by Agnieszka Bąk

The 18th edition of the Global Risks Report 2023, provided by the World Economic Forum, ranked the energy supply crisis, cost-of-living, rising inflation, and food supply crisis at the top of the list. However, from a short-term, two years perspective, the highest rank gains the cost of living crisis, natural disasters, extreme weather events, geoeconomic confrontation, and failure to mitigate climate change.


Simultaneously worldwide, there is a movement toward a green economy and responsible management based on the European Green Deal and all CSRD, SFDR, and current Corporate Sustainability Due Diligence directives. Based on the above, business needs to incorporate ESG (Environmental, Social, Governance) risk management with climate mitigation in the Enterprise Risk Management System.

What is enterprise risk management?

According to the Corporate Finance Institute: Enterprise Risk Management (ERM) is a term used in business to describe risk management methods that firms use to identify and mitigate risks that can pose problems for the enterprise. The question ERM practitioners attempt to answer is: What significant risks could stop us from achieving the mission?


The risk management in the corporate and enterprise agenda is well-founded and based on different quality standards and frames. For example, it could be implemented based on ISO 31000:2018 standard and integrated with other ISO policies like environmental or quality. Also, in 2002, was developed Risk Management Standard – IRM/Alarm/AIRMIC 2002 by the UK’s three leading risk organizations.


According to the different methodologies, the process looks quite similar and could contain the following:


  • Risk identification
  • Risk assessment and prioritization
  • Risk response
  • Monitoring and evaluation


Successful risk management at the corporate and enterprise level should allow preparation for threats from strategy, finance, operation, and compliance perspective by mandating business segments engage. The approach should be holistic, treated as a cross-functional project, and not limited to one department.


Preparing for the whole risk management process should start with a business model analysis of the subject enterprise, the review of internal and external trends, documents, policies, and regulations, as well as all stakeholders. It would be helpful to use the additional documents for the subject company, like SWOT analysis, 5 Porter Strengths, and materiality assessment. At that stage, ESG elements should be incorporated into the ERM, which covers climate risk mitigation as one of the critical elements of the physical and transition risk. Also, it should be stressed that ESG risk is usually associated just with climate. Still, it also covers other environmental factors that align with EU Taxonomy pillars and analysis of the policies and management practices about the human capital (internal and external) in the whole value chain.

From that perspective, ERM and ESG risk management is a complex methodology that reviews all business processes and checks where Environmental, Social, and Governance factors are currently included. All risks should be investigated on all business levels, from the company level to one unit and product.

ESG Risk Management 


ESG and Climate Risk Management is a complex purpose and, as a part of the whole company risk management process, could include:


  • Risk identification
  • Risk assessment
  • Integrations with general risk management
  • Implementation of a risk mitigation strategy


Therefore, tools supporting the ESG and Climate Risk Management process for corporate and financial users have appeared on the market. These are often products that combine risk reporting with ESG reporting. They enable setting goals and monitoring their implementation. The most commonly used standard in risk reporting according to climate change is the TCFD – Task Force on Climate-related Financial Disclosures.



From the social and governance perspective, there is a need to dive deep into all legal, compliance, and HR databases and current business standards about the business model to cover all social and management factors and match them with risk assessment. Companies that actively collect data and monitor ESG and climate change risks can quantify the magnitude and likelihood of threats, allowing them to prepare and attempt to mitigate the impact of risk on their business by better understanding strategic goals and assessing resources and resources opportunities. Otherwise, the company may need help estimating vulnerability to risk and properly capturing risk in its strategy.


As climate change is still marketed as a critical risk from a short and long-term perspective from corporate and enterprises, we focus here mainly on that topic.


Climate Risk Management 


There are two types of climate risk:


  • Physical risk – related to immediate physical threats such as floods, fires, and extreme weather events and chronic ones such as temperature changes, rising sea levels, or loss of biodiversity
  • Transition risk – associated with the transition to a low-carbon economy, which includes: regulatory, legal liability, technological, market, and reputational risks


Despite the complex process of evaluating the impact of the interaction between physical risk and transition, risk assessment is approached holistically by combining the two types. They are then assessed separately and aggregated. Today, integrated risk assessment is increasingly carried out due to the needs of financial institutions and supervisory authorities that require a comprehensive evaluation of risk exposures and a review of climate strategies.


The aim of the risk analysis is, at least estimation of its economic effects, which requires detailed financial data as well. For example, for geographical regions exposed to extreme weather events, the likelihood of borrowers’ insolvency increases and collateral value decreases. The links between environmental risk and credit risk, liquidity and funding risk, market risk, operational risk, and reputational risk are also assessed. Risk management should consider that risk exposure may vary across companies and industries. The same type of risk can affect the strategic objectives of different companies differently, and risk exposure depends on the company’s strategic position in its industry and significant markets.


Various methods are used to assess climate risks, such as scenario analysis or stress tests, which are recommended. Climate-related risk is complex, volatile, and long-term, and its level depends on dynamic interactions between:


  • Threats posed by a changing climate
  • Exposure to climate hazards
  • Vulnerability


IT tools for ESG and Climate Risks Management


One of the challenges in risk assessment is collecting and analyzing the data needed to predict risk. Modern IT tools make it possible to improve the collection of risk data and its review using appropriate statistical methods. Analysis for forecasting in climate models also requires large data sets and high computing power.


Artificial intelligence, machine learning, and IoT are increasingly involved in climate risk management due to the ability to analyze large data sets and obtain hard-to-reach information. Unstructured data is difficult to use because its processing is time-consuming and expensive. Using the achievements of artificial intelligence, such as natural language processing (NLP) and machine learning, this process can be significantly improved. For example, telemetry devices can help in early warning against the threat associated with dangerous atmospheric phenomena and enable measurements in places previously difficult to obtain data. AI can also enable the collection of company-level data on its climate goals and strategies, which is sometimes considered in risk analysis tools.


Moreover, advanced data analysis allows the identification of the factors responsible for the degree of extreme events’ impact on business activities and the entire supply chain. A modern tool for climate risk analysis is the Power BI technology, which enables historical data calculations and effective forecasting based on AI. In addition, Power BI allows the presentation of the results to be attractive for the user thanks to a wide range of visualizations. It enables telling the story of data and drawing the correct conclusions based on it. Thanks to this, based on the analysis, the company can effectively plan its strategies in many directions, including sustainability and climate risk management.


However, ESG and Climate Risk Management should be viewed not only as a legal disclosure obligation but as an opportunity to improve overall risk assessment and a company’s strategy. Companies that do not consider climate risk will likely pursue strategies that are vulnerable to disruption and will not be able to effectively protect their operations from the impact of climate risk.


Data management and governance – fundamental foundations


The fundamental foundations to start the successful ESG and Climate Change process are reliable and trustful data. There will only be proper AI predictions and stable policies, targets, and mitigation plans with a solid system that integrates the data sources from the strategic, financial, and operational supplemented by the data from the supply chains.



IT tools allow us to collect hard-to-reach data, such as GHG emissions from Scope 3, and manage it efficiently. The main problem is that data is not just dispersed; data available or provided on the invoices are entirely inconsistent. A system that digitizes the data on-site and then puts it in one place can be the first step in identifying the data or can also be treated as raw DWH – Data Warehouse.


Once it is established access to such relevant information, the next step may be the implementation of the analytical tools available in Power BI. Access to modern tools such as IoT, AI, and Power BI technology allows not only the creation of an excellent report based on reliable data but also plan an ESG strategy and ESG Risk Management. It is a solid background to make the first step on the path to becoming a sustainability leader in the specific industry.


If you want to deep dive into our ESG solutions or just need help understanding the ESG impact on your business and how the above tools could be adjusted to your demands do not hesitate to contact our ESG team at


Read more about ESG Reporting on our blog:

Innovations in ESG reporting – Part 1

Microsoft Cloud for Sustainability and Sustainability Reporting

ESG Reporting – Why is it so important to companies?

Due Dilligence in ESG Reporting