Why Spreadsheets are a Risk to Your Risk Program
Spreadsheets don't lead to improving the likelihood of desired business outcomes.
Accelerate Your ESG Program with Enterprise Risk Management
Environmental, social and governance (ESG) programs are hot topics in boardrooms today, as companies respond to pressure from investors, customers, staff, and regulators.
Today’s shareholders want to know more than just what you earn for them - they also want to know how you earn it.
Your organization is expected to actively promote and embody the values that underlie ESG, and not just for sustainable investors. Even if you don’t have shareholders that care about ESG, you can bet that many of your valued customers and staff members do.
Given this new reality, how can your organization best roll out and maintain an effective ESG program, so that ESG becomes a natural part of your daily operations and not simply just a shareholder marketing program or a compliance activity?
One fast, easy, and proven approach is to integrate ESG into your organization’s Enterprise Risk Management (ERM) program.
While there are many ESG frameworks to refer to when setting up your program, these frameworks tend to focus on what an organization should consider, and not how to implement and maintain an effective ESG program.
Organizations typically start ESG programs by identifying their biggest ESG issues and setting goals and tracking metrics. Where they struggle, however, is in the subsequent execution and maintenance of their programs, finding it difficult to effectively embed ESG into their policies and processes for strategy execution, board oversight, decision making, and performance monitoring. As a result, there is a real danger that ESG becomes a retroactive reporting or compliance exercise, rather than an embedded practice that positively impacts day-to-day operations and ongoing decision making.
This is an area where your ERM program can help. In contrast to ESG, ERM has mature practices and strong industry consensus on best practices, underpinned by established frameworks and standards (including COSO and ISO 31000) and supported by a mature ecosystem of ERM professionals and advisors.
ESG aligns well with ERM processes, which follow a similar cycle of focusing on key objectives (impact goals and improvement targets), determining materiality of issues, identifying risks to objectives, setting and tracking metrics, and managing progress on strategic/improvement initiatives. ESG programs can be easily layered into ERM processes, providing an immediate roadmap to operationalize ESG throughout an organization.
Furthermore, many ESG frameworks are explicitly risk-based, providing libraries of risks to consider within ESG programs. Other ESG frameworks that are more impact-focused can also be easily adapted to align with well-designed ERM programs that use objectives and impact goals as their foundations.
ERM tends to be better resourced and staffed than ESG in many organizations, stemming from strong existing boardroom and executive-level support.
ERM already has a recurring seat at the boardroom table, with processes and reporting that is familiar to board members and integrated into their regular reporting packages. By “piggybacking” on this process, ESG can gain immediate visibility and ongoing access to this audience.
Furthermore, many ERM program managers have already done the work to integrate ERM processes into strategic decision making, strategy execution, board oversight, and day-to-day business operations. ERM managers have built hard-earned experience on how to gain business unit buy-in and support for risk processes. Their relationships, processes, and experience can be extremely valuable to ESG managers, who will face similar challenges when seeking to operationalize ESG.
ERM already has a seat at the boardroom table, including regular review by the audit committee.
Aligning and integrating ESG with ERM programs helps reduce duplication and avoid reinventing the wheel. In the long run, by pooling resources and avoiding duplicate processes, ESG managers will make their ESG program more sustainable within their organization (sorry, we couldn’t resist).
Besides, ERM and ESG are both functional areas that can sometimes struggle to secure adequate funding, especially when organizations are looking for ways to trim expenses. By combining ESG and ERM processes together, managers will increase the likelihood of receiving and protecting the funding they need.
Perhaps more importantly, aligning ESG with ERM can help managers to better identify and communicate the benefits of their ESG programs.
ESG is often viewed as a series of investments or trade-offs that must be made to achieve impact improvements. This wrongly assumes that ESG is a cost that must be paid for some greater good (but without a financial benefit). It is much more likely, however, that investment in ESG yields positive financial returns. Friede et al. (2015) conducted a meta-analysis of over 2,200 studies on financial performance and found a strong positive correlation between ESG investments and financial returns. Specifically, increased ESG investments were associated with superior returns in over 90% of the studies reviewed.
ERM faces a similar dynamic, in which organizations that excel at ERM tend to outperform their peers in traditional financial metrics. Farrell and Gallagher (2014) conducted a review of ERM maturity ratings and observed that the organizations rated most mature from an ERM perspective enjoyed up to 25% higher market valuations.
While both these studies were observational and cannot prove a causal relationship between ESG/ERM investments and performance, they certainly help to dispel the myth that time spent on ESG and ERM activities will lead to weaker organizational performance. If the best performing organizations consistently prioritize ESG and ERM, it is unlikely to be a coincidence.
Perhaps more importantly, however, is that ERM provides tools and approaches to better understand the outcomes and impacts of strategic decisions and managing risks. These tools can help managers to better identify and demonstrate benefits from their ESG program (more on this below).
Adapted from McKinsey article on ESG value creation.
A typical approach to designing and launching an ESG program is to start by considering an organization’s business activities, along with the areas where it has (or can have) material impacts on ESG values and priorities. Ideally, the organization then establishes goals for improving its impacts and aligns these objectives within the organization’s overall strategic plan and performance management processes. Finally, metrics are identified and monitored to track progress towards impact goals and to support ESG reporting to interested parties.
A challenge, however, with taking entirely an objective-based approach to ESG is that programs can sometimes take on an aspirational quality. New ESG objectives may not be precisely defined and failing to attain them may be considered as serious as it would be for more established performance goals. More simply put, it’s harder to miss something if you never had it in the first place.
One excellent way to combat this phenomenon is to reframe ESG objectives as risks. In this approach, an organization starts with the assumption that ESG objectives must be met. Then the tools of enterprise risk management are used to identify and document the consequences of missing the ESG objectives - along with ways to proactively help ensure the objects are met.
Example bow tie diagram, image taken from the Essential ERM® system
For example, one helpful tool from the field of ERM is the use of risk bow tie diagrams, which get their name from their distinctive shape. In a risk bow tie diagram, the risk event (e.g., failure to achieve ESG objective X) is placed in the center of the diagram. The root causes that could lead to or contribute to the event are mapped on the far left and the ultimate potential consequences to the organization are mapped on the far right.
Through workshop discussions, stakeholders then consider the root cause to identify pre-event mitigations that could be used to lessen the likelihood of the event occurring and post-event mitigations that could reduce the ultimate impact if the event were to occur anyway. This proactive approach to risk management helps to both clarify the costs and impacts of not achieving ESG objectives, at the same time that it helps improve the chances the objectives will be met.
Another helpful tool from ERM is the use of technology and processes for monitoring key risk and performance indicators. Rather than looking in the rear-view mirror to report ESG metrics once per year in the annual report, these tools allow business managers to track important metrics and leading indicators on an ongoing basis. This provides information to decision makers on a timely basis, when they can still make changes and course adjustments to help hit ESG targets.
Example ESG metrics, image taken from the Essential ERM® system
It is not just ERM that can help support ESG programs - ESG can help improve ERM as well. The two practices reinforce each other in a cycle that creates more value for the organization overall than either practice on their own.
Integrating ESG into ERM can help breathe new life and enthusiasm into established ERM programs. Many staff members are excited at the prospect of making a positive impact through ESG. That energy will help to propel the joint ESG-ERM approach throughout the business, increasing familiarity with ERM processes that will spill over and help support other subsequent ERM activities.
In particular, this can be a helpful catalyst for ERM managers who wish to shift the culture surrounding ERM from a historical compliance focus to an objective-centric approach. Many ESG issues are naturally objective-centric and they can serve as strong examples to show the interconnectedness of objectives and risks (as well as the value of proactive risk management to improve attainment of objectives).
And what if an organization does not have a formalized ERM program at all? Well in that case ESG can be a catalyst to help launch a properly designed objective-centric risk program right from the beginning. ESG benefits from the structure, tools and processes of ERM, and ERM benefits from a high-priority use case that helps demonstrate its value to staff, leadership, and the board of directors.
Spreadsheets don't lead to improving the likelihood of desired business outcomes.