A joint report published as a preliminary draft in February 2018 by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) and the World Business Council for Sustainable Development (“WBCSD”) included a telling comparison of the results of surveys conducted by the World Economic Forum (“WEF”) that showed that the prevalence of risks related to environmental, social and governance (“ESG”) steadily increased from 2008 to 2018 while the more traditional economic, geopolitical and technological risks became less dominant. For example, in 2008 only one societal-related risk (“pandemics”) was reported to be among the top five risks in terms of impact in that year’s “Global Risks Report”; however, by 2018 four of the top five risks in the report were either environmental- or social-related: extreme weather events, water crises, natural disasters and failure of climate change mitigation and adaptation. Apart from the WEF survey, news reports have made it clear that companies all around the work have been suffering severe, and sometimes enterprise-ending, adverse financial and/or reputational impacts from events commonly placed under the umbrella of environmental and social responsibility including product safety recalls, worker fatalities, the discovery of illegal child labor in their supply chains, polluting and delays in the delivery of materials due to climate-related disasters suffered by suppliers.
For COSO and the WBCSD all of this was clear evidence that companies needed to make fundamental changes in their ERM strategies and systems to ensure that they were effectively expanded to include ESG-related risks. From their perspective this means companies must identify and prioritize a new set of risks and build them into their ERM strategies, processes and practice and also realize that there new opportunities associated with dealing with these risks that can create real value for their investors and other stakeholders. COSO has defined ERM broadly as “the culture, capabilities and practices integrated into strategy and execution that organizations rely on to manage risk and in creating, preserving and realizing value”. COSO and the WBSCD illustrated their point as follows:
- Environmental issues include energy use and efficiency, climate change impacts and use of ecosystem services. Associated risks include higher-than-average energy costs that cause companies to miss profit targets and greater frequency of extreme weather events that adversely impact operations; however, companies can take advantage of opportunities such as an internal carbon pricing scheme to reduce greenhouse gas emissions and energy costs and using byproducts in waste processes to create new income streams in adjacent industries.
- Social issues include employee engagement, labor conditions in the supply chain and poverty and community impacts. Associated risks include increased costs and missed profit targets due to low engagement and high turnover and challenges with local governments to maintain operating permits due to lack of support for local communities; however, companies that can successfully engage with employees and create a diverse workforce will enjoy greater loyalty among their workers and be able to attract top talent and companies that can provide education to members of the local community can improve their standard of living, build stronger bonds with the community and strengthen opportunities to sell goods within the community and recruit local workers.
- Governance issues include codes of conduct, accountability and transparency and disclosures. Associated risks include negative company performance due to poor board oversight and reduced access to financing due to limited transparency; however, proactive embrace of ESG issues and risks as a focal point of the board’s oversight responsibilities will satisfy the new expectations of institutional investors who are demanding that their companies consider ESG-related risks and opportunities as core to their business.
COSO and the WBSCD expressed concern that while companies appear to understand the importance of ESG-related risks, they have been slow to integrate them with traditional risks. For example, they pointed to evidence of significant misalignment between risks deemed material in sustainability reports prepared by companies and the risks that the companies disclosed in their traditional financial and legal reports. Among the possible reasons for this misalignment were the following:
- The challenges of quantifying ESG-related risks in monetary terms due to the fact that they were often long-term risks with uncertain impacts over an unknown time period. The inability to place a “cash value” on these risks makes it difficult for companies to prioritize them and determine the amount of resources that need to be addressed in order to manage and mitigate those risks.
- A lack of knowledge of ESG-related risks and poor communication and collaboration between risk and sustainability professionals, a situation that has often led to ESG-related risks being viewed as separate and less important than traditional strategic, operational and financial risks.
- The lack of a mainstream practice for integrating reporting of ESG-related risks into traditional financial reports and the difficulties of determining which of those risks is sufficiently material to require reporting.
The problems mentioned above are being addressed in a number of ways including organizational structures that embed sustainability throughout the organization, rather than in a separate unit, and continuous improvements to reporting regimes that make it easier for companies to align strategic, operational, financial and ESG-related risks in their disclosures to regulators and other stakeholders. In 2017 COSO released an initial draft of an updated framework for ERM that reflected the evolution of enterprise risk management and the need to integrate ERM with strategy and performance and incorporate ESG-related risks and opportunities. The framework consisted of the following five components and associated principles that included establishing governance for effective risk management, understanding the business context and strategy, identifying, assessing and prioritizing ESG-related risks, responding to ESG-related risks, reviewing and revising ESG-related risks and, finally, communicating and reporting on ESG-related risks. COSO and WBSCD argued that integrating ESG-related risks into their ERM would allow companies to enhance their resilience, develop a common language for articulating risk, improve resource deployment, enhance pursuit of opportunity, realize efficiencies of scale and improve transparency and disclosure to address the expectations of investors.
Sources for this article included Enterprise Risk Management: Applying enterprise risk management to environmental, social and governance-related risks (Committee of Sponsoring Organizations of the Treadway Commission and the World Business Council for Sustainable Development, Preliminary Draft published February 2018).
This article is adapted from material in Sustainability and Corporate Governance: A Handbook for Sustainable Entrepreneurs, which is prepared and distributed by the Sustainable Entrepreneurship Project and can be downloaded here.
Alan Gutterman is the Founding Director of the Sustainable Entrepreneurship Project, which engages in and promotes research, education and training activities relating to entrepreneurial ventures launched with the aspiration to create sustainable enterprises that achieve significant growth in scale and value creation through the development of innovative products or services which form the basis for a successful international business. Visit the Project’s Library of Resources for Sustainable Entrepreneurs to download handbooks, guides, articles and other materials relating to sustainable entrepreneurship and keep up with the Project’s activities by following Alan on LinkedIn, Twitter and Facebook.