Risk management programs have traditionally addressed financial, compliance, and operational risks. However, a new class of risks is emerging: “ESG” risks, which encompass critical environmental, social, and governance issues.

Incorporating ESG as an integral part of Enterprise Risk Management (ERM) strategy is becoming increasingly crucial for businesses. By understanding and managing ESG risks systematically, organizations can continue to pursue their strategic objectives while reaping the benefits of managing their ESG risks, such as protecting their reputation, maintaining stakeholder trust, and improving financial performance.

Businesses can leverage risk software solutions to manage ESG risks alongside traditional risk categories. These tools provide a comprehensive view of an organization’s risk landscape, enabling data-driven decisions and prioritization of risk management efforts.

Understanding ESG in Risk Management

Environmental, Social, and Governance (ESG) factors arise from the public’s and regulators’ growing interest in how corporate organizations address climate change, fair labor standards, and good business conduct (just a few examples of ESG issues).

To address ESG risks effectively, companies are facing:

  • Mandatory ESG disclosure requirements from global regulators.
  • There is a need for standardized measurement and reporting of ESG factors.
  • Enhanced ESG disclosures for publicly traded businesses to aid investor decision-making.

For example, the European Union already has a Non-Financial Reporting Directive for large businesses and has proposed superseding it with a new Corporate Sustainability Reporting Directive. The United States will soon require enhanced ESG disclosures for publicly traded companies.

These proposals would standardize the measurement and reporting of ESG factors and related activities. The logic is that by standardizing the disclosure of ESG, investors can compare such disclosures among different companies more quickly, making more informed decisions about where to put their investment dollars.

ESG-driven risks will be another layer of complexity that companies will need to consider as they develop and use risk management frameworks. Again, however, the same fundamentals endure: companies should identify and assess sustainability risks and then seek to mitigate those risks as much as possible.

What Are ESG Risks?

ESG risks can encompass specific issues, from greenhouse gas emissions and water usage to fair pay and anti-discrimination to shareholder rights and business conduct matters. Based on the letters in ESG, we can group them into three categories.

Environmental Risks

Many environmental risks relate to climate change, such as how a company might respond to disruption from weather disasters or its output of greenhouse gas emissions. 

Other ecological risks relate more to sustainable growth: 

  • The recyclability of a company’s products.
  • The amount of recycled materials it uses.
  • Water consumption. 
  • Pollution.
  • Deforestation. 
  • Green energy.
  • Consumption.

Likewise, this set of risks includes how a company will evaluate and manage those issues. For example, the company might reduce its carbon footprint, use more renewable energy, or comply with government environmental regulations.

Social Risks

Social risks focus on business practices and how the organization addresses data privacy challenges, health and safety, stakeholder interests, labor practices, working conditions, diversity and inclusion, and other similar issues.

Managing these risks involves assessing supplier values, improving company working conditions, and supporting the local community. For example, in 2020, organizations came under increased pressure to demonstrate their commitment to diversity and inclusion after the George Floyd protests and to give workers more support while enduring the COVID-19 pandemic.

Governance Risks

Governance refers to how companies address transparency in business conduct and financial reporting.

It covers everything from executive compensation to diversity among the board and senior management to shareholder rights, accurate financial reporting, and effective regulatory compliance. Good governance also seeks to avoid conflicts of interest between management and the board and ensure that the company does not engage in illicit activities such as bribery and corruption.

How Do Companies Identify and Assess ESG Risks?

As companies make efforts to manage their ESG risks effectively, they must first identify and assess these risks within their operations and supply chains. Here are some key methods and tools companies use to uncover potential ESG issues:

  • Risk Assessments: Companies conduct risk assessments to identify potential issues related to human rights, environmental impact, and corporate governance. These assessments help prioritize risks based on their likelihood and potential impact on the company’s profitability and reputation.
  • ESG Frameworks: To gather the necessary ESG data, companies often rely on ESG frameworks such as:
    • Global Reporting Initiative (GRI)
    • Sustainability Accounting Standards Board (SASB)
    • Task Force on Climate-Related Financial Disclosures (TCFD)

These frameworks provide guidelines for ESG reporting and help companies assess their performance against industry-specific standards.

  • Environmental Risk Tools: When evaluating environmental risks, companies may use tools like emissions tests and life cycle assessments to quantify their ecological footprint. These tools help companies identify areas for improvement and set targets for reducing their impact on biodiversity and achieving net zero emissions.
  • Social Risk Assessments: To identify social risks, companies may conduct supplier audits, employee surveys, and stakeholder engagement. These initiatives help uncover potential issues related to human rights, labor practices, diversity and inclusion, and community relations.
  • Governance Benchmarking: Companies can assess their governance factors against industry best practices and regulatory requirements. Third-party ESG scores and ratings can also help companies benchmark their performance against peers.

How Is ESG Risk Measured?

ESG performance is an increasingly important consideration in company valuations. In a business environment where sustainability and ethical impact are critical to survival, companies use ESG criteria to evaluate their non-financial performance.

Several ESG rating systems have emerged to quantify a company’s ESG posture more accurately. Like corporate credit ratings, ESG ratings rank companies based on ESG metrics, assessing their performance on a sustainability scale.

Using annual sustainability reports, media coverage, investment analysis, and management data, and considering ESG risk exposure, a numerical score is derived to indicate a company’s performance on ESG factors.

Unfortunately, there is no perfect standard for ESG ratings, which depend on the data’s robustness and vary in consistency across industries, regions, and company size.

What Are the Benefits of ESG Risk Management?

Improved Sustainability

Companies that understand their ESG risks can better deploy resources, make responsible investments, address rising operating expenses, enhance employee retention, and more deftly comply with regulations. These activities help create greater efficiency and cost savings in the long run.

In addition, companies that are forward-thinking on ESG risks are typically ahead in a competitive environment.

Better Regulatory Compliance

As stakeholder demands for accountability from organizations grow, so do regulatory compliance obligations for ESG. Incorporating ESG as an integral part of Enterprise Risk Management (ERM) strategy should make disclosing this information to appropriate governing authorities much more manageable, reducing the resource burden and need for legal intervention.

Attractiveness to Investors

Socially conscious investors—including institutional investors with large sums of money—consider ESG issues when making investment decisions. Even more traditional investors now understand the value of good ESG risk management to a company. So, the better a company tracks and reports its ESG posture, the more attractive it can be to a broader group of potential investors.

Employee Productivity

An “ESG-aware” business can also improve employee motivation, retention, and productivity by instilling a sense of pride and purpose in the workforce.

In addition, many aspects of ESG risk management directly affect employee well-being, such as health and safety, work schedules, and diversity. If those issues are managed well, they can enhance the employee experience and lead to higher performance.

How Does Understanding ESG Contribute to Better Risk Management?

A business cannot manage its ESG risks — nor reap the benefits of managing its ESG risks well — unless it understands what those risks are. Understanding ESG risks is an essential part of modern enterprise risk management.

For example, companies will be in a better position to fulfill regulatory compliance obligations related to ESG issues, reduce the operational disruptions that could arise from poor ESG awareness (anything from weather disasters to employee walkouts to government investigations), and act on the corporate values that senior management holds dear. 

However, those things can only happen if the business applies traditional risk fundamentals to ESG risk management, such as implementing proper controls.

These practices within organizations enhance their ESG ratings, which provide a means of measurement for investors seeking information on a company’s sustainability credentials.

ZenGRC is Your Partner for Risk Mitigation

Adopt ZenGRC’s compliance, risk management, and governance platform to streamline evidence and audit management for all your compliance frameworks, including ESG factors.

Our risk software heat maps illustrate high, low, and medium-risk regions within your organization in a user-friendly, color-coded dashboard. They allow you to take action quickly and share the results with your C-suite and board of directors.

Worry-free risk management is the Zen way! Contact us for a demo and more information on how ZenGRC can streamline your GRC processes.

How to Build a
Risk Management Plan