Sustainability through Risk Management


May 22, 2011

Back to the blog

Sustainability through Risk Management

To download a copy of this asherinnovation (TM), click here.

Executive Summary


Changes in regulatory, political, financial, stakeholder and other risks have increased the uncertainties in corporate decision-making. Many of these changes are a result of environmental, social and governance issues – three cornerstones of sustainability. As such, the materiality of Sustainability Risk Management has increased dramatically.


This asherguide™ demonstrates the necessity of embedding sustainability into corporate risk management. In addition to providing the basics of Sustainability Risk Management, including definitions, concepts and benefits, this asherguide ™ provides real, actionable implementation advice.





How many times have you heard a consultant say, “…you need to embed sustainability into your corporate DNA.” And how often do you wonder, “…how exactly do I do that? Do I focus on influencing the executive, introducing new employee programs, operational efficiencies, product and service innovations…?” The answer is all of them and none of them. That is because by evaluating and inserting material sustainability risks into traditional corporate risk management systems, you can influence all areas of the corporation at the same time (e.g. employees, operations, products and services, etc) while never touching them directly.


Before we delve into the details of Sustainability Risk Management and how to embed it into corporate DNA we need to start with the fundamentals of risk management.


The Fundamentals of Risk Management


Risk management is essentially the process corporations use to identify and manage risks that may impact their ability to profit or operate. As the theory goes, if you know what your risks are, you can ensure you have plans in place to manage those risks – and make informed decisions.


Risk Register

At the heart of the process is the risk register. A risk register is an itemized list of the risks a corporation faces. These risk, and how they are managed, define the culture, direction and strategy of the company. The register notes, among other things, material risks, the significance of the risk, the likelihood of the risk coming to pass and the actions required to manage the risk. All major corporate decisions consult the risk register. This helps corporations ensure decisions have considered all material risks – and means that the risk register essentially influences employee, asset, investment and all other major decisions. By integrating sustainability into the risk register you can be assured that sustainability risks will be considered and influence, protect and enhance corporate decisions and value.



To govern the risk register, each risk is assigned an owner. That is, a senior executive responsible for direct management of a specific risk or risks. To manage these risks, owners develop risk registers of their own, sometimes referred to as subordinate risk registers, which break the risk into its components, and which can then be assigned to members of their own management or leadership teams. This process may continue with subordinate risk registers devolving into management risk registers, and so on. As this cycle is repeated, risks become more discreet and specialized and spread throughout the organization, which provides for a massive ability to influence, protect and enhance corporate decisions and value.


That’s it. Of course, the detailed review and analysis required to identify, score and qualify risks can be, and inherently becomes, complex. So, if you need information on how to identify and analyze risks, contact us. To learn more about Sustainability Risk Management, read on.



Sustainability Risk Management


Changes in regulatory, political, financial, stakeholder and other risks have increased the uncertainties in corporate decision-making. Many of these changes are a result of environmental, social and governance issues – three cornerstones of sustainability. As such, the materiality of Sustainability Risk Management has increased dramatically.



Sustainability Risk Management, which refers to the embedding of sustainability risks into the risk register and managing them accordingly, provides a series of highly desirable benefits to corporations. Some of these benefits include:

  • Enhanced decision-making capacity, agility and adaptability of the corporation
  • Supplying a wealth of insight, knowledge and intelligence on emerging and current risks and opportunities
  • Managing stakeholder expectations with greater certainty
  • Providing a framework and principles for innovation


Sustainability Risks


Sustainability risks can be broken down into three broad categories. They include existing and emerging environmental, social and governance risks. Also referred to as non-traditional risks, sustainability risks arise when corporate behaviour, or the actions of others in a corporation’s operating environment (e.g. suppliers, media, government), create vulnerabilities that may result in financial, operational or reputational loses.


Environmental Risks (examples):

  • Climate change: carbon
  • Water: drought and flood
  • Biodiversity: constrained resources
  • Compliance: pollution


Social Risks (examples):

  • Population: diversity and displacement
  • Community: access to people
  • Change: health, safety and culture
  • Resources: availability and access


Governance Risks (examples):

  • Conformance: corporate policy
  • Finance: compensation
  • Information: management and privacy
  • Compliance: bribery


Implementation Part I

It may come as no surprise that embedding sustainability risks into the risk register is not an entirely dissimilar process from including traditional risks.



As a first step toward Sustainability Risk Management, you will need to:

  1. Review the existing risk register
  2. Review the governance system
  3. Interview the risk owners
  4. Establish Sustainability Risk Authority


Review the existing Risk Register: evaluate the process your corporation uses to manage the risks noted therein and model the Sustainability Risk Management approach in the same regard. By doing this, you will avoid a common pitfall – speaking an unfamiliar language.

Review the governance system: evaluate the methodology your corporation uses to govern the risk register and determine the most appropriate entry point for sustainability risks. Introducing new risks to the risk register means that someone is about to have a new risk assigned to them to manage, which is never easy to sell.

Interview the risk owners: determine how risk owners manage their assigned risks, how risks are regarded and then ensure your proposal fits within their frameworks. Also use this as an opportunity to find out who among the risk owners would be the most appropriate owners and managers for any of your sustainability risks.

Establish Sustainability Risk Authority: ensure that you – or an appropriate agent – are aligned and identified as the go-to person regarding sustainability risks. That means you must understand the aspects and real and perceived consequences of each risk, and be able to provide sufficient insight to those who will become the sustainability risk owners and managers.


Implementation Part II



Now that you have a better understanding of how your corporation manages traditional risks and have completed your preliminary undertakings, it is time for Sustainability Risk Management implementation. There are four steps:

  1. Facilitated Risk Discovery
  2. Materiality Assessment
  3. Facilitated Risk Review
  4. Risk Register Incorporation


Facilitated Risk Discovery: convene a panel of internal and external stakeholders who understand the nature and function of your business. That is, those who understand how your corporation makes profit. Task the panel to identify the potential and actual sustainability risks facing your corporation.

Materiality Assessment: analyze the sustainability risks identified by your panel and determine the likelihood of each risk occurring, the significance of the risk to stakeholders and the potential impact to the corporation. Note that this process should (loosely) match the existing risk register protocols.

Facilitated Risk Review: Provide the material sustainability risks to the risk management team and determine what sustainability risks might be absorbed by existing risks on the risk register and those that will need to be managed as new risks. At this point, potential risk owners should also be identified and consulted.

Risk Register Incorporation: using existing risk management processes, incorporate the sustainability risks into the risk register, ensuring that ownership is clearly outlined.


Not a Conclusion

Once you have successfully completed this implementation, maintain a dialogue with the sustainability risk owners and managers. Provide concise advice by way of formal briefs, informal updates, or in any other form that best suits each risk owner and manager.




By following the steps outlined in this asherguide ™, you can successfully embed sustainability into your corporate culture and DNA. This very effective innovation extends the reach of the sustainability initiative toward that most elusive of goals – profitable and sustainable corporate growth.


To download a copy of this asherinnovation (TM), click here.

Asher Connect

112 Everden Road
Toronto, Ontario M6C 3K8 Canada

p. 416 846 1574
f. 416 907 3686

Work with us

Get started with our asherform

Would you like to explore working with asherleaf? Fill out a confidential asherform and we'll get moving.


Subscribe to the asherlist

Follow asherleaf on Twitter Find asherleaf on Linkedin Get in contact