In 2020, climate change didn’t even figure in the top 10 risk concerns of CEOs around the globe. Just two years later, it was cited as a top 5 risk with 33% of CEOs stating that they were very concerned or extremely concerned about climate change’s impact. Today, 65% of directors say that ESG is part of the board’s ERM discussions. This is a good sign because ESG risks today:
ESG risks don’t always have to manifest as a headline-making anti-diversity scandal or an oil rig explosion. Almost every business practice today has some element of ESG embedded in it. Whether it’s the use of non-renewable energy sources, or unfair recruitment practices, or unsustainable waste disposal methods – all of it can add up to damage customer and investor perceptions of a brand.
To know just how significant third-party ESG risks have become, look no further than the regulatory landscape. In the last few years, we’ve seen a surge of new and potential mandates focusing on human rights and environmental due diligence in supply chains. From the EU’s proposed directive on sustainable corporate governance, to Canada’s draft supply chain transparency law, to Germany’s Supply Chain Due Diligence Act – more regulations are pushing companies to take responsibility for social and environmental violations across their third-party ecosystem.
By linking existing TPRM practices with your ESG program, you can better understand how third parties impact your ESG ratings, which suppliers contribute the most ESG risks, what commonalities are shared by ESG and TPRM regulations, and more. The idea is to build a coordinated cross-functional approach that can minimize operational redundancies, while also making risk management more cost-efficient and agile.
The next step is to integrate ESG and third-party risks into your ERM framework. The resulting holistic risk view can help you make better-informed strategic decisions that not only catalyze business growth, but also strengthen trust with all stakeholders.
Despite greater awareness of ESG issues, 41% of organizations still have only a low level and ad hoc capability to assess and prioritize risks in their extended enterprise.
Deloitte Global Third-Party Risk Management Survey 2022
In the past, ESG and third-party risks were typically managed in silos. But today, companies are fast realizing just how interconnected these risks are, and how they affect multiple parts of the enterprise, while also amplifying the impact of other risks. For example, an unsustainable food supply chain – which combines both environmental and supplier risks – could result in raw material shortages or worse, contaminated food supplies. This, in turn, could impact food production, consumer satisfaction, and brand perception.
The converse is also true – other enterprise risks affect ESG and third-party risks. For example, a cyberattack on a chemical facility could result in hazardous waste being leaked into surrounding ecosystems. A pipeline breach could cause fuel shortages. The compounding elements of risks today make it essential for businesses to better understand where, how, and at what intensity risk lives across their entire value chain.
Understanding these interdependencies is key to organizational resilience. It’s about stepping back and looking at the big picture. If you don’t know your risk universe fully, you may never be able to connect the dots and understand what matters most to your business objectives. Some executives, for instance, might see ESG as a drain on their organization’s time and resources. But leaders who understand how ESG touches and impacts multiple aspects of their business – as well as their stock price – are likely to have a different perspective.
When established ERM practices are applied to ESG and TPRM, it becomes easier to see how various factors such as employee welfare, raw material sourcing, production practices, and waste management can impact your overall risk profile and either hinder or help your business strategies and objectives. It helps that ESG and TPRM align well with ERM practices like risk identification, materiality assessments, metrics monitoring, and reporting. Both can be easily embedded into your ERM framework and processes to create a blueprint that can be operationalized across the enterprise.
For years, ERM was about preserving value, or protecting the business against adverse events. But today, it’s also about creating value, and driving business success. So, even as you use ERM to mitigate the downside impact of ESG and third-party risks, remember that both sets of risks also present multiple opportunities to evaluate and improve your business practices in a way that brings long-lasting business advantage.
Consider the following:
Having understood the value of an integrated approach, here are some ways to build those connections between ERM, ESG, and TPRM.
MetricStream helps you capitalize on the synergies between ERM, ESG, and TPRM by integrating all of them on a connected GRC platform. You can easily connect the dots to understand how ESG risks impact other business risks across the enterprise and third-party ecosystem. At the same time, you can manage ERM, ESG, and TPRM as standalone programs with robust risk assessments, monitoring, and reporting tools.
MetricStream ERM software can help you:
With MetricStream ESGRC software, you can:
Finally, MetricStream TPRM software enables you to:
If you manage ESG separately from TPRM or ERM, you may still be able to meet your objectives. But you’ll also end up adding new programs, procedures, controls, and systems which are not only costly and often redundant – they also weigh down the business. Plus, managing any kind of risk data in silos hampers overall risk visibility.
The best part about linking ESG to TPRM and ERM is that you don’t have to reinvent the wheel. You already have frameworks and processes in place that can be aligned to your ESG objectives. Also, by layering ESG into a proven ERM program, you can make sustainability and social responsibility a natural part of daily operations, and not simply a compliance or marketing activity.
At the end of the day, ESG is about balancing purpose and profitability. The more you know about your ESG risks – how they affect different parts of your business in different ways, and how they interact with other risks – the more value you can create for your business, your stakeholders, and the planet at large.