ERM Chapter 8 Sustainability

ISO 31000:2018 11 Minutes
https://preteshbiswas.com/wp-content/uploads/2025/04/ERM_-Embedding-Sustainability-Through-Risk-Management.wav

Sustainable Development is described as “development that fulfills today’s needs without jeopardizing the ability of future generations to meet theirs.” Risk management plays a vital role in realizing the sustainability elements most pertinent to an organization. Sustainability—also known as ESG (Environmental, Social, and Governance), CSR (Corporate Social Responsibility), or Licence to Operate—is a fast-evolving field that encompasses climate change and emphasizes valuing not just financial profit but also people and the planet, reflecting core values for many. Given its complexity and inherent uncertainties, sustainability must be seamlessly woven into an organization’s fabric, requiring a tool adept at navigating such challenges. That tool is risk management, increasingly recognized in regulations and guidelines as essential for shaping and meeting sustainability goals. Techniques like materiality assessments and scenario analysis, common in risk management, support this effort. This definition remains relevant today, though it is expressed through various terms such as ESG, Corporate Social Responsibility, Licence to Operate, and Sustainability—each of which will be examined further below. Sustainability typically spans the natural environment, societal well-being, and the governance and distribution of wealth. Its success is gauged beyond mere financial metrics, often incorporating financial, natural, and social capital. These dimensions frequently clash, necessitating a method to assess the opportunities and risks of future scenarios. Risk management serves this purpose.

The breadth of sustainability is well-represented by the United Nations Sustainable Development Goals (SDGs), introduced in 2015. These 17 goals, backed by numerous targets and indicators, hold equal weight, though organizations may align more closely with certain ones. Many currently prioritize climate change (SDG #13), which presents significant physical and transition (non-physical) risks to and from organizational activities. Climate change risk management exemplifies how fully integrated enterprise risk management offers a critical approach for organizations of all sizes to address both the opportunities and threats posed by climate change.Sustainability and the way people describe it is evolving very quickly at the moment. Therefore, it is common for a mixture of language to be used in any organisation. It is sometimes considered a risk managers role to help to align on understanding regarding evolving areas, including where terminology changes rapidly. This many not necessarily be through aligning on the terms used, but rather helping people to understand that a variety of terms may be being used to mean the same thing.

sustainability often involves balancing competing priorities. To navigate these trade-offs effectively, organizations need a systematic approach for weighing the advantages and disadvantages of different situations — this is where risk management plays a crucial role. Ideally, sustainability-related risks should be fully embedded within your organization’s overall risk profile. This means that your key risks should explicitly reflect sustainability considerations.

More and more, regulations and frameworks — such as the Taskforce on Climate-related Financial Disclosures (TCFD) — emphasize risk management as a core tool to:

  • Understand both how the organization affects its surrounding environment (natural, social, and economic) and how these external factors, in turn, impact the organization.
  • Identify threats and opportunities that could influence the achievement of strategic objectives. In some cases, the focus may be on specific risks, like those related to climate change.
  • Assess and prioritize these risks to determine whether action is required. Where necessary, organizations should embed specific actions and clear accountability into their strategy and governance structures.
  • Implement appropriate risk responses.
  • Monitor, measure, and report on the effectiveness of risk management efforts — identifying both successes and areas needing more attention.
  • Establish and track relevant metrics and targets.
  • Ensure the organization’s strategy is well-aligned with sustainability principles and addresses related risks and opportunities.
  • Maintain strong governance and accountability, particularly at the executive and board levels, to ensure meaningful oversight and informed decision-making on sustainability matters.

Many organizations are currently undergoing a transformation in their approach to ESG (Environmental, Social, and Governance) and sustainability. They are shifting from a basic, compliance-driven mindset to a more advanced stage where strong ESG performance is viewed as a source of competitive advantage. Risk management plays a vital role in supporting organizations as they work toward higher levels of ESG maturity. It is important to recognize that most ESG-related frameworks and documents commonly refer to “risks and opportunities,” often using the term “risk” to mean only threats. As risk management professionals, we understand that this interpretation is technically inaccurate, but since it is widely accepted, we need to be mindful of this common usage.

ESG maturity can be described using a four-stage model, which classifies organizations along a continuum:

  1. Minimalist
    • View ESG reporting as a compliance issue or has just begun ESG journey
    • Has no or limited public reporting
    • Largely Environmental issues
  2. Pragmatic
    • Oriented to risk rather than opportunity
    • Has some public reporting but no science-based target
    • Has sustainability report and net zero target
    • ESG activities and reporting are segregated within the organization.
    • Responsibilities of ESG are below the C-Suite, and executive compensation alignment is limited
  3. Strategist
    • Sees opportunities and risk in ESG
    • Has more mature disclosure and reporting, having science based targets.
    • Sees ESG as more than Net zero, inclusion and diversity.
    • ESG is integrated with business and financial strategy
    • ESG responsibility is C Suite level and partially integrated into operational and executive compensation.
    • Has ESG differentiated product and services.
  4. Trailblazer
  5. ESG is core to purpose , strategy and service/products
  6. Has integrated financial and non financial reporting aligned to ESG metrics.
  7. ESG is integrated across the organization
  8. CEO is responsible for ESG
  9. Publicly advocates for and participates in developing of standards and regulatory framework.

Each level represents a progression in how deeply ESG is integrated into the organization’s strategy and operations.

8.1 Evolution of sustainability

The concept of sustainability has continuously developed since the release of the United Nations’ 1987 report Our Common Future, produced by the Brundtland Commission.

  • In the 1980s, sustainability was typically framed around three core pillars: Social, Environmental, and Economic factors. This framework was formally captured in the Our Common Future report, which laid the foundation for sustainable development thinking.
  • In 1992, the Earth Summit in Rio de Janeiro marked a major milestone, where over 178 countries adopted Agenda 21, an action plan aimed at fostering global partnerships to improve human well-being while safeguarding the environment.
  • By 1994, John Elkington expanded the conversation with the introduction of the “Three P’s”: People, Planet, and Profit (sometimes referred to as Prosperity). This adaptation of the original three pillars resonated strongly within financial and corporate communities.
  • In 2000, the United Nations launched the eight Millennium Development Goals (MDGs), with the primary aim of reducing extreme poverty by 2015.
  • Another significant moment came in 2012 during the Rio+20 Conference, where UN member states adopted The Future We Want, a document that laid the groundwork for the Sustainable Development Goals (SDGs).

The year 2015 was particularly pivotal, marking the adoption of several key global frameworks:

  • The launch of the UN Sustainable Development Goals (SDGs)
  • The Sendai Framework for Disaster Risk Reduction, which became the leading standard for disaster risk management
  • The Addis Ababa Action Agenda on Financing for Development
  • The Paris Agreement on Climate Change, which we will examine in more detail later

Since then, global efforts have intensified around achieving the SDGs, with the term ESG (Environmental, Social, and Governance) increasingly used to describe the mechanisms for advancing sustainability objectives. Additionally, the annual COP (Conference of the Parties) gatherings have remained central to international climate and sustainability discussions. Notably, COP26 marked a shift where the financial sector began to take a more proactive role in addressing climate change risks.

Sustainable Development Goals

The United Nations introduced the Sustainable Development Goals (SDGs) in 2015, presenting a comprehensive and interconnected framework designed to balance the three key dimensions of sustainable development at the time: Environmental, Social, and Economic. While these three pillars continue to form the foundation of sustainability, there is now a growing view that sustainability is primarily advanced through the lens of Environmental, Social, and Governance (ESG) practices. The SDGs consist of 17 goals supported by 169 specific targets.

The 17 SDGs (adopted in 2015)

  1. No Poverty
    End poverty in all its forms everywhere.
  2. Zero Hunger
    End hunger, achieve food security and improved nutrition, and promote sustainable agriculture.
  3. Good Health and Well-being
    Ensure healthy lives and promote well-being for all at all ages.
  4. Quality Education
    Ensure inclusive and equitable quality education and promote lifelong learning opportunities for all.
  5. Gender Equality
    Achieve gender equality and empower all women and girls.
  6. Clean Water and Sanitation
    Ensure availability and sustainable management of water and sanitation for all.
  7. Affordable and Clean Energy
    Ensure access to affordable, reliable, sustainable, and modern energy for all.
  8. Decent Work and Economic Growth
    Promote sustained, inclusive, and sustainable economic growth, full and productive employment, and decent work for all.
  9. Industry, Innovation, and Infrastructure
    Build resilient infrastructure, promote inclusive and sustainable industrialization, and foster innovation.
  10. Reduced Inequality
    Reduce inequality within and among countries.
  11. Sustainable Cities and Communities
    Make cities and human settlements inclusive, safe, resilient, and sustainable.
  12. Responsible Consumption and Production
    Ensure sustainable consumption and production patterns.
  13. Climate Action
    Take urgent action to combat climate change and its impacts.
  14. Life Below Water
    Conserve and sustainably use the oceans, seas, and marine resources for sustainable development.
  15. Life on Land
    Protect, restore, and promote sustainable use of terrestrial ecosystems, sustainably manage forests, combat desertification, and halt and reverse land degradation and halt biodiversity loss.
  16. Peace, Justice, and Strong Institutions
    Promote peaceful and inclusive societies for sustainable development, provide access to justice for all, and build effective, accountable, and inclusive institutions at all levels.
  17. Partnerships for the Goals
    Strengthen the means of implementation and revitalize the global partnership for sustainable development.

Many organizations are now including aspects of sustainability in their values, mission and vision with key metrics and targets being set. It is common for an organization to select certain SDGs or focus areas to address in the near term. It is also common for organizations to have a sustainability team, often led by a Chief Sustainability Officer. Every individual and organization have the potential to contribute to all 17 of the SDGs. Many organizations have formalized their contribution to the achievement of the goals since their launch in 2015. While the SDGs will be updated / replaced in 2030, they will continue to be core to much of the collaboration and values in place across the Globe today. It should also be remembered that all of the goals are in conflict with one another – i.e., we need to achieve all of them, not just one or two of them.

3 P of triple bottom linePeople, plant and profit

the triple bottom line is a sustainability framework that examines a company’s social, environment, and economic impact. The original idea was encouraging businesses to track and manage economic (not just financial), social, and environmental value added or destroyed.

  • People: the positive and negative impact an organization has on its most important stakeholders. These include employees, families, customers, suppliers, communities, and any other person influencing or being affected by the organization.
  • Planet: the positive and negative impact an organization has on its natural environment. This includes reducing its carbon footprint, usage of natural resources, toxic materials and so on, but also the active removal of waste, reforestation and restoration of natural harm done.
  • Profit: the positive and negative impact an organization has on the local, national and international economy. This includes creating employment, generating innovation, paying taxes, wealth creation and any other economic impact an organization has.

The idea of evaluating an organisation’s value by considering not only its financial performance but also its positive contributions to society and the environment gained momentum in the 1990s. Expanding on the original three pillars of sustainability — Social, Environmental, and Economic — this approach led to the creation of the triple bottom line framework, often summarised as People, Planet, Profit. While this model appealed strongly to businesses, the concept of Profit was frequently misinterpreted. Instead of reflecting the broader economic perspective from the 1987 UN Brundtland Report (Our Common Future), which emphasised the fair distribution of wealth, many viewed Profit narrowly as a company’s financial earnings. To address this misunderstanding, the term Prosperity gradually started replacing Profit to better align with the original intent. This shift was notably reflected in the 2015 OECD Forum, which promoted the theme: Investing in the future: people, planet, prosperity.

Although more organizations are adopting the triple bottom line approach, regulatory and shareholder priorities remain largely centered on profitability. However, this is shifting as large British companies—and eventually major Canadian, European, and American firms—are now required to assess how climate change could affect their financial stability. Additionally, the mandate for large British businesses to evaluate their long-term sustainability pushes them to look beyond short-term profits.

Corporate Social Responsibility

Corporate Social Responsibility (CSR) is about the actions, impact, and culture an organisation creates to have a positive effect on society. Although CSR is not a legal requirement, many organisations, depending on their sector and location, regularly report on their CSR activities. CSR has existed in business since the 1960s. Over time, its meaning has shifted — from going beyond compliance to sometimes being seen as sacrificing profits. However, its real purpose is well described by the Business Dictionary as “a company’s sense of responsibility towards the community and environment (both social and ecological) in which it operates.” Companies show this responsibility by:

  1. Reducing waste and pollution,
  2. Supporting education and social programs, and
  3. Generating fair financial returns from the resources they use.

You will notice that CSR aligns closely with the well-known structures of sustainability, such as the three pillars (Social, Environment, Economic), the three P’s (People, Planet, Profit), and ESG (Environmental, Social, Governance). CSR is sometimes explained as a four-level pyramid. When an organisation works according to sustainable development principles, it usually achieves good CSR as a result. Likewise, strong ESG performance often reflects good CSR. For this reason, CSR is often seen as part of broader sustainability and ESG efforts. In fact, some organisations even use the term CSR to describe their sustainability activities.

Environment, Social and Governance (ESG)

ESG is quickly becoming the main way organisations put sustainability into action. It involves clear actions with measurable results, and helps assign responsibility to individuals for completing specific tasks. However, ESG is sometimes misused, leading to practices like greenwashing or ESG-washing, where organisations give a false impression of being sustainable. The term ESG stands for Environment, Social, and Governance. It builds on earlier ideas like the 1987 Brundtland Commission’s Environment, Social, Economic model and John Elkington’s People, Planet, Profit (or Prosperity) model, also known as the Triple Bottom Line. The key difference with ESG is the strong focus on Governance. Over time, the Environment and Social topics have been updated to reflect today’s global challenges. The addition of Governance adds something new — accountability. Governance makes sure important issues like diversity and inclusion, compliance, anti-corruption, and formal risk management are properly addressed. More importantly, it focuses on organisational culture, making sure that individuals and teams are held responsible for delivering ESG, instead of leaving it to a specific department. As with all sustainability efforts, the three elements — E, S, and G — can sometimes create tensions. Improving one area might create challenges for another. These trade-offs create both risks and opportunities, which must be carefully managed. This is where risk management plays an important role.

SDGsEnvironmentSocialGovernanceComments
  1. No poverty   Direct  IndirectPoverty is typically aligned with social, however good governance helps to ensure no poverty is a reality
2. No hungerIndirectDirectIndirectHunger is typically aligned with social, however good environmental practices mean that food can be grown sustainably
3. Good healthIndirectDirect Health is typically aligned with social, however toxins within an environment will impact on both environment and society
4. Quality educationIndirectDirectIndirectEducation is typically aligned with social, however governance typically enables it. Good education will also help environment
5. Gender Equality DirectDirectGender is typically aligned with both Social and Governance
6. Clean water and sanitationDirectDirect Water is typically aligned with both Environment and Social
7. Renewable energyDirect DirectRenewable energy is typically aligned with Environment; however, it is Governance that makes it happen
8. Good jobs and economic growth   Direct  Direct  Jobs and growth are typically aligned with social bit also Governance
9. Innovation and infrastructureIndirectIndirectDirectInnovation and infrastructure can be viewed differently by different sectors
10. Reduced inequalities DirectDirectReduced inequalities are typically aligned to Social and Governance
11. Sustainable cities and communitiesDirectDirectDirectCan be aligned with all three areas
12. Responsible consumptionDirectDirectDirectCan be aligned with all three areas
13. Climate actionDirectIndirectDirectWhile this can be aligned to all three, the closest tie is to Environment, however it is Governance that enables it
14. Life below waterDirect  Most closely aligned with Environment
15. Life on landDirectIndirect Most closely aligned with Environment, but with a tie to Social also
16. Peace and justice IndirectDirectLed by Governance
17. Partnerships for the goalsDirectDirectDirectRelies on all three areas working together

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply