ESG risk management: More than just a 'nice to have'
Today it seems that the issue of Environmental, Social and Governance (ESG) is being talked about everywhere and has become a key focus for enterprise management teams, especially those responsible for risk management. But is this something new, or should it be viewed as part and parcel of a mature enterprise risk management infrastructure?
One thing is for sure. ESG has important implications for a wide range of stakeholders that includes directors, investors, employees, suppliers, and employees for whom performance against ESG objectives counts.
Indeed, the overarching themes of diversity, sustainability, and adherence to the standards and principles of good conduct that ESG encompasses are integral to an organization’s wider enterprise risk management (ERM) strategy for addressing the risks that could potentially impact a company’s financial and operational performance or brand reputation.
The rising prominence of ESG
Today’s stakeholders are asking hard questions about the ESG performance of companies. From assessing the environmental impact of their products and services, to evaluating if organizations treat employees, suppliers and partners fairly and equitably and appropriately monitor their supply chains. Failing to deliver against these expectations will result in a backlash from disaffected investors, customers and employees.
For example, a growing number of consumers are opting to buy goods and services from organizations based on their ethical practices and position on ESG-related matters. Similarly, employees are becoming more selective when it comes to working only for organizations whose values align with their own.
Meanwhile, ESG standards, regulations and reporting requirements in jurisdictions around the globe are on the rise. This means that action on ESG risk needs to go beyond lip service.
Getting to grips with ESG
ESG is a broad umbrella that covers a range of topics. Getting to grips with ESG begins with identifying which stakeholders have an interest or are affected with ESG, and viewing each stakeholder’s objectives through an environmental, social and governance lens.
For example, from an environmental perspective, what do consumers expect in relation to how products and services are sourced or delivered. Similarly, what specific requirements do environmental regulators have in relation to the company’s operations.
Changing social expectations mean that organizations are being held to account on issues related to human rights, minimum working conditions, community engagement and diversity. In some cases, these expectations are becoming enshrined in law. But it’s not enough to just treat employees well. Many countries have implemented modern slavery laws that require organizations to assess if slave labor exists in their supply chains.
Meanwhile, when it comes to governance, processes and systems need to be in place to assure compliance with legislation and maintain adherence to the principles of good conduct. Good governance is critical for driving the policies and resource allocation that will be needed to address social and environmental issues and achieve specific ESG objectives.
Having identified their stakeholder groups -- society, customers, employees, suppliers and third parties, regulators and shareholders -- organizations next need to identify the specific objectives that are ESG related. For example, enhancing and protecting the environment, satisfying customers in relation to their ESG values, creating a satisfied and motivated workforce, and compliance with ESG-related regulations and reporting requirements.
Next, organizations will need to identify the risks that could impact achieving these objectives.
Analyzing and understanding ESG risk
Let’s take a look at how a transport company with a fleet of combustion vehicles and a variety of warehouse locations could analyze how risk could impact its ability to achieve a key ESG objective: reducing long term carbon dioxide emissions within a measurable timeframe and target.
First, the company identifies three critical success factors for achieving this objective: refreshing its fleet with electric vehicles, installing solar panels at all warehouses and installing energy management software.
Next, it defines how potential risks could unfold that will prevent the achievement of key environmental goals. For example, climate change related issues impacting the global supply chain for electric vehicle production means the full fleet may not be replaced within the stated timeframe. An outcome that means that carbon emissions won’t be reduced as expected and consumer sentiment could be negatively impacted due to the continued use of fuel-based vehicles.
When it comes to ESG reporting, there are three key requirements to consider: internal reporting to the Executive and Board in relation to ESG objectives, regulatory reporting and disclosure requirements, and the external reporting expectations of stakeholders like investors and third parties. In some jurisdictions, ESG reports or statements will also need to be assured by an independent assurance provider.
Having determined what reporting needs to be produced, data will need to be collected from a number of different departments and specialist teams across a variety of different geographic locations or processes.
The complexity of this process means organizations should ideally use a system that automates notifications to individual stakeholders, tracks progress against defined objectives, aggregates information that already exists and links reporting obligations such as modern slavery to the organization’s ESG reporting metrics.
Finally, ESG has implications for the enterprise’s third-party risk management program. In 2021, eight former child laborers from Mali filed a lawsuit against several major chocolate factors alleging they knowingly engaged in forced labor. Scandals like this mean organizations need to up their focus on due diligence of their supply chains and proactively seek assurances as part of their third-party engagement practices.
Touching many aspects of an organization’s management processes, systems and governance, it is essential that ESG should not be viewed as a standalone siloed concept. Fortunately, organizations can integrate ESG into their wider ERM framework which considers and manages how uncertainty affects the achievement of key organizational objectives.
For ESG this manifests in two primary ways; managing operational, financial and strategic risks that could impact on ESG objectives, and managing the effect that ESG factors have on other enterprise objectives.
ERM is the ideal place to consolidate many aspects of ESG and manage all ESG risk-related matters as well as compliance, metric monitoring and reporting. Having established a strong foundation for how they proactively manage ESG performance and adapt and transform their operations in the pursuit of ESG objectives, organizations will be ideally positioned to perform successfully in today’s stakeholder economy.
Gary Lynam is Director of Customer Success, EMEA at Protecht.