top management; context & stakeholder analysis. This figures out the timing, resources
                  & budget for ESG engagement. Moreover, auditors review policies and procedures,

                  especially in entity-wide policies & procedures on human rights, health & safety, etc.
                  and decide the consistency between policy framework and policy management. Some
                  engagement tools and data focus on technology to support ESG programs, for example,
                  testing,  training  records,  etc.  as  well  as  measures  like  key  risk  indicators  and  key
                  performance indicators. The followings below show some key considerations in risk
                  measurement:
                        -  ESG risks materialize in known risk types. The cause-effect mechanisms require
                  a wide range of knowledge along the process. The quantification of existing risk types

                  must consider the new ESG factors.
                        -  Measurement  must  be  forward-looking  and  consider  future  exposure  under
                  different situations.
                        -  ESG  risk  factors  must  be  integrated  in  the  business  risk  classification
                  procedures.
                        Figure 5, 6 below prove the process of understanding the entity and its environment

                  (including controls) and risk response regarding ESG issues.
                    Figure 5. Understanding of entity, assess ESG related RoMMs, and procedures




















































                                                                                                         383