The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Articles   /  What Has ESG Got To Do With Enterprise Risk Management?

What Has ESG Got To Do With Enterprise Risk Management?

Environmental, Social and Governance (ESG) requirements are gaining prominence in many large organisations. Investors and stakeholders are starting to pay closer attention to how companies treat their environment, conduct themselves as corporate citizens, and carry out their governance responsibilities. Statistics have shown increasing funds flowing to “green” bonds and sustainability-linked financing, although ESG-related risks are generally non-financial or sustainability-linked. This could be attributed to a consumer megatrend. Many consumers have stated that having a company support the same issues they do, can be a tipping point in their buying decisions.
Companies are also realising that customers are more inclined to buy from companies which are perceived as socially responsible. Incorporating ESG elements can therefore be beneficial to the brand, as companies that prioritise ESG are viewed as having robust corporate governance and an ethical approach to business. In line with this perception, many firms are aligning their processes and procedures with acceptable ESG practices but this may not be a simple or straightforward strategy. ESG-related risks (or opportunities), if not properly identified and managed, may turn out to be detrimental to the organisation.

ESG is about sustainability; organisations have also come to realise that it is also about giving back to the communities in which they operate, as these often supply a market, and a talent pool that helps sustain the business. Because of the move towards greater social responsibility, the risks that manifest with ESG may start to play a greater role in the overall risk exposure of organisations. For instance, some jurisdictions may decide to tighten legislation concerning environmental degradation laws, or institute a carbon tax, when they ratify climate accords. These will have an impact on companies operating in those jurisdictions.

They may suddenly find themselves having to allocate resources to comply with the new regulations, or face hefty penalties. More robust enforcement may follow the new regulations, making it not as easy to do business as before. Such changes may cause disruption in operations, and the business may start to lose money. Traditional risk management may sometimes not be flexible enough to identify these new or emerging risks, and the business may be affected as a result. But applying ERM principles and processes to ESG risks has been shown to help organisations better understand the new risks they could be exposed to, thereby improving their decision-making.

Applying the integrated framework of ERM to manage ESG capabilities is one way of establishing a viable ESG process without having to start from scratch. It may not be necessary to establish an exclusive ESG risk management framework. Many of ERM’s concepts and processes are able to help organisations understand the various risks that are inherent in determining and managing ESG requirements. The ERM practice of risk identification, analysis and assessment for instance can be applied to ESG risks as well, to ascertain which are likely to be of immediate concern, and which may eventually need to be prioritised.

Mitigation could also be based on ERM principles. Some ESG-related risks may dovetail with risks that are already on the organisation’s radar. ERM already considers elements like vulnerability, impact and velocity when evaluating risks, that are relevant to ESG. The ERM principle of “measure to manage” can be applied to help enhance the understanding of what to measure in ESG, for maximum effectiveness. In the area of reporting, existing ERM formats and mechanisms may be utilised to transmit information on performance of ESG-related activities to the Board, shareholders and stakeholders.

Decision-making about ESG risks and opportunities will be helped by having information analysed in the same formats that Board and management have become used to. But organisations have to bear in mind that ESG-related risks may be a new area for employees although they may be familiar with ERM principles, processes and procedures. If ESG is to be integrated with ERM, the organisation should ensure that those who are dealing with it understand the core risks that may be peculiar to ESG. There is growing concern about ESG-related risks, across the board. Four of the five top risks quoted in the World Economic Forum’s Global Risk Report were environmental or societal.

These included natural disasters, water crises, extreme weather events and climate change. This concern is adding to the pressure on companies to include ESG-related risks in their risk management strategies. Risk professionals are in agreement that sustainability risks will be impacted by events like these, and result in disruption to business. Applying the ERM framework to ESG-related issues is gaining traction, although some companies may find it complex. ERM tools such as surveys, workshops and training sessions are of great help when applied to identifying ESG-related risks and obtaining feedback from stakeholders.

In the long run, ESG risk awareness will quite likely become embedded in the overall organisational culture, if appropriately nurtured. Failing to manage ESG risks can lead to negative business impacts, including loss of revenue. Trends already indicate that investors and buyers are willing to pay more when companies demonstrate better ESG awareness and compliance. There is heightened scrutiny and pressure from investors to address ESG, leading to a rise in “sustainable investing.” ERM, which can effectively incorporate sustainability risks that are of significance to the company, will be crucial to the development of resilient business strategies for the long term.

Leave a comment

User registration

You don't have permission to register

Reset Password