This guide walks you through two frameworks developed by the Institutional Investors Group on Climate Change (IIGCC): PCRAM and CRIF. For each step, it explains what is required, what it produces in disclosure terms and where organisations typically hit a wall at portfolio scale. A self-assessment diagnostic near the top and application prompts at each PCRAM step make it a practical scoping tool you can return to as your programme develops.
The gap between climate assessment and climate action
92% of companies assess physical climate risk. Only 44% have adaptation measures in place. Just 17% disclose the financial impact. Most sustainability and compliance teams sit somewhere in that middle ground: the assessment has been done, but translating it into something the organisation can actually act on remains unfinished.
PCRAM and CRIF guide you from initial screening all the way through to continuous monitoring. The Physical Climate Risk Appraisal Methodology (PCRAM 2.0), developed by the Institutional Investors Group on Climate Change (IIGCC), provides a structured five-step route from portfolio screening to residual risk management. The Climate Resilience Investment Framework (CRIF), also from IIGCC, provides the governance structure that holds the whole programme together. Working through PCRAM within the CRIF structure gives your organisation the outputs your disclosure obligations specifically require: IFRS S2 (International Financial Reporting Standards Climate-related Disclosures, effective for reporting periods on or after 1 January 2024), TCFD (the Task Force on Climate-related Financial Disclosures) and CSRD (the EU Corporate Sustainability Reporting Directive) each call for things that PCRAM and CRIF directly produce. As Dr Sarah Kapnick, chief climate scientist at JP Morgan, has warned, tipping points in the physical climate system could make some risks uninsurable within the current investment planning horizon, which makes orderly, structured adaptation more urgent than most capital cycles allow for.
Where does your organisation sit today?
Before working through the PCRAM steps, check where your organisation stands against the four CRIF components. The self-assessment below takes two minutes. Mark each one honestly: the result shows which parts of this guide are most relevant to your situation right now.
CRIF component | Not started | In progress | In place |
Governance and Objectives | ☐ | ☐ | ☐ |
Physical Climate Risk Assessment | ☐ | ☐ | ☐ |
Adaptation Identification | ☐ | ☐ | ☐ |
Stakeholder Engagement | ☐ | ☐ | ☐ |
This is a self-assessment starting point for internal discussion, not a formal audit or certification.
CRIF is non-prescriptive and cyclical. Your organisation revisits it as your data matures, your portfolio changes or your reporting obligations update. If most of your responses sit in "Not started" or "In progress," the rest of this guide is essentially your specification for what completing them looks like. If most are already "In place," the PCRAM sections will help you check whether what you have meets the standard your disclosure frameworks are beginning to require.
How can PCRAM and CRIF help you meet your disclosure obligations?
Working through each PCRAM step gives your team something concrete you can take straight into your disclosure process. Each step produces an output that maps directly to a specific requirement under IFRS S2, TCFD or CSRD, so completing the methodology is how you meet your obligations, not extra work alongside them.
PCRAM step | What it produces | Regulatory output |
Step 1: Screen | Ranked hazard exposure across the portfolio | TCFD Risk Management disclosure; IFRS S2 §10 (identifying plausible physical hazards) |
Step 2: Quantify | Expected annual loss per site; worst-case event cost | IFRS S2 connection to financial statements; CSRD/ESRS E1 monetary exposure disclosure |
Step 3: Identify options | Adaptation menu with indicative costs | TCFD Strategy pillar; CSRD/ESRS E1 adaptation measures |
Step 4: Build investment case | NPV; pre/post-adaptation comparison; insurer evidence pack | IFRS S2 financial effects; CSRD financial implications of adaptation |
Step 5: Manage residual risk | Monitoring record; incident log | TCFD Metrics and Targets; IFRS S2 ongoing monitoring; CSRD targets |
Implementing CRIF delivers the governance structure TCFD requires. Completing PCRAM produces the financial figures IFRS S2 requires you to disclose. The CRIF components align directly to TCFD's four disclosure pillars.
CRIF component | TCFD pillar |
Governance and Objectives | Governance |
Physical Climate Risk Assessment (PCRAM) | Risk Management |
Adaptation Identification | Strategy |
Stakeholder Engagement | Metrics and Targets |
For organisations in scope of CSRD following the Omnibus revision, the threshold is 1,000 or more employees and €450m or more in turnover, covering approximately 6,000 of the largest EU undertakings. EFRAG's 2025 State of Play reports that 98% of in-scope companies map ESRS E1 (European Sustainability Reporting Standards, E1 covering climate change) as material. The physical risk and adaptation requirements are retained in full.
Step 1: Which of your sites are most exposed, and to what?
PCRAM Step 1 screens your asset portfolio against physical hazards to establish which sites face elevated risk, from which perils, before any financial analysis begins.
Your portfolio faces a range of hazards: temperature extremes and heat stress, precipitation and flood, storm surge and wind, sea level rise, water stress, drought and wildfire. Step 1 maps each site against these perils and ranks your portfolio by exposure level. The reason the ranking matters is prioritisation. A portfolio of 3,000 sites typically surfaces 200 to 400 that need closer attention. Without that filter, your team ends up applying detailed analysis uniformly across the estate, which is both unmanageable and imprecise.
What comes out of the screening is a clear picture of scope. The sites in the top tier are the ones where financial quantification, adaptation analysis and monitoring infrastructure are worth the effort. The rest can be recorded as assessed and tracked for changes over time.
Regulatory output: Step 1 satisfies TCFD's Risk Management disclosure and IFRS S2 §10, which requires your organisation to identify which physical hazards are plausibly relevant to each type of asset in your portfolio.
Apply this to your organisation:
How many assets are in your portfolio, and how many have site-level location data attached?
Which hazard types are most relevant to your primary geographies and operating sectors?
What data do you currently hold at site level, and where are the gaps?
Have you previously produced a ranked hazard exposure list, and if so, how was it structured?
At 300 or more priority sites, running this screen manually is not realistic. SmartResilience runs automated hazard screening across your full estate using pre-computed global models, giving you a portfolio ranked by risk level before any manual analysis begins.
Step 2: What would a serious weather event actually cost your business?
PCRAM Step 2 translates hazard probability into financial cost, producing an expected annual loss (EAL) per site and a worst-case event cost that can sit on a risk register and connect directly to your financial statements.
The difference between a risk score and an EAL figure is the difference between a document that describes your exposure and one that quantifies it in terms your finance director will engage with. According to S&P Global's 2024 Corporate Sustainability Assessment, 68% of companies claim quantitative risk assessments. Only 17% disclose the financial impact. That gap exists because most teams have probability scores, not financial figures. Step 2 closes it.
The EAL represents the average annual cost of a hazard, calculated across a range of event severities and weighted by probability. A 1-in-20-year flood event and a 1-in-100-year flood event both feed into the figure at different weights. The worst-case event cost tells you what a 1-in-100-year event would cost at that specific site: for a distribution warehouse near a tidal river, that might be £600,000 in direct damage, business interruption and recovery costs. That is the number that changes the conversation with finance.
Swiss Re estimates extreme weather caused approximately $320 billion in losses globally in 2024, of which $140 billion were insured. By mid-2025, insured losses had already reached $80 billion. Your organisation's financial exposure is measurable and increasing.
Regulatory output: Step 2 produces the financial figures IFRS S2 requires you to connect to financial statements. It also satisfies CSRD/ESRS E1's requirement to disclose the monetary amounts and percentage of your assets exposed to significant physical risk, before adaptation measures are adopted.
Apply this to your organisation:
Which of your highest-risk sites have you financially quantified?
What is the expected annual loss across your top ten priority sites?
What would a 1-in-20-year event cost at your most exposed asset?
Building a financially defensible EAL for a single site requires multiple data inputs and full methodology documentation. Doing it for 50 sites requires a systematic approach. SmartResilience produces site-level financial damage estimates using auditable methodology with transparent data lineage.
Not sure what your exposure costs? Use the Climate Risk ROI Calculator to get an initial estimate before continuing.
Step 3: What can you do to protect your assets, and is it worth the investment?
PCRAM Step 3 identifies available adaptation options for each priority site and calculates the financial return on each, turning physical risk into a capital allocation decision your finance team can actually work with.
Your options span a wide range: drainage upgrades, temporary and permanent flood barriers, green roofs and permeable surfaces, cooling infrastructure for heat-stressed facilities, seawall reinforcements and nature-based solutions including tree planting and floodplain restoration. Each option carries an indicative cost range and a corresponding reduction in expected annual loss. The output of Step 3 is a capital proposal with a documented net present value (NPV), structured for a finance or investment committee audience.
According to WRI's analysis of 320 investments across 12 countries, totalling $133 billion, every $1 invested in climate adaptation returns $10.50 in benefits over ten years. The average return across all adaptation investments is 27%. For resilient infrastructure specifically, that rises to approximately 30%. Importantly, 65% of those monetised benefits accrue regardless of whether climate events actually occur, from productivity, employment and environmental value. Your adaptation programme does not depend on a major weather event to justify itself financially.
In practice, the NPV calculation is straightforward. A site exposed to £90,000 per year in expected annual loss from flood might need a £150,000 drainage investment to reduce that exposure by 60%. The payback period is under three years. That comparison sits cleanly on any capital committee agenda.
Regulatory output: Step 3 satisfies TCFD's Strategy pillar, which requires you to demonstrate the resilience of your organisation's strategy across climate scenarios. It also satisfies CSRD/ESRS E1's requirement to disclose adaptation measures and their financial implications explicitly.
Apply this to your organisation:
Have you identified adaptation options for your highest-risk sites?
Do you have indicative costs for each option?
Can you currently calculate the financial return on a proposed adaptation investment in a format finance will accept without requesting additional methodology documentation?
Most organisations can name broad categories of adaptation measure. Far fewer can calculate the return in a format that will clear scrutiny from a CFO or investment committee. SmartResilience models ROI-ranked adaptation measures at site level, structured for capital allocation review.
Step 4: How do you build the case for finance and the board?
PCRAM Step 4 brings together the outputs of Steps 2 and 3 into the three financial documents a board or investment committee needs: the cost of inaction, the cost of adaptation and the insurer evidence pack.
Together, those three outputs let you make the climate adaptation case without asking your board to accept physical climate risk as a strategic priority before they have seen a number. The numbers make the argument.
Visual 5: The three financial outputs
Output | What it contains | Produced by |
Cost of inaction | Expected annual loss at portfolio level, currently unmanaged | Step 2 |
Cost of adaptation | NPV of proposed measures; pre/post-adaptation comparison | Steps 3 and 4 |
Insurer evidence pack | PCRAM-evidenced methodology; pre/post risk reduction for premium negotiation | Steps 4 and 5 |
Sainsbury's avoided a £3m flood damage event across its 1,000+ site estate by operationalising this approach. The combination of site-level financial quantification and monitoring infrastructure gave the business both the disclosure evidence and the operational capability to act before events caused damage.
IFRS S2 requires your organisation to connect climate disclosures to financial statements and disclose the financial effects of physical climate risks. CSRD/ESRS E1 requires you to disclose the financial implications of adaptation measures explicitly. The outputs Step 4 produces satisfy both requirements, provided the methodology is documented and auditable.
Regulatory output: Step 4 produces the financial effects disclosure IFRS S2 requires and the financial implications of adaptation CSRD/ESRS E1 requires. The insurer evidence pack demonstrates proactive risk management to your board, auditors and underwriters.
Apply this to your organisation:
Can you currently produce an EAL figure at portfolio level?
Do you have a pre/post-adaptation comparison for any site?
Do you have methodology documentation that would satisfy an external auditor or insurer today?
Producing board-ready financial outputs that also hold up to external scrutiny requires both the analysis and a complete audit trail. SmartResilience outputs update continuously as portfolios and regulatory requirements evolve, with full data lineage available for external review.
Step 5: How do you stay ahead of weather events once your programme is running?
PCRAM Step 5 puts in place site-specific monitoring thresholds, pre-agreed operational protocols and an incident log, closing the gap between your strategic plan and what your operations teams actually do when a weather event approaches.
Even after adaptation measures are in place, weather events keep happening. The real question for your operations is whether your team knows, before an event reaches your sites, which locations are genuinely at risk and what should happen next. Having that clarity ahead of time is the difference between a managed response and a reactive scramble.
Sainsbury's avoided a £3m flood damage event using an early warning capability that filtered hundreds of generic government weather alerts down to the specific subset requiring genuine operational response across its 1,000+ site estate. The critical element was site-specific thresholds: a government flood alert might cover a large geographic area, but only a fraction of sites within that area will actually flood. Filtering to those sites, with a pre-agreed operational protocol attached to each alert, converts broad warnings into decisions your site managers can act on directly.
Regulatory output: Step 5 satisfies TCFD's Metrics and Targets pillar and IFRS S2's ongoing monitoring requirements. The incident log builds the evidence base for CSRD/ESRS E1 targets and actions disclosures across future reporting periods.
Apply this to your organisation:
Do your site managers receive site-specific alerts, or generic government warnings covering a broad area?
Do you have pre-agreed operational protocols for weather events at your highest-risk sites?
Do you have an incident log that records events and responses systematically over time?
Generic Met Office alerts do not distinguish between a site that will flood and one that will not. SmartResilience issues real-time early warnings calibrated to each individual site, with operational runbooks sent alongside each alert.
Which implementation path fits your organisation?
The right entry point depends on your current data maturity, portfolio size, regulatory timeline and internal capacity. Four archetypes cover most starting positions.
Archetype | Starting position | Recommended entry point |
Data-rich, action-poor | Existing risk assessments; no financial quantification | Step 2 (quantify), using existing hazard data as input |
Pre-disclosure deadline | IFRS S2 or CSRD reporting required within 12 months | Step 1 (screen) across full portfolio; Step 2 for top 20 priority sites |
Board alignment needed | Risk understood internally; finance not yet engaged | Step 4 outputs first, then build the full programme behind them |
No programme yet | No systematic physical risk assessment in place | Step 1 (screen) to establish baseline |
Whichever archetype fits your organisation, the starting point involves the same two actions: a portfolio screen that tells you where to focus, and a PCRAM Tier 1 quantification that gives you the financial numbers to build the case.
Handling the three most common internal objections
"We already have a climate risk assessment."
Having an assessment and having operationalised it are different things. S&P Global's data shows that 92% of companies assess physical risk, but only 35% have a formal adaptation plan and only 17% disclose the financial impact. The assessment is the input for PCRAM, not a substitute for it. SmartResilience takes your existing assessment outputs and converts them into the financial figures and adaptation cases the assessment alone does not produce.
"We don't have the data."
Data gaps at site level are the norm rather than the exception, and PCRAM is designed to work with what you have. SmartResilience uses pre-computed global hazard models to fill gaps in your site-level data, and the Step 1 screen identifies where higher-resolution data is genuinely critical versus where modelled data is sufficient for the level of analysis you need.
"We'll address this in the next regulatory cycle."
IFRS S2 is effective for reporting periods on or after 1 January 2024, and CSRD obligations for companies with 1,000 or more employees and €450m or more in turnover are already live. Delaying typically means higher adaptation costs and a weaker negotiating position with insurers when you do engage. SmartResilience produces the TCFD and IFRS S2 outputs your current reporting period requires, while your longer-term programme develops in parallel.
The four steps from framework to programme
Step 1: Screen the portfolio Most boards have not seen a ranked map of physical exposure across their full estate. Screening produces exactly that: hazard types named, sites ranked by exposure, attention allocated by data rather than assumption. Skip this and adaptation spend follows intuition.
Step 2: Quantify financial exposure A hazard map without financial figures cannot move a finance director. Expected Annual Loss (EAL) translates probability into cost. Only 17% of organisations disclose financial climate impact despite 68% claiming quantitative assessments. The gap is EAL methodology. With it, you go to finance with a number. Without it, you go with a concept.
Step 3: Build the adaptation case Once you have EAL figures for priority sites, the question becomes: what can you do, at what cost, and what does the return look like? World Resources Institute (WRI) analysis of 320 adaptation investments shows an average return of 27%, with 65% of benefits accruing regardless of whether a major event occurs. The output of this step is a capital proposal with a documented net present value (NPV), which is what it takes to compete in the capital cycle.
Step 4: Connect it to operations A programme that ends in a report is useful once, then ages. Site-specific early warnings, operational protocols attached to those warnings, and incident logging over time make climate risk part of how your teams manage assets day to day. SmartResilience connects all four steps into a continuously updating system, so portfolio changes, new events and regulatory updates feed back into the analysis without restarting the programme.
You have now mapped your organisation against the CRIF framework and worked through what PCRAM analysis requires at each step. Book a session with SmartResilience to see what this looks like applied to your own portfolio.
SmartResilience
See SmartResilience in action
Book a free demo tailored to your organisation and assets.
Book a free demoFrameworks and references
CRIF:
PCRAM 2.0:
iigcc.org/resources/the-physical-climate-risk-appraisal-methodology-2.0
TCFD Recommendations:
fsb-tcfd.org
IFRS S2 Climate-related Disclosures:
ifrs.org
CSRD/ESRS E1:
European Commission
