Sustainability risk and opportunity: A shift from ESG rhetoric to real strategic advantage

Across industries, leaders are quietly moving past the politically charged, polarizing label of ESG (Environmental, Social, Governance). The debate over the acronym is largely noise. What truly matters lies beneath it: fundamental risks that shape business resilience, financial performance, and long-term strategy advantage.

The issue isn’t ESG. It’s whether organizations are managing risk with the discipline they claim.

Sustainability related risks, such as climate, supply chain exposure, workforce stability, and regulatory liability, are no longer abstract or distant. They are tangible, measurable, and financially consequential today. Lenders, insurers, and credit rating agencies are increasingly pricing these risks, whether companies choose to manage them or not.

Two types of organizations are emerging. The most advanced organizations have already moved on. They no longer treat sustainability as a reputational exercise or compliance formality. Instead, they treat it as enterprise risk management (ERM) in action – directly tied to protecting and creating value.

This shift is seeing organizations:

• Move from glossy ESG reporting toward decision-useful risk and performance management.
• Replace voluntary narratives with financially material, enforceable disclosures.
• Reframe “compliance cost” as an investment in strategic advantage.

Those who act build resilience, credibility, and optionality. Those who delay absorb higher costs, experience disruption, and undergo greater scrutiny.

Turning risk into advantage

When ESG becomes a lightning rod, organizations risk dismissing the underlying issues altogether. Acronyms can be debated – risks cannot.

Most organizations stop at awareness. They recognize risks exist but don’t fully engage with them by:

1. Identifying exposure.
2. Measuring severity.
3. Implementing mitigation or adaptation controls.
4. Using this insight to drive capital allocation and make strategic decisions.

It is this final step – the decision point – that converts risk into opportunity. For example:

• If operations can only tolerate three days of downtime, that must shape asset hardening, redundancy planning, and insurance strategy.
• If supply chain mapping reveals forced-labour exposure beyond Tier 1 (defined in Bill S-211 as the direct vendors your organization purchases goods or services from), stronger contractual controls and onboarding requirements become non-negotiable.
• If scenario analysis shows resource constraints will make a decarbonization plan undeliverable, leadership must rethink capital planning today.

This is the difference between having a strategy and knowing whether that strategy is deployable.

Best practice: Reinforcing sustainability as part of governance

Leading organizations outperform by doing three things well:

1. Translating sustainability into financial outcomes

They connect sustainability risks to outcomes boards actually oversee, which include:

• Climate risk translates into asset impairment, downtime, insurance availability, cost of capital, and customer continuity.
• Supply chain risk translates into revenue loss, margin volatility, contract eligibility, and operational disruption.
• Social and workforce risk translates into productivity, safety incidents, turnover, litigation, and reputational exposure.

This “translation” turns “ESG concerns” into strategic priorities.

2. Focussing on where risk management creates advantage

Rather than doing everything, leaders prioritize:

• Operational resilience – asset hardening, redundancy where it matters, and contingency planning.
• Preferential access to capital – credible transition plans, strong governance, and reliable, financial-grade data.
• Preferred supplier status – fast, defensible responses to customer due diligence.
• Product and service differentiation – lower lifecycle impacts backed by evidence.

3. Embedding sustainability into ERM

Sustainability risks are managed through existing enterprise risk structures, including:

• Clear board oversight and committee mandates.
• Risk appetite statements with measurable thresholds.
• Integration into strategy, capital planning, and performance management.
• Scenario analysis for high-uncertainty risks, including both physical and transition risks.
• Defined accountability and escalation pathways.
• Controls and independent assurance over sustainability-linked data. Aligned with financial reporting rigor.

What does this look like in practice?

Climate, physical, and transition risk – wildfire, flood, heat, supply constraints, policy, and market shifts

Organizations translate climate risk into core business decisions by:

• Defining tolerable downtime and service disruption: How long could operations, service delivery, or customer fulfillment be halted before financial viability, contractual obligations, or regulatory compliance are compromised?
• Stress-testing operations and business models: Using physical and transition scenarios (e.g. extreme weather, energy price volatility, carbon pricing, technology shifts, or permitting delays).
• Linking scenarios to capital allocation: Including asset hardening, maintenance prioritization, redundancy, site selection, and insurance strategy.
• Tracking decision-useful indicators: Such as uninsured loss exposures, downtime hours, energy intensity, reliance on constrained inputs, and evolving insurance terms or deductibles.

Supply chain and modern slavery

Leading organizations move beyond statements to demonstrable control by:

• Targeted mapping beyond Tier 1: Focussing on high-risk regions, materials, and labour models rather than attempting to map everything equally.
• Embedding expectations into contracts and procurement: Including codes of conduct, audit rights, corrective action plans, and responsible exit provisions.
• Strengthening onboarding and ongoing monitoring: Using risk-based questionnaires, site visits (where feasible), and credible third-party information.
• Demonstrating year-over-year effectiveness: Through evidence of findings, remediation actions, and measurable improvement – not just process descriptions.

Social and workforce risk

Organizations treat people risks with the same discipline as financial risks by:

• Connecting workforce metrics to performance: Linking safety, fatigue, and turnover, training and engagement to productivity, quality and incident training.
• Integrating human resources data into ERM dashboards: Enabling management and the board to see how workforce risks affect operations, customer outcomes, and costs.
• Aligning incentives and controls: Ensuring leadership accountability, whistleblower protections, and clear escalation pathways for safety, misconduct, or labour concerns.

Don’t wait for mandates

In Canada, sustainability disclosure standards are approved but not mandatory. Meanwhile, real obligations already exist under:

• Bill C-59 (anti-greenwashing provisions)
• Bill S-211 (modern slavery reporting)
• Climate-related materiality disclosures in financial statements for public issuers

Waiting for future regulation turns sustainability in a check-box exercise. Acting now turns it into a competitive advantage. Quieting disclosure (“greenhushing”) does not reduce risk – it often increases it.

Building momentum

Get started with a few targeted wins:

• Inventory exposure: Climate, supply chain, workforce, and regulatory risks.
• Clarify risk appetite: Define tolerable downtime and acceptable loss levels?
• Strengthen immediate controls: Adopt supplier code of conduct, review insurance coverage, and monitor workforce safety indicators.
• Eliminate indefensible claims: Pressure-test sustainability-related statements against Bill C-59.

These steps improve resilience quickly and signal credible risk management to both internal and external stakeholders.

Unlocking long-term value

Once momentum is built, organizations can scale with:

• Robust physical and transition risk scenario analysis capabilities.
• Integrated data systems for sustainability-linked risk indicators.
• Capital planning processes explicitly connected to risk outcomes.
• Enterprise-wide governance structures that embed sustainability risk into decision-making.
• Continuous supplier visibility and human rights due diligence.

How CPAs can help

The goal with sustainability risk is not perfection – its establishing defensible systems, clear thresholds, and disciplined decision-making. Wherever your organization is at in this process, treating sustainability risks as strategic inputs, managed through modern risk frameworks, will better position you to protect value and create advantage. Follow this framework: Exposure – Measurement – Control – Decision – Advantage.

Bottom line: ESG is not the issue. Understanding, and acting on, what lies beneath it is.

Edward Olson, CPA, CA, CIA, GCB.D, is leader of MNP’s Environmental, Social and Governance (ESG) practice and leader of the Firm’s Enterprise Risk Services (ERS) practice for the BC Okanagan region. With more than two decades of Canadian and international experience in both public practice and industry, Edward delivers practical and meaningful business advice to clients in both the private and public sectors.

Originally published by MNP.