Environmental, Social, and Governance (ESG) has evolved from just a compliance checkbox to a real strategic requirement that defines investment decisions and impacts long term operational frameworks. Fundamentally, risk assessment is what differentiates organizations at its core- ones who simply report ESG metrics and those who understand the importance of weaving sustainability in their business decisions and operations.
The Evolving ESG Risk Landscape
The risk management frameworks being followed traditionally need an upgrade looking at the evolving ESG landscape today. Imagine a manufacturing facility in Gujarat with very well written safety protocols but in the real environment- they turn blind to supply chain risks, child labor being involved in raw material procurement or water stress affecting key suppliers. This disconnected landscape may lead to an actual need for improved ESG risk assessment analysis.
Modern risk goes way beyond the conventional corporate risk parameters. Coastal infrastructure and agricultural supply chains are often impacted by climate related physical threats. Social risks can arise unexpectedly, maybe through reputational damage pertaining to poor diversity policies or operational disruptions because of opposition from local communities. Governance failures can lead to destruction of years of trust and legacy almost instantly.
Limitations of Conventional Risk Models
Most organizations still reply on financial risk models that are not equipped to handle ESG factors. How does one measure biodiversity loss or social license to operate financially? The complexity multiplies when considering ESG risks’ interconnected nature. A governance lapse might cascade into environmental violations, triggering social unrest and eventually financial penalties scenarios rarely captured in traditional risk matrices.
The temporal challenge compounds these difficulties. ESG risks typically unfold over longer horizons than quarterly reporting cycles. Current groundwater extraction might cause severe water scarcity within a decade, but this doesn’t appear in immediate financial statements. Effective forward-looking risk assessment demands scenario analysis and stress testing that remain uncommon in many organizations.
Developing an Effective Framework
Building robust ESG risk assessment starts with materiality assessment identifying which ESG factors genuinely impact your business. A textile manufacturer faces entirely different risks than a software services company. The former must address water usage, chemical discharge, and manufacturing labor conditions. The latter needs to prioritize data privacy, data center energy consumption, and employee well-being in demanding work environments.
After identifying material issues, appropriate quantification becomes vital. This doesn’t require forcing everything into a single metric but developing suitable indicators across different risk categories carbon footprints, water stress indices, diversity ratios, board independence metrics. The crucial element is ensuring active monitoring and action, not merely data collection.
Stakeholder engagement stands out as particularly important. Financial risks can still be assessed internally but ESG risks demand an external pair of eyes from a two-sided perspective. Regular conversations with stakeholders like NGOs, communities, customers and employees often discover blind spots that are missed by internal audits. There have been instances where organisations discover unexpected impacts on local communities or any stakeholders simply because they never asked the right questions or evaluated these metrics.
Internal Audit’s Expanding Mandate
Internal audit teams have become critical contributors to ESG risk assessment, though many are still adapting to this expanded role. Their traditional expertise in independent verification and controls testing proves invaluable when applied to ESG metrics. While sustainability teams develop strategies and operations implement them, internal audit ensures reported information is accurate and actions align with commitments.
The challenge lies in internal auditors’ traditional training in financial and operational auditing rather than environmental science or social impact. Forward-thinking organizations address this through cross-functional teams pairing auditors with sustainability experts or recruiting professionals with environmental and social science backgrounds into audit functions.
Internal audit’s contribution extends beyond verification. They are uniquely positioned to analyse whether ESG risks are properly considered, controls are properly laid out, and whether the governance structures function effectively. When gaps are identified in internal audits between the ESG disclosures, actual operations and practices even before any external stakeholder notices the same, it shields organisations from regulatory risks and reputational damage.
Strategic Integration and Future Directions
ESG risk assessment cannot operate as a sustainability team silo. It requires integration with enterprise risk management, influencing strategic planning, capital allocation, and performance management. When procurement teams grasp reputational risks in supplier relationships and project managers incorporate climate adaptation costs, ESG becomes operational reality rather than annual report rhetoric.
India’s regulatory environment, particularly SEBI’s BRSR requirements, is accelerating this integration for listed companies. However, disclosure without genuine risk assessment becomes merely a compliance burden. Companies viewing this as an opportunity to strengthen risk management gain competitive advantages.
Technology has made its way to making ESG risk assessment effective and efficient. Satellite imagery helps monitor deforestation in supply chains; digital tools can also come in handy to flag potential risks and violations by analyzing multiple data sources. These technological aids often fasten the process of risk identification. In the meantime, experienced professionals must still interpret findings and make strategic decisions.
The final objective is not eliminating ESG risks that is not necessary or feasible, it is all about understanding and decoding them in a manner that making informed decisions becomes a part of the organization’s DNA and asking questions like which risks are to be mitigated, accepted or potentially converted into an opportunity becomes a part of the process. Organisations who will master this workflow will not only avoid pitfalls but will also position themselves for sustainable growth in the longer term.
Author – Surbhi Gulati (Associate Director)
