I am often asked: “As an expert in Enterprise Risk Management, do you also do Environment, Social and Governance risk management?”. I politely reply that: “Environment, Social and Governance (or ESG as it is often referred to) risk management is an integral part of robust Enterprise Risk Management (ERM)…. and to be honest, if you haven’t been including your ESG risks, then you haven’t been undertaking very good ERM”. Note: The second part of this sentence is only voiced when deemed not to cause the questioner undue distress(!).However, no matter how distressing I find this question personally, it provides insight to a world that is being taken by surprise by the urgent need to not only understand ESG risks, but also show that they are being managed and their true potential impact on an organisation if not world in general. The term “sustainable development” made its formalised entrance in 1987 via the World Commission report on Our Common Future as led by Norwegian Prime Minister, Gro Harlem Brundtland [1]. It defined sustainable development as being: “Development that meets the needs of the present without compromising the ability of future generations to meet their own needs”. Since then, this concept of sustainable development has had many titles including Corporate Social Responsibility, Sustainability, Social Licence to Operate, and most recently ESG. A vast array of frameworks, principles, goals, standards and metrics have been designed to support governments, businesses and teams operate in a sustainable manner. The most widely recognised of these is the United Nations Sustainable Development Goals (SDGs) [2]. Launched in 2015, the SDGs replaced the Millenium Goals and have a life expectancy of 15 years. The SDGs are big and brave. They outline 17 goals that aim to: “end poverty, combat climate change and fight injustice and inequality”. This massive vision scares some and inspires others. Until now, many businesses have either ignored them or selected the few goals that they feel most closely align with their activities and carefully placed the others into the “to do later” pile. The addressing of the SDGs as a cohesive package is not made any easier by them often being in conflict with one another. For example, actions taken to address SDG #13: Climate Action may reduce our ability to address SDG #1: No Poverty. This is where the risk management comes in. Risk management is a process through which the potential pros and cons of a decision, event or scenario can be assessed and then, if necessary, actively managed. It exists to help us take charge of some of the uncertainty in the world around us, and therefore better navigate our teams and businesses towards our vision, purpose and strategy. It is therefore used on a routine basis when we need to decide if Carbon or Human Rights are more important to our organisations. Risk management has evolved hugely over the past decade. No longer do teams agonise over the positioning of a risk in a red-amber-green infested impact versus likelihood matrix. Rather, risks are viewed as an interconnected series of nodes that change with time and knowledge. Robust risk management relies on having as much data and knowledge on the table as possible. Some of this data will be accurate, some will not, however it all helps to paint that picture of what the future may hold. The weaving of environment, social and governance risks (both to the organisation and created by the organisation) into the increasingly complex web of modern enterprise risk understanding is critical if risks are to be accurately assessed and successfully managed. If there are areas where we have unintentionally or intentionally ignored ESG risks, it is increasingly guaranteed that we will have mis-represented our risks and our risk profiles will be incorrect. This in turn leads to sub-optimal control strategies and objectives not being met.So, if ESG has been around for decades, why are we beginning to focus on it so much now? Simple answer: The money has arrived. Be it due to requirements such as the Task Force on Climate-related Financial Disclosures (TCFD) [3] being placed on those who invest or lend money, or members of those financial institutions requiring increased transparency on where their money is being invested, “green washing” will no longer cut it. This arrival of the financial world therefore pushes many risks over their tolerance thresholds into the “action needed now” territory as if we don’t take them seriously, we will lose our investment and potentially even our insurance. So – do I and my organisation “do” ESG risk management. Yes. It has always been there. However, it is it increasing in its importance to organisations from both the ethical and financial perspectives. Now it’s the time for practical risk management to be fully unleashed and provide the mechanism through which organisations can hold themselves to account and achieve their objectives in an ethical manner.