WTW surveyed 312 corporate risk managers worldwide. One third said ESG currently influences risk management strategy, and an additional 9 percent said it is set to do so during the next two years. However, only 35 percent of North American risk managers – and fewer in other regions – expect to have documented ESG risk management targets and milestones within two years.
Nonetheless, ESG is high on corporate agendas, with 74 percent of respondents stating that an improved ESG score is a core focus for their business. Regional differences are large, with ESG priorities highest in the Asia Pacific region, with the survey indicating this is lower among North American companies. Overall, 24 percent of US companies have set ESG risk management targets with clear milestones.
Most respondents believe that management of environmental liability risks influences ESG standing, and three quarters have taken actions to address environmental liability and climate risks (four fifths in APAC). However, many have done so without adopting specific goals or key performance indicators.
Risk management and governance intersect most frequently in due diligence linked to risk advisor, broker, and insurance-carrier appointments and reviews. Two thirds of risk manager respondents say they are extensively involved in these areas, compared with around 40 percent that carry out similar work related to suppliers and investment opportunities. Risk managers identified key social risk management priorities as data privacy and cyber risk (97 percent), workplace safety (88 percent), product liability (79 percent), and employment practice liability (78 percent).
Lisa Lipuma, Director of Enterprise Risk Consulting, North America, WTW, said: “Many organisations equate ESG risk with reputational risk, but to manage ESG effectively it must be broken down into measured, manageable risks, and a risk management process established around them. Companies should first take a ground-up look at what ESG is, then identify the specific risks they face through a risk-mapping exercise. Finally, they should assess the impact, likelihood, and velocity of each risk before bringing them into the enterprise risk management framework.”
Source: Continuitycentral