Enterprise A-Z: Risk

Written By Karimah Hudda

Speaking the Company’s Native Language

You talk about climate, human rights, nature, supply chains, communities. People nod, even agree it’s “important.” Then, when real trade‑offs appear, your issues get sidelined by things framed as “actual risk.”

You’re not wrong about the risks. You may just not be speaking them in the language the company already uses.

Why risk is a bridge

Inside most organisations, leaders already lose sleep over risk: supply disruption, regulation, litigation, cyber, reputation, safety, talent, financial volatility. There are dashboards, reports, committees and processes to track and escalate those.

If your agenda sits in a separate box called “sustainability,” it will always compete with “real risk” for attention. When you can show how your issues map onto existing risk frames – and sometimes reveal gaps in them – you move from “nice to have” to “how we stay in business.”

What risk actually is in your context

In practice, “risk” is:

  • The list of things leadership already tracks and escalates.

  • The formats and forums where those risks are assessed (risk registers, heatmaps, internal audits, assurance, crisis exercises).

  • The thresholds that trigger action – financial, legal, safety, reputation, licence to operate.

Your work is not to invent a parallel risk system. It’s to plug your issues into the one that already exists, and to expand its horizon where needed.

How to start

  • Learn the current risk map. Sit down with your risk or internal audit colleagues and ask them to walk you through how the company currently defines, categorises and escalates risk. What are the top risks on paper? How are they rated? Which ones actually get time at ExCo and board level?

  • Translate one issue into that frame. Take a priority sustainability topic – say extreme weather, forced labour, biodiversity, plastics, water – and rewrite it using the company’s own risk categories and metrics: operational disruption, regulatory non‑compliance, legal exposure, reputational impact, stranded assets, cost of capital, talent attraction.

  • Secure one place in the risk machinery. Choose a concrete move: adding specific sustainability‑related risks into the enterprise risk register; making sure a climate or human‑rights scenario is part of the annual risk review; or getting a standing slot in the risk committee to update on how these issues are evolving. Aim for one well‑placed integration, not a complete overhaul.

You are not trying to scare people into action with ever‑bigger “planetary risk” slides. You are helping your organisation see, in its own terms, that many of the risks it already cares about are being reshaped by the sustainability realities you’re naming – and that acting on them is part of basic competence, not a side project.

Karimah Hudda
Previous

Enterprise A-Z: Strategy
Next

Enterprise A-Z: Quiet rooms