1. Governance and culture for ESG-related risks





            Figure 1.2: Example governance structure

                                               Board (or governing body) a


                    Risk         Compensation   Nomination/governance      Audit           Other
                 committee b      committee           committee         committee c     committees d


                                                        CEO



                                                                   e
                                                Executive management
                                   CFO l CAO l COO l CHRO | CRO l CIO l CSO l General Counsel
                                                                                       Advisory councils
                                       ERM f,g                  Sustainability or ESG g,h  (e.g., sustainability
                                                                                            or risk)  i

                                               Management/Risk owners  j

            a. The board is responsible for overseeing and,   d. Some companies have additional board    g. The sustainability director should maintain
            where appropriate, challenging management’s   committees, such as a sustainability    a close relationship with the ERM director.
            approach to ESG-related risk ownership as well   committee, separate from the risk committee    h. The sustainability director may report to
            as ensuring there is a program in place to    and the audit committee, comprising    the CFO, CSO or COO and provides support in
            identify, assess, manage and monitor    cross-functional representatives to identify,   coordinating ESG-related activities. This includes
            ESG-related risks effectively.  monitor and review ESG-related risks.
                                                                            monitoring megatrends as well as identifying,
            b. The risk committee establishes the direct    e. Connections to strategic planning and    assessing and monitoring risks.
            oversight of enterprise risk management. The   operations personnel are also critical to
            focus of the risk committee is entity-wide in   linking sustainability to new strategies    i. Cross-functional or multi-stakeholder advisory
            non-financial areas that go beyond the    and risk responses. These connections support   councils (either internal or external) can provide
            authority of the audit committee and its    timely assessment of new and emerging    perspective on particular aspects of ESG issues
            available resources (e.g., operational,    ESG-related risks so that the organization is better   or other risks.
            obligations, credit, market, technology).  prepared to identify risks and related opportunities.   j. Although management collectively ‘owns’
                                                                            the entity risks, a ‘risk owner’ is frequently
            c. The audit committee assists the board of    f. The ERM function or director is responsible for   designated as the point person with
            directors in fulfilling its corporate governance   coordinating and consolidating ERM activities   accountability for ensuring specific risks
            and overseeing responsibilities in relation to an    and will typically report into the CRO or other   are appropriately managed.
            entity's financial reporting, internal control,    C-suite as well as lead the process for managing
            risk management and internal and external    enterprise-wide risks in an integrated,
            audit functions.                systematic manner.

            In the same way that ERM is not the sole responsibility of the Chief Risk Officer, management of ESG-related
            risk is not the responsibility of the sustainability practitioner alone. All of management should be able to
            articulate significant ESG-related risks that impact strategy and decision-making. Table 1.3 provides examples
            of risk owners for ESG-related risks, who may or may not be ESG specialists.

            Table 1.3: Examples of risk owners for ESG-related risks

             Enterprise-level risk     ESG element               Relevant risk owner  Supporting the risk owner
             Risk of increasing raw    Change in prices caused by rising   Vice president of   Chief sustainability officer
             material prices           energy costs associated with   supply chain  Sustainability analyst (energy)
                                       climate change regulation
             Risk of injury or fatality in   Health- and safety-related   Environmental health   Site managers
             operations                considerations            and safety manager
             Risk of reputational damage   Pressure for greater supply chain   Chief procurement   Chief sustainability officer
             because of poor communication   transparency around human rights  officer
             on ESG issues in the supply chain


            Towards collaboration and integration
                                                                                  Guidance
            Increasing complexity from emerging trends and forces requires
            organizations to be more adaptable and resilient to risk. To support this,     Create opportunities for
            collaboration and integration on risk management across the organization      collaboration throughout
            can help risk management and sustainability practitioners find a common      the organization
            language for discussing ESG issues, create a shared responsibility for


        20                             Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018