Integrating ESG risks into your ERM is the first step to realizing benefits
Many companies are struggling to integrate these considerations into their enterprise risk management (ERM) systems. That’s due in large part to the fact that these risks can have drastically different impacts from one business context to the next.
Consider biodiversity. For one corporation, biodiversity risk could be primarily tied to its use and management of freshwater resources. For another, biodiversity risk could take shape in the way that clearcutting trees exposes vulnerable species to new threats or increases soil erosion. In both examples, the way a business navigates those unique situations can either risk reputation — or redefine it in the eyes of stakeholders.
But it’s not always easy to figure out the right way to start. At EY, we recommend embracing a five-step approach:
1. Start with an ESG materiality assessment.
A materiality assessment is typically conducted every year and helps prioritize the most important ESG topics as determined by internal and external stakeholder expectations. While this process is owned by the sustainability function, the risk group should participate in the surveys/workshops/interviews that help pool perspectives from across the organization from executives to staff. By engaging a variety of different business units, ESG topics and risks are considered from a corporate, operational and asset-based perspective.
2. Connect diverse ESG stakeholders together through workshops.
Once you have a framework for what ESG topics are most important to your organization, it’s time to dive deeper into each topic and flesh out multiple risks that could stem from that topic. This entails investigating the specific/granular areas where you’re most exposed, and where the company is having the most impact on its people, stakeholders and the environment, to name a few. Doing so requires a multitude of voices drawn from across the organization. You need a broad understanding of the different aspects that impact a given ESG topic. This requires a broad base of perspectives around how that risk impacts their part of the business, as well as external stakeholders and others.
3. Prioritize risks based on likelihood and severity.
Not all ESG risks are created equal. It’s important to understand their likelihood and potential severity. Enter the need to move through workshop(s) that help you associate potential impacts with the risks identified. It’s also essential to note that risk mitigation strategies must be set and monitored following ESG risk identification to realize desired outcomes. This also includes identifying a clear owner for each risk to ensure accountability.
At the same time, as risk mitigation strategies are devised, opportunities arise to emerge as an industry or sector leader on a particular ESG risk or topic. This type of leadership doesn’t have to span all risks, but it does help raise the bar on topics/risks of strategic importance. This could include anything from leading-class water management efforts to biodiversity action grounded in commitments to being nature positive (as per the Taskforce on Nature-related Financial Disclosures).
All of this can generate positive impact, dialogue and recognition. It’s essential to escalate these types of risk mitigation strategies, not only to elevate the importance of the efforts underway, but also to help leaders and executives understand the opportunities at hand.
4. Integrate top risks into ERM systems and ensure clear reporting.
Absorbing the top ESG risks into the company-wide risk register and management system (ERM) is an important step in accounting for priority ESG risks. This is the right time to start thinking about how you’ll also incorporate the appropriate reporting structures for these newly embedded risks, and how you want to disclose action on these through a variety of reporting avenues.
5. Stay agile by creating continuous processes for updating ESG risks.
Nothing is static. New risks are emerging all the time. That means it’s not enough to simply embed ESG risks into the ERM structure once. Setting up quarterly or semi-annual touchpoints between the sustainability and risk teams will lead to better integration and better risk mitigation. Once you’ve built the foundation, this process is easy to maintain. Over time, it may even start to feel natural to the team.
What’s the bottom line?
Getting strategic about identifying and managing ESG risks not only helps to prevent negative outcomes. It also helps you create value. Action on strategic ESG risks and topics can help differentiate you in an increasingly competitive market. Uncover what ESG risks and priorities matter most to your business and your stakeholders. Build ESG into the fabric of your ERM system and establish dialogue between business units. Aligning your ESG and ERM strategy in this way can generate real value and help build a company that doesn’t just work more efficiently — it will build short- and long-term value.