Recently, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated enterprise risk management (ERM) framework for public exposure and comment. Why is it important for directors to heed and apply these updates to their work? What follows is a summary of five important insights for directors to implement in the boardroom from the revised framework.
1. Identifying risks to the execution of the strategy is not enough. Many organizations focus on identifying risks that might affect the execution of the chosen strategy. The process of identifying these risks is an inherently good exercise. However, COSO asserts that “risks to the strategy” are only one dimension of strategic risk. There are two additional dimensions to applying ERM in strategy setting that can significantly affect an enterprise’s risk profile.
The “possibility of strategy not aligning” with an organization’s mission, vision, and core values, which define what the organization is trying to achieve and how it intends to conduct business. Directors should ensure that the company doesn’t put into play a misaligned strategy that increases the possibility that the organization may run askew of its mission and vision, even if that strategy is successfully executed.
The “implications from the strategy.” COSO states: “When management develops a strategy and works through alternatives with the board, they make decisions on the tradeoffs inherent in the strategy. Each alternative strategy has its own risk profile—these are the implications from the strategy.” When overseeing the strategy-setting process, directors need to consider how the strategy works in tandem with the organization’s risk appetite, and how it will drive behavior across the organization in setting objectives, allocating resources, and making key decisions.
In summary, the updated COSO framework asserts that all three dimensions need to be considered as part of the strategy-setting process. Failure to address all three could result in unintended consequences that lead to missed opportunities or loss of enterprise value.
2. Recognizing and acting on market opportunities and emerging risks on a timely basis is a differentiating skill. COSO asserts that an organization can be viable in the long term only if it is able to anticipate and respond to change—not only to survive, but also to evolve. Enterprise resilience, or the ability to function as an early mover, is an indispensable characteristic in an uncertain business environment. Therefore, corporate strategies must accommodate uncertainty while staying true to the organization’s mission. Organizations need to exhibit traits that drive an effective response to change, including agile decision-making, the ability to respond in a cohesive manner, the adaptive capacity to reorganize, and high levels of trust and collaboration among stakeholders.
3. Strengthening risk governance and culture sets the right tone. Effective risk governance sets the tone for the organization and reinforces the importance of, and establishes oversight responsibilities for, ERM. In this context, culture pertains to ethical values and responsible business behaviors, particularly those reflected in decision-making. COSO asserts that several principles drive the risk governance and culture needed to lay a strong foundation for effective ERM:
fostering effective board risk oversight;
recognizing the risk profile introduced by the operating model;
encouraging risk awareness;
demonstrating commitment to integrity and ethics;
establishing accountability for ERM; and
attracting, developing, and retaining talented individuals.
Whether an organization considers itself risk averse, risk neutral, or risk aggressive, COSO suggests that it should encourage a risk-aware culture. A culture in alignment with COSO’s revised principles is characterized by strong leadership, a participative management style, accountability for actions and results, embedding risk in decision-making processes, and open and positive risk dialogues.
4. Advancing the risk appetite dialogue adds value to the strategy-setting process. The institution’s risk appetite statement is considered during the strategy-setting process, communicated by management, embraced by the board, and integrated across the organization. Risk appetite is shaped by the enterprise’s mission, vision, and core values, and considers its risk profile, risk capacity, risk capability, and maturity, culture, and business context.
To be useful, risk appetite must be driven down from the board and executives into the organization. To that end, COSO defines the “acceptable variation in performance” (sometimes referred to as risk tolerance) as the range of acceptable outcomes related to achieving a specific business objective. While risk appetite is broad, acceptable variation in performance is tactical and operational. Acceptable variation in performance relates risk appetite to specific business objectives and provides measures that can identify when risks to the achievement of those objectives emerge. Operating within acceptable parameters of variation in performance provides management with greater confidence that the entity remains within its risk appetite; in turn, this provides a higher degree of comfort that the entity will achieve its business objectives in a manner consistent with its mission, vision, and core values.
5. Monitoring what really matters is essential to effective ERM. The organization monitors risk management performance and how well the components of ERM function over time, in view of any substantial changes in the external or internal environment. If not considered on a timely basis, change can either create significant performance gaps vis-à-vis competitors or can invalidate the critical assumptions underlying the strategy. Monitoring of substantial changes is built into business processes in the ordinary course of running the business and conducted on a real-time basis. As ERM is integrated across the organization, the embedding of continuous evaluations can systematically assist leadership with identifying process improvements.
Following are some suggested questions that boards may consider, based on the risks inherent in the entity’s operations:
Is the board satisfied that the organization is adaptive to change, and that management is considering the effects of volatility, complexity, and uncertainty in the marketplace when evaluating alternative strategies and executing the current strategy?
Should management consider the principles supporting effective implementation of ERM, as set forth by COSO, to ascertain whether improvements are needed to the enterprise’s risk management capabilities?
Jim DeLoach is managing director with Protiviti, a global consulting firm.
The twenty-first session of the Conference of Parties (COP) convened in Paris Nov. 30-Dec. 11 last year to negotiate a legally binding international agreement on mitigating the effects of climate change. Known as both COP21 and the 2015 Paris Climate Conference, this historic meeting of parties to the United Nations Framework Convention on Climate Change (UNFCCC) resulted in the first-ever unanimous accord, with 187 countries pledging collective action to cut carbon emissions. Despite a U.S. Supreme Court setback to environmental regulations on February 10, this deal will have significant consequences for business worldwide—consequences that will unfold as governments establish regulations that enact their support for and compliance with the Paris agreement.
(Photo: Climate Action/The Sustainable Innovation Forum 2015)
What are the key elements of the agreement?
The COP21 accord seeks to accomplish specific major goals:
To restrict the increase of global temperatures to “well below” 2.0°C beyond those of the pre-industrial era, and to endeavor to limit their rise to a maximum of 1.5°C above pre-industrial averages.
Curtailing the amount of greenhouse gases (GHGs) generated by human activity to levels that trees, soil, and oceans can absorb naturally by sometime within the latter half of this century.
To review each country’s contribution to emissions reduction every five years so they can scale up to the challenge.
For wealthy countries to provide “climate financing” that will enable poorer countries to adapt to climate change and switch from fossil fuels to renewable energy sources.
How can countries understand and manage their own emissions?
Like any business goal, understanding and managing emissions requires three basic steps: measurement—determining where you are and where you need to go; management—determining opportunities, challenges and actions; and reporting—monitoring and disclosing performance over time.
Among the most significant outcomes of COP21 are action plans for the ten largest CO2 emitters by country. These countries include (in order of the size of their emissions) China, the United States, the European Union (28 member states), India, Russia, Japan, South Korea, Canada, Iran, and Saudi Arabia. The major global economic sectors emitting the highest amounts of GHGs are establishing mitigation objectives (i.e., emission reduction targets) referred to as Intended Nationally Determined Contributions (INDCs). For instance, the European Union has set a target of at least a 40% reduction by 2030, and the United States is aiming for a 26%–28% reduction by 2025.
Such a global effort will have credibility only if these INDCs are made publicly available. The five-page United States INDC published on the UNFCCC site outlines how the country is planning to measure, manage, and report its performance; it also references existing U.S. laws and standards and draws on the EPA’s Greenhouse Gas Inventory Report: 1990–2013. This report breaks down responsibility for sources of GHG emissions over time and by major industry sector.
A significant amount of research went into the target of a 26%–28% reduction by 2025. The U.S. federal government is already taking steps to reduce emissions, and public-private collaborations have developed that will enable these sectors to leverage high-efficiency, low-missions solutions and incentivize market and technology innovations in response to the challenge.
What kind of impact will climate change and the Paris Agreement have on a company’s valuation?
In an update to the Annual Study of Intangible Asset Market Value, Ocean Tomo LLC reveals that the intangible asset value of the S&P 500 grew to an average of 84% by January 1, 2015, which represents an increase of four percentage points over 10 years. As management of intangible assets has become increasingly critical to a company’s valuation, expectations for transparency about how these ‘intangible’ risks are managed have risen. These risks now extend to climate change and the costs and benefits of reducing GHG emissions.
Companies can show that they are actively managing climate-change risks and reducing their GHG emissions through research surveys like the CDP (formerly known as the Carbon Disclosure Project). The CDP was founded in 2000 in order to collect data related to carbon emissions and distribute it to interested investors. What began as a small group of activists has grown to include more than 800 institutional investors representing assets in excess of US $95 trillion.
Interested investors (asset owners and managers) have demonstrated their support of the CDP by becoming CDP signatories and being involved in a range of investment-related projects. The list of CDP Signatories and Members includes some of the largest institutional investors, such as Bank of America, BlackRock, BNY Mellon, CalPERS & CalSTRS, Goldman Sachs, Morgan Stanley, Northern Trust, Oppenheimer Funds, State Street, TIAA-CREF, T. Rowe Price, and Wells Fargo. The CDP is by far the most influential organization specializing in this area, and it maintains a comprehensive public collection of corporate performance information.
Data posted on the CDP website can be organized by country, index, industry, or company, and is also presented in reports such as the following:
These reports can be helpful to any company seeking to establish its own GHG emissions strategy. Drawing from public sources also allows a company to see the commitments and disclosures of industry peers, what customers may expect, and how suppliers are improving their own efficiency. In addition, GHG-specific data such as that reported through the CDP is now being integrated into specialized research tools, for example, analyses on Bloomberg’s Sustainable Business & Finance website. Any company (or investor) with a Bloomberg subscription can quickly compare and contrast a range of GHG-related factors, ranging from policies (i.e., climate change policy, energy efficiency policy, environmental supply chain policy) to specific GHG metrics (i.e., energy consumption per revenue, total GHG emissions per revenue, percentage of renewable energy consumption).
Do corporate and institutional customers care?
Consider the manner in which new market demands ripple through supply chains: ISO 9000, Y2K, Dodd–Frank/Conflict Minerals, etc. That same dynamic is playing out around GHG emissions. Once an organization makes a commitment to understand its own GHG footprint, it soon recognizes the degree to which its purchasing decisions influence its overall GHG footprint.
In 2010, Wal-Mart Stores Inc. announced its goal to eliminate 20 million metric tons of GHG emissions from its global supply chain by the end of 2015. The company actually exceeded its commitment by eliminating 28.2 million metric tons, which is the equivalent of taking more than 5.9 million cars off the road for an entire year. Wal-Mart achieved this reduction by implementing innovative measures across both its global operations and those of its suppliers: enhancing energy efficiency, executing numerous renewable energy projects, and collaborating with suppliers on the Sustainability Index to track progress toward reducing products’ overall carbon footprint. By 2017, Wal-Mart will buy 70% of the goods its sells in U.S. stores from suppliers that participate in this Index.
Then, of course, there is the world’s largest single procurement agency, the United States’ General Services Administration (GSA), which spends more than $600 billion annually. The GSA and the U.S. Department of Defense (DoD) are both actively involved in the management of GHGs in their supply chains. These and other federal agencies are working closely with the White House Council on Environmental Quality to understand the GHG footprint of the government’s purchasing decisions and to engage and educate suppliers on GHG reduction strategies. The Federal Supplier Greenhouse Gas Management Scorecard lists the largest suppliers to the US government by spend and identifies whether the supplier discloses its emissions and whether it has set emissions targets. This information is drawn from public sources, and, like the CDP, this scorecard creates added market pressure on public and private companies to measure, manage, and report on GHG-related activities.
Do consumers care?
In 2015, Cone Communications partnered with Ebiquity to field its third survey of global attitudes, perceptions, and behaviors around sustainability and corporate responsibility. They conducted an online survey of more than 9,500 consumers in nine of the largest countries as measured by GDP: the United States, Canada, Brazil, the United Kingdom, Germany, France, China, India, and Japan. The survey broadly described corporate social responsibility (CSR) to respondents as “companies changing their business practices and giving their support to help address the social and environmental issues the world faces today.” Respondents were then asked whether in the preceding 12 months they had:
What does the agreement mean for your business?
Awareness about fossil fuel use, carbon and GHG emissions, and climate change impact is proliferating in all segments of the economy—public and private companies; federal, state, and local governments; employees, customers, and shareholders; etc. Today’s management teams and directors need to understand where their company stands on the risk/opportunity spectrum. To begin or advance the boardroom conversation on climate-change risks and strategies for reducing GHG emissions, consider the following:
Look across the company’s value chain. Where is the company most vulnerable geographically? Which facilities are purchasing power from the highest and lowest carbon emitting electric utilities? Are their GHG reduction opportunities through our electric utility or through other energy providers in our region?
Have we taken a public position on reducing GHG emissions? Have we set goals and targets? If not, why not? If so, how are we performing? Do we have quantifiable and verifiable information?
What positions have our largest customers taken on the issue of GHG emissions? What are their expectations of us as a supplier?
Is our industry sector a leader or a laggard? How is our organization doing in comparison with our peers?
As part of the lead-up to COP21, the Science Based Targets (SBT) initiative was formed to actively engage companies in setting GHG emission reduction targets. A collaboration among the CDP, the UN Global Compact, the World Resources Institute, and the World Wildlife Fund, the SBT initiative publishes the emission reduction targets set by more than 100 of the world’s largest companies. Here are just a few examples:
Coca-Cola Enterprises has committed to a 50% reduction of absolute GHG emissions from their core business operations by 2020, using 2007 as the base year. Coca-Cola Enterprises also commits to a 33% reduction of the GHG emissions associated with manufacturing of their products by 2020, using 2007 as the base year.
General Mills has committed to reducing absolute emissions by 28% across their entire value chain from farm to fork to landfill by 2025, using a 2010 base-year. These reductions include total GHG emissions across all relevant categories, with a focus on purchased goods and services (dairy, row crops, and packaging) as well as delivery and distribution.
Procter & Gamble has committed to cutting emissions from operations by 30% from 2010 levels by 2020.
Sony has committed to reducing GHG emissions from its operations by 42% below fiscal year 2000 levels by fiscal year 2020. The company also has a long-term plan for reducing its environmental footprint to zero by 2050, requiring a 90% reduction in emissions over 2008 levels by 2050.
In October 2015, more than 80 major U.S. corporations signed the American Business Act on Climate Pledge, among them such companies as Alcoa, American Express, Apple, AT&T, Berkshire Hathaway Energy, Dell, GE, General Motors, Goldman Sachs, Google, Johnson & Johnson, McDonald’s, Nike, Pepsi, Pacific Gas & Electric, Salesforce, Starbucks, UPS, etc. A range of quantitative GHG-emission reduction goals and targets are available for public review on the SBT website.
In addition, entire industries—such as the fashion and hospitality industries—are working together to set their own targets. These types of voluntary public commitments are setting precedents and thus expectations for others within and across industries and economic sectors.
Given the pending presidential election in the United States and the existing regulations referenced in the United States’ own INDC, it is unlikely that significant regulatory changes will impact business in 2016. It is likely, however, that existing standards and Executive Orders will shape the conduct and actions of specific industries.
Growing interest in the federal government’s own footprint and those of its suppliers may constitute the most significant impetus for change. As the GSA and the DoD increasingly seek suppliers with the lowest GHG emissions, these suppliers (public and private) will be incentivized to measure, manage, disclose, and verify their GHG emissions.
(Photo: Climate Action/The Sustainable Innovation Forum 2015)
What do directors need to do now?
First and foremost, become familiar with your company’s carbon profile and sustainability image. You need to know the carbon footprint of your company, the company’s plans to reduce that footprint, and the company’s messaging about those plans.
Whether your company is public or private, make sure that its customers know the company’s story. Business-to-business customers expect suppliers to measure, manage, and report on carbon emissions. Directors can ensure that a credible and compelling message is communicated to customers.
Conversely, directors can ensure that the company exhibits GHG consciousness when choosing major suppliers. In a choice between two qualified vendors, why not pick the one that is also better for the sustainability of your business and the planet?
If you serve on the board of a public company, look for the names of your largest investors on the list of CDP signatories, realizing that more and more of these investors are conducting due diligence on carbon emissions in their portfolio companies. Urge your CEO to announce carbon reductions in any communications with your company’s climate-oriented investors.
Develop your business case for carbon reduction and other sustainability measures. Reducing carbon emissions means the reduction in the use of fossil fuels, which translates to cost savings. Diversifying the firm’s energy portfolio to include lower emission sources is also a strategic move in today’s market. Seeking out and procuring lower-emissions goods and services has become commonplace. Leverage your procurement spend to help reduce your overall GHG footprint.
Urge management to reach out to sources knowledgeable about climate change in order to learn more from them or even to consider them as possible business partners. Wall Street firms, private equity investors, lenders, insurers, rating agencies, and stock exchanges are all becoming involved in climate issues and can be valuable partners in identifying future risks and opportunities, as well as crafting new strategies.
Ensure your investors understand and appreciate the value of investments your company makes to reduce its carbon footprint and improve the sustainability of its operations.
BrownFlynn is a corporate sustainability and governance consulting firm with 20 years of experience supporting public and private corporations in the development and implementation of strategic corporate responsibility and sustainability programs. www.brownflynn.com
Barb Brown, co-founder and principal, has led the firm since 1996, when it was established to address the growing demand from shareholders on intangible issues such as corporate responsibility; sustainability; environmental, social, and governance topics. Recognized as a pioneer in the industry, Brown is a sought-after speaker, author, and thought leader and has contributed her expertise to a range of professional and industry groups, as well as numerous multinational corporations.
Mike Wallace is managing director at BrownFlynn. An NACD member, he has been a regular contributor to NACD programs and publications. He has worked in the field of corporate responsibility/sustainability for more than 20 years and has presented on these topics to audiences at NACD Master Classes, the NACD Global Board Leaders’ Summit, and meetings of the Society of Corporate Secretaries, and the National Investor Relations Institute. He advises public and private companies as well as boards and board committees on these issues.
The 2015 NACD Global Board Leaders’ Summit officially opened Sunday evening with the bang of drums and the bagpipes of the St. Andrew’s Society of Washington, D.C., a local Scottish heritage association. Their performance was followed by an interactive video experience that challenged the audience to question the borders of the screen. Each of these sensory experiences underlined the theme of the year, Beyond Borders: Leadership Evolved. The opening night keynote speakers–NACD Chair Dr. Reatha Clark King, and philosopher and author, Kwame Anthony Appiah–explored how directors should weather the evolution of the boardroom.
King is a fan of challenges. A seasoned director herself who values the good businesses can do in the world, King centered her message on all the work that boards have done to better the world around us—and the work left to do. “We have been successfully adjusting the trajectory of governance systems and have made improvements, but we still have much to do,” said King. “The board’s agenda gets longer. We offer no encouragement that the agenda will get shorter. Instead we prepare ourselves for the greater demand.”
One of the demands King identified was the need for directors to hold fervently to core beliefs. One among the many she cited was accountability: “I am a student of the word ‘accountability,’ and it looms large in my mind for directors to understand and embrace it.” King asked the audience to also embrace leadership in challenging times in spite of the many chances to falter. Among the recommended ways to lead with strength through governance challenges were the concepts of embracing broader perspectives, finding the courage to do what’s right, and to be brave enough to change if needed.
King’s suggestions for leadership to the audience of more than 1,200 were strengthened by Kwame Anthony Appiah’s discussion on honor. Appiah is author of The Honor Code, a best-selling book that examines four points in history where honor outweighed other forces to catalyze social change for the greater good. Appiah distilled his observations on honor into applications for the boardroom and professional practice as a whole.
At the core of his message was that honor will trump money, regulation, and even the coercion of law to guide a person’s moral compass and that only honor holds up in the face of the greatest ethical challenges that inevitably arise.