Integrating ESG risks into a company's risk management strategy

Avoiding a "bolted on" solution is easier said than done

Integrating ESG risks into a company's risk management strategy

Risk Management News

By Kenneth Araullo

In today's rapidly evolving corporate landscape, integrating environmental, social, and governance (ESG) risks into a company's risk management framework is not just beneficial—it is imperative.

As global regulatory standards and stakeholder expectations rise, businesses face increasing pressure to embed ESG considerations deeply within their strategic and operational processes. Properly incorporating these risks into enterprise risk management (ERM) not only aligns companies with global sustainability trends but also fortifies their resilience against a range of emerging challenges, ensuring long-term viability and success.

Natalie Runyon, director for ESG Content & Advisory Services at Thomson Reuters Institute, highlighted the pressing need for companies to integrate sustainability more deeply into their core operations and ERM strategies. This approach is crucial as businesses face increasing pressure to align with global sustainability frameworks and standards.

“Convergence of sustainability frameworks and standards is driving global consistency in environmental, social & governance (ESG) disclosures. In fact, the International Sustainability Standards Board has integrated the efforts of other industry-driven reporting endeavours, such as the Task Force for Climate-related Financial Disclosures (TCFD) and the Value Reporting Foundation, among others,” Runyon said.

Runyon also noted that a pivotal aspect of this alignment is the TCFD’s emphasis on identifying sustainability-related risks and opportunities and integrating them into corporate governance, strategy, risk management, and metrics.

“ESG legal adviser Honieh Udeka of Brown Rudnick warned companies 15 months ago to make sure that an ESG strategy is ‘built-in and not bolted on,’ adding that a ‘bolted-on’ strategy ultimately fails ‘because ESG values were only loosely coupled with business objectives and operations [and often] added on as an afterthought,” Runyon said.

Explicit understanding, collaborative culture

In response to these needs, the World Business Council on Sustainable Development (WBCSD) and the Committee of Sponsoring Organizations (COSO) of the Treadway Commission have jointly developed guidelines to help businesses embed ESG risks into their ERM frameworks. Runyon saidthat these guidelines suggest setting up governance structures that dictate decision-making and execution, essential for effective risk management.

“Integrating ESG-related risks into ERM involves enhancing the board’s and executive management’s understanding of these risks and fostering a collaborative culture among risk management personnel. To put this into action, the company’s board and executive leaders must understand explicitly how ESG-related risks could influence the company’s performance,” Runyon said.

“In addition, there must be an awareness among management regarding their duties concerning current or forthcoming ESG disclosure obligations and a thorough grasp of the company’s tolerance level for ESG-related risks.”

Runyon also notes that an effective ESG strategy requires clear ownership of each ESG-related risk. This involves designating individuals responsible for managing specific risks, understanding how their business area impacts and relies on natural and societal factors.

How to identify ESG-related risks

The entire process includes identifying, assessing, and communicating ESG-related risks. Runyon said that this involves integrating ERM with ESG risks through conducting materiality assessments and analysing external megatrends.

“Given that companies possess finite resources to address all identified risks across the organization, prioritizing risks through assessment and evaluating the severity of top risks are essential,” Runyon said.

Citing forecasting and scenario analysis as clear examples, Runyon highlighted an important aspect that is very much needed in the ESG-related risk framework.

“One critical requirement is involving cross-functional representatives that include sustainability managers, risk owners, and other ESG specialists in the process of ongoing identification of risks that most affect the organization. In fact, including ESG risks in the enterprise inventory of risks and evaluating the impact and probability of those risks are critical components of the ERM process,” Runyon said.

The COSO and WBCSD framework also recommends selecting appropriate responses for each risk, which may include accepting, mitigating, transferring, or avoiding the risk. Setting up metrics for ongoing evaluation of these responses is crucial, Runyon said.

To exemplify, consider the issue of climate change, which affects operations and supply chains. Companies may respond to this risk by adopting more sustainable practices like reducing carbon emissions or using renewable energy. Financial risks associated with climate change might be managed through specific environmental liability insurance products.

“As the risk environment continues to increase in complexity and uncertainty, especially over the long term, full consideration of ESG risks is an essential ingredient to manage corporate and compliance risks in an escalated risk environment. Integrating a company’s sustainability strategy into ERM governance is one method to embed and build in sustainability into the organization’s overall business operations,” Runyon said.

What are your thoughts on this story? Please feel free to share your comments below.


Keep up with the latest news and events

Join our mailing list, it’s free!