Risk management programs are supposed to help organizations address a wide range of risks. Historically, however, that wide range consisted primarily of financial, compliance, or operational risks.
Today a new class of risks is coming over the horizon: so-called “ESG” risks, to address larger questions about environmental, social, and governance issues.
ESG may be a new dimension to risk management, but the principles remain the same. Businesses need to understand where their risks come from, and then manage those risks in a systematic way so the organization can keep pursuing its strategic objectives.
What Is ESG Risk Management?
Environmental, social, and corporate governance (ESG) factors arise from the public’s and regulators’ growing interest in how corporate organizations address issues such as climate change, fair labor standards, and good business conduct (to name just a few examples of ESG issues).
Numerous regulators have started to impose mandatory ESG disclosure requirements on businesses. For example, the European Union already has a Non-Financial Reporting Directive for large businesses, and has proposed to supersede that directive with a new Corporate Sustainability Reporting Directive. The United States is also moving to require enhanced ESG disclosures for publicly traded businesses sometime soon.
These proposals (and others) would standardize the measurement and reporting of ESG factors and related activities. The logic is that by standardizing disclosure of ESG, investors will be able to compare such disclosures among different companies more easily, and therefore make more informed decisions about where to put their investment dollars.
ESG-driven risks will be another layer of complexity that companies will need to consider as they develop and use risk management frameworks. Again, however, the same fundamentals endure: companies should identify and assess sustainability risks, and then seek to mitigate those risks as much as possible.
What Are ESG Risks?
ESG risks can encompass scores of specific issues, from greenhouse gas emission and water usage; to fair pay and anti-discrimination, to shareholder rights and business conduct matters. That said, we can group them into three categories based on the letters in ESG.
Many environmental risks relate to climate change, such as how a company might respond to disruption from weather disasters or its output of greenhouse gas emissions. Other environmental risks relate more to sustainable growth: the recyclability of a company’s products, the amount of recycled materials it uses, water consumption, pollution, deforestation, green energy consumption, and so forth.
Likewise, this set of risks also includes how a company will evaluate and manage those issues. For example, the company might reduce its carbon footprint, use more renewable energy, or otherwise comply with government environmental regulations.
Social risks focus on business practices and how the organization addresses the challenges of data privacy, health and safety, stakeholder interests, labor practices, working conditions, diversity and inclusion, and the like.
Managing these risks involves assessing supplier values, improving company working conditions, and supporting the local community. For example, in 2020, organizations came under increased pressure to demonstrate their commitment to diversity and inclusion after the George Floyd protests; and to give workers more support while enduring the COVID-19 pandemic.
Governance refers to how companies address transparency in their business conduct and financial reporting.
It covers everything from executive compensation, to diversity among the board and senior management, to shareholder rights, to accurate financial reporting and effective regulatory compliance. Good governance also seeks to avoid conflicts of interest for management and the board, and to assure that the company does not engage in illicit activities such as bribery and corruption.
How Is ESG Risk Measured?
ESG performance is an increasingly important consideration in company valuations. In a business environment where sustainability and ethical impact are critical to survival, companies use ESG criteria to evaluate their non-financial performance.
To quantify a company’s ESG posture more accurately, several ESG rating systems have emerged. Somewhat similar to corporate credit ratings, ESG ratings rank companies based on ESG metrics, assessing their performance on a sustainability scale.
Using annual sustainability reports, media coverage, investment analysis, and management data, and taking into account ESG risk exposure, a numerical score is derived to indicate a company’s performance on ESG factors.
Unfortunately there is no perfect standard for ESG ratings, which depend on the data’s robustness and vary in consistency across industries, regions, and company size.
What Are the Benefits of ESG Risk Management?
Companies that understand their ESG risks can better deploy resources, make responsible investments, address rising operating expenses, enhance employee retention, and comply with regulations more deftly. These activities help create greater efficiency and cost savings in the long run.
In addition, companies that are forward-thinking on ESG risks are typically ahead in a competitive environment.
Better Regulatory Compliance
As stakeholder demands for accountability from organizations grow, so do regulatory compliance obligations for ESG. Incorporating ESG as an integral part of enterprise risk management (ERM) strategy should make disclosing this information to appropriate governing authorities much more manageable, reducing the resource burden and need for legal intervention.
Attractiveness to Investors
Socially conscious investors — including institutional investors, with large sums of money at their disposal — consider ESG issues when making investment decisions. Even more traditional investors also now understand the value of good ESG risk management to a company. So the better a company is at tracking and reporting its ESG posture, the more attractive it can be to a wider group of potential investors.
An “ESG-aware” business can also improve employee motivation, retention, and productivity by instilling a sense of pride and purpose among the workforce.
In addition, many aspects of ESG risk management directly affect employee well-being, such as health and safety, work schedules, and diversity. If those issues are managed well, they can enhance the employee experience and lead to higher performance.
How Does Understanding ESG Contribute to Better Risk Management?
A business cannot manage its ESG risks — nor reap the benefits of managing its ESG risks well — unless it understands what those risks are. Understanding ESG risks is an essential part of modern enterprise risk management.
For example, companies will be in a better position to fulfill regulatory compliance obligations related to ESG issues; reduce the operational disruptions that could arise from poor ESG awareness (anything from weather disasters to employee walkouts to government investigations); and act on the corporate values that senior management holds dear. But those things can only happen if the business applies traditional risk fundamentals to ESG risk management, such as implementing proper controls.
These practices within organizations enhance their ESG ratings, which provide a means of measurement for investors seeking information on a company’s sustainability credentials.
ZenGRC is Your Partner for Risk Mitigation
Adopt ZenGRC’s compliance, risk management, and governance platform to streamline evidence and audit management for all of your compliance frameworks, including ESG factors.
Our risk software heat maps illustrate high, low, and medium risk regions within your organization in a user-friendly, color-coded dashboard, allowing you to take action quickly and share the results with your C-suite and board of directors.
By reducing the amount of manual tracking, compliance officers will be more proficient in their jobs, and the ongoing tasks of governance and continuous monitoring will be simplified.
Worry-free risk management is the Zen way! For more information on how ZenGRC can streamline your GRC processes, contact us for a demo.