The ultimate purpose of strategic management is to enable companies to achieve their corporate purpose and objectives, which include sustainability/environmental, social, and governance (ESG) objectives. The seven-step Strategic Risk Assessment (Figure 1), a continuous process for organizations to assess and manage risks, provides a systematic way for companies to assess sustainability/ESG risks and opportunities to guide sustainability accounting internally and externally.

figure of a path to show strategic risk assessment for sustainability

Described in the 2020 COSO paper Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management (by Richard J. Anderson and Mark L. Frigo), this process can be useful for companies seeking to address the International Financial Reporting Standards (IFRS) S1 General Requirements for Disclosure of Sustainability-related Financial Information exposure draft, which requires disclosure of significant sustainability risks and opportunities. The IFRS exposure draft provides a common structure for sustainability disclosures, including governance, strategy, risk management, and metrics and targets information.

The Return Driven Strategy framework and the Strategic Risk Assessment process can guide sustainability accounting within a company as well as for external reporting. For each of the seven steps in the Strategic Risk Assessment process, sustainability risks can be addressed as follows to guide development of a sustainability accounting strategy.

  1. Understand the strategies of the organization. Companies identify sustainability risks that would prevent the organization from achieving its strategic objectives and purpose. In this step, we use the Return Driven Strategy framework, which provides a way to describe how sustainability/ESG strategies create long-term value for the company and its stakeholders, serving as a guide for the sustainability accounting strategy of the company.
  1. Gather data and views on sustainability risks and opportunities. Companies assess sustainability capabilities and identify key sustainability risks and opportunities. In this step, the Strategic Risk Management framework homes in on key risks and opportunities and serves as a guide for developing the sustainability accounting strategy that’s the best fit for the company for both internal and external reporting.
  1. Prepare a preliminary sustainability risk profile. Companies develop a preliminary risk profile for sustainability risks.
  1. Validate and finalize the sustainability risk profile. Companies finalize the key sustainability risk profile.
  1. Develop a sustainability risk management action plan for sustainability risks. The plan includes identifying and selecting risk responses, mitigation activities, and risk monitoring; sustainability accounting strategy; use of Sustainability Accounting Standards Board (SASB) metrics/International Sustainability Standards Board (ISSB)/IFRS disclosures; updating the assessment process; and internal risk reporting with balanced scorecard (BSC) strategy maps.
  1. Communicate the sustainability risk profile and action plans. The sustainability risk profile and action plan include the sustainability accounting strategy of a company and are communicated to the board of directors and management team.
  1. Implement the sustainability risk management action plan. We move to the next cycle, helping the continuous development of organizational knowledge and capabilities in assessing and managing sustainability risks as a company within a knowledge-building culture.

SASB metrics can be evaluated using the Strategic Risk Assessment process to describe, articulate, and understand the sustainability/ESG strategies of a company and how they create long-term value of the company and its stakeholders. This articulation can be useful in developing required qualitative disclosures under SASB standards in a company’s sustainability accounting strategy. These qualitative disclosures can be driven from internal risk reporting with the BSC strategy maps in step 5 of the Strategic Risk Assessment process. The SASB-required qualitative discussions could be the most valuable part of SASB standards from the perspective of sustainability strategy and strategic risk management.


Mark L. Frigo and Ray Whittington discuss the latest developments in sustainability accounting, including recent actions and disclosure decisions among standard setters.

MLF: What are the most important recent developments relating to the SASB that CFOs, management accounting professionals, and accounting educators should be aware of?

RW: Acceptance of SASB standards received a significant boost in August 2022 with the consolidation of [the SASB’s] parent, the Value Reporting Foundation, with the IFRS Foundation to create the ISSB. The standards issued by the SASB are now under the oversight of the ISSB, which will integrate and build on the standards to create a set of international sustainability financial disclosure standards. The ISSB is committed to the industry-based approach to the development of standards—the approach that has been used by the SASB since its inception. The merger will serve to elevate existing SASB standards to a level similar to that of IFRS issued by the International Accounting Standards Board (IASB). This has the promise of resulting in an accepted set of global standards for sustainability disclosures. (Editor’s note: For more on this topic, see Amanda Pavan and Jerry Kreuze, “The SASB and Sustainability Standards,” Strategic Finance, September 2022.)


Robert Hirth shares his insight with Frigo on the latest developments, the future of sustainability accounting, and the importance of starting with the organization’s top strategies and business objectives as a guide for sustainability accounting.

MLF: The starting point for enterprise risk management (ERM) needs to focus initially on the organization’s top strategies and business objectives. ERM doesn’t start by simply attempting to identify risks; it starts with a thorough analysis of the organization’s key strategies and business objectives. In your opinion, how does this theme impact sustainability and ESG risk assessment and guide sustainability accounting?

RH: Companies should take a close look at their sustainability and ESG-related objectives. These objectives are becoming more and more clear—part of strategy, reported publicly, longer term in nature, tied to incentive compensation, tied to investor valuation, and attentive to expanded stakeholder interests, etc.—so they clearly matter.

And this now extends to multiple board committees. It continues to be a nomination and governance committee topic. This is where it first seemed to get slotted. An additional issue is on nominations to consider ESG expertise. The audit committee addresses the public reporting aspect and the likely upcoming assurance requirements and expanded U.S. Securities & Exchange Commission (SEC) disclosure if the SEC rule passes. Even if it doesn’t, ESG assurance is going to become more commonplace.


The compensation committee gets involved as ESG targets become a KPI [key performance indicator] for incentive compensation. This ESG ERM process will likely cascade below the board level to management as many of those ESG objectives get driven into various functions like HR for DE&I [diversity, equity, and inclusion]; emissions, waste, and water reductions into operations; cyber matters into IT; fair tax payments into the tax and financial planning functions; and ESG compliance into internal audit and compliance functions.

MLF: From your perspective, what will be the effect of the consolidation of the SASB with the IFRS Foundation on sustainability?

RH: It’s yet to be seen just exactly how the SASB standards will be used going forward.... But there is a strong indication that the SASB standards will form an integral part of the ISSB’s standard-setting process and be included as industry-specific requirements after an ISSB due process.

MLF: When do you believe regulators will begin requiring disclosure of SASB metrics as part of sustainability accounting?

RH: If the ISSB requires the disclosure of industry-specific (SASB) standards as it plans to, then the various IFRS jurisdictions would require their use after jurisdiction by jurisdiction adoption, which is voluntary. For the most part, though, the adoption of the SASB standards has been market driven, not regulator driven, with the largest institutional investors requesting, if not requiring, their use.

MLF: What is the future of accountants’ involvement with SASB disclosures and sustainability accounting?

RH: Assurance and advisory services related to sustainability disclosures and ESG reporting in general are fast-growing areas for accounting organizations in all major countries. Many large companies around the world already obtain third-party assurance at the limited assurance level, primarily for greenhouse gas emissions. But some companies have also chosen to obtain third-party assurance on more than greenhouse gas emissions, including SASB or other recognized standards as suitable criteria. ESG assurance and reporting as well as related advisory services are clearly going to become an important strategic initiative for accounting firms around the globe.

Corporate accounting and finance professionals will likely need to develop some additional technical expertise in this area, though many of their core skills are relevant and applicable to sustainability reporting such as process flow understanding and automation, development of internal controls, compliance orientation, report development, and formatting and documentation.

About the Authors