Course on sustainability risk management for the Master in Sustainability and Corporate Social Responsibility Leadership at the Universidad Complutense de Madrid. I will provide the students with tips, tools, and models to assess and manage operational, compliance, integrity, governance, solvency, profitability environmental, climate change, and supply chain risks as part of a sustainability and social responsibility program.
6. Introductory resources
Risk is the effect of
uncertainty on achieving
objectives - ISO 31000
A deviation from what is expected or normal
Risk management involves planning and decision-making
to address uncertainty minimizing biases to maximize
performance
7. Introductory resources
The lack of information on
future behaviors of agents
and threats causes
uncertainties
Internal agents > directors and employees,
representatives, business advisors
External agents > investors, competitors,
regulators, unions, activists, adversaries (eg
hackers), customers, suppliers, subcontractors,
forces of nature
11. Introductory resources
Risks can cause a positive or negative
impact
The opportunity for increased customer awareness on recycling
could improve the profitability of a green brand
The opportunity of changes in green credit eligibility criteria
could improve the profitability of a solar panel project
The risk of disputes with unions could delay plant deliveries
The risk of occupational accidents of contractors could affect
the reputation of a local society
13. Introductory resources
Controllable events and known
breaches, business facts and
vulnerabilities are not risks
Due to the fact that the objectives
are articulated for subsidiaries and
activities, risks are to be
disaggregated and consolidated
14. Introductory resources
Sustainability risks require analyzing
the impact on the organization and
stakeholders for failing to accomplish
the objectives of the sustainability
program
Top-down approach: identify risks in subsidiaries and
departments starting from group objectives
Bottom-up approach: consolidate risks identified in subsidiaries
and departments following group categories
16. Introductory resources
The impact on stakeholders affects
the reputation and credibility of the
organization in executing its business
plans
Assessing the impact of risks on stakeholders
is key for establishing a sustainable strategy
and identifying opportunities
17. Introductory resources
Stakeholders have different tolerance
levels to different risks
Sustainability risk management allows to
retain customers, preserve investors´
interests, prevent financial losses, protect
reputation and improve quality
18. Introductory resources
A sustainability program requires
managing financial, social and
environmental risks
in processes and products of the organization
Banks, insurers and listed companies must report their
main business risks related to environment, social,
personnel, human rights and corruption
- Directive 2014/95/EU art 19 bis b
19. Introductory resources
The uncertainty on the credibility and
viability of long-term business plans
poses risks to sustainability
Corporate social responsibility requires
evaluating risks and opportunities to meet
the stakeholders' expectations by improving
decision-making
- ISO 26000
21. Concepts
The financial, environmental, social
and governance objectives of a
sustainability policy cause risks on
the expected performance
- ISO Guide 82
22. Concepts
Reduce methane emissions by 6%
per year
Add 4,500 megawatts in 10
cogeneration plants
Double the use of biofuels every 5
years
Exceed 96% of local employees in
each country
23. Concepts
Invest 400M USD annually in
community initiatives
Exceed 1% of purchases in micro-
enterprises led by women and
minorities
Resolve critical vulnerabilities on
customer data in less than 2 days
25. Concepts
Achieve a security incident rate of
0.012 per 100,000 hours worked
Achieve 100% of employees and
contractors trained on cyber
security
26. Concepts
The evaluation of risks for
informed decision-making to
address uncertainty and
improve resilience is an
ethical obligation of
organizations
29. Concepts
Dunkin' was sued by the New York state
after security violations
In both 2015 and 2018, Dunkin' experienced cyberattacks in
which hackers gained access to customer information. Things
went from bad to worse soon after, as the company went from
victim to culprit. In 2019, CBS, New York State filed a lawsuit
against Dunkin' for allegedly failing to adequately respond to
attacks.
According to the lawsuit, Dunkin' failed to notify the nearly
20,000 customers whose accounts were compromised, reset
passwords, freeze accounts or investigate how the attack
occurred.
30. Concepts
Dunkin' has been accused of using fake
ingredients
In 2016, Dunkin' announced that it would begin testing a new
and improved egg burger, which piqued people's curiosity. After
all, how much better could you get with an egg? It turns out that
Dunkin' "eggs" consist of 10 ingredients, including soybean oil,
cornstarch and xanthan gum.
In June 2017, a New York City customer filed a lawsuit against
Dunkin', alleging that the restaurant's Angus Steak and Egg
Sandwich was not made with real Angus steak, but rather an
inferior ground beef product that contains "fillers and binders".
31. Concepts
A Dunkin' franchisee bribed a politician
The Dunkin' brand saw its name tarnished in 2017 thanks to
alleged unethical behavior by a politician. In December of that
year, the media reported that Senator Brian Joyce was arrested
on a federal charge of racketeering, extortion, wire fraud, and
money laundering.
One of his alleged benefactors was the owner of over 100
Dunkin' franchises. Joyce worked to enact legislation that would
protect the franchise owner from lawsuits. In exchange for his
efforts, the franchisee presented Joyce with free Dunkin' coffee.
The indictment alleges that the senator transported hundreds of
pounds of coffee over the years, in the form of bags, boxes and
cups.
32. Concepts
Dunkin' has been sued for illegal labor
practices
In 2011, a newspaper reported that two franchise owners in
Massachusetts were fined for violating child labor laws, including
employing minors without required documentation and making
minors work unauthorized hours. The following month, two
franchisees were found guilty of the same violations.
A few years later, it was Dunkin's own employees who filed a
lawsuit claiming that a boss required them to work more than 40
hours a week, but never paid them overtime.
33. Concepts
Dunkin' was sued for overcharging
customers
In 2016, three New York City residents, as well as two New Jersey
residents, filed a lawsuit against the company, alleging that
certain stores were charging sales tax on items that legally
shouldn't be taxed.
According to them, a dozen different Dunkin' locations in New
York and New Jersey overcharged customers to the tune of $14
million. When asked about the situation, Dunkin' passed the
onus to its franchisees. "Dunkin' Donuts has more than 1,000
restaurants in New Jersey and New York that are owned and
operated by individual franchisees.
34. Concepts
Dunkin' launched a very controversial ad
abroad
The Dunkin' scandals reached an international scale in 2013
when a highly controversial advertisement was published in
Thailand. The ad, which was used to promote a new charcoal
donut, featured a woman in blackface.
Needless to say, the image was considered racist by many
people. "It is both bizarre and racist that Dunkin' Donuts thinks it
must dye a woman's skin black and accentuate her lips with
bright pink lipstick to sell a chocolate doughnut," said Human
Rights Watch's deputy Asia director.
35. Concepts
A Dunkin local posted a xenophobic
poster
Dunkin' was involved in another discriminatory scandal more
recently. In 2018, a television outlet reported that a Baltimore
store was caught posting a sign offering free coffee and food to
any customer who reported that employees spoke languages
other than English. A local news producer posted a photo of the
sign on Twitter, where it went viral.
36. Concepts
Dunkin' sued franchises that employ
undocumented workers
Dunkin's immigration-related scandals continued in 2019 when it
emerged that the company was suing multiple franchisees for
hiring undocumented workers.
All of this led many to criticize the coffee company for its tactics.
Some confirmed the CEO's point, stating that the industry
depends on immigrant workers. However, the lawyers state that
they have never seen such an attack against franchisees before.
37. Concepts
A store was invaded by rodents
The only thing worse for a restaurant than having their store
taken over by a pack of mice is having a video of said takeover go
viral. But that's exactly what happened to a local Dunkin'. In
2019, a passerby looked out of a Boston store window only to
see mice running. He took out his phone to record the bugs and
uploaded the videos to Facebook, where they received more
than 20,000 views.
One of those who saw the footage was from the city's
Department of Inspection Services, which launched an
investigation that uncovered multiple health violations, including
litter on the floor, visible dirt in the ice machine and flies in the
dining room.
38. Concepts
Resilience is the adaptive capacity of
organizations in complex and
changing environments (ISO Guide 73),
allowing them to reduce the
probability of systems failures or to
recover quickly (ISO 13824)
39. Concepts
Failures can be caused by lacking
clear objectives, ignoring system
interconnections, doing biased
analysis, and delegating without
evaluating competencies
41. Concepts
Who should own the risk?
Reduce operational fraud >
operations, finance, audit
Reduce accident rate > HS&E
occupational safety, operations,
HR training
42. Concepts
Who should own the risk?
Reduce water footprint >
operations, purchases, innovation,
training
Identify digitization opportunities
> innovation, systems, operations,
purchasing, recruitment
43. Introductory resources
Each transversal area has its own
objectives and biases to evaluate risk
factors, requiring a comprehensive
system to manage risks
The sustainability program requires the
comprehensive management of interactions
between financial, environmental, social,
integrity and compliance risks
44. Introductory resources
There is a growing role for
sustainability departments to
support the implementation of global
risk identification, validation and
reporting methodologies
49. Introductory resources
The materialization of sustainability
risks generates problems and claims
- ISO 37101
Sustainability reporting obligations require an
holistic and data-driven vision of risks
50. Introductory resources
The identification and assessment of
exposure to sustainability risks allow
allocating the resources of the
sustainability program
The quantification of sustainability risks in
monetary terms allows prioritizing and
allocating resources
(WBCSD Sustainability and ERM Report : The first step towards integration)
51. Introductory resources
Sustainability risks are owned by
each decision maker and are
facilitated by risk and sustainability
professionals
- COSO ERM ESG
Sustainability risk management allows selecting consistent
objectives, designing resilient operations, delegating
responsibilities, selecting third parties to differentiate
products, and avoid non-compliance and financial losses
52. Introductory resources
Dynamic risk management allows
preserving the value of organizations
- WBCSD
The sustainability risks require more than
declarations of good intentions and paper
compliance, but concrete decisions, investments
and technical controls with measurable targets
53. Introductory resources
There are emerging risks whose
drivers and impacts cannot yet be
assessed, but there are weak signals
of potential high risks
Sustainable management requires continuous
monitoring of emerging risks as weak signals of
changes in the environment
54. Introductory resources
The sustainability risks require the informed
selection of suppliers, usually measured by scores
converting quality, cost, degree of cooperation,
environmental impact, solvency, degree of
deliveries in a timely manner, dependence on sub-
suppliers and countries with high logistics risk, and
ability to discontinue the contract
56. Concepts
Report BASF 2020
Economic, environmental and social performance
BASF's risk management objective is to identify and assess
opportunities and risks as early as possible and to take
appropriate action to exploit opportunities and limit risks. The
goal is to avoid risks that pose a threat to BASF's continued
existence and to make better management decisions to create
value. We define opportunities as potential successes that
exceed our defined goals.
We understand risk as any event that may negatively impact the
achievement of our short-term operational or long-term
strategic objectives..
57. Concepts
According to our assessment,
there are still no significant
changes in the individual risks
that pose a threat to the
continued existence of the
BASF Group. The same applies
to the sum of the individual
risks, evenin the event of a
global economic crisis, such as
the intensification of the
coronavirus crisis.
59. Concepts
Tools
The Governance, Risk
Management andCompliance
(GRC) Policy, applicable
throughout the Group, forms
the framework for risk
management and is
implemented by the operating
divisions, the service and
investigation units and the
regions according to their
specific business conditions. .
60. Concepts
Tools
A catalog of opportunity and risk categories
helps identify all relevant financial and
sustainability-related opportunities and risks as
comprehensively as possible. We also
systematically assess opportunities and risks
with effects that cannot yet be measured in
monetary terms, such as climate and
reputation risks. To reflect this, in 2020 risks to
companies related to the transition to a low-
carbon economy (transition risks), as well as
physical risks defined by the Task Force on
Climate-Related Financial Disclosures, were
added to the catalog. (TCFD).
61. Concepts
Tools
We use standardized
assessment and reporting tools
to identify and assess risks.
Aggregating opportunities,
risks and sensitivities at
divisional and Group level using
a Monte Carlo simulation helps
us identify effects and trends
across the Group.
63. Learn more
COSO - Environmental, Social and Government Risk
Management
Flouris, Triant - Risk Management and Corporate
Sustainability - Ashgate 2011 – ISBN 9781409411994
Mariscotti, Eduardo – Corporate Risks and Leadership –
Routledge 2021 – ISBN 9780367493936
Wilderer. Peter- Sustainable Risk Management - Springer
International Publishing AG 2018 - ISBN 9783319662336