Both risk and sustainability management should be embedded in the ways organisations operate if they are to succeed sustainably

Adrian Clement’s article, which kicked off the ChangingRISK series, asks the question Is risk management strategically fit for purpose in the current world?

In so asking, he highlights sustainability/ESG as an aspect of growing importance for all of us. This is an area risk management must evolve to address successfully.

This article builds on interviews and roundtable discussions with risk and sustainability experts on what is important to help organisations to succeed sustainably, led by members of the UK Risk Management Standards committee’s sub-group on Risk and Sustainability.

From these discussions, it is clear that both risk and sustainability management should be embedded in the ways organisations operate for them to succeed sustainably.

Embed sustainability into your core purpose

When asking people “what is most important for an organisation to succeed sustainably”, a dominant theme is the need to embed sustainability into your organisation’s ‘core purpose’.

From a risk management viewpoint, this is the key “control” - or perhaps we should say key “enabler” - to being successful sustainably, or embracing a model of stakeholder capitalism.

An organisation should therefore have a core purpose, commonly expressed through a purpose, vision and values or equivalent statements, which embraces sustainability.

With sustainability as a fundamental element of your core purpose, it will naturally be embedded in your organisation’s strategic objectives, goals, and, ultimately, the way you operate; your behaviours, systems and operations.

Consequently, all strategies and activities should then be (additionally) measured and monitored against your sustainability goals. 

Setting the context

Understanding your context is something all organisations seek to do in one way or another, whether it is the managers in a small business informally sitting back and discussing what they are hearing from their customers, suppliers, newspapers, etc. or large organisations undertaking surveys, collecting and trending data, conducting formal stakeholder interviews, etc.

In risk management, setting the context is the first, key step, in the risk process. It forms the solid foundation for the identification of risk (including sustainability risks), informing an organisation’s risk management strategy.

When it is done well, it enables risks (including sustainability risks) to be identified and well managed. A good understanding of the context also informs the organisation goals and strategy, including those related to sustainability.

While separate functions (risk, sustainability, operations, etc.) may build their description of the context with different focuses, bringing them together has the potential to provide a more holistic view.

From a sustainability risk point of view, there are two key reasons for getting a good understanding of your organisation’s context:

  • Firstly, to understand the sustainability risk to you, your stakeholders and society as a whole, and to use this to inform your organisation’s objectives and strategy, and
  • Secondly, to create a sound basis for determining how to manage the sustainability-related risks originating from your operations and activities.

Taking a risk-based approach to sustainability

Sustainability is an extremely broad discipline, as can be seen by number (17) and diversity of the United Nation’s Sustainable Development Goals (UN SDGs).

As Clements wrote in his article; “previously the goal was to help the company achieve its own strategic goals with these other elements [sustainability] being deemed of lesser significance. But this is no longer the case”.

Historically, risk management has focused on a limited number of key consequence areas, for instance People, Environment, Asset (including economic / financial) and Reputation.

Having additional categories which cover all the UN SDG may be seen as impractical, but we must nevertheless consider sustainability impacts, at least those which are important in relation to our organisation and its operations. 

It is common in sustainability functions to undertake ’materiality assessments’ which help the organisation understand, organise, and prioritise where it has a sustainability impact, so its strategy can be focused on those areas where it can have the most impact.

Through discussion with risk and sustainability experts it was seen that such assessments can help an organisation ensure their risk activities address sustainability effectively. Some key recommendations are to:

  • Involve both the sustainability and risk functions in your organisation’s materiality assessments.
  • Consider both sustainability “issues” and “risks”:

    o Issues - Where the organisations operations currently have a sustainability impact (e.g., CO2 emissions, raw material usage and societal).

    o Risks - Where an event / incident could occur in the organisations operations which would then have a sustainability impact (e.g., clothing company contracts a new   supplier without identifying it is using child labour, or a mine’s dam fails resulting in environmental pollution, ecosystem damage and health impacts for local communities).

  • Consider your extended enterprise, ie, your whole supply chain from raw materials through to your customers use of your products and services (and not just those of your own operations).

The GRI [Global Reporting Initiative] model is one useful tool, which can be used to improve understanding of both your organisation’s context and the sustainability issues and risks you face (see “The Sustainable Development Goals, integrated thinking and the integrated report”, Carol Adams 2017).

Sustainability in decision making

The dangers of not thinking broadly when identifying sustainability impacts and risks was highlighted by a recent story on the unintended consequences of an initiative to get children out of child labour.

This initiative, while successful in its primary goal, initially led to unintentional consequences of increased poverty due to reduced incomes for families. Consequently, the initiative was adjusted.

The clear learning for risk and sustainability people is that, when identifying potential risks, it is important to consider all the potential knock-on effects of what you are doing to identify any unintended consequences that may arise. These can then be addressed in plans and shared with decision makers, so they have as fuller picture as possible when making their decisions.

Another challenge is when it comes to making decisions between alternative options when their sustainability impacts and/or risks impact different aspects of sustainability.

For example, you may have options to select from where one is better for poverty (UN SDG 1) and worse for climate action (UN SDGs 13) and the other is better for responsible consumption and production (UN SDG 12) and worse for clean water (UN SDGs 6).

From discussion with experts in this area, it appears that to-date, assessments have generally been qualitative in nature and more focused on sustainability impacts than risks.

While those consulted do not have a ready-made silver bullet to solve this challenge, current risk approaches can be used effectively to assess different types of consequences.

It is possible, for instance, to extend a risk matrix’s consequence categories to cover sustainability impacts. The materiality assessments will help identify which of those to include and prioritise.

In line with good practice and to aid decision making, the risk matrix should be set-up before you identify and assess the risks. It is important to note that taking a broad view in the identification may introduce other sustainability consequences.

There is also potential to consider sustainability risk quantitatively by assessing its impact on enterprise value via the traditional financial reporting tool of an EBITDA bridge.

Why does it matter?

There are clearly benefits to reporting on your organisation’s sustainability goals, activities and performance. You can demonstrate your commitment to what you and your stakeholders value, as well as highlight your achievements. This brings certain advantages, ranging from increased staff morale and better financing, to increased customer retention and sales.

Organisations face an increasing raft of regulatory reporting requirements, contractual reporting requirements and good practices. Many risk professionals will have heard of reporting frameworks, a veritable alphabet soup including: GRI, IIRC, SASB, TCFD etc.

This introduces sustainability reporting/conduct risks, or so-called ’greenwashing’. For instance:

  • Not committing to sustainability in line with your stakeholders’ expectations.
  • Making a commitment and then being shown not to have delivered on it.
  • Omissions in reporting/not being adequately open and transparent.
  • Misreporting on sustainability performance.
  • Lack of clarity in sustainability reporting.

While the typical causes of such risks are most likely to be honest errors, blind spots or misjudgements of those within an organisation, rather than deliberate intentions to hide and deceive, all can lead to adverse impacts; reputational and brand damage, reduced sales, higher costs of finance, and even litigation and/or regulatory action.

A key point is that communicating on sustainability is not just an annual exercise for your formal corporate sustainability report. It can include marketing claims, posters and similar used to communication desired behaviour changes, communications with suppliers and customers. All of these need to be carefully managed.

Following an open and honest approach ultimately promotes accountability, trust and reputation. 

To summarise, embedding sustainability criteria into risk management and risk-based decision making is about first understanding your organisation’s context. From there you can determine which sustainable development goals are material to your organisation, and how best to manage and report on those.

Taking a proactive stance on sustainability / ESG is undoubtedly the ‘right’ thing to do as we face the inevitability of climate change, a looming biodiversity crisis, increasing drought risk, poverty  and hunger threats, and other sustainability risks. But it also makes good business sense, and should - done the right way - have a natural home alongside strategic risk management.

Mark Boult is a director of Boult Consulting Limited. This article is based on work undertaken by the UK Risk Management Standards Committee Sub-group on Risk and Sustainability.