Introduction

In this article we explain the importance of providing an outline of the components how an organisation should develop its risk appetite strategy in managing ESG risks and how the organisation can design an effective bespoke high-level dashboard to provide both senior management and their boards with relevant metrics and targets for monitoring and reporting ESG risks.

The breadth of ESG and #climate risks presents organisations with distinct challenges when assessing the actual and potential impacts on the strategic position of the firm. The purpose of risk monitoring in this context is to track ESG threats and opportunities to an organisation’s existing goals and objectives and assess how the organisation responds and prepares to respond to threats and also opportunities effectively. It is important to consider opportunities as they are often overlooked.

The risk function should seek to design specific key risk indicators (KRIs) aligned to ESG themes and risks and their potential impact on their business performance and objectives.

#Risk dashboards provide greater visibility to the risk function in communicating key ESG risks that lead to more informed and improved decision making across the organisation.

ERM framework: core components

Enterprise Risk Management is the process of understanding, analysing and addressing risks to help ensure organisations achieve their objectives. One of the main components of ERM is risk monitoring and reporting which can be enhanced through the design of bespoke risk dashboards using KRIs.

Two of the most challenging aspects of #ERM are disentangling the core components in an easily understood manner and explaining their relevance and benefits. Once the core components have been understood and implemented, the organisation can then use an array of tools and techniques to support the embedding of ERM. The figure below provides a summary of the framework with the core components.

The discipline of #ESG should be considered as an extension of ERM and align with the risk frameworks, policies and taxonomies. It should also integrate with the key risk management tools such as risk appetite statements, risk policies, scenario analysis and so on.

The design of key risk indicators is a critical component of the risk management process aligned to Stage 3 in the diagram “methodology and communication” within the risk management process of an organisation.

Designing a ESG scorecard for Monitoring Performance Organisations should firstly seek to include high-level dashboards to provide both senior management and board with clear updates. These dashboards can be aligned to an ESG scorecard that is populated with key performance indicators (KPIs).

The organisational goals and KPIs should be linked to the organisational priorities for each year so that progress can be reviewed on say a quarterly basis, with the scorecard as a whole reset annually.

The dashboard is in effect a control panel that shows the status of your KPIs and enables the organisation to monitor the progress of improvements in business performance. From a risk perspective, it can compare the maturity of the control environment. It shows how well the organisation is managing ESG risks and can be aligned to specific targets. The dashboard below is an example of this. Spider charts are one of the most helpful risk assessment tools for visualisation an these AND THESE can ideally be linked to KPIs.

These can be presented to key stakeholders to present a score for each of the main ESG criteria or dimensions. Please see below an illustrative example of an ESG:

The spider chart helps to compare progress on a relative scale and highlight the greatest gaps, which can then lead to improved mitigation strategies.

Alignment to Risk Appetite Strategy

The Board(’s) sets the risk appetite of an organisation and determines those risks which could threaten the Company’s business objectives and therefore it ideally needs to define risk tolerance levels and how each type of risk should be treated.

The risk management function working with first line of defence should play a critical role in designing the overall ESG risk appetite strategy of the organisation and ensure that it aligns with the overall corporate strategy of the organization. Typically, a risk committee will then monitor all aspects of risk in sufficient detail to advise the Board appropriately.

The risk appetite strategy should document the risks the organization wishes to seek to and monitor especially carefully those it wishes to minimize, or avoid and should define the boundaries within which risk taking can occur. These metrics and guidelines provide a central view on risk taking to which the whole organisation can agree.

The four main components of an organization’s risk appetite strategy that can help an organization to articulate and shape its overall strategy are (as follows): Risk Principles, Strategic Risk Metrics, Risk Preferences, Risk Tolerance and Limits as detailed below.

 Risk Principles: The overarching risk philosophy;

 Strategic Risk Metrics: The primary set of risk metrics aligned to stakeholder expectations - Net zero emissions ambition targets will form a new high level strategic metric to manage and monitor for many organisations.

 Risk Preferences: Qualitative statements that guide in the selection of risks we seek versus those we wish to minimise or avoid; and

 Risk Tolerances/Limits: Quantitative risk appetite statements that guide in the selection of risks. These statements typically specify maximum acceptable losses or exposure. They help to translate the qualitative risk preferences into action by constraining exposures to specified risks.

Designing a set of Key Risk Indicators and Dashboard

When designing ESG targets, many organisations first consider KPIs. As these are often related to activity levels, they then need to be converted and aligned with specific target levels. In terms of risk management and risk strategy, they then need to align with the key risks, which can be monitored and reported through risk committees.

Organisations need to actively review their risk profile and consider ways to measure and monitor ESG related exposures against their risk appetite. They should act as early warnings to ultimately support management in making business decisions. The KRIs should ultimately have a RAG status (Red–Amber–Green) The RAG status should be aligned to the risk appetite strategy of the company.

It is important that organisations design both key performance and key risk indicators which often relate to measuring activity levels versus risk levels.

Examples of ESG KRI can include:

 Carbon footprint – progress with the reductions in scope 1, 2 and 3 emissions

 Supplier alignment (ESG integration into supplier due diligence)

 Staff awareness and buy-in

 Sustainable investments

 Credit risk assessments

 Diversity and inclusion

 ESG/climate-related litigation against the organisation

 Board composition

The principles of designing KRIs are similar for most risk types. For investment strategy, for example, you should consider setting limits in high-carbon industries or setting targets to invest in sustainable funds within the portfolio.

For monitoring and reporting of KRIs to be effective, they should be:

 Specific and measurable

 Available on a regular frequency

 Reportable

 Ideally based on forward-looking assumptions KRIs should be quantifiable.

A challenge in particular for ESG risks is to collect the relevant data san it is important to adapt or redesign internal information technology (IT) systems and processes to provide the relevant information.

Developing ESG – Key Risk Indicators

Example 1 – Supplier Due Diligence

Most organisations are seeking to integrate KRIs into their supplier due diligence process.

Typically, an organisation may start monitoring the percentage of its suppliers it has surveyed or that are committed to reaching net zero targets. However, these metrics only track activity and goals. So, an organisation should seek to develop a KRI that aligns to “percentage of suppliers aligned with the organisations ESG risk appetite. This is an important shift in thinking, making sure that third parties align with the organizations’ risk philosophy.

Example 2 – Investment Management Due Diligence

Investment managers monitor their portfolios and their investment exposures against their peers, industry benchmarks and stock market indices across a wide variety of data points on an on-going basis.

Investment firms need to be clear on their due diligence and monitoring strategies with the companies in which they invest. They typically operate on an exclusion basis (i.e. not invest in companies with bad sustainability / climate risk assessments) or actively engage and exert influence over the investee companies.

Their range of analytics is expanding beyond traditional investment data to also cover climate change / carbon emissions and other ESG analytics etc. Most portfolios will need to consider the absolute emissions of the companies they invest in, the highest and lowest emitters, highlighting which industries or geographic areas are better or worse, benchmarking against industry providers (examples include MSCI, Sustainalytics, S&Fitch Rating, Moodys).

Some of the indicators for monitoring that may be applied by the various ESG rating agencies include carbon emissions intensity; carbon reserve intensity and green revenues.

Conclusion

For monitoring and reporting of ESG risks, it is important to design relevant, effective KRIs aligned to the risk profile. To be effective, they need to be specific and measurable, available on a regular frequency, reportable and ideally based on forward looking assumptions. KRIs should be quantifiable and one of the key challenges particular to ESG related risks is to collect the relevant data so internal IT systems and processes may need to be changed.

In terms of embedding the KRI process it is important to:

1. Design the metric.

2. Agree data sources

3. Monitor the KRI on an ongoing basis

To learn more about risk monitoring and designing bespoke risk dashboards please contact OneRisk Consulting who have supported many leading financial services companies in designing KRI risk and dashboards to provide to support risk.

#climatechange #riskmanagement #esg

Email: martin.massey@oneriskconsulting.com

Book: Climate Change Enterprise Risk Management: A Practical Guide to Reaching Net Zero Goals