Environmental, social and governance (ESG) risks and opportunities – where to start?

Have you ever been wondering what the acronym ESG stands for and why it has become such a buzzword in recent years? Additionally, how does it relate to enterprise risk management (ERM) and sustainability terms such as sustainable development and corporate social responsibility? This short article provides a brief description and links to dig deeper.

Shortly about Enterprise risk management (ERM)

Enterprise risk management (ERM) is a necessary part of the organisation’s decision-making and management systems. The ERM provides information and data to the board and management so that they can make informed decisions considering all aspects of the organisation.

The two most known ERM frameworks are ISO 31000:2018 (The International Organization for Standardization) and “2017 Enterprise Risk Management – Integrated Framework” by The Committee of the Sponsoring Organizations of the Treadway Commission (COSO).

A future-looking organisation has a board that supports the ERM and has established an organisation-wide risk culture. The ERM is not just about avoiding risks but taking advantage of opportunities as well.

Why do we need one more acronym: ESG?

World Economic Forum (WEF) publishes every year often cited “Global Risk Report”. In this year report, the Top 10 “the most severe risks on a global scale over the next 10 years” include five environmental, three societal, one geopolitical and one economic risk.

This emerging and often unknown future also changes the organisation's operational environment. Therefore, it is important to identify, measure, and manage ESG risks and opportunities. The organisation can choose the tools and techniques to do that. Often used tools include a materiality assessment, a stakeholder analysis, and a scenario analysis. The focus should be on considering ESG risks and opportunities in the context of the organisation's broader strategic objectives. Thus, the organisation needs to embed ESG risks and opportunities in the ERM.

It is essential to note that ERM frameworks are not just for large corporations, but any organization. Although, there does not exist a ‘one size for all’ solution for everyone. The organisation should tailor its framework, best practices, methodologies, and tools for its purposes and objectives.

COSO-WBCSD Guidance for ESG risks and opportunities

In 2018, The World Business Council for Sustainable Development (WBCSD) and COSO published “Guidance for Applying Enterprise Risk Management (ERM) to Environmental, Social and Governance (ESG)-related Risks.”

The guidance aligns with COSO´s ERM framework, and it follows the same principles and components. The five components are: Governance and culture for ESG-related risks; Strategy and objective-setting for ESG-related risks; Performance for ESG-related risks; Implements risk responses and Review and revision for ESG-related risks. Each component has its recommended actions and tools.

The guidance also assists to ask the right questions and raising awareness in the organisation. It has numerous examples such as establishing needed roles and responsibilities (RACI matrix), an introduction of value creation and six capitals framework (The Integrated Reporting Framework), SWOT analysis and Impact and dependency mapping.

Lastly, one of the biggest strengths of the guidance is that it includes a wealth of resources and sources for identifying emerging risks, performing ESG materiality assessment, collecting data, ESG communication and reporting. Thus, the guidance is not only useful with the ERM COSO framework. It is useful with ISO 31000 and other sustainability frameworks and guidance as well.

The guidance is available for free on either COSO´s (here) or WBCSD (here) website.

Sources:

Guidance for Applying Enterprise Risk Management (ERM) to Environmental, Social and Governance (ESG)-related Risks [Online], WBCSD and COSO. Available at https://www.wbcsd.org/Programs/Redefining-Value/Making-stakeholder-capitalism-actionable/Enterprise-Risk-Management/Resources/Applying-Enterprise-Risk-Management-to-Environmental-Social-and-Governance-related-Risks and https://www.coso.org/news/Pages/new-guidance-addresses-resiliency-against-esg-risks.aspx (Accessed 1 April 2022)

ISO 31000:2018 Risk management — Guidelines [Online], Switzerland, ISO. Available at https://www.iso.org/standard/65694.html (Accessed 1 April 2022)

2017 Enterprise Risk Management – Integrated Framework. [Online], COSO. Available at https://www.coso.org (Accessed 1 April 2022)

The Global Risks Report 2022, 17th Edition, [Online], World Economic Forum. Available at https://www.weforum.org/reports/global-risks-report-2022/digest (Accessed 1 April 2022)

Disclaimer: I do not work for neither COSO or WBCSD and do not have other connection them too. I have worked with and studied these matters and therefore interested in to share best practices and sources.