ESG Risk: How Energy and Utilities Companies Can Stay Ahead

ESG Risk: How Energy and Utilities Companies Can Stay Ahead

Environmental, social, and governance (ESG) risk is evolving rapidly and has skyrocketed to the top of executive and board agendas for the next decade. Climate change concerns are greatest in industries heavily reliant on fossil fuels — and energy and utilities companies that haven’t begun strategically planning are already behind. In early 2022, the SEC proposed a new rule that is meant to standardize climate risk disclosures reporting for public companies.

We anticipate these types of proposals will continue to accelerate ESG requirements. By taking an intergrated approach to ESG risk management, Energy and utilities organizations can respond by preparing to not only comply with future regulations — but leverage them as a means to attract new investors and partners.

Why ESG Needs To Be a Top Priority for Energy and Utilities Companies 

Every day, consumers and businesses alike are reminded of the precariousness of the energy balance. A recent analysis by the International Energy Agency — an autonomous intergovernmental organization — found global energy-related carbon dioxide emissions rose by 6% in 2021 to 36.3 billion tonnes, their highest level in history. Meanwhile, the national average price for a gallon of gasoline in the United States has surpassed $5 for the first time; auto club AAA reports the cost of a barrel of oil has almost doubled since this time last year due to demand for oil outpacing limited global supply.

Amid these stark reminders, consumers are increasingly looking to businesses and governments for solutions. A January 2022 survey conducted by Pew Research Center found seven in ten Americans prioritize developing alternative energy sources, such as wind and solar, over expanding the production of oil, coal, and natural gas. In response, businesses in the energy sector are taking action. A recent PwC survey found 91% of leaders from large utilities companies across North America reported an uptick in environmental, social, and governance (ESG) investments — and 63% expect to reach net-zero goals by 2050.

91% of large utilities companies reported an uptick in ESG investments. (PwC)

63% of energy leaders expect to reach net-zero goals by 2050. (PwC)

Additionally, the overall scope of the most urgent global risks — including cybersecurity, third-party, business continuity, and data privacy risk — has become more expansive, with people and culture at the top of boards’ agendas. Yet, while risk demands are increasing, the existing technologies, processes, and people to manage these risks are struggling to keep up — creating a business resilience gap. With so much at stake, now is the ideal time for businesses in the energy sector to ramp up their risk programs in order to better enable their C-suites and boards to make strategic and informed decisions based on real-time risk data.

Risk Management In Changing Times

According to EY analysis, ESG goals and disclosures will continue to be a top focus for the utilities industry in 2022 and beyond. This growth-oriented mindset must be weighed against tighter safety and environmental guidelines, as well as the increased cost of compliance. Protiviti’s latest SOX compliance survey reveals SOX compliance hours and costs continue to increase across most company sizes, industries, and reporting types — with more companies spending $2 million or more on compliance. SOX is not the only concern for power and utilities companies; an audit by the Federal Energy Regulatory Commission (FERC) can be both costly and reputationally damaging if non-compliance is uncovered.

Such context serves to highlight the need for robust risk management capabilities that can empower business leaders and decision-makers to make game-time decisions throughout this period of disruption. One of the most powerful assets for making such decisions is real-time risk data. However, the state of existing risk data is currently no match for the rapid period of digitization, decarbonization, and decentralization the energy sector is currently undergoing. The success of a risk management program is often measured by the business’s performance against its strategic goals and objectives. Thus, it is telling that over half of energy leaders report having inadequate infrastructure to grow ESG-related business, despite expectations of reaching net zero goals by 2050.

52% of energy leaders report having inadequate infrastructure to grow ESG-related business. (PwC)

Today’s risk programs face challenges including flawed strategy, poor data infrastructure, lack of agility, and lack of integration. According to Deloitte’s Global Risk Management Survey, 74% of risk leaders report their organization struggles to maintain reliable data to drive risk-based decisions. EY’s Global Board Risk Survey found more than 80% of board members say their organization’s risk teams struggle to leverage data and technology to deliver timely, insight-driven reporting to the board. These challenges are symptomatic of an overarching problem: most risk and controls data live in multiple spreadsheets, shared drives, emails, and tools across audit, risk, compliance, and IT teams. In this decentralized state, risk data is bound to be duplicative, unreliable, and difficult to navigate and interpret, undermining the ability of risk teams to provide valuable insights to executive leadership.

Source: AuditBoard, Bridging the Business Resilience Gap With the Connected Risk Model

Siloed Technology Systems Compromise Risk Management Efforts

According to PwC’s 2022 Global Risk Survey, 75% of respondents say that having technology systems that do not work together poses a significant risk management challenge. 

75% of energy leaders report siloed technology systems undermine risk management efforts. (PwC)

When risk data is managed across multiple systems of record that are not integrated, risk teams, as well as their stakeholders, experience a number of inefficiencies, including: 

  • Lack of visibility into the organization’s key risks and true risk profile.
  • Decentralized, confusing, and/or redundant risk reporting. 
  • Audit burnout due to testing of the same controls or control evidence multiple times.
  • Stakeholder burnout from repeat requests for the same documentation for multiple risk assessments. 
  • Inefficient issue management due to time spent on issue follow-up over duplicative management activities addressing the same issues.
2023 ESG Maturity Benchmarking Report

An Integrated Approach to ESG Risk Management

While creating truly integrated processes takes time, adopting an integrated risk platform paves the way by unifying critical risk data in a single source of truth. With a unified data core as the universal system of record, formerly siloed risk teams can synchronize their data, including risks, controls, policies, issues, and frameworks. This foundation enforces a streamlined view of risk, with a common taxonomy and risk scoring criteria, across the business — helping to integrate assurance functions on the basis of their data. This makes one enterprise-wide risk assessment possible. It also creates efficiencies by eliminating duplicative controls, risk assurance activities, and issues. As a result, risk stakeholders experience the benefits of automation, improved collaboration, and streamlined workflows. 

While inflation and record-high gas prices will not last forever, future emerging risks could add further pressure on consumers and businesses to consider alternative energy sources. To keep up with ESG and stay ahead of the unknown, the energy and utilities sector must invest in its risk management capabilities. Integrating risk management efforts — using approaches such as the Connected Risk Model — can create more aligned, efficient, and effective risk management processes. Doing so can benefit stakeholders, consumers, and businesses alike. 

AuditBoard can help energy and companies not merely comply with ESG risk, but turn ESG into a competitive differentiator. Learn how others in the industry are leveraging technology to elevate their regulatory compliance and risk management capabilities and request a personalized walkthrough today.


Steve Prohaska was a Senior Enterprise Account Executive at AuditBoard, connecting its largest customers with holistic risk, audit, and compliance solutions. He’s held numerous roles developing process and implementing technology for SEC, SOX, Audit, ERP, and CRM functions. Connect with Steve on LinkedIn.


Mike Eulo is an Enterprise Account Executive at AuditBoard. Prior to joining AuditBoard, he spent 9 years at Gartner strategically supporting business and IT executives at organizations from pre-revenue up to Fortune 10. Connect with Mike on LinkedIn.