Enterprise Risk Management

Ten years ago, the top global risks in terms of impact and likelihood didn’t include social or environmental issues for the most part. But today, four of the top five business risks are social or environmental - including extreme weather events, water crises, major natural disasters as well as climate change mitigation and adaptation. Historically, companies haven’t been able to deal with these kinds of risks very well. 

This needs to change, and that’s the aim of this project.   

A robust Enterprise Risk Management (ERM) framework preserves value and reduces downside exposure, helping to connect risk, strategy and decision-making while enhancing corporate performance.

Leveraging and enhancing a company’s ERM framework is an effective way to reduce potential risk and capture opportunities.

View case studies

The Challenge

The impact of economic and regulatory risks on business and society is giving way to existing and emerging social, environmental and governance (ESG) risks. Despite this, organizations are limited in how they identify, prioritize, manage and, if relevant, disclose these risks. This made clear in an apparent disconnect between “material” sustainability topics and the risk factors listed in corresponding legal filings.

The Business Case

This disconnect between disclosing ESG issues in sustainability reports and disclosing ESG factors in risk filings in statutory documents, demonstrates that organizations find it challenging to integrate emerging social and environmental risks into existing risk management frameworks. In practice, this means that companies are exposed to a range of risks that are not being properly accounted for.

The Business Solution

We researched this disconnect and published initial findings in Sustainability and enterprise risk management: The first step towards integration in 2017. In it, we found that, on average, only 29% of companies show alignment between what they say in their sustainability report materiality analysis and what they disclose in their corresponding legal filings. We also determined potential factors that contribute to this disconnect.

This project aims to address these issues. 

COSO (the Committee of Sponsoring Organizations of the Treadway Commission) revised their ERM Framework in September 2017.  COSO ERM is the most widely used risk management framework in the world, and we are delighted to be working in partnership with them. On 7 February 2017 we jointly released draft guidance to help organizations align ERM to ESG risk. This draft guidance is now open for public comment until 30 June 2018.  We are also developing a pilot program for companies to test and refine the practical aspects of this guidance.  We intend to launch the final document in October 2018.