Making ESG Part of the Wider Enterprise Risk Management Framework

By Gary Lynam, Director of Customer Success, EMEA at Protecht.

Today it seems that the issue of Environmental, Social and Governance (ESG) is being talked about everywhere and has important implications for a wide range of stakeholders that includes directors, investors, employees, suppliers, and employees for whom performance against ESG objectives counts.

Indeed, the overarching themes of diversity, sustainability, and adherence to the standards and principles of good conduct that ESG encompasses are integral to an organisation’s wider enterprise risk management (ERM) strategy for addressing the risks that could potentially impact a company’s financial and operational performance or brand reputation.

ESG performance matters

Today’s stakeholders are asking hard questions about the ESG performance of companies. From assessing the environmental impact of their products and services, to evaluating if organisations treat employees, suppliers and partners fairly and equitably and appropriately monitor their supply chains. Failing to deliver against these expectations will result in a backlash from disaffected investors, customers and employees.

For example, a growing number of consumers are opting to buy goods and services from organisations based on their ethical practices and position on ESG-related matters. Similarly, employees are becoming more selective when it comes to working only for organisations whose values align with their own.

Meanwhile, ESG standards, regulations and reporting requirements in jurisdictions around the globe are on the rise. This means that action on ESG risk needs to go beyond lip service.

Defining objectives with ESG

Getting to grips with ESG begins with identifying which stakeholders have an interest or are affected with ESG, and viewing each stakeholder’s objectives through an environmental, social and governance lens.

For example, from an environmental perspective, what do consumers expect in relation to how products and services are sourced or delivered. Similarly, what specific requirements do environmental regulators have in relation to the company’s operations.

Changing social expectations mean that organisations are being held to account on issues related to human rights, minimum working conditions, community engagement and diversity. In some cases, these expectations are becoming enshrined in law.

Meanwhile, when it comes to governance, processes and systems need to be in place to assure compliance with legislation and maintain adherence to the principles of good conduct. Good governance is critical for driving the policies and resource allocation that will be needed to address social and environmental issues and achieve specific ESG objectives.

Having identified their stakeholder groups – society, customers, employees, suppliers and third parties, regulators and shareholders - organisations next need to identify the specific objectives that are ESG related. For example, enhancing and protecting the environment, satisfying customers in

relation to their ESG values, creating a satisfied and motivated workforce, and compliance with ESG-related regulations and reporting requirements.

Next, organisations will need to identify the risks that could impact achieving these objectives.

Analysing risk to a key ESG objective

Let’s take a look at how a transport company with a fleet of combustion vehicles and a variety of warehouse locations could analyse how risk could impact its ability to achieve a key ESG objective: reducing long term carbon dioxide emissions within a measurable timeframe and target.

First, the company identifies three critical success factors for achieving this objective: refreshing its fleet with electric vehicles, installing solar panels at all warehouses and installing energy management software.

Next, it defines how potential risks could unfold that will prevent the achievement of key environmental goals. For example, climate change related issues impacting the global supply chain for electric vehicle production means the full fleet may not be replaced within the stated timeframe. An outcome that means that carbon emissions won’t be reduced as expected and consumer sentiment could be negatively impacted due to the continued use of fuel-based vehicles.

ESG reporting

When it comes to ESG reporting, there are three key requirements to consider: internal reporting to the Executive and Board in relation to ESG objectives, regulatory reporting and disclosure requirements, and the external reporting expectations of stakeholders like investors and third parties. In some jurisdictions, ESG reports or statements will also need to be assured by an independent assurance provider.

Having determined what reporting needs to be produced, data will need to be collected from a number of different departments and specialist teams across a variety of different geographic locations or processes.

The complexity of this process means organisations should ideally use a system that automates notifications to individual stakeholders, tracks progress against defined objectives, aggregates information that already exists and links reporting obligations such as modern slavery to the organisation’s ESG reporting metrics.

Finally, ESG has implications for the enterprise’s third-party risk management programme. In 2021, eight former child labourers from Mali filed a lawsuit against several major chocolate factors alleging they knowingly engaged in forced labour. Scandals like this mean organisations need to up their focus on due diligence of their supply chains and proactively seek assurances as part of their third-party engagement practices.

Integrating ESG into the wider ERM framework

Touching many aspects of an organisation’s management processes, systems and governance, it is essential that ESG should not be viewed as a standalone siloed concept. Fortunately, organisations can integrate ESG into their wider ERM framework which considers and manages how uncertainty affects the achievement of key organisational objectives.

For ESG this manifests in two primary ways; managing operational, financial and strategic risks that could impact on ESG objectives, and managing the effect that ESG factors have on other enterprise objectives.

ERM is the ideal place to consolidate many aspects of ESG and manage all ESG risk-related matters as well as compliance, metric monitoring and reporting - and be ideally positioned to perform successfully in today’s stakeholder economy.

By Andy Mills, VP of EMEA, Cequence Security.
By Paul Birkett, VP Strategic Portfolio Management at Ricoh Europe.
By Liz Centoni, Chief Customer Experience Officer, Cisco.
By Lars Rensing, CEO of Protokol, DPP Solution Provider .
The IT world is moving faster than it has ever been. As a manufacturer, the only way to compete and...