GoldenBee Insights

“Six steps” in ESG risk management

source:goldencsr    date:2022-05-27 16:11:50


 

As ESG is prevailing at present, many companies have started to disclose ESG information and build ESG governance structure, laying a good foundation for ESG development.


ESG, by its very nature, is about company’s non-financial risk control, which will eventually evolve into risk management. Its complexity proves difficult to manage for people engaging in ESG.


Therefore, it is crucial for companies and staff to learn and explore management methods to identify, assess and address ESG risks.


ESG Risk Management

An imperative under pressure

Different from traditional risks, ESG risks are macro, multifaceted and interrelated. They may affect the business from multiple aspects, making them tricky to predict and evaluate. ESG risks often lurk for a longer time to materialize. Traditional risk assessments are often based on historical data and past performance, but most past information for measuring ESG risk is difficult to obtain.


Especially, environmental and social risks may go beyond the control of the company, and effective response requires coordinated and concerted efforts. These characteristics make ESG risk “elusive”, and to design a systematic management process becomes a sticking point.


But comprehensive management of ESG risks has become a necessity.


For stable operation of a company, in addition to the inherent risks arising from the core business and products, the risks that may cause serious damage to a company’s intangible value, reputation or business capacity, including reputational risks from amplifying its existing practices by stakeholders and public discussions, have frequently occurred.


From the perspective of the capital market, ESG investment was once limited to minority investors, but now it has expanded to mainstream institutional investors such as public funds and private equity funds. Many of the most influential investment institutions at home and abroad have established responsible investment systems and incorporated ESG factors into their investment process.


The attention of regulators has also greatly promoted the implementation of ESG. As of 2018 alone, 63 countries have set more than 1,000 ESG disclosure requirements, 80% of which are mandatory. In China, the three major exchanges in Shanghai, Shenzhen and Hong Kong are also accelerating to improve their ESG regulatory policy systems.


What should companies do under great pressure?

 

Governance and Culture

To develop the company with robust ESG top-level design

Integrating ESG risk into governance structure, system and process is critical to addressing risk-related challenges. 


The Stock Exchange of Hong Kong (SEHK) has made ESG governance and compliance culture one of its regulatory priorities. However, a sound ESG governance construction has more options than conventional practices such as building special committees. 


Companies can start from six levels —


First, focusing on the supervision and governance of ESG.


The King Report on Corporate Governance, published by the Institute of Directors in Southern Africa, is known as “the most effective summary of the best international practices in corporate governance”. In its fourth edition in 2016, the Report included discussions on ESG issues including inequality, climate change, scientific and technological progress. Some of its recommendations could also be applied to ESG governance.


Second, clarifying the rights and responsibilities of ESG risk management.


Many companies now leave ESG matters to their CSR or sustainability departments, rather than risk management systems. In fact, a company’s response to these risks should echo its approaches to manage other business risks. Even if ESG matters are handled by a separate functional unit, the company should integrate ESG into its risk management structure and process, which is essential to the responsibility fulfillment of the company and its directors. In this process, the company should identify the responsibilities it must, should and will undertake.


Thirdly, integrating ESG into corporate culture.


Culture is the attitude, behavior and understanding of risk that influences management decisions and reflects an organization’s mission, vision and core values. These factors continue to provide insight, motivation, and direction as the organization grows and its goals are achieved. Thus, integrating ESG into the mission, vision and core values helps foster a culture considering ESG in behavior and decision making.


Fourth, strengthening ESG supervision at the board level.


This is consistent with the ESG regulatory requirements of the SEHK. However, further consideration can be given to whether the board is aware of ESG risks that may affect the implementation of the company’s strategy and objectives, whether they have the ability to understand the impact of ESG problems, and whether the board regularly receives reports on ESG risks.

Fifth, clarifying ESG issues at the management level.


For example, whether the supervision of risk management process is clarified and implemented; whether risk and sustainability have approaches to integrate into corporate operation and strategies; whether there is agreement on the importance of stakeholder interests in the company’s long-term development; whether the management has ESG-related training.


Sixth, being more resilient to emerging and non-traditional risks through collaboration and integration.


Some large companies have realized that protecting reputation and reducing risk require a more coordinated and comprehensive response, so they gradually integrated their risk and compliance departments with those who manage ESG issues, and, if necessary, drawing on external expertise. This approach is worth learning from.


If the company can conduct an in-depth analysis of the above six aspects, it can seek stable development and deal with competition through the “top-level design” of ESG governance, and also lay a solid foundation for ESG risk management.

 

Strategy and Objective

To see the whole picture to accurately identify ESG risks

Understanding a company’s value creation and business model is critical to its risk management, including ESG risk.


In identifying, assessing and managing ESG risks, the company should fully understand the impact of internal and external environments on its strategy, objective and performance, which is a must-have for identifying ESG risks.


The traditional “value” of a company is measured mainly by financial and economic factors of tangible assets, but this measurement has changed totally. In the four decades between 1975 and 2015, the share of intangible assets in the value of S&P500 companies has risen from 17 percent to 84 percent, and the “value” has expanded to the shared value of various stakeholders, which mirrors ESG philosophy. 


Companies can look at the “ten themes” developed by the International Integrated Reporting Council (IIRC) to recognize and analyze the combined value of the wider community. In addition, common risk management approaches such as macro analysis, SWOT analysis, impact and dependency mapping, ESG substantive assessment and stakeholder engagement can also be used to identify and analyze ESG risks.


It is worth noting that risk management is not for total avoidance of risks.

 

When considering the strategic and business environment, the board and management often estimate the type and amount of risk that is acceptable in creating value, based on which they set risk appetite and tolerance for the company. For instance, mature companies tend to be risk-averse and tolerate more risks in specific strategic areas, while companies with aggressive growth strategies may be willing to accept more risks in more areas.


In identifying and assessing ESG risks, companies should keep in line with their own risk appetite and tolerance, and consider their existing strategies and business plans. As ESG risks do not exist in isolation, only by taking a holistic view and considering ESG in the overall development can the company truly see the risks and opportunities ahead.


Risk Performance

ESG risks to be systematically identified, assessed and addressed

With a clear understanding of the company’s internal and external environment, we begin to identify, assess and respond to ESG risks.


In identifying the risk, “risk list” is an effective and common tool, which includes the description, impact and countermeasure of each risk. Many companies have established risk lists when managing traditional risks. When meeting the company’s general risk criteria, ESG risks will be incorporated in the lists for management and monitoring.


In assessing the risk, companies can analyze the importance and priority of risks by considering their impact and role, and then make analysis and choice with resources and tools including expert and scenario analysis.


In addressing the risk, we need to understand that ESG risk management is not for eliminating ESG risk factors. The company should adopt multi-level strategies to control these factors within the pre-set range of risk preference and tolerance on the principle of balancing cost and benefit.


When the risk is within the range of preference and the possibility of deterioration is small, the company can choose to accept the risk. For zero-tolerance ESG risks, the company should take measures to avoid and eliminate them, such as stopping relevant businesses. For risks that can unlock value, turning them into opportunities; for the risk which is significantly greater than the preference, developing an action plan to mitigate the severity and reducing the remaining risk to tolerable levels. 


In addition, ESG risks such as climate issues may be too complex for companies to deal with alone, so they can cooperate with industries, suppliers, customers and other stakeholders to share the risk.

 

Review and Revision

ESG risks to be managed dynamically

Corporate risk management is not an overnight task. It requires close attention, dynamic supervision and continuous review and revision of each risk and the overall process.


For ESG risk, the company should assess major changes periodically; when the internal and external environment changes, the management should review and revise the risk management procedures as appropriate. 


Emerging technologies, organizational changes, risk appetite, peer comparisons, historical issues can all become opportunities to re-examine the effectiveness of ESG risk management.


For example, ESG digital platform can help companies improve the way ESG information is handled and optimize workflow. ESG risks that have not been effectively identified and managed can serve as lessons learned to help companies rehearse the effective integration of ESG elements into risk management frameworks.


Communication and Disclosure

ESG risk management to unlock incremental value

Among all the activities involved in ESG risk management, reporting is currently the most common practice of Chinese companies.


In 2021, 48 percent of listed companies in China issued independent ESG or CSR reports, and this figure was as high as 67 percent of those controlled by central SOEs.


However, the communication and disclosure go far beyond reporting. 


Catering to the different needs of information from internal and external stakeholders, there are abundant and well-developed approaches to communicate. These approaches can complement the existing communication channels of the company, form a three-dimensional communication network, help the company establish a responsible image, deliver ESG work results, and add to the “incremental value” of ESG management.


In general, as the regulatory pressure on ESG and the ESG risks continue to increase, the company’s ESG risk management has gradually transformed from optional to mandatory. The management also needs to realize that this work requires professional input, resource support and long-term promotion. 


Companies should pay attention to ESG risks as soon as possible, explore ESG risk integration process, and build their ESG risk management blueprint, forging a solid “safety net” for long-term development and value creation.