How Can New Lenses of Risk Help Ignite Breakthrough Transformations?

By Bill Baue & Ralph Thurm

Part 9 in this Reporting 3.0 Synthesis Blueprint series extends the traditional outside-in perspective of risk to also consider inside-out risk, as well as considering five levels of risk.

In a provocative new book, Amundi Global Chief Investment Officer Pascal Blanqué proposes replacing the notion of risk (which is typically assumed to originate externally) with uncertainty (which can apply to external events as well as internal influence). This aligns with work at the London School of Economics distinguishing between exogenous risk (or shocks from outside the system) and endogenous risk (or shocks from within the system). And both of these point to Reporting 3.0’s perspective on risk, and new lenses that can help ignite breakthrough transformation.

What’s the issue?

Traditional risk management is maturing, and expanding its scope. Last year, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the main body that provides guidance on enterprise risk management (ERM), issued the first revisions to its Framework in over a dozen year. And early this year, in a first-of-its-kind move, COSO collaborated with the World Business Council for Sustainable Development (WBCSD) to issue draft Guidance on the intersection between ERM and ESG (or environmental, social, and governance issues).

Figure 1: ESG-ERM Wheel (COSO & WBCSD, Enterprise Risk Management: Applying enterprise risk management to environmental, social and governance-related risks, February 2018)

However, traditional risk management continues to assume that risk is generally an external event that afflicts companies — and hence companies lack agency in risk creation, and can only manage risk. Reporting 3.0 calls this outside-in risk, and believes it is vital to complement this perspective with inside-out risk; in other words, the risks that companies create, which then impact other companies (as outside-in risk) — and also circle back to impact the company that created the risks in the first place (we might call this bite-you-in-the-butt risk).

In addition to this internal / external risk axis, Reporting 3.0 sees an emerging hierarchy of risk that is expanding in scope, and aligns with our levels of scalability:

  • At the nano level there’s career risk, whereby individuals (including “positive mavericks”) are dis-incentivized from pushing for the degree of transformation needed, as it flies in the face of business-as-usual and even bucks the CSR / ESG incrementalist party line;
  • At the micro level there’s enterprise risk, which (as discussed above) is expanding its scope but still falls short of making the outside-in / inside-out link;
  • At the meso level there’s portfolio risk, which aggregates the risks experienced by individual companies, but still tends to consider those to be outside-in risks;
  • At the macro level there’s systemic risk, which starts to capture the inside-out risk that aggregates at the systems level, and often follows non-linear trajectories, making it much harder to model and predict;
  • At the cosmic level there’s existential risk, whereby the very continuation of human civilization sits in the balance.

Why it’s important?

Risk is the canary in the coalmine, and current risk methodologies are predisposed to interpret the bird’s impending asphyxiation as mild hiccups. And of course, risk also acts as a signpost to opportunity, enabling companies and investors with foresight to innovate solutions that create financial value while also creating system value – i.e. sustainable ecological and social and economic systems.

How can you tackle it?

Companies are starting to recognize the intersection between risk and sustainability, for example by merging these roles into formal positions — as Lockheed Martin did recently by creating the role of Director of Enterprise Risk and Sustainability.

Investors are starting to wake up to systemic risk. For example, universal investors (who typically apply Modern Portfolio Theory and diversify their holdings across entire economies) increasingly recognize that systemic risk cannot be hedged. There’s no place to hide from systemic risk, by definition. And therefore, the traditional practice of buffering portfolio risk by generating alpha from security selection fails in a world of systemic risks. Indeed, Jim Hawley and Jon Lukomnik make the case in a recent paper for “beta activism,” or “improving and enhancing beta, which it defines as the market as a whole, through corporate governance stewardship.”

Such “beta activism” is an example of what Preventable Surprises calls “forceful stewardship”, or investors’ fiduciary duty to engage with companies in their portfolios on climate systemic risk by seeking transition plans to <2°C business models through direct dialogue, filing shareholder resolutions, and proxy voting. Arjuna Capital and As You Sow filed just such resolutions at Chevron and ExxonMobil (see here and here). As Arjuna Capital’s Natasha

Lamb told us in our recent virtual dialogue:

These resolutions represent a next level in the maturation of our strategies, following in the footsteps of resolutions in previous years (and continuing this year) asking companies to conduct scenario analyses of potential climatic outcomes based on scientific extrapolations. So, the main questions we now face are: how do we scale business model transitions to encourage industry-wide transformation to low carbon energy models? And how can we encourage other investors to support transition plan resolutions through filing and proxy voting?

Tying together the far ends of the spectrum, positive mavericks must ask themselves how to navigate career risk in light of the ethical imperative of confronting existential risk. One answer to this is to focus attention on the opportunities to create system value as a means of addressing systemic risk.

What will you have achieved?

Addressing the full risk axis (outside-in / exogenous plus inside-out/ endogenous) applies a holistic approach that is both reactive and proactive. As well, addressing the full risk hierarchy (from nano-level career risk through micro-level enterprise risk and meso-level portfolio risk to macro-level systemic risk and cosmic-level existential risk) provides a much more comprehensive means of insulating from risk, while recognizing that the risks created by other actors may not be mitigatable. Accordingly, realists will augment such holistic and comprehensive approaches to risk with level-headed adaptation to unavoidable risks.

What questions will be discussed next time?

What’s the appropriate role of governance in spurring sustainability? Or, why do we need to shift from push governance to governance pull? Please find part 10 here.

Please add your feedback, the authors Ralph Thurm and Bill Baue of Reporting 3.0 will look at all responses. Don’t forget to ‘wave’ if the above resonated with you ;-).

[Context of this series: These articles form the basis of an Implementation Guide that summarizes the total value of Reporting 3.0 in implementing a future-ready sustainability strategy and disclosure approach, in line with the idea of a Green, Inclusive and Open Economy. By posting these articles here Reporting 3.0 seeks feedback in the writing process of the final document, to be released as Blueprint 5 at the 5th International Reporting 3.0 Conference in Amsterdam, The Netherlands, on June 12/13, hosted by KPMG, see]