ESG — Environmental, Social, and Governance– is garnering new attention as a risk focus. While ESG issues (sometimes used interchangeably with the word sustainability) are not new, increasing regulations and international attention are speaking to the importance of the risk professional’s role in addressing ESG concerns, which can impact a health care organization’s tax-exempt status, future accreditation and appeal to a changing workforce.
The inherent mission and values of health care organizations make them perfect implementers of the ESG framework. Although many are likely already following some ESG principles, building an ESG framework holds the organization’s leadership accountable by setting clear goals and expectations.
The risk professional’s skills are instrumental in the organization’s ESG journey. With keen expertise in risk analysis, knowledge of the organization and proficiency in the risk process and identification, these professionals can be critical partners in ESG endeavors. Additionally, the risk professional’s experience with enterprise risk management principles and tools can strengthen long term ESG and sustainability efforts throughout all facets of the organization.
What is ESG?
The E stands for environmental. This element focuses on how the organization is exposed and how it manages risk related to climate, natural resource scarcity, pollution and waste, and examines the organization’s impact on the environment. [i] In health care, this E element could examine the amount of disposable/paper waste generated, water consumption and greenhouse gases emitted, and other related considerations.
The S is the social element focusing on organizational values and business relationships. This includes topics such as supply-chain quality and safety, and human capital issues including employee health and safety, diversity and inclusion policy efforts, and human trafficking.[ii] Health care organizations should examine existing contract language with supply chain and human capital third party contracts to ensure language is used to address labor and human rights such as working conditions, age of workers, slavery/forced labor, human trafficking and other considerations. Other social elements might include employee wellness programs and diversity, equality and inclusion.
The G is the governance element
reflecting the organization’s corporate governance. This may include the
organization’s structure and “diversity of the board of directors; executive
compensation; critical event responsiveness; corporate resiliency; and policies
and practices on lobbying, political contributions, and bribery and
corruption.”[iii] The health care risk
professional may focus on critical event responsiveness as a governance
component in ESG, including a process for board communications and a designated
spokesperson for critical events.
In 2022, ESG was identified by Gartner, a worldwide executive consulting company, as one of the top 10 risk areas for internal audit. Now, many creditors are issuing loans with adjusted rates according to the health care organization’s ESG performance. With the financial pressures facing health care organizations, the impact on adjusted rates can result in considerable savings to the organization and permit continued focus on mission and strategic goals.
What does ESG mean for health care organizations?
Now is an opportunity for expanded awareness of how ESG is shaping the organization’s business model and what that means for the future and growth of the organization. The health care business needs to know where it is today in relation to innovation, new products, services, and must develop new strategies to facilitate growth and act on new opportunities.
Valuable ESG knowledge includes knowing the organization’s use of ethylene oxide (EtO) in sterilization processes, the organizational greenhouse emissions, and utilization of disposable products. Another example is the diversity of an organization and how it reflects the community it serves. Consider the social responsibilities of the organization while recognizing that current and future employees are increasingly important to a younger workforce. Many millennials demand purposeful work and, if you are an employer that can meet that need, you will attract and retain that talent, and likely encourage higher productivity in the workplace.
It is also important to note accreditation agencies, such as The Joint Commission, added a potentialelement of performance (EP) for leadership regarding decreasing greenhouse gas emissions: LD.05.01.01 hospital decrease greenhouse gas emissions and waste. The potential EP requires hospital leaders to designate an individual for the oversight of activities to reduce greenhouse gas emissions, conduct required measurements (set by the organization), produce written goals and action plans, and perform at least an annual analysis to determine if sustainability measures identified are reaching their projected goals and, if not, revise goals and an action plan as appropriate.[ii]
ESG requires integration of risk and reporting responsibilities. Although current mandated reporting may not be required in U.S. health care, it is required internationally and in various industries. Executive leadership or trustees may request this information proactively to make more informed decisions. It is not a question IF reporting will be mandatory or required, it is when.
What does it mean to risk professionals?
Value driven organizations are becoming proactive in understanding ESG and the impact it has on the organization. “By focusing on shaping the more sustainable, equitable, and responsible business models, governance frameworks, strategies, products, and the behavioral changes stakeholders are demanding, they’re positioned to turn ESG challenges into opportunities for long-term value creation.”[iii]
Organizational ESG knowledge and identification requires sharing of roles across the organization that will drive organizational alignment, better management of ESG risk, assure potential or proactive reporting responsibilities, and achieve value creation objectives. An ESG program cannot be implemented in isolation. It requires an integrated risk management approach. Also, an integrated team is necessary for this work and may include risk, internal audit, executive leadership, compliance, sustainability and legal, human resources, finance, strategy, operations, communications plus potentially others. Success will hinge on the ability to work outside of operating silos.[iv]
Most risk professionals are uniquely positioned to seize the opportunity to lead and add value to companywide ESG initiatives. Risk professionals’ have skill sets of organizational knowledge and abilities to oversee integrated teams, particularly those with experience in enterprise risk management, which are key skill sets to move ESG initiatives forward.
do you gain ESG insight into the organization?
Getting started may begin with an ESG data audit focused on current data quality. The primary goal is to validate and assess the significance, completeness and accuracy of the current data being collected. Remember, the value of the ESG insight or report is related to the quality and accuracy of the data it reflects.
Ask the following questions regarding both existing and any potential ESG data within the organization:
- What data related to ESG is currently collected or reported — such as greenhouse emissions, EtO sterilization usage — and to whom is the information currently reported?
- Where is the current data being stored and what metrics are being used?
- Does anything in current data collection, storage and controls need to be changed?
Risk management, together with internal audit and potentially others, should ask the following questions of the organization to gain ESG awareness and develop ESG reporting and knowledge.
- Balance — are the activities delivering a well-rounded, balanced perspective on activities around ESG? Does the organization identify not only achievements and progress, but also identify limitations, weaknesses and areas for improvement?
- Stakeholder inclusiveness — have the ESG stakeholders been identified? Are stakeholders included in identifying potential ESG impacts? Are ESG stakeholders identified including employees, customers, consumers and community members?
- Sustainability context — is the information reported within a structure that makes sense for the health care business, the health care industry and the related ESG impacts?
- Prioritization — what areas regarding ESG are the most important on which the organization should focus? What process is being used to think through potential ESG risk impacts? How does this thinking guide the organizational ESG strategy, governance and disclosures?
Use of a risk-based approach for ESG helps to drive the meaningful selection of and prioritization of the focus. ESG topics should not be from one frame of reference but shared and viewed through a lens of others such as stakeholder engagement, industry trends and benchmarking. Once these higher ESG risk areas are identified, they will influence the organization’s assessment to:
• Identify the most significant ESG objectives and those that would have a negative potential impact on the organization if not achieved.
• Identify ESG objectives that matter most to stakeholders. This is a process called a “materiality assessment” which is defined as formal exercises aimed at engaging stakeholders to find out how important specific ESG issues are to them.
Identifying this information will help determine the ESG focus areas for strategy, risk reduction, risk mitigation and potential disclosures or sharing data with key executive leaders and trustees.
With some limited understanding of ESG, the questions below are a starting point to begin a risk-based approach to an audit or risk assessment for the current position of the organization in ESG. (Figure1)
Figure 1 – Key Questions for a Risk-Based Approach to Auditing ESG
Used with permission: Auditboard – Deloitte. How to audit ESG risk and reporting – Key Considerations for developing your Environmental, social and Governance Audit Strategy. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/audit/us-how-to-audit-esg-risk-reporting.pdf
What is the first critical step in ESG? Getting started!
There are many ESG resources available. A few used in this brief overview include:
- AICPA’s Guide: Attestation Engagements on Sustainability Information (Including Greenhouse Gas Emissions) (AICPA sustainability attestation guide) for a more detailed listing of the information within that encompasses the E, S, and G. https://www.aicpa-cima.com/cpe-learning/publication/attestation-engagements-on-sustainability-information-guide-including-greenhouse-gas-emissions-information
- Auditboard: Deloitte. How to Audit ESG Risk and Reporting – Key Considerations for Developing your Environmental, social and Governance Audit Strategy. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/audit/us-how-to-audit-esg-risk-reporting.pdf
- American Society for Health Care Engineers (ASHE): Sustainability Roadmap for Health Care can be found at https://www.aha.org/sustainability
Deloitte, a leader in ESG, advises:
Planning a more effective internal audit strategy that incorporates ESG risk and reporting is an important step toward moving down the appropriate path — but your organization must also prepare to go a significant step further, directly connecting ESG efforts with value creation. That means not only embedding ESG into ongoing risk and reporting activities, but also committing to a bigger vision that incentivizes true transformation — helping you become a more sustainable, resilient organization capable of delivering lasting financial and business value.
that what we all want for health care organizations?
Endnotes AICPA’s Guide: Attestation Engagements on Sustainability Information (Including Greenhouse Gas Emissions) (AICPA sustainability attestation guide) for a more detailed listing of the information within that encompasses the E, S, and G.  Ibid.  Ibid.  Yu, Abigail. The Global State of Mandatory ESG Disclosures. https://www.azeusconvene.com/esg/articles/the-global-state-of-mandatory-esg-disclosures#:~:text=At%20present%2C%2029%20countries%20and,for%20the%20more%20stringent%20standards. November 11, 2022.  The Joint Commission. Proposed Requirements Related to Environmental and Sustainability Field Review. https://www.jointcommission.org/standards/standards-field-reviews/proposed-requirements-related-to-environmental-sustainability-field-review. April 4, 2023.  Auditboard – Deloitte. How to audit ESG risk and reporting – Key Considerations for developing your Environmental, social and Governance Audit Strategy. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/audit/us-how-to-audit-esg-risk-reporting.pdf  Ibid.
i] Yu, Abigail. The Global State of Mandatory ESG Disclosures. https://www.azeusconvene.com/esg/articles/the-global-state-of-mandatory-esg-disclosures#:~:text=At%20present%2C%2029%20countries%20and,for%20the%20more%20stringent%20standards. November 11, 2022.
[ii] The Joint Commission. Proposed Requirements Related to Environmental and Sustainability Field Review. https://www.jointcommission.org/standards/standards-field-reviews/proposed-requirements-related-to-environmental-sustainability-field-review. April 4, 2023.
[iii] Auditboard – Deloitte. How to audit ESG risk and reporting – Key Considerations for developing your Environmental, social and Governance Audit Strategy. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/audit/us-how-to-audit-esg-risk-reporting.pdf[iii] Ibid.
Franchesca J. Charney, RN, MS, CPHRM, CPPS, CPSO, DFASHRM, Director of Risk Management for the American Society for Healthcare Risk Management, has led the development of numerous ASHRM publications and is releasing soon Failure Modes Effect Analysis (FMEA). Also, she is the managing editor for the Journal of Healthcare Risk Management and has written numerous professional journal articles and participated in national speaking engagements. Charney led the development of Enterprise Risk Management for Boards and Trustees: Leveraging the Value and the Readiness Assessment Tool as well as numerous other resources.
Guy Whittall-Scherfee MS, Education Specialist for the American Society for Healthcare Risk Management, has written education and science policy guidelines for organizations such as the University of Chicago. He coordinates conferences across the nation and Canada for ASHRM and the science communication organization ComSciCon. He has developed educational curriculum for learners of all ages and currently runs the e-learning, podcasts and webinars for ASHRM while working with subject matter experts to develop new curriculum for the organization.