ESG Governance Risks Overview

ESG Governance Risks Overview

This is the third in a series of articles introducing the three components of ESG: Environmental Risk, Social Risk, and Governance Risk. 

When we discuss Environmental, Social, and Governance (ESG) risks, corporate governance is often downplayed. It is a mistake to think we already know about governance risks since we understand the concept of basic governance risk and compliance models. The governance risk model in ESG includes organizational leadership and decision-making that includes outside stakeholders and considers the environmental and social impact of the decisions made by those in leadership. In this article, we will reshape your understanding of governance risk as a component of ESG risks in preparation to face potential ESG issues.

What Is Governance Risk?

Governance risk includes the risks related to an organization’s ethical and legal management, the transparency and accuracy of a company’s financial performance, and involvement in other ESG initiatives important to stakeholders. At the top, the board of directors and senior management set the tone and policies permeating the organization. In a traditional view, the governance risk model operates within a three-line defense framework.  Policies and control procedures are implemented by the first line, supported and monitored by the second, and then tested by the third line of defense. This structured approach ensures a systematic evaluation of governance practices and ESG criteria, thereby mitigating the risks associated with ethical lapses, financial mismanagement, and inadequate transparency. When we take a more inclusive perspective, the governance risk model is also influenced by employees, investors, social pressure, politicians, and many others. These players increase pressure on the organization’s leadership to act in different ways. Corporate shareholders have the right to hold the company accountable for governance issues

Successfully managing governance risk not only safeguards providers and organizations against potential pitfalls but also contributes to the establishment of a robust ethical foundation that fosters trust and sustainability.

What Are Some Potential Governance Risk Issues?

Governance risk issues change over time. Currently, many of the problematic governance areas are common across industries. For example, the C-Suite and the board of directors are responsible for executive compensation, setting direction related to ESG initiatives, and addressing concerns related to data privacy. 

Executive Compensation

Executive Compensation has become a focal point in the realm of corporate governance, drawing heightened attention due to concerns surrounding seemingly disproportionate pay structures and the prevalence of “golden parachute” arrangements within executive contracts. In the spirit of ESG transparency, boards are setting policies to disclose a comparison of C-suite and board pay as a ratio to average employee compensation.

This commitment to transparency reflects a broader shift towards aligning executive compensation practices with principles of fairness, equity, and corporate responsibility. By disclosing the C-suite and board member pay ratios, organizations aim to provide stakeholders, including investors, employees, and the public, with a clearer understanding of the distribution and functionality of financial rewards within the company. This not only fosters transparency but also facilitates a more informed assessment of the organization’s commitment to social factors and ethical governance practices, which contribute to improved ESG scores, ESG performance, and attention from institutional investors looking for socially responsible investing opportunities. 

ESG Inaction 

Organizations face reputational risk when they do not follow through on ESG initiatives. The governance practices risk model oversees policy implementation for social and environmental risks, ensuring accurate reporting of efforts. It serves as a framework that ensures the effective execution of ESG strategy and policies within an organization. It encompasses the development, monitoring, and enforcement of guidelines to manage and mitigate risks associated with social and environmental issues.

In the context of social factors such as corporate social responsibility (CSR), the governance risk model focuses on overseeing the implementation of policies that promote fair labor practices, human rights, diversity and inclusion, and community engagement. Failure to act on these initiatives not only exposes the organization to potential legal and regulatory consequences but also undermines its commitment to ethical and socially responsible business practices. Similarly, in the environmental sphere, organizations may face reputational risks if they do not live up to their stated commitments regarding sustainable supply chain practices, resource conservation and biodiversity growth, and emissions reductions. 

The governance risk model ensures that accurate sustainability reporting mechanisms are in place to transparently communicate the organization’s efforts in meeting its key ESG metrics for success. These disclosures include but are not limited to, financial performance and climate-related financial disclosures, environmental impact and climate change metrics, corporate social responsibility, and other material ESG considerations. Failure to implement and report on these initiatives not only hinders progress toward a more sustainable future but can also lead to skepticism and distrust among stakeholders. This is especially true for European and American markets.

Customer Data Usage

The landscape of customer data usage and privacy has become a pivotal concern for good governance within organizations, reflecting a heightened awareness and scrutiny regarding the responsible handling of sensitive information. This is exemplified in instances where big tech companies in America have been called before the US Congress to explain how they capture and use customer data. It is ultimately the responsibility of the C-Suite and board members to establish and enforce internal policies and good governance practices that dictate data usage. Leadership’s decision-making plays a crucial role in shaping the ethical framework and practices related to the collection, storage, and utilization of customer data. The accountability for ensuring that data usage aligns with ethical and regulatory standards, legal requirements, and customer expectations ultimately rests on the shoulders of top executives and board members.

Addressing customer data usage within the framework of governance factors not only mitigates ESG and regulatory risks but also reflects a commitment to ethical business practices and respects stakeholder and shareholder rights. It underscores the importance of transparency, consent, and responsible stewardship of customer information and ESG data.

ESG Investment Decisions

Governance risks have a substantial influence on investment decisions, particularly within the realms of socially responsible investing (SRI), impact investing, and ESG (Environmental, Social, and Governance) funds. Investors employing SRI principles factor in governance considerations as a key component of their overall investment strategy. Companies with good governance and transparent practices are often favored within the SRI framework. Impact investing, emphasizing positive social and environmental outcomes, recognizes the pivotal role of governance in ensuring sustainable and responsible business practices. ESG funds, as a subset of SRI, integrate governance risk assessments into their investment processes, seeking to mitigate potential pitfalls associated with weak governance. In essence, governance risks play a critical role in shaping the preferences and choices of investors committed to incorporating ethical and sustainability criteria into their investment decisions.

How Do We Assess Governance Risk and Compliance?

Approaching a governance risk and compliance review can seem overwhelming for most auditors. Often the audit teams do not feel qualified to question the actions of the most senior organization or board members. The auditor’s role with governance factors is to evaluate the adequacy of the decision-making processes and the flow of information to the internal and external stakeholders

One stance on testing is to take a bottom-up approach to understand governance risk. This approach reviews the assurance, risk management, and regulatory compliance processes meant to inform and guide senior leadership. Essentially, this tests the assurance environment as a reflection of the top levels of governance. For example, transparency in executive compensation is tested as a mirror image of the governance perspective on race and gender pay equity. An internal audit of the corporate sustainability program would give insight into the board’s motivation for social responsibility. Risk management silos ignoring privacy regulations show leadership’s stance on data confidentiality.

As we reshape our idea of governance and seek to reduce risk in this area of ESG, we can rely on our tried and true understanding of risk management and compliance auditing skills. Auditors should consider the broader implications inferred from findings throughout the organization as these will provide a baseline for understanding governance risk.

Overcoming Top ESG Program Challenges

Internal audit has brought immense value by focusing efforts on important emerging ESG risks. Leading organizations have found their biggest challenges with managing an effective ESG program relate to:

  • having one system of record to track all ESG initiatives, ESG data, & claims.
  • evidence collection to substantiate the organization’s progress towards those public claims.
  • selecting the appropriate framework(s) to map against, such as SASB, GRI, and MSCI
  • consolidating results for ESG reporting purposes, whether into stand-alone ESG reports or as part of their broader annual reporting.

Whether you’re looking to start or accelerate your ESG journey, implementing connected ESG software can help your organization get on the right footing going forward in preparation for potential future regulatory requirements.


Wole Segun was Senior Manager of Solutions Advisory Services at AuditBoard. Wole joined AuditBoard from EY, where he spent 10 years providing business consulting services around Internal Audit, SOX compliance, and Enterprise Risk Management to clients across multiple industry segments. Connect with Wole on LinkedIn.