Environmental and Social Governance (ESG) is rapidly becoming a critical component of risk management and a key value driver. Whatever the structure, risk management of ESG must run right across the business and be embedded in the enterprise risk management processes. While risk management is not a new concept, many companies are refreshing their thinking about risk governance and oversight. Senior executives are increasingly being tasked with addressing ESG risks holistically. Success will depend on their ability to rapidly integrate ESG into their existing risk governance frameworks and methodologies.
An increasing number of companies view ESG through the lens of strategic opportunity identification and risk mitigation. This forward-looking approach positions them to get the most out of ESG investing trends and competitively differentiate themselves, triggered by the recognition of new factors affecting their business, such as climate impacts, energy transition, changing consumer sentiments, and investor and employee preferences. One such ESG risk which is growing in importance is IT and Data security. A recent example was the force majeure which was declared by the Transnet Port Terminals operating division at the container terminals in the ports of Cape Town, Durban, Ngqura and Port Elizabeth. The declaration of the force majeure retrospectively came into effect from the 22nd of July 2021 after Transnet experienced a cyber attack, necessitating that operations be conducted manually.
Another ESG risk faced by industry is how the environment is going to impact business. An example of this is how extreme weather conditions can have a massive impact on cargo ships and port operations, both in terms of cost and delay. Cargo ships are normally on a very tight schedule and the fuel consumption can be tens of thousands of dollars per day. Ports in Southern Africa have experienced more frequent extreme weather events primarily due to climate change. When hit by a storm, the losses are not only in days of delay but also in huge money loss as time may have to be made up with increased speed. Inevitably this increases fuel consumption. A delay will also disrupt several steps of the supply chain, from port operations to further transportation of intermodal cargo, affecting the customers in the end.
With the publication of the Global Risks Report 2021, the World Economic Forum shares the results of the latest Global Risks Perception Survey (GRPS), followed by an analysis of growing social, economic and industrial divisions, their interconnections, and their implications on our ability to resolve major global risks requiring societal cohesion and global cooperation. Among the highest likelihood risks of the next ten years are extreme weather, climate action failure and human-led environmental damage; as well as digital power concentration, digital inequality and cybersecurity failure. Among the highest impact risks of the next decade, infectious diseases are in the top spot, followed by climate action failure and other environmental risks; as well as weapons of mass destruction, livelihood crises, debt crises and IT infrastructure breakdown. Climate change, to which no one is immune, continues to be a catastrophic risk.
Senior Executives are increasingly being tasked with addressing ESG risks holistically. Success will depend on their ability to rapidly integrate ESG into their existing risk governance frameworks and methodologies.
With an ever-growing emphasis on ESG and a wide range of risks to manage, many Chief Risk Officers (CROs) are having to adjust their strategies accordingly to ensure that environmental, social and governance risks are fully integrated into the organisation’s Enterprise Risk Management framework.
By applying traditional risk fundamentals to ESG risk management, such as putting appropriate controls in place to mitigate inherent risk and ensuring accuracy and transparency in all communications, companies will be in a better position to derive value through improved ESG performance management.
The increased focus on ESG has not been due to specific laws or regulations mandating a new level of disclosure, but rather a broader understanding of the reputational and financial impact of handling these issues poorly. Pressured by institutional investors and shareholders alike, many companies are being compelled to manage their ESG risks and disclose these activities in their financial reports.
Investors perceive these issues as material to corporate performance, and they are demanding disclosures to help them gauge the likelihood of a financial performance impact. With this in mind, a systemic, integrated and intentional cross-enterprise approach is needed to normalise the evaluation of ESG risks and opportunities. Evaluating an enterprise’s ESG risk is now falling to the CRO supported by subject matter experts.
Failure to furnish capital providers with a credible assessment of the risks that face the organisation not only increases uncertainty about expected performance and the long-term viability of the individual company; it also leads to an increase in the cost of capital. Companies adhering to sustainability principles have become a preferred investment for private equity and institutional investors as a greater proportion of investors have elevated ESG as a major financial performance exposure. Against this backdrop, CROs must partner with senior executive leaders, finance, investor relations and corporate communications to assess and mitigate ESG risks and put forth a robust disclosure strategy.
Failure to furnish capital providers with a credible assessment of the risks that face the organisation not only increases uncertainty about expected performance and the long-term viability of the individual company, it also leads to an increase in the cost of capital.
CROs can consider the different facets of these risks, put appropriate mitigation and monitoring practices in place, and ensure accuracy and transparency in sending out the right message. These are traditional risk management fundamentals, applied to a different space. When new risks appear, or existing risks become more salient, inevitably, stakeholders with an interest in the long-term value of the company will insist that these risks are properly identified, measured, mitigated and disclosed. Like other risks, the occurrence and significance of ESG risks will vary between individual companies and across industries. Such differences may arise with respect to products, processes, organisational structure, business relationships and geographical location.
The challenge facing organisations is how to navigate the plethora of ESG parameters to determine which are material risks to their business. However, if the demand for attention to certain ESG risks that are deemed immaterial by the company is backed by capital providers that are indispensable to the company’s capital supply, neglecting them may in itself become a material risk, affecting the company’s cost of capital.
A fundamental step in determining what ESG factors matter most is for companies to undertake a sustainability materiality assessment. This assessment involves engaging with a company’s relevant, senior stakeholders to identify and prioritise the ESG topics that are most aligned to the business and where the company can make the most meaningful impact.
This is a critical early step as it helps companies filter the excessive number of ESG issues into a more manageable set upon which to focus. Managing and disclosing information pertaining to ESG risks is challenging when it comes to the conformity of metrics and specific language used.
A fundamental step in determining what ESG factors matter most is for companies to undertake a sustainability materiality assessment.
To this end, the emergence of several sustainability reporting frameworks (SASB, GRI, IIRC, CDSB), disclosure projects (CDP, TCFD) and ESG ratings agencies (MSCI, Sustainalytics) have been valuable; but it has also left organisations with a massive task in reporting specifically to each framework, each with its own unique requirements and data collection and validation processes. This is in itself is, however, a topic for another time. It is mentioned here as these ESG instruments provide organisations with a starting point to identify ESG risks and determine their materiality to the organisation.
Given the importance that investors assign to the management of ESG, the board has a major role to play in leading organisations on these issues. To do this, ESG must be a strategic priority and committees must be assigned oversight responsibilities. This said, ESG should be firmly integrated into the risk committee mandate.
The role of the risk committee is to perform an oversight function. In doing so, it should consider the risk policy and plan, determine the company’s risk appetite and risk tolerance, ensure that risk assessments are performed regularly, and ensure that the company has and maintains an effective on-going risk assessment process, consisting of risk identification, risk quantification and risk evaluation. This risk assessment process (using a generally recognised methodology) should identify risks and opportunities, and measure their potential impact and likelihood.
It is time for CROs to understand ESG risks and how they impact their organisations both in the short term and the long term. It is also time for risk methodologies to be inclusive of ESG risk assessment and quantification.
Brondwyn Douglas is a Sustainability and Environmental, Social and Governance (ESG) Specialist with 17 years’ industry experience. For the last 10 years, her principal focus has been on ESG due diligence, ESG/Sustainability management systems development, sustainability strategy development, as well as reporting and associated performance management in line with internationally accepted standards. Linkedin