Incorporating ESG Risks and Operational Resiliency into Your Enterprise Risk Management Strategy

• • • |

How do you take “the big risks” – for instance climate change and erosion of social cohesion – and digest it into something practical that you can incorporate into your organisation’s GRC strategy? How do you as an organisation even mitigate environmental risks? In this article and within our latest webinar, we explore what ESG Risks and Operational Resiliency practically means for your organisations Enterprise Risk Management strategy.

The current risk landscape

The COVID-19 pandemic largely offset the progress that many businesses have made thus far, along with impacts to advancements in social inequality and economic growth. In most cases, it has also intensified global tensions and threatens to further weaken social cohesion and global cooperation. In this article, we will be exploring the potential vulnerabilities in risk management processes that have been exacerbated by the pandemic, and look at key factors being further amplified, such as Environmental, Social, Governance (ESG) Risks, as indicated in the World Economic Forum Global Risk Report 2021.

Are you designing your Risk Management framework in response to the last current crisis? 

International government bodies have been actively rolling out financial stimuli to help companies recover from the shockwave that has been experienced by the pandemic, with the human and economic cost being severe. However, these financial stimuli are often insufficient to fully aid recovery, paling in comparison to the scale of the impact. In the climate of fear and uncertainty circulating within the current business and social landscape, smart decision-makers are taking charge to ensure that measures within their orgaisation are implemented in preparation for the next crisis. Other decision-makers, however, are merely anticipating the next crisis by designing a risk management framework that is based on their response to the last crisis. This essentially contradicts the purpose of a risk management strategy as it does not strategically address new problems that might be faced in future trends, nor does it look to ‘predict the future’ – which risk management, by nature, should strive for as a superpower.

Risk management efforts should take lessons learned from past and current risk events, to cleverly prepare for an array of future eventualities. Looking only at the immediate risks will severely discount efforts to build up operational resiliency, as your planning may not holistically bolster the impacts of a crisis of a larger scale, nor one that might be entirely different by nature. A close parallel echoing that such risk management strategies are inadequate in preparation for the next crisis would be the 1918 influenza, which is also known as Spanish flu. While this influenza has taken place more than a hundred years ago, it provides the best representation in terms of insights on the economic impact of the spread of the virus, especially since government bodies rolled out similar containment measures in both situations. According to Barro et al (2020), the Spanish flu reduced real GDP per capita by around 6% in the typical country over the period 1918–21. In comparison, the COVID-19 virus has reduced the United States’ real GDP by an estimated range of 14.8% to 23%.

As stated in the World Economic Forum Global Risk Report 2021, the response to COVID-19 provides four governnance opportunities to help strengthen the overall resilience of countries, businesses and communities going forward:

  1. formulating analytical frameworks that take a holistic and systems-based view of risk impacts;
  2. investing in high-profile “risk champions” to encourage national leadership and international cooperation;
  3. improving risk communications and combating misinformation; and
  4. exploring new forms of public-private partnership on risk preparedness.

Risk management is not a straightforward, clean-cut task. With every risk, there is usually a domino effect where one risk leads to another. Simply put, risk events have a complex intertwined relationship that is consistently evolving with new information in the ecosystem. Hence, it is impossible for decision-makers to view risk in silos, as the lack of information can potentially lead to critical insights being overlooked and the organisation subsequently being underprepared – which can and will test business continuity.

Short and long-term risks indicated within the WEF Global Risk Report 2021

The World Economic Forum Global Risk Report 2021 indicates various short to long-term risks concluded within their Global Risks Perception Survey 2020. These risks are seen to have a significant effect in terms of likelihood and impact, some of which include:

Clear and Present Dangers (0-2 years)

  • Infectious Disease (spoiler alert)
  • Cybersecurity failure
  • Social cohesion erosion
  • Human environmental damage

Knock-on Effects (3-5 years)

  • Asset bubble burst
  • IT infrastructure breakdown
  • Price instability
  • Cybersecurity failure
  • Tech governance failure

Existential Threats (5-10 years)

  • Weapons of mass destruction
  • Biodiversity loss
  • Adverse tech advances
  • Natural resources crises
  • Climate action failure

While some examples of the above-listed risks may not have a direct correlation with a company’s financial performance, these digital gaps and social disparity can further widen and disrupt social cohesion. To prevent any further erosion, it is imperative that companies start to gear their organisation toward more sustainable business processes.

But what does this all practically mean for Enterprise Risk Management?


Organisations are determined to dedicate their strained resources and attention to ensure present and future business sustainability in 2021 and beyond. However, they are often lacking tools that strategically provide them with bite-sized and easily to action insights which can bolster operational strength and extend their line of defence. The Alyne team believes in leveraging technology to not only address business-related actions and impacts, but also to provide greater transparency and collaboration into the every day risk management of business operations. With automation and digital tools, comes a significant improvement in the clarity and consistency of risk communication too, a common challenge in combating risk miscommunication.

In our recent webinar, we discussed:

  • How do you take “the big risks” – for instance climate change – and digest it into something practical that you can incorporate into your organisation’s GRC strategy? How do you as an organisation even mitigate environmental risks?

  • How are these “new” risks being placed in the spotlight of organisations ORM and ERM strategies?

  • The topic of “Uncertainty” is one that is tough to address, but resiliency talks about being able to adapt to change and maintain operations in light of disruption. How do you design your risk management approach to “predict the future”?

  • How can a risk manager get their risks heard in board meetings on the big risk eventualities? Has the pandemic changed mindsets?


Learn more about this from Claudia Howe (Regional Head of Sales DACH), Karl Viertel (CEO, Alyne) and Michael Rasmussen (GRC Analyst, GRC 20/20) who discussed key points indicated within the World Economic Forum Global Risk Report 2021 and what it practically means for business leaders as well as their Enterprise Risk Management (ERM) and Operational Risk Management (ORM) strategies.