A holistic approach to sustainable risk management

As the business landscape undergoes rapid transformation, sustainability factors have gained prominence and become pivotal to the long-term resilience and prosperity of organizations. While the significance of sustainability-related risks—particularly climate risks—cannot be underestimated, organizations often do not accord sustainability risks the same level of consistent attention as they do for other enterprise risks due to their complexity, long-term nature and lack of standardized metrics.

Integrating sustainability risks within your enterprise risk management (ERM) framework takes advantage of its maturity and the industry consensus on leading practices, frameworks and standards. This integration helps organizations:  

• adopt a more holistic approach to risk management  

• align with strategic goals   

• strengthen resilience  

• capitalize on new opportunities  

• fortify their position in an ever-evolving business environment  

• achieve sustainable success   

PwC’s Global Investor Survey 2024 found that 43% of respondents consider the way a company manages sustainability-related risks and opportunities to be an important factor in their investment decision-making. And business organizations and policymakers worldwide have been taking note of this trend for several years.

The Committee of Sponsoring Organizations (COSO)—which develops ERM, internal control, fraud deterrence and governance guidelines—and the World Business Council for Sustainable Development (WBCSD) jointly issued detailed guidance in October 2018 to address the increasing need for companies to integrate sustainability-related risks into their ERM processes.¹ Furthermore, several regulatory reporting guidelines and standards require organizations to disclose sustainability and/or climate-related risks and opportunities. These include the European Union’s Corporate Sustainability Reporting Directive (CSRD), the International Financial Reporting Standards Foundation's Climate-related Disclosures standard (IFRS S2) and the Office of the Superintendent of Financial Institutions’ (OSFI) guideline B-15. These regulations are adding more pressure on risk managers to integrate sustainability risks into their overall risk management framework. This integration helps consider sustainability risks alongside other types of risks or treats sustainability risks as its own category, creating a more comprehensive and cohesive risk management strategy.

ERM and sustainability share a natural alignment in objectives, emphasizing a holistic approach to decision-making that promotes better and sustainable long-term returns. Both focus on material risks and opportunities integral to achieving long-term organizational goals through focused strategy, stakeholder engagement, performance setting, governance practices, business culture, ethics and reporting and disclosure processes. 

From an operational standpoint, both ERM and sustainability involve risk identification, assessment and mitigation. Integrating sustainability into ERM can enhance overall risk management strategies, leading to greater alignment with long-term business objectives. Several areas benefit from integration, including:

Once material sustainability impacts have been identified, the impacts should be considered using the organization’s ERM framework, with a formalized process for identifying and managing critical sustainability issues, in accordance with established goals and metrics. Challenges often arise during execution and maintenance, which can be addressed by using mature ERM practices and established frameworks such as the COSO ERM framework and ISO 31000 standard.

Many sustainability frameworks embrace a risk-based approach, offering extensive risk libraries. These frameworks can be adapted to align with ERM programs that emphasize objectives and impact goals. For example, the Taskforce on Nature-related Financial Disclosures (TNFD) provides comprehensive approaches (called LEAP) for identifying, assessing and managing climate risks that can be incorporated in the ERM framework. The table below is an example of PwC Canada’s sustainability risk management framework.

This helps appropriately manage and connect sustainability with other units within the organization. The three lines model of risk management can define roles and promote accountability in managing sustainability risks.

Sustainability aligns with ERM processes, focusing on strategic objectives, risk identification, metric setting, reporting and progress management. Integrating sustainability into ERM provides a clear roadmap for operationalizing sustainability across the organization and can include:

ERM often receives critical resources and executive-level support that sustainability can capitalize on for immediate visibility and continuous access to influential audiences. The expertise of ERM managers in integrating ERM processes into strategic decision-making can prove invaluable for sustainability initiatives.

Integrating sustainability into the ERM framework helps fortify risk management strategies, improve capital allocation and create a foundation for long-term viability. This integration improves stakeholder engagement, regulatory compliance and decision-making. Organizations that effectively integrate sustainability into their ERM programs can lead in responsible and resilient enterprise practices, paving the way for a sustainable and prosperous future.

^{1 "Enterprise Risk Management: Applying enterprise risk management to environmental, social and governance-related risks," COSO and WBCSD, October 2018, 
https://docs.wbcsd.org/2018/10/COSO_WBCSD_ESGERM_Guidance.pdf.}