10.4 Frameworks for Sustainable Risk Management

In response to growing demands for transparency and accountability on environmental, social, and governance (ESG) issues, many voluntary frameworks have emerged. These frameworks provide companies with standardized structures to report on their ESG performance, catering to the information needs of external stakeholders.

Benefits of Voluntary Frameworks

Voluntary ESG reporting frameworks offer several advantages for businesses:

  • Standardization: They create a common language for ESG reporting, allowing for easier comparison between companies in the same industry.
  • Transparency: Following a framework helps companies disclose relevant ESG information to investors, regulators, and other stakeholders.
  • Improved Management: The reporting process can encourage companies to identify and manage ESG risks more effectively.
  • Enhanced Credibility: Alignment with a recognized framework can boost a company’s reputation for responsible business practices.

The table below highlights some of the prominent voluntary ESG reporting frameworks organizations use to disclose ESG risks and their management strategies.

Table 10.4.1: “Existing guidance to support external ESG-related risk disclosures” Enterprise Risk Management: enterprise risk management to environmental, social and governance-related risks, © 2018 Committee of Sponsoring Organizations of the Treadway Commission (COSO) and World Business Council for Sustainable Development (WBCSD). All rights reserved. Used with permission. (See Acceptable Use of COSO Materials [PDF] for permission details).
Framework Addresses financial filings, annual reports or ESG-specific reports Description
CDSB Framework Financial filings and annual reports
  • Recommends reporting requirements for disclosing environmental information in mainstream reports where that information is material to an understanding of companies’ financial risks and opportunities, as well as the resilience of their business models
  • Aligns with TCFD recommendations
GRI ESG-specific reports
  • Provides a widely adopted framework for reporting material economic, environmental, social and governance issues
  • Advises reporting on topics that present risks to a company’s business model or reputation
<IR> Framework Annual reports
  • Provides a framework for integrated reporting on all six capitals (i.e., financial, manufactured, intellectual, human, social and relationship, and natural)
  • Advises entities to disclose the specific risks that affect the ability to create value over the short, medium and long term and how the organization manages them
Recommendations of the TCFD Financial filings
  • Recommends voluntary disclosures for companies to report on governance, risk management and impacts of climate change on the organization
  • Includes industry-specific guidance
SASB Implementation Guide and Reporting Guidelines Financial filings
  • Provides a framework for management to assess financial materiality of sustainability issues, considering risk, for inclusion in financial reports
  • Recommends minimum disclosure requirements by sustainability issue
  • Includes industry-specific guidance
Sustainable Development Goals ESG-specific reports
  • Offers goals and targets that organizations can consider in presenting their impacts

Some of them are explained below:

UN Sustainable Development Goals (SDGs) as a Risk Management Tool

Video: “Do you know all 17 SDGs?” by United Nations [1:25] is licensed under the Standard YouTube License. Transcript and closed captions available on YouTube.

The 17 SDGs, adopted by all United Nations Member States in 2015, provide a shared blueprint for peace and prosperity for people and the planet. While primarily designed as development goals, they can also serve as a risk management tool for organizations. SDGs help identify potential sustainability risks and opportunities relevant to an organization’s operations and value chain. They provide a common language for communicating sustainability efforts to stakeholders. Aligning business strategies with SDGs can help organizations anticipate and mitigate future resource scarcity, climate change, and social inequality risks (UN Department of Economic & Social Affairs, n.d.).

Task Force on Climate-Related Financial Disclosures (TCFD) Recommendations

Video: “2020 TCFD Status Report – Message from Mike Bloomberg” by Secretariat TCFD [1:24] is licensed under the Vimeo Terms of Use. Transcript.

A world map with supporters for the TCFD. The map highlights that TCFD has 4,900 supporters across 103 jurisdictions worldwide.
Figure 10.4.1: “TCFD supporters around the world” by TCFD. Used under Fair Dealing for Educational Purposes (Canada).

The TCFD, established by the Financial Stability Board (FSB – an international body that monitors and makes recommendations about the global financial system), provides recommendations for more effective climate-related disclosures. TCFD framework focuses on governance, strategy, risk management, and metrics and targets related to climate risks and opportunities. It encourages scenario analysis to assess the potential impact of climate-related risks and opportunities on an organization’s business strategy and financial planning. TCFD recommendations help organizations integrate climate-related risks into their existing risk management processes (TCFD, n.d.).

Global Reporting Initiative (GRI) Standards

Video: “Sustainability reporting with the GRI Standards” by GRI Secretariat [2:41] is licensed under the Standard YouTube License.Transcript and closed captions available on YouTube.

GRI (Global Reporting Initiative) is an independent, international organization that helps businesses and other organizations take responsibility for their impacts by providing them with a global common language to communicate those impacts. The GRI Secretariat is headquartered in Amsterdam, Netherlands, and has a network of seven regional offices worldwide.

The GRI Standards are the widely adopted global standards for sustainability reporting. They provide a comprehensive framework for reporting on economic, environmental, and social impacts. GRI Standards help organizations identify and assess material sustainability topics, which often correlate with key risks and opportunities. The standards promote transparency and accountability in sustainability performance, which can enhance stakeholder trust and support risk management efforts (Global Reporting Initiative, n.d.).

Example

Selecting indicators to monitor risk

To determine appropriate indicators to monitor a risk, risk management and sustainability practitioners may leverage the entity’s key performance indicators (e.g., target employee retention, carbon intensity reduction target) or existing ESG-related frameworks used for sustainability reporting, such as the GRI. Although not designed to measure risks, the GRI indicators can provide example metrics used to review the organization’s response and performance. The table below shows how GRI’s water standard could be used for this purpose (COSO, 2018).

Table 10.4.2: “Example application of GRI to risk monitoring” Enterprise Risk Management: enterprise risk management to environmental, social and governance-related risks, © 2018 Committee of Sponsoring Organizations of the Treadway Commission (COSO) and World Business Council for Sustainable Development (WBCSD). All rights reserved. Used with permission. (See Acceptable Use of COSO Materials [PDF] for permission details).
Metrics Description
Risk Water scarcity impacts the entity’s ability to operate.
Response The entity is decreasing its water use, increasing its recycling and monitoring the water table to prevent further reductions.
Monitoring indicators
  • Total water withdrawal by source and allocable share of water availability
  • Total water sources significantly affected by withdrawal
  • Total volume of water recycled and reused

Risk Assessment Techniques for ESG-Related Risks

A good risk assessment isn’t just about listing potential problems. It’s about understanding how those problems could impact a company’s ability to achieve its goals. Organizations achieve this by (COSO, 2018):

  1. Identifying the Consequences: This means figuring out how a risk could affect the company’s operations, finances, or reputation.
  2. Choosing the Right Tools: Different risks require different assessment methods. Some might be evaluated with a simple scoring system, while others require more complex financial modelling.

These steps help guide discussions about which risks are most important to address. This prioritization considers two key factors:

  • Severity: How badly could this risk hurt the company’s ability to achieve its goals?
  • Risk Appetite: How much risk is the company comfortable taking on?

It’s important to remember that risk assessment isn’t a one-time, step-by-step process. Organizations may need to go back and forth between identifying risks, assessing them, and refining their priorities.

Here’s the catch: there’s no single “best” way to measure risk severity. The best approach depends on the specific risk and the data available. Similarly, the chosen assessment method will depend on the company’s risk prioritization.

Assessment Approaches

When evaluating the severity of ESG risks within the context of their business strategy, management needs to make informed decisions about the assessment approach. This involves selecting each risk’s most appropriate data, parameters, and assumptions (COSO, 2018).

A Toolbox of Techniques

There are several approaches to measuring ESG risk severity, both qualitative and quantitative:

  • Expert Input: Leveraging the knowledge of experienced professionals to assess risk likelihood and impact.
  • Forecasting and Valuation Techniques: Predicting potential financial consequences of ESG events using financial modelling or similar tools.
  • Scenario Analysis: Exploring possible future situations and their ESG risk implications for the business.
  • ESG-Specific Tools: Utilizing specialized software or frameworks for ESG risk assessment.
Table 10.4.3: “Measurement approaches” Enterprise Risk Management: enterprise risk management to environmental, social and governance-related risks, © 2018 Committee of Sponsoring Organizations of the Treadway Commission (COSO) and World Business Council for Sustainable Development (WBCSD). All rights reserved. Used with permission. (See Acceptable Use of COSO Materials [PDF] for permission details).
Approach Description Advantages and disadvantages
Expert input Expert input refers to a forecasting method that relies on a panel of experts (e.g., Delphi approach) or interviews and discussions with subject-matter specialists.
  • Relatively quick, limited analysis
  • Not always effective for ESG-related risks when relevant experts are not available to participate
  • May be appropriate for emerging risks where data is sparse
  • Allows criteria other than “likelihood” and “impact,” such as velocity or resilience, to be included in the risk assessment discussion
Forecasting and valuation Forecasting and valuation predicts the impact of a future event based on past and present data. Traditional ERM tools, such as statistical regression and Monte Carlo simulation, as well as tools that leverage big data and artificial intelligence, can support quantification of ESG-related risks.
  • Requires forecasting skills and internal or external data
  • Requires large amounts of data and probabilistic modelling tools
Scenario analysis Scenario analysis develops plausible pathways to describe a future state.
  • Requires forecasting and research of future outcomes
  • Allows simulation of events or disruptions
ESG-specific tools Tools and approaches are available in the Natural Capital Protocol Toolkit and Social & Human Capital Protocol Toolkit.
  • Leverages ESG issue and geography-specific assessment methods
  • Varying degrees of quality and maturity among the available tools

Beyond this core set, additional tools can support a data-driven approach:

  • Competitor Analysis: Comparing ESG practices and risks faced by competitors in the industry.
  • Stakeholder Assessments: Understanding the perspectives of key stakeholders like investors, regulators, and communities regarding ESG risks.
  • Peer Benchmarking: Measuring a company’s ESG performance against industry leaders to identify areas for improvement.
  • Data-Driven Approaches with Technology: Utilizing big data and advanced analytics to assess ESG risks more comprehensively.

By selecting the right tools and data for each risk, businesses can gain a deeper understanding of how ESG issues might impact their strategies and objectives (COSO, 2018).

Strategies for Responding to Sustainability Risks

The COSO ERM Framework provides a structure for selecting appropriate responses to identified ESG risks. These responses fall into five main categories:

Accept

Avoid

Pursue

Reduce

Share

Figure 10.4.2: “Five Main Categories of ESG Risk Responses in the COSO ERM Framework”

Accept

This involves taking no action to change the risk’s severity. It’s suitable when the risk falls within the organization’s risk appetite and is unlikely to worsen.

For instance, a manufacturer might accept potential human rights risks in its supply chain if they have low-risk suppliers and haven’t faced public pressure on the issue. The cost of mitigation programs might outweigh the perceived risk. However, accepting a risk requires continuous monitoring of the underlying assumptions. If circumstances change, a different response might be necessary.

Avoid

This strategy aims to eliminate the risk entirely or at least reduce its likelihood of occurring. Certain ESG risks might have a zero-tolerance policy, prompting complete avoidance.

For example, an insurance company might refuse to reinsure businesses heavily reliant on thermal coal. Similarly, a service provider to governments might avoid working in countries with high-risk corruption.

Pursue

This strategy transforms risks into opportunities. Responding to ESG risks can unlock new business avenues.

The Business and Sustainable Development Commission estimates that achieving the UN’s Sustainable Development Goals (SDGs) could generate over $12 trillion in business opportunities by 2030.

Reduce

This is the most common response when a risk’s severity exceeds the risk appetite. Organizations aim to lessen the risk’s impact through mitigation activities. This might involve:

  • Strategic Adjustments: Developing a new strategy, goal, or target to address the risk.
  • Human Capital Investment: Building a dedicated team or providing training to foster innovation with environmental benefits.
  • Process Improvement: Establishing codes of conduct, certification programs, and audit processes to manage risks and enhance stakeholder transparency.
  • Systems Implementation: Implementing management systems for ongoing monitoring of risks based on established standards.

Share

This involves transferring some or all of the risk to another party. Sharing can be achieved through insurance, outsourcing, or joint ventures.

Table 10.4.4: Examples of responding to risks through innovation ” Enterprise Risk Management: enterprise risk management to environmental, social and governance-related risks, © 2018 Committee of Sponsoring Organizations of the Treadway Commission (COSO) and World Business Council for Sustainable Development (WBCSD). All rights reserved. Used with permission. (See Acceptable Use of COSO Materials [PDF] for permission details).
ESG-related risk Responses Value created, preserved or realized
Scarcity of raw materials or excessive waste
  • Following a circular economy model, the Timberland apparel company and the tire manufacturer and distributor Omni United teamed up to produce a line of tires capable of being recycled into footwear outsoles once they reach end-of-life.
  • MUD Jeans identified an opportunity related to ownership for its products at end of life. Under a circular economy model, the company collects and recycles its products.
  • Pathway 21, which was developed beginning with a pilot project created by the United States Business Council for Sustainability Development, initiated the materials marketplace to facilitate company-to-company industrial reuse. Through the cloud-based platform, industrial waste streams are matched with new product and revenue opportunities, enabling a shift towards a circular, closed-loop economy.
  • Increased availability of raw materials through reuse
  • Improved profitability through sourcing lower-cost inputs
  • Improved reputation regarding material use and waste
Animal welfare
  • Procter & Gamble (P&G) identified a risk related to performing research on animals. In response, the company developed more than 50 alternatives and non-animal testing methods and has invested more than USD$410 million in finding alternatives and seeking regulator acceptance around the world. P&G scientists invented the first non-animal alternative to skin allergy tests.
  • Improved its reputation with animal rights activists
  • Leadership in delivery of non-animal testing methods resulting in satisfied and loyal customers
Climate change
  • An automobile company looks to reduce the greenhouse gas emissions of its products manufactures electric vehicles.
  • An energy company identifies pricing and availability risks related to conventional forms of energy and invests in renewable energy.
  • Microsoft, like a growing number of other companies, places a price on carbon for internal accounting purposes as part of its long-term risk management strategy. This enables the company to talk about carbon in the language of business and reward parts of the company that can demonstrate cost savings from lowering emissions.
  • Offered new, in-demand products
  • Enabled the company to meet rising customer demands for renewable energy
Employee retention
  • The hospitality industry has historically experienced low employee retention. Hyatt pursued this risk and now experiences an average tenure of more than 15 years for more than 14,000 housekeeping employees. The company offers a training program called “Change the Conversation,” which is based on principles from the Stanford School of Design that emphasize listening. Employees are encouraged to find new, creative ways to solve problems and accomplish everyday tasks.
  • Improved employee retention
  • Reduced hiring and retention costs
  • Enhanced efficiency and productivity from employee innovation
Changing customer profile
  • Westpac, an Australian bank, identified the rapidly changing shifts in societal demographics as one of the four issues material to its business. In anticipating the future needs of aging customers, Westpac developed new planning investment and insurance proceeds to increase financial security, including:
    • A product that allows customers to generate growth for retirement through their investment portfolio while preserving a minimum outcome at the end of an agreed term
    • A contact center for customers aged 50 or older
    • A life insurance product that provides customers with recommendations on life insurance tailored to their situation
  • Developed new products and services
  • Improved customer service
  • Captured new customers and retained existing customers

In conclusion, effectively managing ESG risks requires a tailored approach. Businesses can leverage various assessment tools and choose from a range of response strategies outlined by the COSO ERM Framework (Accept, Avoid, Pursue, Reduce, Share). By selecting the right response based on risk severity and appetite, businesses can navigate the ESG landscape, mitigate potential threats, and even unlock new opportunities, contributing to a more sustainable future (COSO, 2018).

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Risk Management - Supply Chain and Operations Perspective Copyright © 2024 by Azim Abbas and Larry Watson is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book