How sustainability fits into enterprise risk management

How sustainability fits into enterprise risk management

House of cards
It's possible to gain a competitive advantage by managing risks in the supply chain, human capital, legal and beyond under one roof.

In a rapidly changing world, businesses must regularly assess threats and opportunities as they strive to maintain a competitive edge. For many organizations this analysis is referred to as risk management.

For sustainability professionals, it is important to get connected to these efforts as it can provide an opportunity to identify important environmental and social issues in the context of an organization’s strategic planning process. But for many organizations, there is a disconnect when it comes to the intersection of sustainability and risk management.

To help address this, GreenBiz published a new report Thursday, “Unlock Growth by Integrating Sustainability: How to Overcome the Barriers,” developed in partnership with the Marsh & McLennan Companies and the Association for Financial Professionals (AFP). We also recently hosted the webcast “Closing the Gap Between Risk and Sustainability” (which you can replay here).

Alex Wittenberg
<p class="p1"><span class="s1">Alex Wittenberg, executive director of the Global Risk Center at Marsh &amp; McLennan Companies</span></p>
To understand the potential intersection of sustainability and risk management, I talked with Alex Wittenberg, Executive Director of the Global Risk Center at Marsh & McLennan Companies. The following has been edited for length and clarity.

John Davies: Where does risk management sit in the corporation and what's the role of enterprise risk in a corporation?

Alex Wittenberg: If you look at the topic of risk, it emanates from a lot of different places. You have financial risk such as interest rates and currencies that are largely owned by the Treasury Department. You have operational risks that you would often associate with the process of manufacturing or supply chain or delivering product to clients, and that would be naturally associated with business units or operations.

You then also have risks that are associated with your people, which often reside in the human capital or human resources department. And then you have a myriad of other risks that don't necessarily always have an obvious owner. Some will reside in legal, or product development and some will actually be with the corporate responsibility team.

The role of enterprise risk management is to pull together all these different types of risks — whether they're financial, operational, or strategic — into one place so that companies can start thinking through and prioritizing what is most impactful to the organization. Often companies establish a risk committee with representation from core areas of the business representing the ownership of these different risks. 

Davies: You and I have talked several times about the evolution of the risk management role in companies, the later evolution of sustainability roles in business and a number of parallels between those two functions. Can you talk a little bit about how risk management evolved in corporations?

Wittenberg: For a long time, the risk professional considered risk as a unique activity inside the organization. It wasn't part of strategic planning. It wasn't part of financial planning or business planning. It was, "Let's think about the risks that could most impact the organization" as an activity that took place in a silo. And certain reports were produced — whether it was a risk map or a risk register — and provided to the board of directors on an annual basis, divorced from the ongoing processes that run the typical corporation.

The role of the sustainability practitioner reminds me of those days — where people are saying, "Well, you know, these are the important aspects of sustainability for our corporation. We're going to write a sustainability report and give it to the board and everyone will know how important these things are."

But in many cases, it's not really connected to how the corporation thinks of itself and its day-to-day activities and what it's actually trying to accomplish. 

What is striking is that risk management in the late 90s and early 2000s was often driven by applying external frameworks and processes to the organization. So, whether it was COSO or the ANZ framework or any number of other frameworks, companies were looking for that kind of outside template that could be applied to allow them to tick the box for ERM. And it strikes me that sustainability is in a similar spot right now with the various reporting frameworks like CDP, SASB, GRI, and others.

You have to get over that hump that the risk folks got over. The financial crisis probably helped, but they got over it and now people think less about, "We have risks in our organization" and more about, "We have variability in earnings. We have variability in the strategies we're executing." And what is causing this variability? Risk.

We’re starting to see more of an integration where the right time to have the conversation about risk is when you're having the conversation about strategy or the business plan or the financial plan. And I personally believe when you think about the issues that are in the bailiwick of the sustainability professional, they often tend to be characterized as long-term risks that are creating variability in long-term performance, impacting the actual sustainability and viability of the business.

The right time to have  discussions about those risks is when you're talking about the long-term strategy for the business. Similarly, sustainability leaders have to get over the notion of being a discreet organization off to the side and become more integrated in evaluation of the strategy of the business and the financial performance of the business.

Davies: In your practice, have you seen more of an uptake where this conversation around risk and sustainability is really starting to happen in more organizations?

Wittenberg: Sara Matthews, the former CEO of Dun & Bradstreet said, "It's the power of "and". It's about doing the right thing and having improved financial performance."

But they aren't really divorced from each other. The smart people find those places where it does align. And we're seeing a lot more effort and a lot more success. 

Davies: It’s important to note that when we talk about risk, we’re really talking about risk and opportunity as both two sides of the same coin. 

Wittenberg: Exactly. When we talk about risk, it's really those issues that drive variance from the expected outcome. So, if you think about it, if you expect to make 100 widgets in an hour or if you expect to make 10 cents of earnings per quarter, it's really thinking about those issues that cause you to make 9 cents or 11 cents. And that's one aspect of it.

The second aspect of it — and this is the part we think the board should get on board support — is, "You said I could make 10 cents if we make this investment. And we'll make that 10 cents in 5 years. How do I make it in three years?"

So, literally, it's either about making the outcome more predictable or it's about making the outcome skew towards a better than expected. Or, frankly, it's about accelerating the outcome. 

I personally spend a lot more time thinking about the opportunity side. It's not that downside risk isn't important, because certainly it is. If you're a brewing company  and you run out of water, you're not making any beer. Simple as that. But while you're thinking through how important it is to have high-quality inputs, it's also about using those inputs as competitive advantage and being able to generate more market opportunity. 

Davies: Any final advice for our readers?

Wittenberg: If more people thought about the external manifestation of sustainability as competitive advantage, you would apply a different thought process. Second, I would like to make sure everyone's really clear that the institutional investor is a lot more interested in this than many people think.

And third, it is important for the sustainability professional to make the effort to actively engage with the risk and finance teams to more effectively integrate their thinking with those of the commercial operations of the organization.

Davies: Thanks, Alex. That could be the start of an even longer conversation.