Every human being is programed to be a risk manager.
Through our natural fight or flight instincts, our bodies release hormones and chemical stimuli in response to dangerous situations. But if we don’t have all the information, we can’t respond to dangerous risks appropriately. And in those instances, it’s much more likely that we’ll get hurt.
On a very basic level, the same is true for business.
Enterprise Risk Management (ERM) is a compliance requirement in most jurisdictions and it’s something that all companies must do well in order to be profitable, successful – or even to survive.
Every company wants to understand potential risks and use informed decision-making to respond to them - simultaneously taking advantage of key growth and advancement opportunities along the way, building resilience and preparing for the future.
For many risks, like those related to operations or marketing strategies, companies are adept at predicting, understanding and managing their exposure. But for other risks, like emerging risks related to environmental, social and governance (ESG) issues, companies are less equipped - which is becoming a serious problem worldwide.
Ten years ago, the top global risks in terms of impact included only one ESG risk. But today, ESG risks account for four of the top five risks in terms of impact, according to the World Economic Forum's Global Risks Report. Historically, companies haven’t been able to deal with these kinds of risks very well.
Given this rapid shift in the risk landscape, many companies have not been able to keep the pace. Which is a problem because, to date, there is no globally accepted way for business to identify, understand and manage ESG-related risks.
This needs to change. We can longer deny that sustainability and ESG challenges are entering into the everyday business reality.
Risk management is a profession that is very much dependent on a process, and new work from the World Business Council for Sustainable Development (WBCSD) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) aims to show the risk and sustainability communities that ESG risks can fit into that process very well.
Together, in a historic partnership, the two organizations drafted the first-ever guidance for Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks, designed to help organizations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls.
The draft guidance takes the 20 principles of the revised COSO ERM framework and organizes them into seven modules for addressing ESG-related risks. This provides a practical process for companies to better integrate these issues.
It begins with establishing governance structures and processes and continues to move through ERM activities of identifying, assessing, responding, reviewing and communicating risks, while maintaining a line-of-sight to the business context and strategy, which sits at the center.
Today, nearly 70% of the world’s companies use the original COSO Framework for Enterprise Risk Management, so supplementing it with a framework for understanding and managing ESG risks is a significant step forward. It will also be relatively easy for companies to take this on – which will be beneficial for all parties involved.
Companies who understand and manage their risks fair better in the global economy and at home. In many cases, they attract better employees and better investments, which often translate into growth and sustained success.
As such, WBCSD and COSO both believe that better business risk management and decision-making will shift the global financial system to reward the most sustainable companies by moving capital allocation flows towards those companies who manage their all of their risks – from financial all the way through to social and environmental.
The idea isn’t to put pressure on risk managers, but rather to empower and educate them. Business should be aware of all potential ESG risks and should be doing more to bring these risks into the conversation.
When businesses, investors and other organizations fully understand their risks, they have the power to make better decisions. Having all the information, including information on environmental, social and governance (ESG)-related risks will help organizations improve their risk management profiles.
WBCSD and COSO are seeking public comment on Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks until 30 June to ensure that the business and regulatory community are represented in the final version. This is an opportunity to help drive positive change in corporate governance frameworks to have a massive sustainability impact.
Risk management has never been just about compliance, risk management is about doing good business, and on a basic human level, it’s about survival.