Managing and disclosing risks is a compliance requirement in every significant jurisdiction. It’s something that all companies need to do well in order to be profitable and successful. In other words, successfully understanding, navigating and disclosing key risks is critical for a company’s survival.
Every business needs to understand potential risks and use informed decision-making to respond to them, while taking advantage of growth and advancement opportunities, building resilience and preparing for the future.
For many risks, like those related to operations or finance, most companies are adept at predicting, understanding and managing their exposure. But for other risks, such as emerging risks related to ESG issues, companies are less equipped to identify them and respond. Because of this, we see widespread problems—ranging from damage to corporate bottom lines and reputations, to serious global issues like supply chain mismanagement, plastics pollution, resource scarcity and more.
It’s high time for boards to be clear on ESG-related issues and risks for the benefit of business, society and the environment.
Ten years ago, the top global risks in terms of impact included only one ESG risk. But today, environmental and social risks account for four of the top-five risks in terms of impact, according to the World Economic Forum’s Global Risks Report.
Given this rapid shift in the risk landscape, many companies have not been able to keep pace. As the stakes continue to rise, the private sector needs to adapt, and fast. Institutional investors understand this to some extent, and are also looking to strengthen and protect their holdings for the long term by considering ESG issues.
As such, boards are increasingly prioritising issues such diversity, the environment, talent recruitment and retention but aren’t always sure where and how to start. New tools are available to help.
The first-ever guidance for managing ESG risks
New guidance developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council for Sustainable Development (WBCSD) aims to help companies address these challenges.
Together, in a historic partnership, the two organisations drafted the first-ever guidance for Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks, designed to help organisations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls.
The guidance takes 20 principles of the revised COSO ERM framework and organises them into seven modules for addressing ESG-related risks. This provides a practical process for companies to better integrate these issues into their enterprise risk management processes.
It begins with establishing governance structures and processes and continues to move through ERM activities of identifying, assessing, responding, reviewing and communicating risks, while maintaining a line of sight to the business context and strategy, which sits at the centre.
Companies that understand and manage their risks fare better in the global economy and at home. There are opportunities for attracting better employees and better investments, which often translate into growth and sustained success.
As such, WBCSD and COSO both believe that better business risk management and decision-making will shift the global financial system to reward the most sustainable companies by moving capital allocation flows towards those companies that manage their risks—from financial all the way through to social and environmental.
The idea isn’t to put pressure on risk managers, but rather to empower and educate them. Businesses should be aware of all potential ESG risks and should be doing more to bring these risks into the conversation.
The role of boards for ESG-risk oversight
Effective company management of ESG-related risks starts at the top, with an engaged board. A recent report from CERES found that the best-performing companies for sustainability have holistic systems for board governance.
Despite this, 38% of companies have no discernible board practices in place for sustainability oversight. This isn’t good enough.
Oversight for the full spectrum of risks means boards need to be aware of ESG-related issues. If they’re not, the company could be unpleasantly surprised by a negative ESG-related event, such as a fire, flood, protest or scandal, for example.
Additionally, qualifications, skills or knowledge of ESG-related issues help boards guide their companies through ESG-related risks that may threaten the business strategy or objectives. Some approaches for enhancing awareness and knowledge at the board level include:
• Periodic ESG board updates: Updates may target the board, a sub-committee or an individual board member. These updates should focus on ESG issues in the context of the business environment and strategy.
• An ESG sub-committee: A separate committee with an ESG focus should have a clear mandate to support value creation by integrating ESG-related issues into day-to-day business decision-making.
• ESG skills or knowledge on the board: A board member with ESG expertise can be helpful if those skills relate to specific challenges the company or industry faces. This is important when the company faces particularly challenging ESG-related issues or adopts values or a strategy that strongly aligns with an ESG-related issue or risk.
• Board charter inclusion of ESG: Highlighting ESG in the board charter provides direction for the board related to ESG. Specific objectives could be to answer: Why is ESG important to our business, or how will ESG issues impact our strategies and ambitions?
• Compensation tied to ESG: Developing plans with challenging short-term and long-term incentives helps create sustainable value for the company—comprising both social and financial returns.
The path ahead
When businesses, investors and other organisations fully understand their risks, they have the power to make better decisions. Having more information, including information on environmental, social and governance (ESG)-related risks will help organisations improve their risk management profiles.
Risk management has never been just about compliance; risk management is about doing good business and it’s about survival. Visit www.coso.org for more and look out for the final version of the guidance this October.
Dr Rodney Irwin is managing director, redefining value and education, at the World Business Council for Sustainable Development.