Agnese Bankava

PwC Head of Risk Management Services

Ilze Briede

PwC senior consultant in the audit and risk assurance department

In today’s rapidly changing world, organisations need to be proactive to stay competitive and they also need to regularly assess potential business risks and opportunities. When it comes to assessing risks and opportunities, businesses often opt for enterprise risk management – the culture, capabilities and practices an organisation integrates with setting a strategy and applies when it carries out that strategy, with the purpose of managing risk in creating, preserving and realising value.¹

The significance of risk management in an organisation

Risk management is still an integral part of corporate governance in every organisation that seeks growth, according to PwC’s Baltic CEO survey. 40% of CEOs in Latvia, 45% in Lithuania and 49% in Estonia say their organisation will not be economically viable in ten years’ time if they keep their current business model. Corporate awareness of risk management practices has significantly improved over the past few decades. An organisation’s management, i.e. the council or other senior management members according to the governance structure (‘management’), has overall responsibility for managing the organisation’s risks. Yet it’s important for the management to encourage conversations with the board and other senior management members about using the organisation’s risk governance to obtain competitive advantages.

Enterprise risk management is a strategic approach that organisations use to identify, assess and manage risks that could affect their goals and overall success. Effective risk management gives your organisation a number of advantages:

• It increases the range of opportunities by considering positive and negative risk aspects.
• It maximises positive results and advantages, while minimising negative surprises.
• It enables you to proactively respond to risks, not only react to events.
• It improves your ability to identify and manage all of your organisation’s risks.
• It reduces the volatility of performance.
• It improves the allocation of resources.
• It leads to meaningful conversations between the management and the board about the risk framework.

Environmental, social and governance (ESG or sustainability) risks are becoming more relevant because EU directives, investors and other stakeholders are pushing organisations to integrate ESG-related risks into their risk management. The interaction between risk management and sustainability is crucial for organisations that aim to create lasting value while mitigating potential risks. Every day organisations face a varying range of sustainability risks that can affect their profitability, success and even operations.

Sustainability risks in an organisation’s risk management

ESG risks are nothing new. Governments and businesses have been assessing governance risks for many years, focusing on aspects such as financial accounting and reporting practices, the significance of board management and composition, fight against bribery and corruption, business ethics, and executive pay. However, the relevance of risks inherent in ESG areas has grown rapidly over the last decade. In addition to an obvious increase in the number of environmental and social issues that organisations now have to consider, more attention should be paid to the internal oversight and management of these risks and culture.

ESG-related risks are often described as volatile, interrelated, long-term, or less known to the organisation – that is why they are difficult to manage effectively. However, the potential impact of these risks on an organisation’s operations may be significant, and so the organisation’s responsibility for managing these risks is not different from any other business risk. Even if ESG matters are managed by a separate function (e.g. a sustainability function), integrating ESG-related risks into the organisation’s key risk management processes is vital to help the organisation and its management carry out its obligations.²

Interaction between sustainability and enterprise risk management

Sustainability professionals play a key role in identifying ESG risks. These risks may substantially affect an organisation’s long-term operations – sustainability cannot be separated from the enterprise risk management focus on long-term value creation. That is why ESG aspects are increasingly integrated into enterprise risk management systems. Sustainability practice promotes your brand reputation, while enterprise risk management helps you protect this reputation by avoiding risks associated with environmental incidents, labour law breaches or supply chain issues. Despite the synergy between sustainability and enterprise risk management, many organisations still lack a balance. To bridge this gap, it’s essential to secure liaison between the risk management and sustainability teams.³ In PwC’s 2021 survey of corporate directors, only 62% said their boards discuss ESG risks as part of enterprise risk management. Integrating sustainability into enterprise risk management can help organisations overcome risks more effectively, create lasting value and make a positive contribution to the community and the planet.

Integrating ESG-related risks into an organisation’s risk management requires a comprehensive approach from professionals throughout the organisation. Sustainability professionals have expertise in ESG risks and opportunities, and they know the best ways to avoid those risks or to take those opportunities without ignoring the organisation’s value chain and stakeholders. Risk management professionals have expertise and skills in identifying and assessing risks, setting priorities, implementing risk mitigation measures and monitoring their effectiveness.

Since integrating ESG risks into risk management processes is crucial for organisations aiming to create sustainable value, below are a few practical steps in implementing this integration:

1. Define and integrate ESG risks just as any other business-related risk.
2. Assess the impact of ESG risks on your organisation, considering climate change, technology disruption, geopolitical volatility, and supply chain vulnerability.
3. Make sure the management actively engages with ESG matters.
4. Promote liaison between your risk management and sustainability teams, also by educating your staff on ESG risks and their impact on your organisation.

If your organisation strives to build a risk management system that promotes sustainable business, please reach out to PwC risk management leader Agnese Bankava to set up a meeting and discuss your needs.