Risk is the chance that an outcome will vary from the plan.  Risk is most commonly considered a negative (a downside, or an adverse impact), but risk can also mean the failure to seize opportunities to grow (think Blockbuster and Netflix).   One risk is the risk of non-compliance, and its consequences – fines, penalties, reputational damage.  Some risks (societal recognition of environmental pollution or climate change) lead to laws and regulations – and more compliance.

The very notion of “environmental risk” (or ESG risk) has changed, with ESG compliance changing fast.  There are risks of non-compliance, fines, penalties, loss of customers, shareholder actions, reputational damage, poor employee morale – and more.  Furthermore, these risks arise from a dizzying array of ESG issues and the stakeholder expectations that come with them.  Climate change, ecosystems and biodiversity, product content, microplastics, circular economy, human rights – these issues were barely on the radar screen a decade ago, and are routinely front-page news.  Perhaps with your company’s name associated with it.  Will it be positive or negative?

Audit, Risk, Compliance – Where to start?   It depends.  Compliance is essential.  But compliance deals with requirements currently in place.  “Risk” deals with things that could happen – risk is forward-looking.  Risks from ESG issues – compliance requirements, sales, reputation, investor comfort – are growing.  Environmental risk/ ESG risk is a logical place to start to protect and grow an organization’s value in the future.

DHC helps clients identify, evaluate and mitigate environmental risks/ ESG risks.

Environmental / ESG issues can affect:

• Operations
• Compliance
• Reporting (financial and non-financial)
• Business reputation

Robust environmental risk management should involve Environmental groups, as well as all other relevant departments and activities.

Opportunities are the “flip side of risk”.  Companies must be alert for opportunities and seize them in a timely manner.

DHC’s experience spans many ESG issues and covers over four decades.  DHC is based in California, home to many environmental laws and regulations that were regarded as extreme when they were passed, but are now standard practice worldwide.  DHC has helped Clients manage risk and compliance as issues have evolved in complexity and burden.

Mr. Hileman has been active in the ESG profession for nearly 40 years.  He taught Environmental Auditing at UC Irvine Extension for nine years in the 1980s – 1990s.  He was active (including on the Board) of a leading association of EHS auditors for decades.  He is currently on the Advisory Board of the IIA’s EHS Audit Center.

DHC professional involvement provides perspectives that are unique.  He has been active in the Institute of Internal Auditors for over a decade.  He served on a global committee writing guidance documents for the Internal Audit profession for five years.  He co-authored “Internal Audit and the Second Line of Defense” and a Practice Guide for building fraud brainstorming and testing into audit planning.  He has developed and provide programming the IIA Los Angeles chapter.  He co-chaired programming committee for the 2019 IIA International Conference in Southern California.  He participates in other professional organizations including National Association of Corporate Directors and ISACA.  This provides DHC with many perspectives on issues affecting organizations.  Mr. Hileman’s experience in industry, Big 4 and management consulting result in distinct perspectives on how to identify and assess current and emerging ESG risks.

Too often, risks are dismissed simply because they are not understood.  ESG specialists can provide context and can inform judgment on how to assess and mitigate ESG risks.  Risk is forward-looking.  What could happen, how could it affect the organization, is that impact negative or positive (and by how much), and how likely is it to occur?  Before risks can be mitigated (or opportunities seized!), they must be identified.  Then assessed.  ESG risks come from many directions.  There are challenges in “drawing the line” at what risks to consider, and what to ignore.

Environmental risk/ ESG risk expertise is essential at the enterprise level, and at the program level.  Organizations typically do annual risk assessments, looking ahead and evaluating where they should devote resources in the coming year.  ESG risks are often dismissed, because risk generalists do not understand the underlying issues, have not followed trends, and do not consider the breadth of potential impact.  The COVID-19 situation offers a dramatic example.  Environmental risk/ ESG expertise need not be full-time.  Organizations can use outside ESG specialists – like DHC – to support enterprise risk management.

Environmental risk/ ESG risk expertise is essential at the project level.  Environmental/ ESG audits are one example.  Audits are always resource-constrained; auditors must prioritize in order to gather evidence that helps develop reasonable conclusions.