Integrating ESG risks into the regular risk management process: How to do it

building-with-big-windows-and-greenery-outside
Written by
Max Kollberg
Reading time
4 min

ESG risks have been part of many companies' risk management in one way or another for some time, even if it has not been specified and a strategy has not been formulated for it. Is your company one of them? Increased pressure from investors and upcoming regulatory requirements mean that companies must start working more strategically with ESG risks, and an important part of this is to integrate those risks into the existing risk management process. Here's how to get started.

The work on ESG risks and the regular risk management process look similar, but the why of it is different. The regular risk management process usually focuses on identifying, assessing, managing and minimizing risks associated with the company's activities. These risks can be financial, operational, strategic or other types of risks that can adversely affect the organization's operations, objectives and performance.

ESG risks include the identification of environmental, social and governance (ESG) risks. These include risks related to climate change, environmental degradation, resource use, labor conditions, human rights, ethics and corruption. ESG work usually requires a greater commitment involving, for example, society, employees and regulators.

Towards proactive sustainability and risk management

Both ESG risk management and the regular risk management process aim to minimize losses and damage to the company's operations and assets, ensure efficient operations and sustainable, profitable business. Integrating ESG into the regular risk management process contributes to proactive sustainability and risk management, better regulatory compliance and improved opportunities to obtain new financial opportunities to expand the business. In addition, it enables the company to become a more attractive employer.

No matter what industry your company operates in and the size of the company, ESG factors with risk assessment should be integrated into decision-making. ESG-related issues can cause significant financial damage and negatively impact a company's reputation if risks are not identified and addressed.

The process - step by step

  • Introduce
    Success requires a holistic approach that engages the entire organization and ensures that all aspects are integrated into decision-making and operations. A good start is to begin by understanding the purpose of risk management. If everything is implemented at once, there is a high risk that you will fatigue the organization with the major changes in culture and decision-making it entails. Try to use the same 'risk language' to make it easier to get started, but also when comparing different risks and communicating to stakeholders. Management and employees also need to gain a basic understanding of ESG as a concept, its relevance to the company and risk.

  • Identify
    Based on the dual materiality analysis or other frameworks/standards, analyze and identify which ESG-related risks may affect the company's operations and performance, and how the company impacts the external environment. Identify relevant ESG factors for your own organization, and analyse how each factor may affect your business and its objectives. This will create a better understanding of the entire value chain, facilitate resource optimization, manage overhead costs and investments. It will also make it clearer who the company is working with and avoid questionable partners.

  • Quantify
    Use appropriate, existing methodologies to quantify, value and assess the risks, both in terms of financial and non-financial consequences. ESG risks must be treated in a similar way to other operational risks, and included in reports and risk lists.

  • Implement and monitor
    Once risks have been identified, assessed and prioritized, they should be integrated into a regular risk management strategy, and specific actions and plans are required to manage and minimize these risks. It is not a matter of reinventing the wheel, but of using the company's existing practices and bringing ESG risks into a common space with other risks. Include ESG risks in the company's tools and policies, and ensure that the necessary processes, controls and methodologies are in place so that the risks can be systematically managed and monitored. Implement mechanisms to monitor and report the company's progress, and don't forget about continuous monitoring and reporting.

    Communicate and report risks to stakeholders as well and monitor the implementation of risk mitigation measures. To achieve comparability, reliability, transparency and quality, you need to be on top of risks and manage them when they are detected or when they occur.


MicrosoftTeams-image (357)
Max Kollberg, Product Growth Manager Risk & Control, Stratsys. Author of text.

Summary

ESG risks can damage the reputation and finances of any type of business, which is why it's so important to have a clear strategy and risk management in place. In order to proactively manage risk, you need a holistic view of all your company's risks, which can range from climate change to business transportation disruption. By having this in place, it is easier to achieve compliance.

A major challenge is to bring together verticals that work in silos with different interests. To succeed, a good internal culture and dialogue is needed as many parts of the organization are involved. A common platform makes it easier when people from different functions get a clear division of labor and overall picture as all risks are collected in one place.

Invest in a system support where you can work with risks and opportunities within the double materiality analysis. By integrating ESG work into the overall risk work of the organization, important synergies such as feedback mechanisms and cross-domain actions can be implemented in a more time-efficient way.