table 2. Qualitative elements used as eligibility criteria during screening.
DimensionDescription and Aspects
1.
Firm-level focus
Productive sectors of the real economy and non-financial corporations. Ensures that the review addresses non-financial corporations and productive sectors, rather than banks, insurers, regulators, macro-policy studies, or a sectoral approach.
2.
Governance
Captures whether climate risk is connected to decision-making structures, roles, responsibilities, and board/management oversight.
3.
Risk assessment
Ensures that included studies discuss tools, frameworks, scenarios, indicators, monitoring, or assessment practices.
4.
Climate risk management and/or ERM
Aligns the sample with the core research question on integration into risk management systems.
5.
Type of climate risk
Allows the review to distinguish between physical risk, transition risk, or both.
Table 3. Articles included in review following PRISMA 2020.
Table 3. Articles included in review following PRISMA 2020.
AuthorYearTitleSource
Thistlethwaite, J. et al. [44]2018Insurance and Climate Change Risk Management: Rescaling to Look Beyond the HorizonScopus
Kouloukoui, D. et al. [45]2020The impact of the board of directors on business climate change management: case of Brazilian companiesWoS
Huang, H.H. et al. [46]2022Firm climate risk, risk management, and bank loan financingScopus
Sousa, D.S. et al. [47]2022A systemic approach for climate risk assessment applied to thermoelectric power plants in northeastern coast of BrazilWoS
Ren, X. et al. [48]2022Climate risk and corporate environmental performance: Empirical evidence from ChinaScopus
Singh, S. et al. [49]2023Enhancing climate resilience in businesses: The role of artificial intelligenceWoS
Kouloukoui, D. et al. [50]2025Business climate risk management: international perspectives and strategic determinantsWoS
Megeid, N.S.A. [51]2024The impact of climate risk disclosure on financial performance, financial reporting and risk management: evidence from EgyptWoS
Juhola, S. et al. [43]2024Climate risks to the renewable energy sector: Assessment and adaptation within energy companiesScopus
Tang, Y. et al. [52]2024Green Response: The Impact of Climate Risk Exposure on ESG PerformanceWoS
Bachmann, L. et al. [53]2024Climate-resilient strategy planning using the SWOT methodology: A case study of the Japanese wind energy sectorWoS
Hazelhurst, T. et al. [54]2024Dollars and Sense; Reviewing Industry Implementation of the Climate-Related Disclosures Mandate in New ZealandWoS
Fang, X. [55]2024Can climate risk exposure compel companies to undergo a green transformation?Scopus
Georgiou, A. et al. [56]2024Climate Change Risk and Financial Performance in Cyprus: Management PerceptionsScopus
Xhindole, C. et al. [11]2025Climate change and Task Force on Climate-related Financial Disclosures (TCFD) reports. A comparison between Italy and SpainScopus
Kumarasiri, J. et al. [57]2025Climate-Related Risk Reporting and the Role of Management AccountantsScopus
Pang, X. et al. [12]2025Information Disclosure in the Context of Combating Climate Change: Evidence from the Chinese Natural Gas IndustryScopus
Zhang, L. et al. [58]2025The impact of climate risk on sustainability performance of enterprises: Evidence from ChinaWoS
Karatzoudi, K. et al. [59]2025Conceptual perspectives on climate risk disclosures for businesses and public sectorWoS
Lee, C.-C. et al. [60]2025Corporate competition in climate scenario analysis: Current challenges and solutionsScopus
Ren, Y. et al. [61]2026Before the rain falls: corporate climate risk perception and supply chain stabilityWoS
Dou, Y. et al. [62]2026Does climate risk inhibit enterprise resilience? Evidence from Chinese listed companiesScopus
Table 4. Data extraction fields used in the review.
Table 4. Data extraction fields used in the review.
Extraction FieldDescriptionAnalytical Function
Level of analysisFirm, asset, sector, systemic, financial or mixed levelSupports firm-level focus coding
SectorProductive sector, non-financial company, financial perspective, or systemic contextAssesses alignment with the review scope
Governance descriptionsDecision-making processes, roles, and responsibilitiesSupports governance coding
Risk assessment detailsFrameworks, tools, metrics, monitoring practices, and strategic approachesSupports risk assessment coding
Climate risk management/ERMExplicit evidence of climate risk management and/or ERM integrationSupports management and ERM coding
Type of climate riskPhysical, transition, combined, or other climate-related risksSupports climate risk typology coding
Key contributionsMain contribution of the articleSupports synthesis
Quality appraisalMethodological transparency, analytical depth, evidence strength, and usefulnessSupports evidence weighting
Table 5. Coding categories and operational codes.
Table 5. Coding categories and operational codes.
Coding CategoryMain Operational CodesAnalytical Purpose
Firm-level focusFL-FIRM; FL-REAL; FL-SECTOR; FL-FIN; FL-SYSTEMICIdentifies whether the article analyzes companies, productive sectors, or corporate implications through sectoral, financial, or systemic perspectives
GovernanceGOV-BOARD; GOV-MGMT; GOV-RISKCOM; GOV-SILO; GOV-CROSSCaptures roles, responsibilities, and decision-making structures
Risk assessmentRA-FRAME; RA-SCEN; RA-METRICS; RA-EXPOSURE; RA-DATA; RA-METHCaptures frameworks, tools, indicators, scenarios, monitoring, and methodological limitations
Climate risk management/ERMCRM-ID; CRM-ASSESS; CRM-MIT; CRM-MON; ERM-INT; ERM-PART; ERM-CONCEPTCaptures the degree of integration into climate risk management and/or ERM
Type of climate riskRISK-PHY; RISK-TRAN; RISK-COMB; RISK-REG; RISK-MKT; RISK-LIABClassifies the climate risks addressed
Gap and synthesis codesGAP-STR-OP; GAP-TEMP; GAP-METH; SYM-DISC; SYM-FORMAL; BARR-KNOW; BARR-SYSSupports the movement from descriptive codes to analytical themes
Table 6. Examples of coded evidence and analytical interpretation.
Table 6. Examples of coded evidence and analytical interpretation.
StudyExtracted EvidenceApplied CodesAnalytical InterpretationTheme Supported
Abdel Megeid, 2024 [51]Board oversight, TCFD checklist, scenario analysis, expected incorporation into risk managementGOV-BOARD; RA-SCEN; RA-METRICS; ERM-PART; SYM-FORMALFormal governance and assessment are present, but ERM integration is expected rather than demonstratedSymbolic implementation; strategic–operational disconnection
Sousa et al., 2022 [47]IPCC/ISO frameworks, RCP 8.5, exposure and vulnerability metrics, and monitoring cyclesRA-FRAME; RA-SCEN; RA-EXPOSURE; RA-MON; RISK-PHYStrong asset-level assessment, but limited evidence of enterprise-wide ERM integrationTemporal and methodological gaps
Kumarasiri et al., 2025 [57]Disconnect between strategic and operational levels, external consultants, and limited ERM integrationGOV-SILO; RA-METH; ERM-PART; GAP-STR-OPClimate risk governance remains weakly embedded in operational routinesStrategic–operational disconnection
Xhindole et al., 2025 [11]TCFD reports, governance committees, time horizons, and narrative disclosureRA-FRAME; RA-SCEN; GAP-TEMP; SYM-DISC; ERM-PARTDisclosure is structured, but ERM integration depends heavily on narrative reportingSymbolic implementation; temporal and methodological gaps
Table 7. From codes to analytical themes.
Table 7. From codes to analytical themes.
First-Order CodesSecond-Order Analytical CategoryFinal Theme
GOV-BOARD; GOV-MGMT; ERM-PART; ERM-OP absent; GAP-STR-OPFormal recognition without operational integrationStrategic–operational disconnection
RA-SCEN; RA-METRICS; RA-DATA; RA-METH; GAP-TEMPLong-term, uncertain, and uneven assessment practicesTemporal and methodological gaps
RA-FRAME; SYM-DISC; SYM-FORMAL; ERM-CONCEPTDisclosure-oriented or formalistic implementationSymbolic implementation
BARR-KNOW; BARR-DATA; BARR-STD; BARR-REG; BARR-SYSCapability, institutional, and systemic constraintsSystemic and knowledge barriers
Table 8. Summary of the main thematic characteristics from the by eligibility criteria dimension.
Table 8. Summary of the main thematic characteristics from the by eligibility criteria dimension.
DimensionsDescription and Aspects
1.
Firm-level focus
Multisectoral coverage, with emphasis on the energy sector
2.
Governance
Organizational Structures:
  • Board of Directors
  • Board-level Specialized Committees
  • Management-level Committees
  • Hybrid and External Support

Roles and Responsibilities:
  • Strategic approval and ratification; policy and objective setting; financial oversight; monitoring and accountability
  • Execution oversight, risk review and target tracking; cross-functional integration and reporting support
  • Risk review and target tracking; cross-functional integration and reporting support; internal capacity building; multidisciplinary collaboration; and resource allocation

Decision-Making Integration:
  • Transition Plans
  • Scenario Analysis
  • Financial incentives and accountability
  • Constraint policies
  • Capital allocation
3.
Risk assessment
Frameworks:
  • Global Standardized Disclosure Frameworks
  • Technical Risk and Adaptation Frameworks
  • Specialized Tailor-Made Methodological Frameworks
  • Emerging Regulatory and Regional Frameworks

Tools:
  • Scenario Analysis
  • Climate Modeling
  • Public Platforms and Data Repositories
  • Third-Party Indices

Strategic approaches:
  • Asset Relocation and Sourcing
  • Budgeting and Capital Allocation
4.
Climate risk management and/or ERM
Integration of climate change into ERM methodology
Risk Registries
5.
Type of climate risks
Physical risk appears more as a reactive trigger
Transition risks are more prominently integrated
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Albuquerque, L.; Carra, S.H.Z.; Santos, L.; Tosto, G.; Dornelles, H. How Is the Integration of Climate-Related Risk into Enterprise Risk Management at Firm Level? A Systematic Literature Review. Sustainability 2026, 18, 5900. https://doi.org/10.3390/su18125900

AMA Style

Albuquerque L, Carra SHZ, Santos L, Tosto G, Dornelles H. How Is the Integration of Climate-Related Risk into Enterprise Risk Management at Firm Level? A Systematic Literature Review. Sustainability. 2026; 18(12):5900. https://doi.org/10.3390/su18125900

Chicago/Turabian Style

Albuquerque, Laura, Sofia Helena Zanella Carra, Luan Santos, Giovanna Tosto, and Heloisa Dornelles. 2026. "How Is the Integration of Climate-Related Risk into Enterprise Risk Management at Firm Level? A Systematic Literature Review" Sustainability 18, no. 12: 5900. https://doi.org/10.3390/su18125900

APA Style

Albuquerque, L., Carra, S. H. Z., Santos, L., Tosto, G., & Dornelles, H. (2026). How Is the Integration of Climate-Related Risk into Enterprise Risk Management at Firm Level? A Systematic Literature Review. Sustainability, 18(12), 5900. https://doi.org/10.3390/su18125900

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop