Environmental, social, and governance (ESG) risks are making waves throughout the corporate world. Recently, J. P. Morgan Chase announced plans to commit $2.5 trillion over ten years to “advance long-term solutions that address climate change and contribute to sustainable development.” Citi Bank has similarly committed $1 trillion for environmental, diversity, equality, and other socially responsible initiatives. Bank of America also set a goal of $1 trillion to push for environmental sustainability. With this much capital on the line, ESG risks must be on every risk management and internal audit professional’s radar.
What Are ESG Risks?
ESG risks include concerns related to environmental, social, and governance topics. In the past, many organizations viewed ESG as a compliance function instead of a socially responsible action. Policies would include references to health and safety regulations like OSHA in the US, which dictates specific areas for health and safety compliance in the workplace. Now organizations realize that ESG is a long-term commitment to their employees, their customers, and the company’s sustainability as a whole. On her first day as CEO, Jane Fraiser of Citi said, “Our commitments to closing the gender pay gap, to advancing racial equity, and to pioneering the green agenda have demonstrated that this is good for business and not at odds with it.” The flip side of this statement is that ignoring these initiatives presents a risk that auditors should investigate as an area for control.
How Can We Assess ESG Risks?
Assessing ESG risks will evolve, especially as risk managers and internal auditors become more familiar with ESG risk impact and socially responsible actions grow. To start, we can split the ESG factors into three categories and break these down into more detailed risks. The actual risks you add to your risk assessment may vary depending on the nature of your organization and industry.
Environmental risk is generally seen as a factor that contributes to climate change. Detailed risks would consider how the organization manages or supports others who manage areas like the transition to renewable energy, protection of the oceans, water conservation, waste reduction, and recycling.
Social risk is an ESG factor that includes fairness in recruiting, hiring, promoting, and paying all employees, all of which are factors in diversity and equity. Similar areas include bullying, sexual harassment, and discrimination. Social risks include providing services to economically depressed areas or supporting equality in education efforts for other organizations.
In the context of ESG risks, corporate governance risk is the oversight and implementation of programs and processes to mitigate the risks discussed above. Without proper corporate governance, the environmental and social programs can lose momentum, and funding can be reallocated. Another risk to the ESG program occurs when policies are written but never fully implemented or enforced. The result of this risk is sometimes called performative activism, where the actions are high-level without substantial work to back up the stated commitments.
Time to Add ESG Risks to Your Audit Plan
When considering risks to cover in your audit plan, take the time to assess ESG risks for your organization. ESG risks will continue to evolve, and our ability to measure the impact of these risks will mature. While some may think these risks are covered under compliance or reputation risks, ESG captures a unique set of risks that supersede the scope of both.
ESG Risk Management Technology
When planning your environmental, social, and governance risk assessment, consider building the library of risks and controls specific to your organization into a risk management application. Establishing effective risk management capabilities is an integral part of driving better business decisions and is critical to assist with the maturity growth of your team. Find out how AuditBoard can help you manage, automate, and streamline your risk management program, and help you turn your ESG risks into opportunities to gain a competitive advantage.
Wole Segun was Senior Manager of Solutions Advisory Services at AuditBoard. Wole joined AuditBoard from EY, where he spent 10 years providing business consulting services around Internal Audit, SOX compliance, and Enterprise Risk Management to clients across multiple industry segments. Connect with Wole on LinkedIn.