Aligning ESG Risks with Enterprise Risk Management
ESG risks are now playing a much larger role in contributing to the overall risk exposure of organizations. For instance, some jurisdictions have developed corporate regulations targeting climate sustainability, while some financial regulators have adopted specific requirements regarding ESG disclosure rules. Consumers are also making buying decisions based on a company’s ESG standings.
Incorporating these factors into your enterprise risk management program can strengthen your organization’s understanding of its full suite of risks and enhance overall business performance. The good news is that Enterprise Risk Management and ESG risks have a significant intersection. If you already have solid Enterprise Risk Management processes in place, you can leverage these to address ESG risks while also applying new metrics for evaluating these risks and any related data.
To increase the chances of success when setting up an ESG governance capability, key elements to consider include:
● Establish clear ownership Determine who is responsible for the ESG risk assessment processes. As this is a new topic within many organizations, the role in some cases is still in the process of being defined. This responsibility is likely to fall under operational risk or non-financial risk teams, or even to a newly dedicated role. Defining this role and allocation of resources is vital for the overall success as it will provide decision-makers with reliable information to inform strategies.
● Develop mitigation strategies The same process for identification can be applied to ESG risks, such as the categorization of assets and defining a maturity rating based on a performed ESG risk assessment. With these insights, you need to strategize on how your organization can best utilize information gathered from identified ESG risk analyses to drive decision-making. Of course, due to the varying nature of ESG risk, some mitigations may not be possible due to the magnitude of the risks addressed. However, having a well-thought-out strategy and roadmap to address threats before they happen, and being able to demonstrate a proactive approach, will be beneficial for ESG reporting and invoke greater investor confidence.
● Prioritize risk data Evaluating ESG risk exposure might require gathering information from multiple data sources. It is important to spend the time identifying and narrowing down the relevant data sources that will be included and prioritized in your analysis—an important step for further process.
● Determine a reporting structure When deciding on your reporting structure, always ask: Who will consume the risk information and make decisions based on them? Identify a reporting structure that will allow your company to align with regulatory reporting requirements, and take into account key decision-makers, such as operational risk teams, ESG sustainable finance teams, shareholders and regulators. As accountability increases on the board and senior leadership level, it becomes vital that they too assume responsibility here. The emphasis they place on ESG risk management topics will greatly contribute to the overall success of the framework. With national jurisdictions beginning to implement explicit references to ESG-related disclosure, it is imperative to speak in the language of socially conscious investors and lenders on ESG factors.
● Integrate with existing methodology Do not try to reinvent the wheel from a process perspective. If you have sound and comprehensive Enterprise Risk Management processes in place, leverage the same mechanisms to identify, assess and address ESG risks as well. This reduces friction in business lines, and among people consuming the reports, including your auditors.
● Develop a comprehensive view of ESG ESG is a broad concept so extend your scope beyond the environmental factors of climate change and resource protection. Taking too narrow a view on the topic will lead to rework, audit findings and lost effort. Diverse social risks, such as protests, unethical treatment of employees or suppliers are a direct risk to a company’s success and reputation. Governmental risks, like inefficient internal controls systems or lack of oversight and poor compliance can all have a significant impact on ESG reporting. In the case of ESG financing, this may also lead to misinformed investment decisions. It is important to keep in mind that ESG materiality is dynamic, and considering those seemingly “dormant” risks is important, as they might be just around the corner.
● Account for risks and opportunities Make sure to account for both the opportunities and risks within a certain “megatrend.” (Megatrends can include things like climate change, democracy and politics, privacy and cyber, resource scarcity, travel and mobility, and health and safety.) For example, if your organization produces battery technology that utilizes substances such as lithium or cobalt, then resource scarcity might be a primary risk. However, the increased demand for electric vehicles might be an opportunity.
● Keep it simple While ESG risk management might be new to the organization, applying the same core principles of Enterprise Risk Management to identify, mitigate and manage risks can facilitate a smoother process. Understanding core risks and gaining an overall perspective on ESG exposure should be your first priority. Once this has been achieved, it can be improved by moving focus onto more complex methodology and data structures. With pressure mounting and stakeholders demanding transparency regarding an organization’s approach to ESG topics, it is important that you get a head start. Start simple and then refine.
Reprinted with permission from Risk Management Magazine. Copyright Risk and Insurance Management Society, Inc. All rights reserved.
Written by Karl Viertel, 2022