Add to collection(s) Add to saved
  1. Business
  2. Management

Sustainability, Risk and Opportunity: A Holistic Approach

advertisement 
Sustainability, Risk and Opportunity:
A Holistic Approach
Dave Pollard CA and David W. Stephen CA
Toronto, November 2008
Sustainability, Risk and Opportunity: A Holistic
Approach
Dave Pollard, CA and David W. Stephen, CA
Toronto, November 2008
This paper examines the issue of environmental sustainability from a business perspective. There
are a number of reasons why this perspective is important:
(a) Business leaders are well aware that the issue of environmental sustainability is becoming a
key strategic imperative. Unfortunately, there is little consensus on exactly what most
businesses should do to respond to demands that they take action. Environmental
regulation around the world is a patchwork of rules and enforcement mechanisms which
make it difficult for businesses to be certain that they meet even the minimum compliance
standards.
(b) The costs of dealing with environmental sustainability issues are seen as being incremental
to all of the other costs of doing business and there is, most often, little perceived benefit. As
business activity slows and demands increase to cut costs, businesses may reduce their
efforts in this area.
(c) While a great deal of research has been done on issues of environmental sustainability,
most of it looks at issues from only a macro-economic perspective. Individual business
entities need to find a way to understand how particular issues affect (or do not affect) their
business.
(d) While it is entirely appropriate to focus on the negative impact of climate change and other
environmental sustainability issues, there are also major opportunities created, and
businesses need to find ways to identify and take advantage of these opportunities.
What is sustainability?
The term sustainability has many meanings, depending on the subject and context.
Environmental sustainability describes the capacity of the environment to continue indefinitely to
provide a healthy place for us to live and work and the resources necessary to sustain a healthy
economy and businesses.
Importantly for this discussion, we can also define the term “business sustainability”
as the capacity of a business enterprise to continue to operate successfully, i.e. to generate
sufficient and appropriate economic activity to meet stakeholders’ requirements on an ongoing
basis. We believe that, indeed, business sustainability is the most critical long-term objective of
most business enterprises.
While these two types of sustainability are different, they are also, in today’s world, inextricably
linked. If the environment ceases to be sustainable, enterprises that depend on it for resources and
on healthy consumers for purchases of their products will cease to be economically sustainable.
The gradual reduction in the sustainability of our global environment will result in the consequent
reduction in the ability of business enterprises to sustain themselves economically and remain
viable. At the same time, enterprises that are not economically sustainable -- those that require
more and more energy and non-renewable resources and that pollute the environment -- will
ultimately contribute to environmental unsustainability as well.
Figure 1: Components of Enterprise Risk
Many people believe that the greatest sustainability issue that we face today is the threat of climate
change. This is, of course, an environmental sustainability issue but it is also a business
sustainability issue: if we are unable to control greenhouse gas emissions to prevent the drastic
changes that scientists warn us about, the cost, in loss of and damage to human life and habitat,
increase in pandemic diseases, resource loss, natural disasters and rising sea levels, may well
destroy our economy and make all business enterprises unsustainable.
Long before any of this happens, however, climate change and other environmental sustainability
issues will have important effects on virtually every business. It is precisely the question of how
business enterprises respond to these risks that will determine their own sustainability.
Regulatory compliance
Transportation costs
Business reputation
Food supply
Insurance cost
Disaster preparedness and recovery
Supply chain disruption
Decline in crop yields, forest and ocean resources
Natural resource costs
Food plant, animal and human diseases
Water scarcity
Droughts, flooding, desertification, severe weather
Energy costs and supplies
Glacial melt and commensurate sea level rise
Transportation and infrastructure stability
Permafrost instability
Business interruption and continuity
Ocean current changes
Infrastructure disruptions and maintenance
Figure 2: Some Climate Change Risks
Sustainability as a Business Risk
Every year, the economists who meet in Davos at the World Economic Forum present an updated
estimate of the major risks facing the business world and the global economy. They do this using a
grid that shows the two dimensions of risk:
•
•
The likelihood or probability of the risk occurring (expressed as a percentage) and
The severity or consequences if the risk does occur (expressed in monetary units)
In 2008, they produced the following matrix of 26 global risks (Note: NPT is nuclear nonproliferation treaty; CII is critical information infrastructure):
Figure 3: Matrix of the 26 Largest External Business & Economic Risks, 2008
(Source: Davos World Economic Forum Global Risks 2008 Report)
The risks that are most closely connected to environmental sustainability and to climate change are
marked in red. Many of these risks are interconnected, and a major crisis of one type could trigger a
series of related crises, a domino effect. It is unwise, then, to attempt to assess any of these risks in
isolation from the others.
In addition to external risks such as those shown above, most businesses also face a host of
internal risks, some of which are specific to an individual business, some to an industry and some to
a broad array of business enterprises in different industries. A brief list of such risks follows:
•
•
•
•
•
•
•
•
•
•
•
•
Fraud, litigation and compliance and governance failures (including environmental actions and environmental
compliance failures)
Transaction failures (mergers, divestitures, recapitalizations and acquisitions- including failures due to
environmental liabilities)
Security and systems failures (including those caused by environmental problems)
Scandals, marketing failures and reputational crises (including those caused by perceived social or environmental
irresponsibility)
Supply chain crises (including those caused by suppliers’ environmental problems, energy shortages or energy
costs)
Labour problems
New regulations (Including environmental)
Cost inflation and interest rate increases
Competitive threats (including early adopters of environmental innovation)
Market shifts
Takeovers and industry consolidation
Insurance crises (including those caused by environmental disasters
Figure 4: Examples of Internal Risks
It is clear, then, that business sustainability incorporates the ability to operate in the face of
environmental risks and threats, and is therefore closely linked to environmental sustainability.
Equally importantly, managing an enterprise’s business sustainability is inseparable from managing
its risks, including environmental risks.
Enterprise Risk Management
The development of Enterprise Risk Management models and techniques has progressed rapidly
over the past decade, roughly in parallel with the evolution of concerns about environmental
sustainability. These models are designed to identify, assess and, to the extent possible, manage
the risks that any organization faces in attempting to achieve its various business objectives. The
development of these models and techniques was a function of a number of factors:
(a) Major business failures and near failures have caused senior management and Boards to
examine the reasons why specific risks (both internal and external) were not identified and
acted upon.
(b) While many businesses have historically had risk management functions as part of various
line and functional business units, this silo approach has limited the ability to communicate
across functions and, more importantly, to identify multi-dimensional risks. A more effective
and efficient approach was needed.
(c) In some cases, senior executives and Board members did not believe that they were doing
an effective job of identifying important strategic risks. At the same time, pressure to improve
governance processes necessitated improved risk assessment and documentation.
(d) The ever-increasing cost of compliance has driven businesses to attempt to integrate their
risk management and compliance activities.
We have seen that there are many different types of business risk: environmental and not, external
(many of which may not be controllable) and internal (which are generally easier to identify, assess
and manage). There are risks that are marked by one-time events and there are risks that will
permanently shift or disrupt the market, an industry or the entire economy. Some risks require an
immediate and obvious response and others require a thoughtful long-term strategic response.
Many risks are managed in the normal course of business. Others (often dependent on the
occurrence of quite unlikely events) fall in the catastrophic risk category. To be useful, any ERM
model must address and deal effectively with all of these risks.
Internal
External
Directly controllable or predictable, low uncertainty
Difficult to control or predict, high uncertainty
Independent, distinct
Interrelated or interdependent
One-time events, recoverable
Permanent shifts
Short term
Longer term
Business or industry specific
Endemic
Figure 5: Some Ways of Categorizing Risks
As indicated earlier, the development of ERM models and techniques began in earnest about a
decade ago in a number of countries, including Canada, the United Kingdom and the United States.
Some ERM techniques also began to appear in various pronouncements of the EU. At the same
time, a number of businesses began to work with various approaches to ERM.
In 2004, The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
produced the publication “Enterprise Risk Management: Integrated Framework”. While various
approaches to ERM continue to be developed, this framework and its derivatives appear to be the
most widely accepted and used at the present time.
The question, then, is whether an ERM framework such as the COSO model can be used to
identify, assess and manage the various risks to a business enterprise resulting from environmental
sustainability issues. We believe that the answer is yes.
Figure 6: A Summary of the COSO Risk Model
It could be argued that the risks associated with environmental sustainability are different from other
types of risks and are not susceptible to the same analyses as more conventional risks. For many
organizations, most of the risks associated with environmental sustainability are external and many
are unpredictable, complex and unfamiliar. In addition, they may be outside the organization’s
acknowledged areas of competence. They may be associated with permanent shifts in economic
and business realities that would normally be viewed as unmanageable. Nonetheless, if the
mandate of the Board and management is to ensure that the business is sustained, then these risks
cannot be ignored.
The ERM models in existence today (such as the COSO model) are broad and robust enough to
deal with all of the issues identified above if they are used properly. Two points are worth noting.
First, the concept of risk has been broadened to include any and all events, uncertainties and
possibilities that might impact (positively or negatively) on a business. In addition, the process of
risk identification is intentionally open-ended and continuous, so as to capture all possible risks, and
to do so on an ongoing (as opposed to point-in-time) basis.
Secondly, it has become widely accepted that the implementation and ongoing management of the
ERM process must be “owned” by the Board and senior management. Perhaps most importantly,
strategic risks (which include many of those associated with environmental sustainability) must be
monitored and managed by the Board and senior management. This ensures that the highest level
of attention is give to these risks, and that those risks that have long-term, subtle and/or interrelated
impacts are managed by the most qualified people in the organization.
The ERM Process
In order to understand how the ERM process works and in particular how it can be useful in dealing
with issues of environmental sustainability, we will look at the individual components of the model.
We have chosen to use the COSO model as our example but other models are similar. The
following descriptions are brief summaries only and are intended only to provide an overview. The
COSO publications themselves provide much more detail, as well as helpful examples. The COSO
model (see Figure 6) identifies eight components and we will describe each.
1. Internal Environment
This is intended to be the high level component of the model, in which the Board and senior
management establish the overall tone of the organization, creating a level of risk consciousness
among its people and laying the foundation for all of the other components. In this component,
management describes the businesses’ overall riskmanagement philosophy, its appetite for risk on
an overall basis, the ethical values and integrity expected in the organization and the way in which
the business is organized, among others. The objective is to lay the foundation for the more
detailed components that follow.
It is easy to see how this component links to issues of environmental sustainability. Many
businesses will likely choose to specifically reference the issue in dealing with issues such as risk
appetite and ethical values, among others.
2. Objective Setting
In this component, strategic objectives are identified, and these provide the basis for various
operations, reporting and compliance objectives. These strategic objectives must be aligned with
the internal environment (component 1), and in particular with the risk appetite of the business, as
they provide the framework for most of the day-to-day activities of the business.
The linkages to issues of environmental sustainability are again clear. At the most basic level,
business operations must conform to the broad values described above, reporting processes
(internal and external) must reflect both internal decisions and external requirements and externally
imposed compliance objectives must be met. The rapid evolution of both reporting and compliance
requirements related to the environment creates major challenges, and it is very helpful that these
requirements can be managed within the ERM model.
3. Event Identification
In this component, management uses various methods to identify potential events that, if they
occur, will affect the business, and further determines whether they represent opportunities, risks,
or both. In pursuing this process the objective is to cast the widest reasonable net. In addition to
internal issues, management must look at a broad array of external factors including economic
issues, political and geo-political issues, social and demographic factors, technological
developments, and, of course, environmental issues. Many different techniques are used to identify
potential events but the most critical needs are to ensure that the inventory of potential events is as
complete as possible and that it can be updated quickly as new events happen.
4. Risk Assessment
Risk assessment is at the core of the model. It requires business to consider the extent to which
potential events (identified in component 3) may have an effect on the achievement of the defined
business objectives (identified in component 2). As indicated earlier, events are assessed from two
perspectives, likelihood and severity. While both qualitative and quantitative methods are used to
assess risk, experience suggests that every effort should be made to quantify the effect of events
as precisely as possible; purely qualitative assessments often prove to be dangerously wrong.
It is important that the positive and negative impact of potential events be assessed across the
business, as a single event may have differing impacts across, for example, different business
units. In addition, the combined effect of multiple simultaneous or consequential events needs to be
evaluated, as difficult as this will often be.
Issues associated with environment risks and with environmental sustainability will be an important
component of the risk assessments undertaken by many businesses. The model provides an
excellent framework for evaluating risk and opportunity but a great deal of skill will be required to
adequately and accurately assess these issues in a quickly evolving environment.
5. Risk Response
Once a business has assessed its relevant risks and opportunities, it must decide how to respond.
Risk responses, under the COSO model, fall into four broad categories:
•
•
•
•
Avoidance -- Exiting the activities giving rise to the risk, to prevent any exposure to it.
Reduction -- Taking action to reduce (or mitigate) the likelihood or severity, or both, of a risk
to the point where the residual risk is tolerable.
Sharing -- Reducing the likelihood or severity of a risk by transferring or sharing a portion of
the risk through insurance, hedging or other methods.
Acceptance -- Taking no action, as the risk is within the tolerances of the business’ risk
appetite.
We suggest it is useful and important to add one further possible response to the four identified in
the COSO model, and that would be adaptation, which we would define as detecting the occurrence
of risk-related events or permanent environmental shifts, and being prepared to change processes
and operations to adapt to them.
This is clearly a crucial process and involves a detailed assessment of costs and benefits. Any or all
of the above responses may be possible in dealing with environmental risks, and decisions will
often be difficult; nonetheless, if applied consistently the model provides an excellent framework for
making these decisions.
6. Control Activities
Control activities are those that operationalise the various responses to risk. They include policies
and procedures that are put in place throughout the business, at all levels and in all functions.
These activities include a broad range of tasks, including approvals, authorizations, reviews of
operating performance, and many others, all oriented to ensuring that the defined risk responses
are carried out.
7 and 8. Information, Communication and Monitoring
An effective system for gathering and communicating information about risks is necessary to ensure
both that decisions are properly understood and implemented and that new and updated
information can be dealt with on a timely basis. The complexity of the issues surrounding
environmental sustainability and related risk demand that information about risks, as well as their
assessment, response and control be shared up and down the organization and across functional
and operating units. This will be particularly true as more regulations are promulgated and as
environmental events become more frequent and severe.
An effective system must also be in place to continually monitor both the internal and external
environments to identify new or changing risks at the strategic, operating, compliance and reporting
levelsincluding environmental risks.
Accommodating Environmental Risks and Environmental Sustainability in the ERM Model
While the above is only a high-level summary of the COSO ERM model, it should be apparent that
it accommodates environmental risks well. Some other aspects of sustainability management are
not explicitly addressed in the model. However, we believe the model can accommodate them with
some elaboration and additional research. They are:
(a) The co-dependency between business and “the environment”
(b) The relationships between risk, compliance and governance
(c) The high degree of uncertainty and non-controllability of many environmental risks
(d) The complex interdependency of some environmental (and other) risks
(e) The asymmetry between risk and opportunity
Each of these aspects will now be addressed.
The Co-Dependency Between Business and “the Environment”
Environmentalists are fond of saying that what most complicates our ability to address
environmental issues and threats is our insistence on referring to “the environment” in the third
person, as if were something external or apart from us. We can only deal effectively with these
issues, they assert, if we acknowledge that we (and our enterprises) are an inseparable part of the
environment, and that hence everything we do affects the environment and vice versa.
This is why it is so important to acknowledge the inseparability of environmental risks from business
risks and environmental sustainability from business sustainability issues, as we have done in this
paper.
Much of the business literature on environmental sustainability focuses on both what are called
“inside-out” risks (the risks each business’ activities pose to the overall environment) and what are
called “outside-in” risks (the risks events in our global environment pose to each business within it).
Environmental literature proposes principally mitigation responses for the former and adaptation
responses for the latter.
We believe this approach is too simplistic. While most suggested mitigation activities address only
how companies can reduce their environmental impact, the ERM model acknowledges that
companies can also mitigate the effect of “outside-in” environmental risks (e.g. by building stronger
structures and redundant systems to withstand severe weather events).
We believe that a proper response to environmental risks, as part of a program to become more
environmentally and economically sustainable, requires that each enterprise consider all five types
of risk response activities in the context of both “inside-out” and “outside-in” risks. So, for example,
a power company might choose to shut (exit) coal-burning facilities as an avoidance response to
both “inside-out” and “outside-in” environmental risks, and invest instead in sustainable, renewable
energy programs and innovations.
We acknowledge that we have added a category (adaptation) to the four COSO ERM risk response
categories, in this paper. We believe that it is an essential response in increasingly complex
business environments, and not just in relation to environmental risks. Not all risk events are
temporary, and often the only response to permanent environmental shifts is to adapt oneself and
one’s enterprise to them.
Another aspect of this co-dependency between business and “the environment” is that many people
believe businesses (and all of us) have a responsibility for the sustainability of our whole planet that
extends beyond just what their organization does that adversely affects the environment.
We have argued in this paper that, because of the inseparability of environmental and business
sustainability, by doing holistically what is optimal for their organization’s business (economic)
sustainability, they will in fact be doing all they can do to contribute to global environmental
sustainability at the same time.
For example: Every enterprise must, in the process of assessing its sustainability risks, the threats
to its supply chain and to its customer base. If it is to be sustainable, it is incumbent on an
enterprise to cease buying from suppliers whose business model is not (environmentally or
otherwise) sustainable, in favour of those whose are.
While we acknowledge there can be time delays before an organization realizes that some activities
that may be profitable in the short run are unsustainable and therefore indefensible in the longer
term, we would argue that this is a problem of short-termism (to be resolved through better
information and risk management practices) rather than a problem of environmental or social
irresponsibility (to be resolved somehow by encouraging enterprises to behave in a more “moral”
way).
The Relationships Between Risk, Compliance and Governance
Traditional applications of the ERM model tend to focus on internal, controllable risks. This enables
the tasks of ERM to be assigned to a risk officer and/or others in the organization for action,
matching responsibility to authority. The difficulty with such approaches is that many risks cannot be
neatly assigned to any responsible internal function, especially external risks (including many
environmental risks).
Such risks are normally left as the responsibility of the CEO and the Board of Directors. There are
two problems with this:
(a) The CEO and the Board are not normally expected to be knowledgeable about and
responsible for compliance issues, so risk of non-compliance with environmental regulations
may not be competently addressed by those charged with responsibility for it; and
(b) As business operations and threats become increasingly global, external and complex,
neither the CEO nor the Board can be expected to be competent in assessing and
responding to the related risks, including environmental risks such as those posed by
climate change.
Some of us in the accounting profession are now being called upon, as a result, to fill the first of
these two voids, and to advice on the second. Many of us are working, therefore, with professional
engineers and other experts to help our clients comply with regulations on inventorying, reporting
and reducing greenhouse gas levels. The artificial veil between enterprises and “the environment”
has been breached, and we are just beginning to understand how to deal with it.
Any effective ERM model must incorporate all compliance risks, and governance risks, and while
environmental issues demonstrate the challenges in accommodating them, globalization and other
complex issues will increasingly present further challenges to doing so. While there is no reason to
believe the ERM model cannot be enhanced to accommodate such challenges, further research is
needed to ensure that practical implementation of the model is possible, as complex compliance
and governance risks increasingly present a challenge to existing management models.
The High Degree of Uncertainty and Non-Controllability of Many Environmental Risks
Conventional wisdom dictates that the best response to highly unlikely risks is to insure or hedge
against them -- the COSO “sharing” response (if the potential consequence is large), and that the
best response to individually immaterial risks (if their probability or frequency is high enough) is to
accept them as a normal cost of doing business -- the COSO “acceptance” response.
This wisdom works fine when the likelihood (probability or expected frequency) and potential
consequence of these risks is reasonably quantifiable. But in the case of environmental risks, there
is a high degree of uncertainty of both, and reducing or mitigating these risks is not really an option
because they are largely outside the enterprise’s control. What do you do when you can’t place an
environmental risk anywhere on the risk matrix with any precision?
The response of insurance companies to this challenge is increasingly to stop insuring such risks -as many home and business owners in coastal areas of the world have discovered. So the
“sharing” and “acceptance” responses are not available. And a “reduction” response is often either
impossible or uneconomic. Do you build your new facilities to withstand a Category 5 hurricane? A
future Category 7? Do you locate at least five meters (or twenty) above sea level to reduce the risk
of glacial melt submerging you?
This challenge is so unmanageable that managers in many organizations just throw up their hands
and do nothing, hoping the likelihood and consequence won’t, taken together, be too high. But as
we learn more and more about climate change risks we are beginning to appreciate that denial is
not a rational response to highly uncertain but potentially devastating risks. The only viable
response is the one we have added to the COSO model: adaptation.
Adaptation has long been acknowledged by environmentalists and sustainability experts as a
necessary strategy for coping with environmental risks, but it has rarely been accommodated in
ERM programs because it is poorly understood and doesn’t fit well with traditional ERM programs
that are focused on controllable, internal and readily measurable external risks. Adaptation might
best be described as “being prepared for the unknown”. It is an established complexity
management strategy, but to date few organizations seem aware of complexity theory and the
approaches to dealing with complex systems and risks that it describes.
Conceptually, complex systems are those that have too many variables for any kind of precise
causal analysis or predictability to be possible. Most social and ecological systems are inherently
complex, which is, according to theorists, why social problems (such as war, terrorism and poverty)
and ecological problems (such as climate change and disease pandemics) are so intractable. In
some cases, by “probing” them to look for patterns and learn about them, it may be possible to
influence them, but it is impossible to predict outcomes from them or plan for all possible
eventualities.
One adaptation strategy is to reduce your vulnerability to these risks, e.g. by building new facilities
away from coastal regions and hurricane zones, and ensuring any new business is not dependent
on non-renewable or scarce resources.
A second adaptation strategy is to be prepared to change your modus operandi in the case of a
social or ecological crisis. Most crisis management strategies depend on redundant systems and
contingency plans, but such programs (as we learned from 9/11 and Katrina) depend on our ability
to predict possible contingencies, and in complex systems this is rarely possible.
While redundant systems, contingency plans and similar preparedness programs are certainly
worthwhile (provided they are economic), what is required is that each enterprise be resilient, able
to adapt itself and its business operations quickly, even in the event of unforeseeable eventualities.
What we believe is needed is for enterprises to develop more robust adaptation response strategies
to be prepared for unpredictable, catastrophic risks, including the growing environmental risks we
are now beginning to face more frequently and intensely.
Developing these adaptation responses should be a priority for ERM organizations, since few of
them exist today. Research in this area is urgently needed. While we wouldn’t presume to suggest
what these “enterprise resilience practices” might look like, they might include:
•
•
•
•
•
•
Simulation exercises, involving all employees
Granting greater autonomy to each division and department of the enterprise, rotating
positions and management
Enabling workers to do their jobs fully from home
Providing awards for innovations that make the enterprise more resilient, adaptable and
resource-independent
Full costing of externalized social and environmental costs, to see what the effect on the
enterprise would be if this externalization were no longer possible
Scenario planning exercises that might envision situations such as $200 or $500 per barrel
oil, the need to operate for extended periods without heat, water, electricity or
telecommunications, a civil war in China etc.
Risk adaptation response strategies should be developed, we suggest, for any risks that cannot be
accurately positioned on the risk matrix. That includes many environmental risks.
The Complex Interdependencies of Environmental (and Some Other) Risks
Risk managers tend to treat risks as if each were independent. There is increasing evidence,
however, that the occurrence of some risks can greatly affect the likelihood or consequence of
others. For example, simulations have suggested that many climate change risks will tend to
precipitate or aggravate others, and that even a minor influenza pandemic will greatly increase the
likelihood and severity of a prolonged (such pandemics can last two years or more) and debilitating
economic recession.
Probability theory uses sophisticated techniques to compute the combined probability of several
interdependent events, and we believe these techniques could be applied to help managers assess
the real risk of events whose probabilities and consequences, on a combined basis, will be much
higher than our assessment of independent risk would indicate.
The Asymmetry Between Risk and Opportunity
The issue of opportunity is not addressed at length in most risk models but it is an important
consideration in the context of any discussion of sustainability.
The ERM model is driven by the need to identify those events and circumstances that are having an
impact on the business or may have an impact in the future. These impacts and potential impacts
are then assessed and decisions are taken on what to do about them. Inevitably, some of the
events and circumstances will present opportunities as well as risks. The COSO model deals with
these identified opportunities by suggesting that they be separately identified and then assessed by
senior management and/or the Board to determine what actions should be taken to best capitalize
on each opportunity.
It is important to note, however, that risks and opportunities are asymmetrical. Some risks, such as
non-compliance risks, tend to have little upside opportunity -- there are rarely rewards for being
more in compliance than a regulation requires (though there may, for example, be cost-efficiencies
or competitive advantage to early adoption of regulations). Conversely, there may be opportunities
(such as the opportunity to invent cleaner, more energy-efficient technologies) that do not present
an obvious commensurate downside risk.
We believe our society and economy could benefit enormously from more innovation and
realization of business opportunities, particularly in the environmental field. We would therefore
encourage users of ERM models to enhance them to enable to consideration and recognition of
business opportunities as well as risks, keeping in mind that they are asymmetrical. This would, in
our view, make these models even more valuable and robust, to the point that they could become a
focused engine for business innovation.
Conclusion
We have attempted to demonstrate that environmental sustainability and risk are inseparable from
business (economic) sustainability and risk, and that ERM models such as COSO can serve as a
means to assess and address environmental sustainability and risk issues, as a subset of business
sustainability and risk issues. We argued that long-term business sustainability is or should be the
principal objective of most enterprises.
We then reviewed the major components of the COSO ERM model to show how it could
accommodate environmental sustainability and risk issues. In the processes, we incorporated
adaptation responses, well documented in the environmental sustainability literature, as a new fifth
category of risk response in the COSO model, where it was conspicuously absent. We asserted
that all five categories of risk response can be used to address both “inside-out” environmental risks
(such as an organization’s emissions) and “outside-in” environmental risks (such as severe weather
events).
We then argued that social and environmental responsibility need not be advocated as an
additional, balancing objective of organizations, because socially and environmentally responsible
behaviour is essential to long-term business sustainability; the issue of “short-termism”, which we
acknowledge as a real problem in our economy and in business decision-making, is best addressed
through better information disclosure, understanding and sustainability management practices
rather than through an appeal to altruism or fear.
Finally, we acknowledged a need for addition research to enhance the ERM model to incorporate (i)
compliance and governance risks in areas where risk management responsibility cannot be readily
assigned and where risk management and complexity management competency may be lacking,
(ii) risk management strategies for risks with a very high degree of uncertainty, and in particular
more robust adaptation response strategies, (iii) assessment of combined risk, where risks are
interrelated and one can precipitate or aggravate another, and (iv) opportunity management, as the
asymmetrical “flip side” of risk management, and as a potential driver for business innovation.
.
.
.
.
.
The authors wish to thank the staff and advisory Boards of the CICA’s Knowledge Development
Group for their insights and comments on this paper. We also thank the developers of the leading
ERM models and the thought leaders on environmental sustainability issues around the globe, on
whose work this paper builds. In particular, we thank Alan Willis, CA and Julie Desjardins, CA,
whose work in this area over nearly two decades provided essential background and inspiration for
the ideas in this paper.
Related documents
Click here to
Click here to
WELCOME TO HEDLUNDA
WELCOME TO HEDLUNDA
Resource Management - Prof. Ranjan Kumar Bal
Resource Management - Prof. Ranjan Kumar Bal
XE 1104/XE 1105
XE 1104/XE 1105
sample policy - Sustainable Jersey for Schools
sample policy - Sustainable Jersey for Schools
Humanitarian Aid in Africa: A Question of Sustainability
Humanitarian Aid in Africa: A Question of Sustainability
SWOT Analysis of EPA*s Pollution Prevention Program
SWOT Analysis of EPA*s Pollution Prevention Program
Environmental Policy
Environmental Policy
2003 AIMCAL TECHNOLOGY OF THE YEAR COMPETITION
2003 AIMCAL TECHNOLOGY OF THE YEAR COMPETITION
Download
advertisement