The intersection of ESG and risk assessment
INSIGHT ARTICLE |
For many decades, the responsibility of a corporation was framed bluntly: to increase its profits (so long as the company acted legally). Some politicians, fund managers and CEOs have broadened that simple assessment to now consider environmental, social and governance (ESG) responsibilities. Investors—large and small—have weighed in to show that they care about ESG factors. And when investors care, boards of directors naturally care, too.
ESG is more than a three-letter acronym that stands for a trio of specific concerns. Instead, ESG includes enough concepts to construct an acrostic with more than a dozen letters. In addition to broad ESG nomenclature, the acronym includes topics such as human rights, cybersecurity and data security, climate change, sexual harassment, safety, water scarcity, energy management, diversity and gender, business ethics, intellectual property protection, political involvement, compensation of all levels of employees, and others. Obviously, not all of these concerns apply to every company; and when they do apply, it is to varying degrees.
Ratings firms analyze this plethora of nonfinancial data. Some investors say they use this information in deciding which shares to buy or not buy; and some companies rely on these ratings in selecting their suppliers. However, problems have risen with the accuracy and completeness of this data in some categories.
Despite the cloudiness of ESG-related data, many S&P 500 companies provide ESG or sustainability reports. And there is a growing trend for disclosure of some ESG-related risks in Form 10-K filings. Investors may demand more disclosures with more accuracy in these disclosures. The potential for regulations of such matters in the United States is increasing.
What role can the board of directors play in the multifaceted ESG arena? One way the board can add value is by ensuring that the company’s CEO addresses each identified ESG risk and opportunity appropriately. The audit committee, as part of its enterprise risk management function, can take a deeper dive into matters such as internal control over the procedures used to gather, disclose and report company data to ratings firms, regulators and auditors.
Rather than chasing every risk in the ESG puzzle, it’s important for a company to stay focused on those with the most potential effect on the corporation and its stakeholders by starting with a robust risk assessment. There are a number of specific questions the board can consider:
- Has the company provided the board with appropriate ESG risk assessment matrices, metrics and/or dashboards?
- Has the company performed a comprehensive review of potential risks not previously considered?
- In addition to investors, will ESG ratings affect the corporation’s relationships with others (e.g., customers)?
- Is company leadership properly focused on ESG risks? What is the CEO doing to address all applicable ESG-related risk factors and opportunities? Does the CEO’s performance review reflect ESG risks, responses and related business strategies?
- Does the company have enough people focused on ESG risks, or has this become an add-on responsibility for existing employees?
With respect to the disclosure of ESG-related matters, the board should consider questions such as the following:
- How is the company scored by rating agencies, and is the scorecard accurate?
- Does the corporation have adequate internal controls for the quality and completeness of ESG-related information provided?
- To rating agencies
- On the company’s website
- In its press releases
- In its filings with the Securities and Exchange Commission
- How does the company compare with its peers and their best practices?
- Is there a need for internal disclosures to employees as some may have concerns about ESG-related matters?
- Are potential disclosure regulations anticipated and prepared for?
With ESG factors becoming an increasing point of focus, corporate boards can add value by overseeing risk reductions related to the highest risks in the full panoply of nonfinancial factors in the ESG bucket. These risks go to the board’s central function of overseeing the ultimate sustainability and long-term value of the corporation. Business performance and long-term value are increasingly linked to more than just financial shareholder returns.
Audit committees play a critical role by overseeing and monitoring the financial reporting process for their organizations.
Understand where lapses in your internal controls during COVID-19 amidst the new work environment are and create plan for resolution.
FINANCIAL REPORTING INSIGHTS
The PCAOB recently published information for auditors and audit committees regarding audits involving cryptoassets.
Cybersecurity challenges require an audit committee to communicate with its board about risks and incident response plans.