Skip to main content

Preparing for a sustainable future

Integrating Environmental, Social & Governance into Risk Management

Ongoing climate, social, economic, demographic, and political change guarantees that the tension between organisational and societal needs will only intensify.

Managing the tension between the good of the organisation and the good of society will test the mettle of senior leadership teams for years to come.

The environmental, social, and governance (ESG) issues driving this tension touch every area of the organisation and all stakeholders. Adding to the challenges are evolving regulatory requirements and limited visibility into ESG risks and opportunities. This means that approaches that integrate ESG risk management with enterprise risk management (ERM)and the business strategy.

While many companies have ESG as a key element of risk management or the business strategy or both, relatively few have truly aligned ESG with ERM and the business strategy. Such an approach leverages existing ERM systems and embeds management of ESG risks and opportunities into activities at the operational level.

Why integrate ESG now?

When talking about the multiple facets of ESG, it quickly becomes clear that no organisation is immune to these forces, and while organisations in different sectors will face different challenges, almost all of them will need to address multiple ESG matters simultaneously.

ESG issues vary across geographies and jurisdictions. For example, the EU’s Corporate Sustainability Reporting Directive (CSRD) requires companies to report on the environmental and societal impact of their activities and requires limited assurance on nonfinancial reporting. Regulatory priorities in various geographies, together with the range and complexity of issues, strengthens the business case for taking an integrated approach to ESG. Such an approach will give senior executives and the board a clear, enterprise-wide view of ESG risks and opportunities and their potential impact on various stakeholders.

Senior leadership teams need to consider a lot of different stakeholders’ concerns when talking about ESG issues. The list of stakeholders includes investors, customers, employees, suppliers, regulators, standard setters and communities. All of these groups have different concerns that translate to an urgent need for senior leaders to develop a more outside-in point of view to see the full range of ESG issues as seen by external stakeholders.

Three key tasks

To translate integrating ESG into Integrated Risk Management into actionable steps, we offer a glimpse into three keys tasks every senior leadership team needs to consider.

Developing a risk taxonomy

The organisation’s risk taxonomy underpins everything from the risk register, to risk monitoring, to data analytics, to visualisation tools such as heat maps. Historically, organisations have focused mainly on strategic, financial, operational, cyber, compliance, and legal risks. More recently, the focus has expanded to technological and reputational risks.

Assessing Materiality

The concept of “double materiality,” first proposed by the European Commission in Guidelines on Non-financial Reporting 12, 13, is gaining traction. Furthermore, the new CSRD specifies the concept and tightens the scope of application. The double materiality concept can help in identifying and prioritising material ESG risks, opportunities and impacts considering their effect on enterprise value (outside-in perspective) and the enterprise’s impact on the environment and society (inside-out perspective).

Incorporating ESG in risk appetite

The organisation’s risk appetite framework should address ESG risks. Used internally, risk appetite sets the nature and level of risk that the organisation is willing to accept, both overall and in specific risk domains, while pursuing its strategic goals and objectives. Risk appetite may be communicated to external stakeholders, for example in a risk appetite statement in the annual report and should fulfil any disclosure requirements established by regulators. Indeed, regulators are increasingly setting ESG disclosure requirements, particularly in the EU, and we expect this trend to continue globally.

ESG risk response, monitoring and reporting:

  • Integrating ESG with IRM positions in the organisation to more effectively address short-, intermediate-, and long-term ESG risks is an important step for leadership teams to effectively handle those risks in the future.
  • Forces like given weather events, societal change, immigration patterns, and political developments in many regions also present opportunities to create value in new ways by understanding and responding positively to stakeholders’ ESG expectations.
  • Updating and expanding strategic planning, reporting systems, scenario analysis, and the target operating model to integrate ESG into IRM and the business now stands among the highest leadership priorities.
  • We trust that the foregoing will position your executive team and board to improve its approach on the integration of ESG into risk management and enable your enterprise to thrive. We also stand ready to assist you in any aspect of this process as you move forward.

This article is part our Integrated Risk Management series, which explores various themes and approaches to management and governing risk.

Managing the tension between the good of the organisation and the good of society will test the mettle of senior leadership teams for years to come.
Read the full report here.