There is little doubt that environmental, social and governance (ESG) risks are becoming an increasing priority for organisations. Case in point, the environmental part of ESG alone is taking up more of companies’ time, particularly in countries like the UK where listed companies are now required to include TCFD disclosures in their annual reporting.
In response to the growing importance of ESG-related issues, organisations are now assessing their risk management framework to ensure that they are adequately prepared for the ESG risks they may face.
However, firms also need to establish a robust reporting framework to show that ESG risks are being managed.
While some companies are now in the process of refining their risk identification and reporting processes to capture ESG risks, others have their enterprise risk functions taking the lead and driving their organisation’s ESG risk strategy from scratch.
How are you ensuring you meet the needs of your organisation with regards to ESG?
At recent member meetings, which are attended by risk leaders from a range of different sectors – as well as companies at various levels of maturity – members benchmarked their approaches to developing an ESG strategy from scratch. We’ve distilled these peer-to-peer conversations into a 10-step process:
1. Communicate with senior leaders
Winning the support of the board is crucial, not only to access the resources needed to effectively identify, monitor and respond to ESG risks, but also to develop an understanding of how the organisation’s “ESG narrative” fits into the picture of the company presented externally.
Members agree this is a pivotal starting point for them when building their ESG strategy from the ground up.
In order to work out how – and what – to report to the market, risk teams can hold workshops with the board to drive home the importance of incorporating ESG into the company’s overall risk management framework and clarify what the board itself needs. For some members, the overarching goal might be to secure sustainability-linked finance.
2. Conduct a materiality assessment
Building off the work done with senior leaders and the board, the risk team can then go out to the rest of the business to underline and develop the connection between risk management and ESG. Some of the activities involved in this assessment can include:
Workshops with different teams across the business
Interviews with external stakeholders (e.g. investors)
Desk-based research into competitor reports
This process helps with the development of a reporting framework and key metrics, many of which can be pulled from industry frameworks.
3. Review and improve data where possible
For many companies, there will already be a lot of data and information in the business that can be used to illustrate the current status of ESG risks and whether they are being managed effectively or not.
However, if the quality of this data is not good enough, it may not be very useful (even if there is a lot of it). This is especially true for external reporting, as the low quality of this data will be scrutinised by external stakeholders.
This step can highlight where improvements are needed in data collection processes across an organisation, which not only improves the ESG risk framework but the overall risk management and assurance frameworks too.
Risk Leadership Network members can access the full version of this 10-step process, and others from our ESG better practice guidance, on our Intelligence platform. The guidance includes peer-contributed templates and risk framework blueprints, as members take advantage of the knowledge-sharing opportunities the network provides.
Check out other key projects happening in the network right now, including the latest version of our TCFD Reporting Comparison Tool that’s empowering members to benchmark their organisations against others as they prepare their own TCFD disclosures. For more information and to register for a demo of the tool, click here.