Many companies are coming to realize that an effective environmental, social, and governance (ESG) strategy supports better financial performance and long-term business success. As a result, discussions about ESG are entering corporate conversations worldwide.
Embedding ESG concerns into your strategy and risk management program, however, is easier said than done. Keep reading to learn more about ESG management and how you can integrate ESG risks into your enterprise risk management framework.
What Is ESG Management?
An ESG program includes a set of operational criteria that go beyond standard business and financial risks that every company faces. It allows an organization to manage various environmental, social, and governance risks.
The ESG program’s environmental aspect includes monitoring impacts to climate change, reducing emissions, and supply chain sustainability. Social criteria examine how the business manages labor relations, diversity, and inclusion. Governance deals with leadership, internal controls, and ethics to promote greater accountability and transparency.
The Need for ESG Management
The clamor for ESG management has been growing over the past few years, especially since the outbreak of the COVID-19 pandemic. ESG issues matter more than ever to investors, customers, stakeholders, employees, communities, and regulators.
Strong ESG performance can lead to greater access to capital, talent, and business opportunities. For these reasons, it’s critical for today’s organizations to focus on integrating ESG management into the overall risk management framework.
What Risks Can ESG Risk Management Help With?
An ESG program can help companies identify, manage, and mitigate many crucial risks, including:
- Climate change
- Greenhouse gas emissions
- Carbon footprint
- Water, soil, and air pollution
- Waste and waste management
- Use of toxic chemicals
- Effect of operations on biodiversity
In other words, environmental factors measure how well the organization performs as steward of the natural resources it consumes and the waste it creates.
- Diversity, equity, and inclusion (DE&I)
- Inequalities in the workplace
- Employee relations
- Employee health and safety (H&S)
- Employee working conditions
- Worker rights
All these social factors are increasingly scrutinized by shareholders, stakeholders, regulators, and potential investors. Companies must also pay more attention to social justice, systemic racism, and implicit bias in the workplace.
- Board diversity and structure
- Political contributions
- Executive pay
- Operational policies and standards
- Controls for corruption and ethics
- Tax avoidance
- Shareholder rights
- Board management of regulatory, legal, and reputational risks
Governance factors determine how an organization governs itself, manages operations, and controls financial practices. It also includes whether its decision-making is transparent, inclusive, and ethical.
What Are the Benefits of ESG Risk Management?
ESG risk management is not necessarily cheap, but the costs of inaction can be even more damaging. Effective ESG risk management has many benefits, including:
In 2020 the world endured 22 billion-dollar disaster events (the most on record), which in total cost organizations $1.875 trillion. In the first half of 2021 alone, disasters inflicted $42 billion in losses.
Further back, oil giant BP landed in a massive scandal in 2010 when it failed to identify its environmental risks and suffered the infamous Deepwater Horizon disaster — where more than 130 million gallons of oil spilled into the Gulf of Mexico. This huge oil spill led to the loss of 11 lives and cost BP a whopping $65 billion in fines and cleanup.
Poor ESG practices lalso anded German automaker Volkswagen in an emissions scandal. In the late 2010s and into this year, the company paid out $33.3 billion in fines, settlements, and buyback costs as part of “Dieselgate” after U.S. environmental regulators found discrepancies between laboratory results and actual emissions in real-world driving.
These damages and costs might have been avoided if the companies had adequately understood the risk environment and made concerted risk mitigation efforts.
Improve Regulatory Compliance
Poor ESG risk management can also affect a company’s regulatory posture since more and more regulators now ask for ESG data and reporting.
For instance, in the European Union, the Sustainable Finance Disclosure Regulation (SFDR) has introduced sustainability disclosure requirements and incentives for companies to provide complete ESG data.
In the United States, the Securities and Exchange Commission (SEC), Federal Reserve, and other regulators are also updating their reporting requirements regarding the risks and costs related to climate change.
Access to Investors and Funds
Activist investors, financial institutions, and lenders are also paying more attention to companies’ ESG programs. Many are reassessing their lending and investment practices to reduce their exposure to companies not focused on environmental protection, carbon neutrality, and sustainability.
Align With Customers
Customers also expect that companies align with their own ethical views. Often, customers will pay a premium to shop from an organization with a good reputation for ESG management.
Protect Reputation and Brand Value
A lack of ESG risk management can damage an organization’s reputation, market value, and revenues. On the other hand, robust ESG risk management can help the company improve public relations and its image with relevant and timely press releases featuring its ESG efforts.
In sum, companies must keep an eye on the various ESG factors, concerns, and risks to minimize financial, regulatory, and reputational damage while protecting brand integrity.
As investors and regulatory bodies demand information on sustainability and social responsibility practices, organizations must track and gather ESG performance data. This data needs to be published in reports based on established reporting standards dictated by SEC, NASDAQ, the Fed, and others.
How to Integrate ESG Risks Into Your Risk Management Framework
Following a few best practices can simplify integrating ESG risk factors into your overall risk management framework.
Identify the ESG Strategy Based on Organization’s Unique Exposure to Risk
ESG ratings by ratings agencies are helpful since they allow organizations to understand (often in quantitative terms) where they stand on material issues. Organizations can easily compare themselves to similar companies in their industry.
These ratings, however, only represent the viewpoints of the respective agencies. Moreover, rating criteria cna promote a “checkbox compliance” culture. As a result, it’s essential to develop an ESG strategy tailored to your unique risk exposure and perspective on how best to manage these risks.
Connect ESG Strategy to Business Strategy
Your ESG strategy and business strategy inform and affect each other, so they should always be aligned. ESG goals should be a core part of the vision, mission, and values. Board and management oversight and a thorough materiality assessment are also critical.
Add ESG Risk to the Overall Risk Appetite Statement
All ESG risks should be considered in the overall risk appetite statement. Such considerations will assure that the enterprise risk appetite is adjusted based on all threats (and is, therefore, a holistic reflection of the existing risk posture) instead of just standard financial or business risks.
Put the Right Components in Place
To manage ESG risks as part of the risk management framework, make sure you have all the required components in place, including:
- Risk register
- Risk ownership
- Obligations register
- Key risk indicators (KRIs) and metrics
- Management structures
- Governance structures
- Reporting structures
- Performance monitoring
ZenGRC Is Your Answer to Risk Management
Streamline risk management and minimize your risk exposure with ZenGRC. With this integrated risk management and compliance tool, you can identify relevant risks, see where they are changing, and take the necessary action to manage and mitigate them — all from one centralized application.
Its single source of truth ensures your organization is always audit-ready. Policies and procedures are revision-controlled and easy to find in the document repository. Workflow management features offer easy tracking, automated reminders, and audit trails. Insightful reporting and dashboards provide visibility to gaps and high-risk areas.
Schedule a demo to see how it works!