GIF Metric

Hence, the GIF Metric is the third component of the GIF Framework.

“Risk” significantly means “effect of uncertainty on objectives”. A risk is “a combination of the consequences of an event and the associated likelihood of occurrence” (ISO 31000).

Risk = likelihood x consequence

Unlike a traditional “compliance-non-compliance” binary metric, the GIF Metric adopts a quantitative approach typical of risk assessment. In other words, the GIF Metric does not follow traditional single choice (Yes/No/NA). Rather it adopts a scoring oriented methodology aiming to represent the exposure level to risks in each Area.

“Area” scoring

For the purpose of the overall risk evaluation, the metric firstly requires the calculation of the “Score per area”. Basically, the score takes into consideration the assessment points of the Framework. In detail, the scoring scale is a multiple of 5 within a range from 0 to 100.

Hence the GIF Metric follows this logic:

Governance and Management System Area: “the higher the score, the better the Governance and Management System prevent ESG risks and then, the lower the risk”.
Risk-oriented Areas: “the higher the score, the lower the risk exposure level”.

Grade	Criterion “Governance & Management System”	Criteria Social /Safety/ Environment/Business Ethics
80-100	Very Good Complete evidence of planning based on Stakeholders’ needs with a clear rational covering all social responsibility aspects and exceeding applicable legal requirements Implementation managed through structured and integrated processes Complete evidence of regular review and structured improvement process Learning and innovation drive the improvement actions definitions	Very Low “Core Areas”: very low exposure “Non-Core Areas”: very low exposure
60-75	Good Clear evidence of planning based on Stakeholders’ needs with a rational covering all social responsibility aspects and exceeding applicable legal requirements Implementation managed through defined processes Evidence of a regular review and improvement processes Some learning and innovation activities support the improvement actions definitions	Low “Core Areas” : low exposure “Non-Core areas”: some exposure
40-55	Acceptable Evidence of a planning based on Stakehoders’ needs with a rational covering all social responsibility aspects and exceeding applicable legal requirements Implementation defined through established processes Few learning and innovation activities support the improvement actions definitions	Acceptable “Core Areas”: acceptable exposure “Non-Core Areas”: moderate exposure
20-35	Poor Some evidence of planning based on Stakeholders’ needs partially covering the social responsibility aspects in compliance with applicable legal requirements Some evidence of implementation managed through processes Sporadic evidence of review and improvement processes Sporadic evidence of learning and innovation activities to support the improvement	High “Core Areas”: high exposure “Non-Core Areas”: high exposure
0-15	Very Poor Poor evidence of planning based on Stakeholders’ needs partially covering the social responsibility aspect Poor evidence of compliance with applicable legal requirements Implementation not managed through defined processes No evidence or sporadic evidence of review and improvement No evidence of learning and innovation activities to support the improvement actions definitions	Very high “Core Areas”: extreme exposure “Non-Core” Areas: extreme exposure

Grade

Criterion “Governance & Management System”

Criteria Social /Safety/ Environment/Business Ethics

80-100

Very Good

Complete evidence of planning based on Stakeholders’ needs with a clear rational covering all social responsibility aspects and exceeding applicable legal requirements
Implementation managed through structured and integrated processes
Complete evidence of regular review and structured improvement process
Learning and innovation drive the improvement actions definitions

Very Low

“Core Areas”: very low exposure
“Non-Core Areas”: very low exposure

60-75

Good

Clear evidence of planning based on Stakeholders’ needs with a rational covering all social responsibility aspects and exceeding applicable legal requirements
Implementation managed through defined processes
Evidence of a regular review and improvement processes
Some learning and innovation activities support the improvement actions definitions

Low

“Core Areas” : low exposure
“Non-Core areas”: some exposure

40-55

Acceptable

Evidence of a planning based on Stakehoders’ needs with a rational covering all social responsibility aspects and exceeding applicable legal requirements
Implementation defined through established processes
Few learning and innovation activities support the improvement actions definitions

Acceptable

“Core Areas”: acceptable exposure
“Non-Core Areas”: moderate exposure

20-35

Poor

Some evidence of planning based on Stakeholders’ needs partially covering the social responsibility aspects in compliance with applicable legal requirements
Some evidence of implementation managed through processes
Sporadic evidence of review and improvement processes
Sporadic evidence of learning and innovation activities to support the improvement

High

“Core Areas”: high exposure
“Non-Core Areas”: high exposure

0-15

Very Poor

Poor evidence of planning based on Stakeholders’ needs partially covering the social responsibility aspect
Poor evidence of compliance with applicable legal requirements
Implementation not managed through defined processes
No evidence or sporadic evidence of review and improvement
No evidence of learning and innovation activities to support the improvement actions definitions

Very high

“Core Areas”: extreme exposure
“Non-Core” Areas: extreme exposure

“Topic’s scoring”

Secondly, the metric consists of the calculation of the “Score per topic”. For this purpose this score is the average of the scores assigned to those areas included in the Topic.

“Criterion’s scoring”

Thirdly, the score per Criterion (Governance and Management System, Social, Safety, Environment and Business Ethics) is the average of the scores assigned to each Topic of the Criterion.

“Overall” scoring

In conclusion, the Overall Score is the average of the scores per Aspect and represents the total exposure level of the Organization to ESG risks.

The overall Score reflects both the extent to which the Organization implements the social responsibility management system and the actual or potential exposure level to ESG risks that can result into present or future adverse impacts.

In brief, the GIF hyerarchy of ESG risk exposure consists of 5 grades. The lowest score corresponds to a very high exposure level, while the highest score corresponds to a very low exposure level.

Rating	Risk Level	Description
80-100	Very Low	Organization exposed to very low ESG risks and capable of managing and monitoring them without exposing Stakeholders to unexpected costs or other adverse impacts. No specific risk oriented actions are needed but improvement actions will be beneficial.
60-79	Low	Organization exposed to low ESG risks and capable to manage them without exposing the Stakeholders to the most relevant unexpected costs and adverse impacts. Few risk reduction oriented actions are needed and there are few areas for improvement.
40-59	Acceptable	Organization exposed to acceptable ESG risks of adverse impacts in every “core area”. Few risk reduction oriented actions are needed and there are areas for improvement.
20-39	High	Organization exposed to high ESG risks related to one or more “core areas” that can result into high costs or adverse impacts on the Stakeholders. Robust improvement and risk reduction oriented actions must be planned and implemented to reduce the risk exposure level.
0-19	Very High	Organization exposed to very high ESG risks in “core” and “non-core” areas. A governance and management system for social responsibility review is required. Robust improvement and risk reduction oriented actions are needed.

Thresholds to pass Due Diligence

All things considered an organization positively pass the Due Diligence if the following criteria are met:

minimum overall score = 40
minimium score per “Governance & Management System” = 40
minimum score per “core area” = 40

On one hand the minimum score means the alignment wih the OECD Guidance for Due Diligence.

On the positive side the GIF Metric assigns the highest score to Organizations with “very low risks” in every area.

Therefore the highest score represents the alignment with both OECD Guidance and ISO 2600 recommendations.