The very notion of “environmental risk” (or ESG risk) has changed, with ESG compliance changing fast. There are risks of non-compliance, fines, penalties, loss of customers, shareholder actions, reputational damage, poor employee morale – and more. Furthermore, these risks arise from a dizzying array of ESG issues and the stakeholder expectations that come with them. Climate change, ecosystems and biodiversity, product content, microplastics, circular economy, human rights – these issues were barely on the radar screen a decade ago, and are routinely front-page news. Perhaps with your company’s name associated with it. Will it be positive or negative?
Audit, Risk, Compliance – Where to start? It depends. Compliance is essential. But compliance deals with requirements currently in place. “Risk” deals with things that could happen – risk is forward-looking. Risks from ESG issues – compliance requirements, sales, reputation, investor comfort – are growing. Environmental risk/ ESG risk is a logical place to start to protect and grow an organization’s value in the future.
Environmental / ESG issues can affect:
Robust environmental risk management should involve Environmental groups, as well as all other relevant departments and activities.
Opportunities are the “flip side of risk”. Companies must be alert for opportunities and seize them in a timely manner.
Mr. Hileman has been active in the ESG profession for nearly 40 years. He taught Environmental Auditing at UC Irvine Extension for nine years in the 1980s – 1990s. He was active (including on the Board) of a leading association of EHS auditors for decades. He is currently on the Advisory Board of the IIA’s EHS Audit Center.
DHC professional involvement provides perspectives that are unique. He has been active in the Institute of Internal Auditors for over a decade. He served on a global committee writing guidance documents for the Internal Audit profession for five years. He co-authored “Internal Audit and the Second Line of Defense” and a Practice Guide for building fraud brainstorming and testing into audit planning. He has developed and provide programming the IIA Los Angeles chapter. He co-chaired programming committee for the 2019 IIA International Conference in Southern California. He participates in other professional organizations including National Association of Corporate Directors and ISACA. This provides DHC with many perspectives on issues affecting organizations. Mr. Hileman’s experience in industry, Big 4 and management consulting result in distinct perspectives on how to identify and assess current and emerging ESG risks.
Environmental risk/ ESG risk expertise is essential at the enterprise level, and at the program level. Organizations typically do annual risk assessments, looking ahead and evaluating where they should devote resources in the coming year. ESG risks are often dismissed, because risk generalists do not understand the underlying issues, have not followed trends, and do not consider the breadth of potential impact. The COVID-19 situation offers a dramatic example. Environmental risk/ ESG expertise need not be full-time. Organizations can use outside ESG specialists – like DHC – to support enterprise risk management.
Environmental risk/ ESG risk expertise is essential at the project level. Environmental/ ESG audits are one example. Audits are always resource-constrained; auditors must prioritize in order to gather evidence that helps develop reasonable conclusions.