In an environment characterized by market volatility, regulatory dynamism, and rising pressure from lobbies on sustainability matters, organizations are facing an increasingly complex panoply of risks. In this context, corporate governance and risk management are crucial cornerstones in creating sustainable value and protecting investors’ interests.
This article explores the main challenges and opportunities inherent in managing corporate risk, highlighting the influence of the disruptive environment, the crucial role played by the Board, the Three Lines Model, the integrality of the COSO ERM framework, and the salience of ESG risks, as outlined by Luis Sotelo (MBA 19), Master in Auditing, COSA ERM certified, at the online session held on this topic by the Esade Alumni Lima Chapter last October.
The acronym VUCA (volatility, uncertainty, complexity, and ambiguity) accurately describes the challenging environment in which contemporary organizations are operating. According to the World Economic Forum’s 2024 Global Risk Report, the most significant emerging risks include technological disruptions, sweeping regulatory changes, and planet-wide environmental crises.
Faced with this scene, it is imperative for organizations to strengthen their analysis, planning, and resilience capacities to proactively define both threats and strategic opportunities to ensure their sustainability and competitiveness.
An effective Board is a critical factor in the sustainable success of any organization. Its main purpose is to guarantee the creation of long-term value for shareholders while also encouraging fulfilment of social and environmental responsibilities.
A proactive Board with a future vision should set the organizational purpose, the fundamental ethical values, and the overall strategy to ensure that they properly align with the corporate culture. It should also act with integrity, lead by example, and foster an organizational culture based on ethics and transparency.
It is also the Board’s job to establish a robust framework for risk management and internal control and to determine the organization’s risk appetite by clearly defining the risks it is willing to take on to reach its strategic goals.
Effective corporate governance not only serves as a protective mechanism against financial and operating risks but also facilitates access to capital markets in favorable conditions and boosts investors’ trust in the organization’s solidity.
The Three Lines Model, published by The Institute of Internal Auditors in 2020, provides a clear framework for assigning risk management responsibilities and strengthening organizational accountability. It is organized into three interrelated lines of defense:
· First line: Operational management, responsible for identifying, assessing, and mitigating the risks inherent to day-to-day activities.
· Second line: Oversight such as risk management and regulatory compliance, responsible for designing, implementing, and overseeing the efficacy of the controls put into place.
· Third line: The internal audit as an independent function which provides objective assurance of the appropriateness and effectiveness of the overall risk management system and governance processes.
This model promotes comprehensive, collaborative, and efficient risk management at all levels of the organization.
The COSO ERM (Enterprise Risk Management) framework, developed by the Committee of Sponsoring Organizations of the Treadway Commission, is an internationally recognized comprehensive risk management framework. The updated version of the framework, COSO ERM 2017: Integrating with Strategy and Performance, stresses the need to regard risk not only as a threat but also as a potential source of strategic opportunities.
The COSO ERM framework is divided into five interrelated components:
Governance and Culture: This fosters integrity, ethical values, the board of directors’ oversight, and accountability.
Strategy and Objective-Setting: This integrates risk management into strategic planning, considering the business context and the risk appetite.
Performance: This facilitates the identification, assessment, and response to risks that affect the achievement of the strategic objectives.
Review and Revision: This ensures the constant assessment and improvement of the components of the risk management system.
Information, Communication, and Reporting: This ensures that the relevant information on risk is captured, communicated, and used appropriately in decision-making.
The adoption of the COSO ERM framework allows organizations to develop a holistic picture of their risks and opportunities, while strengthening their capacity for resilience and business sustainability.
The management of ESG (environment, social, and governance) risks is a critical component of corporate sustainability today. This approach entails:
· The identification and exhaustive analysis of ESG risks which could impact the business’s strategy and operations.
· The assessment and prioritization of these risks according to their severity and relative importance.
· The deep integration of these risks into the organizational culture and long-term strategic planning.
· The drafting of reports and transparent communication to stakeholders on the risks and the measures taken to mitigate them.
Institutional investors’ and regulators’ increasing demand for transparency and accountability across the globe is driving companies to adopt more sustainable, resilient, and responsible practices, positioning ESG risk management as a key competitive advantage for the future.
With a more than twenty-year career in the energy sector, Luis specializes in audit, risk management, and corporative governance. He holds international certificates in the COSO Internal Control Framework and COSO ERM. He has completed the Program for Business Directors (PDE) at the University of the Pacific in conjunction with EY and Georgetown University, as well as the Company Director Program at the Institute of Directors (United Kingdom). He is currently the Senior Audit and Risk Management Manager at Transportadora de Gas del Perú S.A.
