You do not need us to tell you that environmental, social and governance-related (ESG) risks span a massive area. From climate impact to controversial sourcing, employee well-being to executive pay, or business ethics, board diversity and biodiversity – the risk landscape is vast.
And companies are coming under pressure to substantiate what is behind their ESG efforts. A number of governments are moving to mandate ESG disclosures. Investors increasingly expect organizations to include ESG risk management in reporting cycles. And employees want to feel that their employers do what they commit to doing. But once targets have been set, where do you start with assessing ESG risks and describing how you mitigate and control them?
You may be looking to increase transparency into how you control the ESG risks described in your sustainability report or other ESG disclosures. Perhaps you want to get better, ongoing control of risks that manifest themselves at the end of your value chain. Are you simply getting ahead – preparing for imminent increased regulatory scrutiny of ESG risk reporting? Or hoping to secure funding from investors looking to place money in responsible businesses? It could be that your company has recently signed up to the UN Global Compact, or other framework, and you want a tool to identify, prioritize, document, and manage ESG risks. Or your management simply wants to demonstrate to the world that your company is serious about doing the right thing – you get what you monitor, right?
Whatever your reason for looking at ESG risk management and control, we believe Impero can help. Not only help, it will also count as part of your ESG efforts. Why? Because Impero actually supports you to build a robust risk management and control culture, which by definition shows investment in good governance.
ESG entails a coming together of the non-financial controls worlds, a potential multi-disciplinary melting pot of processes and systems. What should be included? Who leads it? Compliance? Legal? Sustainability? How do you get everybody reporting within the same cycles? How do you control it all?
It sounds complex, resource-heavy, and risky – but it need not be. Impero is a simple-to-implement risk management and controls platform that enables you to easily map out risks and monitor your internal controls across a range of entities. From risk identification, prioritization, and mitigation to controls design, operation, documentation and testing, Impero can help you digitize and automate the whole process, drastically reducing ESG risk.
A platform such as Impero can be particularly valuable for ESG risk management, given that stakeholders may be somewhat new to rigorous reporting requirements, internal control monitoring and so on (in contrast to financial reporting risk management, for which formalized and well-established frameworks and accounting principles have been developed over decades, and stakeholders are very familiar with the concepts of processes, controls, audits, etc.).
Structure and mitigate ESG risks across the organization
Link the broad spectrum of ESG risks in a framework that connects them with key performance indicators, process level risks and related internal controls. Design and assign risks and internal controls to business areas, departments etc., based on your organization’s scope, risk assessment and structure.
Continuous assessment of materiality and risk
ESG is not a one-off exercise. Whereas the management of financial reporting risks has grown into a fairly mature process in most companies, ESG is still a moving target. Impero enables ESG officers to work continuously with ESG risks and controls with functionality that allows them to present risk maps, facilitate workshops, establish links between risks and controls, and to change, adjust and amend your risks.
Impero’s “tag” functionality allows you to apply a range of meta-data to your risks, for instance customized materiality levels, which can subsequently be used to create maps and overviews with a single click.
Align the performance of internal controls across an array of functions
Design and apply internal controls to entities, business areas etc., assign them with the desired performance frequency to specific employees and managers within the organization. The automated workflow notifies employees and managers when internal controls are to be performed and reviewed, ensuring timely performance of controls.
Assess whether controls are effective
Storing all ESG risk management information in just one place combined with a powerful reporting module facilitates evaluation of control performance and identification of issue areas. Drill-down features and pivoted reporting functionality allows insight even down to specific internal controls or employees – to verify effectiveness of the internal controls over non-financial risk and reporting data.
Build trust in ESG risk data and the key indicators reported
Of course, Impero allows you to provide view access to internal and external auditors, who can rely on clear audit trails to observe and evaluate control performance as a basis for audits of ESG reporting.
Other key stakeholders, such as board members, can also be given such view access, or can automatically receive Impero’s “push reports” giving real-time data directly from a link in an email.