Better Risk Management: It’s about Survival

Rodney Irwin | May 4, 2018 |

Every human being is programed to be a risk manager.

Through our natural fight or flight instincts, our bodies release hormones and chemical stimuli in response to dangerous situations. But if we don’t have all the information, we can’t respond to dangerous risks appropriately. And in those instances, it’s much more likely that we’ll get hurt.

On a very basic level, the same is true for business.

Enterprise Risk Management (ERM) is a compliance requirement in most jurisdictions and it’s something that all companies must do well in order to be profitable, successful – or even to survive.

Every company wants to understand potential risks and use informed decision-making to respond to them - simultaneously taking advantage of key growth and advancement opportunities along the way, building resilience and preparing for the future.

For many risks, like those related to operations or marketing strategies, companies are adept at predicting, understanding and managing their exposure. But for other risks, like emerging risks related to environmental, social and governance (ESG) issues, companies are less equipped - which is becoming a serious problem worldwide.

Ten years ago, the top global risks in terms of impact included only one ESG risk. But today, ESG risks account for four of the top five risks in terms of impact, according to the World Economic Forum's Global Risks Report. Historically, companies haven’t been able to deal with these kinds of risks very well.

Given this rapid shift in the risk landscape, many companies have not been able to keep the pace. Which is a problem because, to date, there is no globally accepted way for business to identify, understand and manage ESG-related risks.

This needs to change. We can longer deny that sustainability and ESG challenges are entering into the everyday business reality.

Risk management is a profession that is very much dependent on a process, and new work from the World Business Council for Sustainable Development (WBCSD) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) aims to show the risk and sustainability communities that ESG risks can fit into that process very well.

Together, in a historic partnership, the two organizations drafted the first-ever guidance for Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks, designed to help organizations worldwide respond to the increasing prevalence and severity of ESG-related risks, ranging from extreme weather events to product safety recalls.

The draft guidance takes the 20 principles of the revised COSO ERM framework and organizes them into seven modules for addressing ESG-related risks. This provides a practical process for companies to better integrate these issues.

It begins with establishing governance structures and processes and continues to move through ERM activities of identifying, assessing, responding, reviewing and communicating risks, while maintaining a line-of-sight to the business context and strategy, which sits at the center.

Today, nearly 70% of the world’s companies use the original COSO Framework for Enterprise Risk Management, so supplementing it with a framework for understanding and managing ESG risks is a significant step forward. It will also be relatively easy for companies to take this on – which will be beneficial for all parties involved.

Companies who understand and manage their risks fair better in the global economy and at home. In many cases, they attract better employees and better investments, which often translate into growth and sustained success.

As such, WBCSD and COSO both believe that better business risk management and decision-making will shift the global financial system to reward the most sustainable companies by moving capital allocation flows towards those companies who manage their all of their risks – from financial all the way through to social and environmental. 

The idea isn’t to put pressure on risk managers, but rather to empower and educate them. Business should be aware of all potential ESG risks and should be doing more to bring these risks into the conversation.

When businesses, investors and other organizations fully understand their risks, they have the power to make better decisions. Having all the information, including information on environmental, social and governance (ESG)-related risks will help organizations improve their risk management profiles.

WBCSD and COSO are seeking public comment on Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks until 30 June to ensure that the business and regulatory community are represented in the final version. This is an opportunity to help drive positive change in corporate governance frameworks to have a massive sustainability impact.

Risk management has never been just about compliance, risk management is about doing good business, and on a basic human level, it’s about survival.

Rodney Irwin

Managing Director of Redefining Value and Education, World Business Council for Sustainable Development

Rodney Irwin is the Managing Director of Redefining Value and Education at the World Business Council for Sustainable Development. In this role, Rodney is responsible for a portfolio of projects designed to advance risk management, reporting, assurance and the measurement and valuation of natural and social capital. In addition, he is the course director of WBCSD’s Leadership Program and leads WBCSD work on education and manages the relationship with WBCSD’s education partners. He holds a degree in economics, a master’s degree in management and a doctorate where he researched comparative corporate governance and its interrelationship with ethical decision making and reporting at ISM Paris. Rodney also has a master’s in sustainability leadership from Cambridge University. Professionally he is a Fellow of the Institute of Chartered Accountants in Ireland, a Certified Fraud examiner, a Certified Compliance and Ethics Professional and a Specialist member of the Institute of Risk Management UK.

Join the Conversation

To leave a comment below, login or register with IFAC.org

Thank you for your interest in our publications. These valuable works are the product of substantial time, effort and resources, which you acknowledge by accepting the following terms of use. You may not reproduce, store, transmit in any form or by any means, with the exception of non-commercial use (e.g., professional and personal reference and research work), translate, modify or create derivative works or adaptations based on such publications, or any part thereof, without the prior written permission of IFAC.

Our reproduction and translation policies, as well as our online permission request and inquiry system, are accessible on the Permissions Information web page.

For additional information, please read our website Terms of Use. ALL RIGHTS RESERVED.