Financial Services Blog


Despite the increasingly recognized importance of ESG to decision-makers, most organizations have limited internal infrastructure that is necessary to incorporate ESG components into the business. Management teams struggle to incorporate ESG-related goals into their business strategy because they cannot measure their current state. The risk functions often do not have an adequate reporting structure to consolidate ESG risks at an enterprise level. Further, the data that is necessary to fold sustainability planning into risk assessments and the operating model is often fragmented, self-reported, and sometimes collected by a large group of third-party providers.1 For this transformation to be a success story, organizations would need robust reporting and sound data to fuel a holistic strategy.     

Chief Risk Officers (CRO) have a mounting challenge in developing and maintaining a holistic view of ESG risks and the associated controls and reporting. Stakeholders across the spectrum (e.g., customers, regulators, non-governmental organizations (NGOs), senior management, etc.) continue to increase demands for companies to evidence a clear understanding of ESG risk impacts to the organization and the degree of correlation between these risks and corporate strategy. The market and regulators now expect a consistent, holistic approach to understanding, measuring, and managing these risks.2      

Organizations are rewarded for these efforts. ESG-focused companies garner stronger consumer loyalty, generate stickiness in the marketplace, and are better positioned than peers to meet inevitable future regulatory requirements. Additionally, ESG’s durability value proposition tends to be rewarded by investors, who view ESG-focused companies as ready for the future.3    

The goal of this series is to offer CRO organizations a view of the infrastructure they would need to solve these problems and help future-proof their companies. This post, the first in a series of five, focuses on assessing organizational maturity in managing ESG risks, determining materiality, and thinking about gaps. Subsequent posts will dive deeper into integrating ESG into existing Enterprise Risk Management (ERM) frameworks. The series will then conclude with a primer on how to define, source, curate, and consume the data needed to measure performance.  

ESG Risk Management Maturity Curve 

Accenture has created an ESG Risk Management Maturity Curve to help organizations measure current state maturity. This exercise should come after the Board, in conjunction with Senior Leadership and larger stakeholders, have defined what “ESG” means for the company. Beyond this initial purpose, it also serves as a north star by showing stakeholder expectations, given the company’s maturity goal.  

Click to enlarge.


The Board must verify that the ESG risk management approach is aligned with the organization’s value proposition and business model, and that the approach to managing ESG risk is consistent with its overall risk management practices. The basis of this approach hinges on defining what is material to the organization.   

In general, the management of ESG risks can pose unique challenges because;   

  • the topic is new and/or outside of the experience of Board, Senior Leadership and/or risk management,  
  • it is complex and multidisciplinary, and    
  • it is not based on a “single source of truth” set of data or regulations.4  

In the same way that selectivity is a critical aspect of risk management, in that resources and institutional bandwidth are limited, it is an important aspect of managing ESG risks. Once an organization has defined the scope of its ESG program, the Board, Senior Leadership and ERM should work together to define what is material to the enterprise from a strategic perspective. For example, an industry leader in the apparel space might label the potential reputation damage to its brand associated with working conditions across its supply chain as a material risk. 

Gap Analysis 

At present, even for organizations with mature risk management functions, ESG-related public commitments are often not fully captured, inventoried, and factored into the risk taxonomy. For example, a large financial services holding company operating several distinct businesses may have difficulty capturing the public commitments made across the enterprise and ensuring they are aggregated and monitored at the global ERM level.   

As the broader marketplace coalesces around a smaller set of widely accepted, verifiable metrics, Boards could be under increased pressure to accurately report on ESG-related commitments and their progress on meeting them. Additionally, new regulations (e.g., climate stress testing, greenhouse gas emissions) are currently being codified into law and will soon become requirements).5 These two factors – public commitments and regulatory requirements – necessitate a timely, thoughtful gap analysis.   

This exercise rests on the organization’s risk appetite specific to ESG, as well as the associated metrics (e.g., % energy consumed that is derived from natural resources). With this foundational understanding in place, companies can then inventory new and existing ESG-related commitments at all levels of the organization (i.e., Board/Strategic level, Business Unit/Holding Company level, etc.), document quantifiable metrics aligned to these commitments, and update the existing risk framework and risk appetite statements to account for ESG risk management.   

ESG Risk Management Roadmap  

Once an organization has defined its current state and analyzed the gap between any ESG-related commitments and organizational capability, the Board and Senior Leadership would adjust commitments and create a roadmap to manage the change.  

Managing the risks associated with the sustainability revolution will require constant evolution from an ERM perspective.  

Click to enlarge.

With this foundational work complete, the organization will be setup for success in managing the risks associated with an evolving landscape. Once ESG risk management is operationalized, this risk management discipline will continue to be refined and improved. The Board and Senior Leadership will adjust the company’s ESG-related goals over time as they respond to shifts in the marketplace and ERM will shepherd these changes through an ever-maturing framework.  

In our next post in this ESG risk management series, we will dive deeper into integrating ESG into ERM. 


  1. Whelan, Adrian. “ESG is Everywhere, But What Next?” Brown Brothers Harriman. February 9, 2022.–but-what-next-.html 
  2. Ibid. 
  3. IF Green Weekly Insight, “ESG Funds Deliver,” June 2020. Q2 2020 data as of June 18, 2020.
  4. OECD Business and Finance Outlook 2020: Sustainable and Resilient Finance.” OECD.  
  5. Securities and Exchange Commission. “The Enhancement and Standardization of Climate-Related Disclosures for Investors.” Proposed rule: The Enhancement and Standardization of Climate-Related Disclosures for Investors ( 

Meera Gondha

Managing Director - Digital Risk & Compliance

View Profile

Anson Gong

Anson Gong

Senior Principal – Strategy & Consulting

View Profile

Victoria Shan

Victoria Shan

Senior Principal - Risk and Compliance

View Profile

Ross Kimm

Management Consultant

View Profile

Submit a Comment

Your email address will not be published. Required fields are marked *