How to perform a sustainability risk assessment

If, like many startup companies, you are new to ESG, a great place to start is with an ESG Risk assessment.
February 28, 2023
reading time In Minutes:
How to perform a sustainability risk assessment

If, like many startup companies, you are new to ESG, a great place to start is with an ESG Risk assessment. Of course, assessing risks, in general, is most likely a key part of what you as a founder / investor / board member do today. And ESG Risk assessment works in somewhat the same way. However, looking at your different activity areas with a sustainability lens offers a whole new perspective and an opportunity to really future-proof your business, and preserve your licence to operate

In general, managing risks is a fundamental pillar of “good governance”, i.e. running your business in an ethical, responsible, transparent and accountable way. ESG risk management, in particular, is key in all ESG frameworks, including under the SFDR and for investors registered under article 8. ESG governance and the preparedness to avoid greater risk is the first step. It is where we, at wellstreet, have started our ESG journey with our portfolio companies, since we must start by understanding, and then managing what is in our control and sphere of influence. 

So how did we get started? 

Step 1

We identified what risk areas are relevant to our companies. Different industries are exposed to different types of risks, or at least to different degrees. This is often referred to as the “materiality” of a risk, which we can roughly explain as the likelihood of a risk becoming reality,  combined with the scale and scope of its damage, and the possible level of remediation (i.e. if the effects are reversible).

See below our risk matrix, with the industries we are invested in, along with the key risk areas our partner Ethos has helped us identify, that are common practice to take into account in those industries. The grey grading is the level of “materiality” - as explained above. 

This is by no means exhaustive or final, but hopefully it can get you started. 

Step 2:

Once we have selected the right industry for the company, we then go into the different risk “areas” within ESG that are relevant to us and most common in ESG “best practices”. See below for our list:

Here, we assessed both the “business risks” and “financial risks” in each of these risk areas. Risks for us are defined as below:

Each “risk” in each area is “scored”, for example with “low”, “medium”, or “high”, and a short description is to be included to give context and justify our choice of “score”.

This has by no means been easy for us and our founders. Risk assessments always contain some level of subjectivity, and you can very quickly go down into a rabbit hole. However, we have found it a very insightful exercise to do with our companies, allowing us to imagine possible futures and even become creative as to the very fabric and future of each business. 

What we found helpful is to frame the exercise as follows:

  • At first, think about the risks alone, don’t include any mitigation plans you already have in place, and don’t think about “opportunities”. 
  • Imagine the risk areas throughout your whole value chain, i.e. both upstream (suppliers, service providers) and downstream (customers and end users), even if what your customers choose to do is somewhat out of your control for now - for b2b SaaS companies for example, consider who your cloud provider is and the information they provide you with, along with who your customers are and how they might “use” your product or service in a “sustainable” or “unsustainable” way.
  • Think about your company and its operations as they are today and what you have in the pipeline for the next 12 months, but not beyond. For example, if you won’t expand internationally in the next 12 months, or won’t launch a new product range for another year, don’t take those elements into account, focus on the current state of affairs and the immediate to short term. 
  • Start wherever is easiest in the area listed above. For example, the environmental section and GHG emissions are probably the hardest, whilst the data security area is probably something you have already looked at, so start there!
  • You can then include any notes about mitigating actions or strategies you already have in place against those risks. For example, if you are working with a recruiter already to help diversify your talent pool, working on sourcing alternative suppliers with a better track record, or making it easier for your customers to recycle your product, include those alongside the associated risk. 

Next steps:

Once we are done with the above, we recommend that our founders should take these next steps:

  • Put a schedule in place to ensure that you conduct the above exercise at least once a year, so you can account for any changes as the business evolves. You should always report the results to the board. For boards that we are a part of, we will drive this. 
  • Lift out the risks marked as “high” and take them to the board, so that these risks are flagged and monitored regularly at the board level. We encourage you to get support from the rest of your management team and board members to put in place an action plan for mitigation. 

The above is only the start of your ESG journey. It is a hard exercise but very worthwhile, even if you struggle the first time around or don’t have all the answers or the level of information you would like to have. By starting, you are creating your first “benchmark” and can then improve from there. Like all things related to ESG, the key is transparency and tracking progress towards positive change. 

Avoid future problems

Some of the downsides you might encounter if you don’t do this exercise:

  1. Not being aware of or understanding what legislation can come your way, like environmental laws or financial regulations, might become a blocker to the viability of your business model. This became a very obvious weakness when we did the exercise with some of our companies.
  2. Customers might have issues with how you source, make or sell your products (child labour, environmentally harmful transportation methods, etc).
  3. Employees will expect a healthy working environment with sound practices on diversity, equity and inclusion.
  4. Investors will ask for your ESG work during due diligence, so not having visibility on how ESG and your company interact could make your company “uninvestable”.

We wish you the best of luck with the above. Please get in touch if you would like any help or support or if you have feedback on the above process and tools shared.