ESG concerns much more prominent for corporates; COSO guidance supports new ESG risk framework. 
Environmental, social and governance (ESG) risks have gained prominence in recent years, raising the likelihood that boards of directors will ask how they fit into their companies’ enterprise risk management initiatives. But help on that front arrived late last year in a new guidance from the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
At NeuGroup’s recent Corporate ERM Group meeting, in a session updating the ERM framework and other guidance from COSO, Paul Sobel, chief risk officer at Georgia-Pacific and current COSO chairman, noted that ESG risks have become increasingly important. He pointed to World Economic Forum’s assessment that the top five risk likelihoods and impacts globally are predominantly ESG-related in 2019, compared to 10 years ago when they were mostly economic.
Why it’s critical. Mr. Sobel said that a 2018 Ernst & Young survey found that 80% of institutional investors agreed that companies have failed to consider environment and social risks and opportunities to their core businesses, and nearly half of shareholder proposals in the US were related to those issues. The Wells Fargo and Volkswagen scandals are just a few examples of poorly managed governance risk.
The World Business Council for Sustainable Development (WBCSD), comprising upwards of 200 large global companies seeking to understand and manage ESG risk, had received pressure from its funders to develop an ESG risk framework. Instead of reinventing the wheel, it approached COSO, whose mission since its founding in 1985 is to provide comprehensive frameworks and guidance on ERM and related areas including internal control and fraud deterrence.
“Last October we issued guidance on how to use the COSO framework to think about, identify, assess, understand, and hopefully manage ESG risk,” Mr. Sobel said.
An ESG Resource. He added that that 120-page document is longer than the COSO’s actual ERM framework, because it is essentially a reference guide providing numerous examples of how ESG risks have manifested themselves and techniques to potentially manage them. It also refers readers to websites to get more information.
“One of the unique things about [ESG risks] is that some may manifest themselves over many years, making them difficult to assess,” Mr. Sobel said. “But if we’re talking about materiality, then these are some of the highest impact risks out there.”
Environmental risks are related to climate change, natural resources, pollution and waste, and environmental opportunities; social risks are related to human capital, product liability, stakeholder opposition, and social opportunities; and finally governance risks to corporate governance and behavior.
How it should help. The joint COSO/WBCSD guidance on ESG risks echoes COSO’s newly revised ERM framework and identifies five main components specifically for ESG: governance and culture; strategy and objective setting; performance; review and revision; information, communication and reporting. Performance for ESG-related risks is subdivided into identifying risk, assessing and prioritizing it, and implementing responses.
The NeuGroup member noted several ways in which the guidance can help organizations:
- Enhanced resilience
- A common language for articulating ESG-related risks
- Improved resource deployment
- Enhanced pursuit of ESG-related opportunities
- Realized efficiencies of scale
- Improved disclosure