Next Article in Journal
Adapting Water and Soil Management to Climate Change
Next Article in Special Issue
Analysis of Energy Consumption of Robotic Welding Stations
Previous Article in Journal
Strategic Pathways to Alternative Marine Fuels: Empirical Evidence from Shipping Practices in South Korea
Previous Article in Special Issue
Identification of Barriers to Sustainable Manufacturing Implementation—The Perspective of Manufacturers of Parts and Components for Agricultural Transport
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

The Application of Environmental, Social and Governance Standards in Operational Risk Management in SSC in Poland

by
Zuzanna Zaporowska
1,* and
Marek Szczepański
2
1
Faculty of Engineering Management, Poznań University of Technology, J. Rychlewskiego 2, 60-965 Poznań, Poland
2
Division of Enterprise Economics, Investment and Insurance, Institute of Logistics, Faculty of Engineering Management, Poznań University of Technology, J. Rychlewskiego 2, 60-965 Poznań, Poland
*
Author to whom correspondence should be addressed.
Sustainability 2024, 16(6), 2413; https://doi.org/10.3390/su16062413
Submission received: 19 December 2023 / Revised: 11 March 2024 / Accepted: 12 March 2024 / Published: 14 March 2024

Abstract

:
Organizations are facing increasing pressure to be transparent about their performance and to accept responsibility for their impacts on both society and the environment. The role of ESG is essential from a reporting standpoint. New regulations are forcing organizations to focus more on cascading ESG risk management in order to ensure that the various ESG objectives are analyzed and monitored at the group and subsidiary levels. This article employed the results of an empirical study conducted on risk management concerning shared service centers in Poland. In addition, a case study was conducted based on their internal reports and financial statements. At this stage, SSCs are focusing solely on financial risks and are ignoring the broader perspective. Thus, the promotion of ESG practices in organizations currently represents the most critical factor. ESG-related activities should be cascaded to company subsidiaries, especially those that employ internally separated processes, operate globally and are responsible for end-to-end processes. Based on an analysis of financial statements, few entities currently even consider operational risks, including ESG-related risks. Companies should re-examine their internal governance approach so as to ensure the effective cascading of ESG objectives to the lower levels of the organizational structure.

1. Introduction

The increasing importance of Environmental, Social, and Governance (ESG) factors has fundamentally changed how investors and businesses view sustainability. ESG approaches have, to date, commonly been considered to be “nice-to-haves” rather than as crucial elements in the business and investment decision-making processes. However, as ESG has become more prominent, companies and investors are implementing more thorough strategies and incorporating ESG approaches into their corporate strategies and decision-making processes. Due to issues related to social inequality, climate change and global health, ESG is now more important than ever for investors and businesses. Businesses that adopt ESG approaches stand to benefit significantly from enhanced consumer loyalty, a positive brand reputation and lower risks, while promoting a more sustainable future. Investors are increasingly looking for investment opportunities that align with their ideals and values, in addition to the financial results.
Aimed at managing risk and attaining sustainability over time, investors have started to take environmental, social and governance aspects into account when making investment decisions and are making efforts to improve the accountability and openness of corporate governance. This has resulted in an increase in data sharing and transparency concerning ESG. Businesses are facing increasing pressure to be transparent about their performance and to accept responsibility for their impacts on society and the environment, which has led to calls for greater openness and accountability concerning corporate governance. Moreover, international frameworks and standards, e.g., the United Nations Guiding Principles on Business and Human Rights and the Paris Agreement on Climate Change, are becoming increasingly important in terms of addressing environmental and social issues. Such frameworks provide a basis for greater responsibility and transparency when addressing these issues.
The role of ESG is important from a reporting standpoint. The demand for transparency is increasing concerning socially conscious and sustainable practices [1,2,3,4].
The results of an empirical study conducted on shared services centers operating in Poland in the area of risk management were employed for the purposes of this article. In addition, a case study was conducted based on the financial statements of selected shared services centers operating in Poznań.
The main objective of this paper is the identification of the role of ESG factors in operational risk management and performance reporting in shared service centers (SSCs) in Poland. This study aims to significantly contribute to the existing ESG initiatives by investigating how ESG (environment, social, governance) components are reflected in business performance reporting as an important part of the controlling function of management, particularly focusing on the level of implementation of new regulations in shared services centers. This research determines the impact of ESG factors on risk management and establishes a relationship between them. Its other goal is to tackle the gap in research methods concerning ESG practices and how they affect global structures, focusing on shared services centers.
Section 3.1 will analyze and present in detail the current state of knowledge about ESG. Most of the articles reviewed refer to the relationship between ESG and other dependencies, delineate the theoretical underpinnings of ESG in the field of management, or identify prevalent themes in current ESG research within this field. The novelty of this research refers directly to the ownership of ESG risks, especially for processes outsourced to modern business structures. A blurred responsibility for risks and difficulties regarding ownership, accountability, and communication characterizes risk management in diffused organizations such as SSCs. Once a process or part of it has been migrated to the SSC, it is often disconnected from the business. Due to the strong emphasis on standardization and repeatability, even transactionality, risk is usually no longer actively managed. Another common situation is the migration of the internal control of a given process to the SSC, which is fully justified, but often only increases the sense of impossibility of any change in the process due to the control requirements, including internal and external audit requirements. On the other hand, entities such as SSCs have a considerable impact not only on what processes look like but also on what they could look like by comparing them to best practices and drawing on the experience of people working in SSCs. Skillful use of the potential impact of SSCs in the risk management process, in the opinion of the article’s authors, could increase the effectiveness of risk management (The control function’s effectiveness in risk management is the subject of a more extensive study for Lean Risk Management).
The identification of the needs of the research led to the suggestion and testing of the following hypotheses:
Hypothesis 1:
To date, environmental, social and governance risks have not been considered in shared service centers operating in Poland.
Hypothesis 2:
Following the introduction of a new EU directive, international corporations will be required to change their risk reporting strategy in cases of service outsourcing.
EU countries are opting for a mix of voluntary and mandatory measures that improve ESG disclosures in their respective jurisdictions [5]. The Corporate Sustainability Reporting Directive (CSRD), which applies to all European Union member countries, imposes specific ESG reporting obligations. The CSRD, which was published in December 2022 [6], requires that the governments of European Union member states introduce the regulations set out in the directive into national legislation within 18 months of publication. The main objective concerns the convergence of the requirements surrounding nonfinancial reporting with those applied to financial statements aimed at ensuring that investors receive comparable and reliable ESG-related information. Based on 2018 statistics [7], around 300 Polish businesses are currently required to provide reports on their operations accompanied by nonfinancial statements. Only large companies that meet one of two financial conditions—either PLN 170 million in net revenues from the sale of goods and products over the financial year or PLN 85 million in total assets on the balance sheet at the end of the financial year and that are public interest entities (PIEs) with more than 500 employees—are subject to the provisions on nonfinancial reporting. However, the new directive broadens the list of entities that are required to report and replaces currently valid EU regulations on the disclosure of nonfinancial information. Only those entities that currently report nonfinancial information (i.e., large public-interest entities with more than 500 employees) will be subject to the new provisions during the first phase of implementation. The second category comprises all other large organizations, regardless of whether they are public interest entities or not, which satisfy any two of three requirements (a balance sheet total of over EUR 20 million, a net income of over EUR 40 million, and a number of employees of over 250). The third phase of implementation concerns all small and medium-sized listed companies. Large capital groups also fall under the purview of the directive [8,9].
By the end of 2024, the CSRD directive will apply to only 150 Polish companies (of a total of 12,000 companies in the whole of the EU) that are subject to the currently applicable NFRD (Non-Financial Reporting Directive). However, from 2025, the new regulations and reporting obligations will apply to a much larger group, i.e., over 3500 Polish enterprises [10], probably including SSCs, which meet the following conditions:
  • from 1 January 2025, large companies that are currently not subject to the NFRD, employ more than 250 employees, and/or have a turnover of EUR 40 million and/or a balance sheet total of EUR 20 million;
  • from 1 January 2026, small and medium-sized companies listed on the stock exchange, and other companies.
The adoption of preventive measures and engagement in proactive ESG risk management is in the best interests of all companies in terms of effectively addressing environmental, social and governance risks and opportunities. Research indicates that businesses that are completely ESG-integrated, transparent and stakeholder-accountable are more likely to succeed over the long term [11]. The findings [12] indicated that integrating environmental practices positively affected CSR initiatives, but the influence of social and governance practices exhibited variability. The research [12] emphasized the importance of proficiently communicating environmental policies and proposes that organizations prioritize environmental actions to bolster their brand and gain customer confidence. The results also underscore the need for consumer education about the ESG framework. While listed companies are already required to comply with ESG requirements and reports, it would be beneficial to encourage non listed companies also to recognize the importance of ESG and educate the public on how to interpret it. Leaving the responsibilities of ESG to only the listed companies creates boundaries that, over time, can belittle the importance of achieving sustainable goals. Sustainability reports will form part of the so-called activity report, which will result in the increased responsibility of company governing bodies for this reporting area. According to the Accounting Act, company governing bodies are jointly and severally liable for any damage caused via a breach of the activity report, and the preparation of such reports contrary to the set requirements or the inclusion of unreliable data in the report is subject to criminal charges [13].
One of the most important steps concerns the integration of ESG into the risk management strategy. Managing a business and striving for operational excellence require awareness of and an appropriate response to ESG-related risks. It is essential that ESG-related risks be mapped and ranked, e.g., by completing a materiality matrix and managing it over time. A significant knowledge gap remains between the supply of, and demand for, information on ESG despite increases in both the demand for and the provision of ESG reporting. This knowledge gap can be attributed to a number of factors, including disparate ESG reporting standards and frameworks, voluntary reporting regimes, and the high costs associated with the collection and reporting of data.
Aimed at fulfilling the research objectives, this article is organized as follows. Section 2 presents the research methodology applied concerning the procedures and methods applied and Section 3 presents the results:
  • ESG perception in the context of Central Europe/Poland and the principles of risk management analysis were investigated based on a review of Polish and international literature.
  • Questionnaires were submitted to the SSC community concerning risk management and internal control in October 2023 with the aim of examining the implementation of risk management approaches.
  • A case study on financial statements issued by shared service centers in Poland that analyzed the overall scope of risk reporting, which assisted in the formulation of the conclusions and the determination of future research areas.
Section 4 discusses the empirical findings of the analysis. Section 5 presents the conclusions of the study and suggests future directions for research.

2. Materials and Methods

This study provides a summary of exploratory research conducted on an issue that has not been previously investigated in Poland regarding shared services centers. The study is both descriptive and analytical from the viewpoint of the exploratory objective, which is addressed in two stages. The first stage is a targeted review of the existing literature, and the second stage involves empirical research entailing a questionnaire survey and a case study. The two stages are explained further below.
Aimed at assessing current trends in the research area, a targeted literature review [14] was conducted using the Web of Science database to identify publications in the area of ESG risk management and shared service centers. The search strategy included the entry of the following keywords: “ESG”, “risk management” and other keywords associated with organizations (e.g., shared services, BPO—Business Process Outsourcing, SSC). Although no language restriction was applied to the search, only those studies with abstracts in English and full texts in English or Polish were deemed eligible for inclusion. The search failed to identify any such related articles, thus confirming the presence of a research gap in this area.
The next stage involved the compilation of a questionnaire survey as the quantitative method applied in the research aimed at forming an understanding, inter alia, of (The survey conducted in September and October 2023 focused on Lean Risk Management and only part of this research was used for the purposed of this article):
  • The implementation of risk management at the shared service center level.
  • The priorities considered in the risk management process.
Computer-Assisted Telephone Interview (CATI) sessions were conducted in September and October 2023. This particular research methodology was chosen since it allows for the conducting of telephone surveys in which the interviewer administers a questionnaire to the respondent by reading it from a computer during a phone call; this approach guarantees accuracy since the presence of the interviewer strengthens the reliability of the data collection process. The data file with the responses obtained was subsequently downloaded into the MS Excel format.
The questionnaire’s questions were converted into quantitative variables with Likert-type scale questions ranging from 1 to 5 and qualitative variables (nominal and ordinal) from which the degree of risk management implementation was gauged. Subsequently, the companies that were contacted were categorized based on the respondent’s role, the organization’s size (counting internal units and personnel), and the range of services offered. This information was used to determine the degree of standardization or differences.
The quantitative data analysis was performed using descriptive statistics so as to allow for the summarization of the information collected, which was followed by the application of inferential statistical techniques based on the graphical presentation of the data [15]. The statistical analysis was completed using Microsoft Excel 365.
The study population consisted of companies that operate in Poland with SSCs that were created as a part of an international capital group and that provide services to internal entities. In 2023, there were a total of 435 SSC/GBS centers (Information collected independently by Authors). Firstly, based principally on annual research conducted by ABSL on the Business Services Sector in Poland [16], 146 companies that met the research criteria were defined as the initial population. An additional internet search (LinkedIn social media site) enabled the compilation of a list of 112 representatives from these companies for the purposes of the research. They were selected based on positions related to one of the keywords, “risk management” or “internal control”.
The population size was 146 companies available for the research. Purposive sampling was used mainly due to the impossibility of using random selection, resulting from the lack of appropriate data about the surveyed entities from a reliable source. A total of 112 interview queries were dispatched successfully, and 70 were collected with answers (a 60% success rate). However, it was not assumed that the conclusions drawn from this research sample could form the basis for generalization. The main limitations of the research method employed concerned the targeted sampling approach and the selection of the research sample based on willingness to participate.
The final stage of the research cycle concerned the preparation of the case study [15,17] for selected SSCs. The case study was aimed at the in-depth research of the processes involved in the real environment in which they are implemented. The selection of the cases was subordinated to the presentation of the research subject. It was intended to contribute to improving the understanding of the reality that was subjected to study. One of the crucial considerations concerned how to examine the risks identified by the SSCs in their financial statements. The deliberate case selection approach was employed to address the research question. The selected SSCs were all located in Poland and most of the analyzed financial statements covered 2022.
The justification behind considering Poland as a distinctive case warranting a comprehensive investigation is that the business services sector in Poland has been developing over the last two decades, and it has been one of the most critical drivers for the growth of the Polish economy. Poland is the regional leader for European business services, both in the overall number of centers and the total employment within the industry. The findings might also apply to other countries because as the market matures, Polish centers are becoming increasingly involved in entire processes from end to end [18].

3. Results

3.1. ESG in Risk Management—Literature Review

Risk has formed the subject of a wide range of studies and analyses in the field of management sciences [19,20]. However, this study does not attempt to consider strictly historical or etymological arguments. The development of the thinking on the subject of risk is covered in a book by [21], whereas a book by presents a histogram of the most important events that have shaped the theory of risk; moreover, a detailed definition of the concept of risk was presented in [22]. For the purposes of this study, it was decided to analyze the term risk from the perspective of organizations that are distributed and operate globally.
The word “risk” has a multifaceted meaning, and its origin has not, to date, been clearly explained. Taking risks is a choice rather than an inevitable fate, and it will be analyzed herein through the prism of the activities of businesses, organizational objectives, and the steps taken as a result of conscious decisions.
Risk is defined in management theory as a situation in which at least one of the elements involved is unknown, whereas the probability of its occurrence is known. This probability may be measurable or may be merely felt by the decision maker, and according to this definition, risk conditions occur only when existing experience regarding similar events can be related to the current situation (Encyclopedia of Organization and Management, 1982). Risk creates opportunities while simultaneously threatening the implementation of the undertaken tasks. It is, therefore, a tool and a means to obtain specific benefits qualified by the potential losses that may accompany the undertaken activity. All organizations make decisions based on incomplete data on a regular basis. Probability theory provides an essential tool for the forecasting of the future, which requires information that constitutes the basis for estimating probability [23].
The negative concept of risk considers it to pose a threat and implies a certain loss, damage, or unrealized aim. The neutral concept of risk considers it to be both an opportunity and a threat, which implies that the result may be better or worse than expected. It should be assumed that the following relationship exists between the risk and the desired effect: the higher the risk, the higher the expected effect, and vice versa: a higher expected effect requires the bearing of a higher risk [24].
In practice, the concepts of risk and uncertainty are often confused. A. Willet first identified the differences between these terms in her study entitled “The Economic Theory of Risk and Insurance” (1901); risk was defined as being objectively interdependent with subjective uncertainty. Less than 20 years later, this topic was further addressed by F. Knight, who separated risk from so-called uncertain events. He opined that risk is the potential for deviations from the planned state, which can be calculated by applying probability or other statistical and estimation methods. Uncertainty occurs when it is impossible to estimate the probability of such a deviation [25].
Uncertainty, unlike risk, concerns changes that are difficult to estimate, or it is impossible to estimate the probability of a specific event occurring. Not all authors agree with the distinction between the concepts of risk and uncertainty. Sinkey Jr suggested the following definition of risk: “Risk is the uncertainty associated with future events and the consequences of decision-making” [26], while Doerig opined that “uncertainty about obtaining future results” represents a risk [27]. Today, however, the dominant approach is to distinguish these two concepts. Uncertainty is defined as a state in which future possibilities and the chances of their occurrence are unknown, and risk is used in situations where the outcome of an event is unknown. Nevertheless, the probability of individual possibilities coming true in the future is known or can be estimated [28].
Definitions of risk have also been formulated in the context of the objectives to be achieved, concerning whether it is essential to consider the following definition: risk is the danger of not achieving the objectives set when making the decision. Certain activities entail the risk of a loss [29].
In the context of the multilayered nature of the above definitions, classifications of risk are diverse, due mainly to the fact that, initially, research on risk was conducted with respect only to specific segments of the financial market, i.e., insurance, banking and the capital market [22]. No such classifications of risk have been defined for nonfinancial entities, although a number of guidelines can be found in the Sarbanes–Oxley Act (SOX). In addition, information on risk and the management thereof is provided in standards implemented by various organizations and institutions, e.g.:
  • The international ISO standard for an integrated risk management system: ISO 31000:2018—Risk management—Guidelines [30],
  • The American risk management standard developed by COSO (The Committee for Sponsoring Organizations of the Treadway Commission) [31].
However, it is worth noting that the concept of operational risk appears only sporadically in the requirements applicable to nonfinancial institutions.
The topic of operational risk began to attract attention around 30 years ago following the publication of the COSO internal control standard in 1992 [32]. The Basel Committee defined the concept of operational risk as a part of its work on a set of recommendations concerning sound risk management practices in banking known as Basel I.
A range of definitions of operational risk has been presented in various scientific disciplines (e.g., economics, finance, management and quality sciences). Generally speaking, operational risk covers all types of risk that occur in enterprises that are not classified as financial risk. Operational risk can be defined as “loss resulting from inadequate or failed internal processes, people and systems, or from external events (e.g., natural disaster)” [20,33].
The Basel Committee on Banking Supervision considers operational risk as the potential for incurring losses due to insufficient or faulty systems, incorrect procedures and methods of operation, human error, technical failures and external events. According to this concept, the following risk factor categories can be distinguished:
  • Processes—a category of losses incurred due to errors in the adopted procedures, an insufficient number of existing procedures, or the complete lack thereof. Losses in this category are not the result of intentional actions. They may be the result of human error or noncompliance with the applicable procedures.
  • People—the sources of this type of risk comprise the intentional or unintentional actions of former or current employees to the detriment of the employer.
  • Systems—this applies to losses incurred due to the failure of telecommunications or IT systems, including software. Losses in this category are not the result of intentional actions.
  • External events—losses that occur due to the impact of external factors on entities. These may be losses caused by natural disasters as well as the actions of third parties.
Regarding shared services centers, it is crucial to what extent the company’s internal organizational processes act to resist disruptions so that the organization is able to achieve its economic goals. The same publication defines operational risk as the risk of material and reputational losses and legal liability resulting from the maladjustment or unreliability of processes and the related necessary resources (personal, material, information and financial) and resulting from disruptions caused by the impact of internal and external threats. This definition directly refers to the implementation of processes and their exposure to risk through specific internal and external events that disrupt these processes to a certain extent.
It is important to stress that ensuring sustainable development and implementing processes that reduce the negative impact on the environment and communities is one of the most important responsibilities of modern enterprises. An accurate ESG risk assessment is a major requirement for many investors, and acting in a legal manner requires compliance with a wide range of regulations and standards. The impact of extreme weather phenomena such as floods, droughts and hurricanes, as well as general climate change, may make it difficult or even impossible to conduct business activities, and such potential threats should be considered in the ESG risk assessment. ESG risk management should also consider potential supply problems—from organizational issues through geopolitical tensions to the challenges faced by contractors.
Today, devoting attention to environmental, social and corporate governance issues is expected by both investors and customers. Therefore, all companies, regardless of size and industrial sector, face pressure to implement and pursue strategies that allow for the accurate determination of potential impacts concerning the above three factors and to anticipate any potential threats. ESG-related risks should be treated as some of the most critical business risks in the modern market.
Risk management is a system that includes methods and activities aimed at optimizing risk in the everyday functioning of business entities and making rational decisions for this purpose [34]. Risk management leads to a situation in which the organization’s management is aware of the risk and its extent. The organization must not exceed the risk limit consciously considered to be acceptable [35]. The consideration of risk must take into account the existence of opportunities and threats, as well as the potential for covering any related losses. Effective management requires a detailed analysis and understanding of the nature and scope of potential risks. This approach allows for the timely selection of measures that act to moderate or prevent adverse impacts [35]. The risk management strategy comprises an action plan that includes the formulation of objectives based on anticipated changes concerning loss probability factors [34].
All those involved in running a business have attitudes toward risk, and the attitude adopted is subjective. Typically, the approach to risk manifests itself in the form of limits and restrictions. Furthermore, the assessment of specific identifiable risks does not mean that the risks are acceptable for the organization. The decision requires that the company’s management submit their opinions, based on which the decision is made as to the level of acceptability of the risk and the potential for the occurrence of unfavorable scenarios if the threshold values of the various defined indicators that are important from the point of view of the business are exceeded. Therefore, companies face the critical task of identifying and assessing risk and determining its permissible limits so as to respond appropriately. Adhering to these limits should ensure that the desired results are achieved. Furthermore, the rationale for influencing risk is closely related to the risk “appetite” and should be communicated by the senior management to all the employees involved.
Contemporary risk management refers to a division into the following primary risk groups: material, financial, strategic and operational risks. This study analyzes in detail the operational risk management process since operational risk management is directly related to the functioning of organizations and the processes that are involved in their business activities in the ESG context. In the case of stable organizational operating processes, it has been determined that addressing operational risk essentially involves dealing with exceptions/deviations from planned activities or incidents [35]. In the case of shared services centers, this type of management appears to be particularly justified due mainly to the desire to consolidate standard processes and eliminate deviations. The operational risk management process in such organizations should, therefore, be included in the general management system, in the framework of which issues and problems resulting from the fulfillment of risks should be addressed via both intuitive and situational approaches.
Operational risk is often considered to be the most dangerous risk category [36] since it is often specific and varies significantly depending on the company and its market situation; thus, no standard procedures can be defined. Operational risks are interconnected in complex ways, thus rendering them difficult to manage. In an uncertain environment, the action taken to reduce one operational risk may increase the likelihood of the occurrence of risks in other areas. Operational risks may also exert a significant impact on other types of risks (including ESG-related risks), the occurrence of which in the organization is often the result of the poor management of critical processes by its management and employees [37]. Both operational risk and ESG-related risks have a significant impact on the performance of a company and financial risks. On the part of enterprises, including multinational corporations using shared service centers, risk management requires a holistic approach, taking into account the interconnectedness and impact of operational, ESG and financial risks. Also, in turn, banks and other financial institutions lending to businesses should also take a holistic approach to assessing a company’s creditworthiness. This is in line with the concept of sustainable development, which requires taking into account not only the economic and financial but also the social and ecological results of business activity. However, the assessment of the social and environmental consequences of business activities is much more complicated than the traditional analysis of the company’s financial situation or the measurement of operational (nonfinancial) risk. Some spectacular examples of ESG risk occurrence in international corporations are presented in Table 1.
Does the size of a firm affect ESG risk? A sample of 668 banks was analyzed for the research [38] because the ambiguous evidence in the relevant literature regarding the relationships between firm size and ESG risk justified the need for further scientific investigation. The findings showed that while size appears to be negatively correlated with ESG risk in the cross-section on average, the relationship is nonlinear and exhibits a U-shaped pattern. The aforementioned study [38] provided some crucial insights and suggestions for bank executives and equity investors by highlighting the significance of diseconomies of scale in ESG risk management.
The categorization of ESG risk as an operational risk was deeply analyzed in the following research [39]. Past studies have mainly focused on nonfinancial companies, often motivated by an emphasis on social responsibility, but banks choose which companies to fund and thus play a crucial role in promoting the public good of corporate social responsibility (CSR). The Basel Committee on Banking Supervision suggests consideration of significant ESG risks while ensuring risk management systems. Banks should be aware of the influence of these new drivers on operational risk, which may increase strategic, reputational, and regulatory compliance risks, as well as liability costs associated with climate-sensitive investments and organizations [39,40]. As per the research, the importance of banks in quantifying operational risk stems from the fact that significant operational losses can result in equally large reputational losses, particularly when climate-related, environmental, and social issues cause losses. In the latter case, bank market value can potentially be deprecated due to reputational risk. Consequently, leveraging the results of this study on nonfinancial entities, it can be concluded that from the risk management perspective, ESG risks should be treated as manageable through the prism of operational risk management tools and methods.
The analysis of the available literature on the subject strongly indicates that the organizational units involved in operational risk management should, primarily, be aware of the threats, potential impacts and consequences inherent in their activities. Providing a comprehensive and detailed approach to the typified risks and a clear vision of the risks enables organizations to focus on effective controls. This depends on the risks and subrisks defined in each business sector. It is recommended that the information on associated monitoring controls be expanded, thus contributing to organizational risk management focusing on sustainability [41]. However, it is important to have defined measures (Key Risk Indicator—KRI, Key Performance Indicator—KPI) in place that allow for the control of the results of critical economic and financial activities and progress in terms of achieving set objectives, as well as the identification of problems that require intervention on a continuous basis [42]. Moreover, it is advisable that systems are in place that signal deviations from defined assumptions on a regular basis so that the appropriate action can be taken. Undoubtedly, informing management systematically and immediately of emerging threats or the failure of the measures applied depends on the implementation of an effective communication process [43,44].
In addition, shared service centers operate on the basis of transferred processes; thus, the main condition for the effective implementation of risk management in such organizations concerns the application of a process approach and its full integration with all the company’s management processes, as well as the basing of the risk analysis system on an interdisciplinary awareness of the causes, mechanisms and consequences of risk [45,46].
The technological revolution is changing consumers’ perceptions of how their needs should be met. New business rules are emerging, to which companies must systematically adapt so as to maintain their competitive advantage and protect their place in the market. The scientific and technological revolution that began at the turn of the 19th and 20th centuries continues up to the present. Moreover, radical new features are emerging on a continuous basis that are significantly accelerating the implementation of achievements in all aspects of human life. It is impossible to imagine a world without the latest generation of smartphones, ultra-thin laptops that can work for hours without charging, “smart home” and “personal assistant” systems, cars with autonomous control, etc. Moreover, it remains to be seen how the development of artificial intelligence will affect the enterprise management process and the risk management process in particular. In addition, due to the increased awareness of the risks associated with lean management, a new concept has emerged in the area of risk management, i.e., lean risk management [47], which consists of the rigorous monitoring of risk, the development of approaches to respond quickly to random events, and the synergistic integration of risk management with project planning and implementation (schedule, budget) using so-called lean tools. Its primary objective is to increase the flexibility of the risk management process. This approach is aimed at improving both efficiency and the management of resources, as well as a greater emphasis on creating value for customers.
The literature has investigated the relationship between ESG and risk in different ways, through multiple perspectives and approaches. Selection of all documents with “ESG” and “Risk” in the title, abstracts and keywords available in Scopus and, after removing nonrelevant papers, we are left with a sample of 589 documents published in the period 1983–2022, provided a view of the most important studies. The results show that over time, ESG has gained increasing attention from the literature, but a clear taxonomy of ESG risks appears to be missing [48]. The main conclusions concern the usage of keywords related to sustainability and the evolution from “social responsibility” to a more comprehensive term, such as “ESG”. The research [48] identified several key challenges that companies face when attempting to integrate ESG factors into their decision-making processes, which include a lack of standardized ESG data and metrics, difficulties in identifying material ESG issues, and the need for greater transparency and accountability in ESG reporting. Additionally, the core stream of research investigates the problems of asset managers and companies in terms of how to improve economic or financial metrics through ESG investing. Investigation of how to decrease ESG risk for companies and markets and the physical risks of ESG and transition risk explicitly are much less exploited.
Even a cursory review of existing sustainability data sets will quickly reveal that key ESG performance and risk indicators are spottily reported, inconsistently calculated, rarely verified and often irrelevant to risk managers. This drives the conclusion about the need for rigorous standards [49,50]. On the other hand, assessment tools like scenario analyses and stress tests, sensitivity analyses and value-at-risk models are still at the rudimentary stages when it comes to applying them to sustainability matters. As a result of an analysis of Swedish multinational corporations [51], it was concluded that mandating companies to disclose more ESG information will not significantly impact changing corporate behavior toward enhancing ESG performance. Thus, there is a need to rethink how novel approaches can be developed to change corporate behavior and improve ESG performance and how companies hereby can contribute to sustainable development.
Increased public pressure on corporations to disclose their environmental, social, and governance performance has led to ESG reporting. Corporate reporting on social outcomes is more complex because of diverse beliefs about the most beneficial or detrimental impacts of corporations on society. One of the research studies briefly shows [52] that societal reporting that focuses initially on areas where widespread agreement already exists about what constitutes good or harmful social outcomes. Specifically for SSCs, the governance factor calls the shots, but social and environmental factors should be considered as well:
  • Environment: Most SSCs are located in city centers and are well connected with local universities. A key trend across most major office markets in Poland is the rise in demand for services related to adapting the workplace and offices to the new standard (buildings with ESG criteria). ESG and sustainable development issues are growing trends, and environmental profit in projects in the era of climate change is becoming no less important than financial profit [18].
  • Society: This aspect concerns those initiatives that have a social impact not only externally, directly, and indirectly but also within the company: human resources management, working conditions and standards, customer management, and impacts on the community [53].
  • Governance: This aspect is more related to the organizational and administrative aspects, as well as to the internal policies, the mechanisms for assigning objectives, and managerial duties. Among others, it also concerns the degree of autonomy and independence of specific roles, ethical and behavioral codes, operating regulations, the degree of transparency and the quality of reporting and risk prevention plans [53]. This is the most nonobvious factor in the entire analysis, mainly due to the distributed ownership of processes, what risks are transferred to the SSC along with financial processes, and where the responsibility for them actually materializes.
Nowadays, the sustainable approach of companies in doing business is becoming increasingly common and expected by the stakeholders. In the study [54], it was found that a company’s ESG performance positively affects its market capitalization. The results of the mentioned research conducted on an international scale demonstrate that the corporate financial performance of ESG reporting companies is better than that of others. The results allow us to assume that investors expect companies to present ESG reports, and ESG reporting companies tend to be valued higher by the market. In a different research [55], it was examined whether firms that use ESG reporting guidelines increase their quantity of disclosed sustainability information. Furthermore, it was assessed whether firms tend to pursue process- or content-focused verification. Firms that follow ESG guidelines disclose 39% more sustainability information compared to firms that publish sustainability reports but do not follow ESG reporting guidelines. Content-focused verification leads to greater information disclosure than process-focused verification in that firms publish 23% more text in their sustainability reports. Specifically, it is important for SSCs because of the process-oriented structure, and most global ESG reporting guidelines endorse process-focused verification. This verification is less effective than content-focused verification at encouraging firms’ information disclosure. As conducted in the other research [53], on the one hand, there are difficulties in translating the frameworks examined into effective tools integrated into company processes (especially concerning the size of companies). On the other hand, there is an increase in the evidence of the need not to waste human and financial resources but to optimize them already at the individual company level towards the objectives of sustainable development. Investing in the Sustainable Development Goals through an ESG approach, being integrated into all production, management, and control processes would mean not only preserving tangible and intangible assets in the long term but also creating long-term value for stakeholders. Alongside the construction of suitable internal risk management models integrated for ESG sustainability factors, it is essential to define coherent Management by Objective (MBO) plans that are also integrated for ESG factors to ensure consistency between the various internal corporate processes and between these and the objectives for sustainability.
OECD [56] recommends improving the transparency and credibility of ESG rating methodologies and promoting market integrity. While some market participants may use elements of ESG ratings to support climate risk management, they also include information on environmental impact, human rights, and corporate governance. The last point is the most valid for SSCs. The integration of sustainability criteria in all enterprises’ decision-making and risk management and control processes becomes more effective and coherent with the Sustainable Development Goals [57].
Furthermore, ESG performance mainly affects enterprise risk through three channels [58]:
  • Firm reputation;
  • Information transparency and reporting of sustainable development goals (SDGs);
  • Internal control.
Generally, firms with better ESG performance are more likely to have sound risk management frameworks.

3.2. Survey

In terms of the objectives of the study, the key issue with respect to the survey was to identify the extent to which SSCs implement risk management systems and whether they include an ESG component. The results are presented employing the synthetic approach for further discussion in the next section of the paper. As described in Section 2, Materials and Methods, the study population consisted of companies that operate in Poland with SSCs that were created as a part of an international capital group and that provide services to internal entities. As per information collected by the authors, in 2023, there were a total of 435 SSC/GBS centers. Not all companies using SSCs agreed to participate in the study and, as a result, 70 interviews were collected with answers. Purposive sampling was used mainly due to the impossibility of using random selection, resulting from the lack of appropriate data about the surveyed entities from a reliable source.
The first set of questions focused on obtaining general information on the size and scope of the shared service center. The most important information required for further analysis concerned confirmation of the existence of a risk management system. Just 67% of the interviewed organizations stated that a risk management system had been implemented at the shared service center level and 24% confirmed that the risk management process is out of scope in their shared service center. This information slightly changed the focus with respect to the analyzed hypothesis since the nonexistence of a risk management process in the operation of the SSC rendered it extremely difficult to consider the implementation of an ESG risk analysis for the remaining 33% of the sample.
The next three questions focused on the priorities of the organization with respect to operational risk management. The questions addressed the interest of the organizations concerning the reduction of the incidence of human error and losses caused by fraud, and inefficient systems. Almost 93% of the respondents confirmed that their organization works to reduce errors caused by noncompliance with internal procedures and the same percentage confirmed that losses caused by fraud and inefficient systems are concerns for their organizations.
The next question concerned the requirements of auditors or regulators in terms of conducting audits, even if the process is considered risk-free. In this case, 75% of the respondents disagreed with the statement that such requirements are imposed, and 21% of respondents confirmed their existence. This question was also asked as part of the case study that analyzed the types of risks reported by shared service centers so as to further verify the truthfulness of this statement. This was a significant finding of the research, especially in terms of risk management in the area of ESG reporting. Despite the enormous pressure that international organizations are exposed to, none of the respondents indicated the regulator requirements for ESG reporting.
Finally, a question was asked concerning the justification for the lack of internal control concerning processes that do not generate errors or expose the company to the risk of embezzlement. Almost 79% of respondents agreed that such a lack of internal control is justified.
The second part of the questionnaire characterized the sample companies in terms of the following components:
  • Employing entity;
  • Locations of the employing entity;
  • Organizational level of the positions in the company;
  • Size of the company: number of internal units;
  • Size of the company: number of employees;
  • Scope of services.
Following the above structure, 98% reported that they belong to an SSC organization. Most of the respondents reported locations in Łódź, Warsaw and Wrocław. From the organizational level perspective, 37% of respondents reported the managerial level, and 33% the leader level. Of the analyzed SSCs, 39% provide support for 50–100 units, 30% for 20–50 units, and 20% for more than 100 units. Concerning the number of employees, of the analyzed SSCs, 49% employ 100–300 people and 40% employ 301–1000 people. Finally, the main finance services managed by the selected SSCs comprise the following:
  • Liabilities;
  • Receivables;
  • Cash management;
  • Taxes;
  • Purchasing;
  • Internal controls;
  • Corporate functions;
  • Customer service;
  • Internal audit.
As an introduction for further parametric tests, the results obtained were analyzed from two perspectives: the number of employees and the number of entities in scope for SSC (intergroup comparison).
This approach allowed us to define the independent variable necessary for further analyses (Figure 1). At the initial data analysis stage, the responses were checked in the area of the acquired processes, with particular emphasis on internal controls and corporate functions. The choice of these two areas was dictated by the fact that processes related to broadly understood ESG risk can be thoroughly analyzed if SSC has them in its scope of activities.
If we treat the number of employees as the independent variable and the process we are interested in as the dependent variable, it follows that in terms of internal controls, this process is transferred to those SSCs that meet the following criterion: 84% of interviewed SSCs employed more than 301 people. The same conclusion applies to corporate functions, as presented in Figure 2.
Based on the above data, a preliminary conclusion can be drawn that ESG risks should be analyzed with a much higher probability in entities employing more than 301 people. From the point of view of the number of units served, this disproportion is much higher, as presented in Figure 3. SSCs with more than 51 entities in the scope of services most likely migrated processes of internal controls and corporate functions.
Internal controls were transferred to SSCs serving up to 50 units by 85% and corporate functions by 88%.
Using the exact data breakdown, the structuring of the risk management process was carefully analyzed. Based on the data presented in Figure 4, this may lead to the preliminary conclusion that in large SSC entities, there is an inevitable blurring of responsibility for the risk management process in favor of focusing on the elementary elements of the process performed within the SSC. This may directly impact risk management in the ESG area and pose a threat to the identification of this risk in the activities of the shared services center.
To validate this initial conclusion further, considering that regression methods have become an integral component of any data analysis concerned with describing the relationship between a response variable and one or more explanatory variables, logistic regression was used to analyze these data and to describe the relationship between an outcome (dependent or response) variable and a set of independent (predictor or explanatory) variables (often called covariates) [59]. For the purpose of this analysis, the dependent variable was assigned to the implementation of structured risk management, and covariates are the number of employees and the number of entities in scope for SSC. SPSS software version 29.0.2.0 was used to calculate the logistic regression and tables presented below were extracted from the software directly.
Not all companies using SSCs agreed to participate in the study, so 70 interviews were conducted with answers. Five were excluded to keep the dependent variable’s dichotomic character from all the cases analyzed (answer “I don’t know”). The total number of cases taken for logistic regression was 65.
As a next step, an initial model was created with the purpose of confirming whether the variables included in the model allow for better prediction of the implementation of structured risk management. From a statistical point of view, it is evident that the model is not significant to predict the implementation of structured risk management with the result of 0.870. As the model creation and validation was not the research objective, the authors decided to focus only on covariance dependencies.
Table 2 presents variables in the equation, which means how the number of employees and the number of entities in scope for SSC drives the structuring of the risk management. The most important information is significance, in this case, the significance of two defined covariables: the number of employees and the number of entities in scope for SSC. Exp(B) addresses how a given factor increases the chances of structuring risk management.
Although the model itself indicates a lack of statistical significance, it is worth noting that the level of significance is slightly lower in relation to the number of units handled, specifically for covariances. Data aggregation allowed for a slight reduction in the indications of both variables but not enough for the variables to become significant. Considering the above and the small sample size selected for the study, it may be worth considering expanding the scope of the study and expanding the sample as a direction for further research.
An interesting perspective is brought to the analysis through the prism of the organization’s priorities in reducing losses resulting from human errors, embezzlement, and unreliable systems (Figure 5 and Figure 6). There were no significant differences in the importance of these factors for the organization according to the entity’s size or the number of entities served.
Nevertheless, for the “I definitely agree” answer, there was a much higher share in large SSCs (Figure 7).
The results of the questionnaires allowed for the conclusion that operational risk management is not strongly represented in the structures of SSCs. Based on the empirical studies, it is evident that ESG risk is likely unrecognized in these organizations due to a blurred responsibility for risks and difficulty regarding ownership, accountability, and communication that characterized risk management in diffused organizations such as SSCs.

3.3. Case Study

The population of the study consisted of companies that operate in Poland that have SSCs that were created as part of an international capital group and that provide services to internal entities. The approach taken to the selection of companies was the same as for the survey described in Section 2. Of the 146 companies defined as the initial population that meets the research criteria, financial statements were identified for 60 entities. Not all these financial statements could be used in the research since, in many instances, the SSC was created in the form of an organizational division (without separate reporting). The analysis of the reported risks was based on publicly available statements. A significant majority of the selected companies reported and analyzed the following financial risks only:
  • Liquidity risks;
  • Market risks, specifically concerning exchange rate and interest rate risks;
  • Credit risks.
The results of the analysis are presented in Table 3.
Based on the results presented in Table 3, it can be concluded that the most common risks faced by selected SSCs in Poland concern exchange rate and interest rate risks (77% and 70%, respectively). Based on the Polish Accounting Act, the management report on the entity’s activities must include significant information on the company’s financial situation, including a performance assessment, an indication of risk factors and a description of potential threats, particularly information on the risk of price changes, credit risks, significant disruption to cash flow and a loss of financial liquidity to which the entity is explicitly exposed. This factor was the reason for the selection of financial risks for further analysis. It is important to highlight that 8 of the 60 analyzed entities (13%) did not provide an analysis of or report any risks in their financial statements.
As shown in Table 3, only 20% of the selected entities reported nonfinancial (operational) risks. However, it seems that all the listed risks are relatively common and applicable to all business entities, not just SSCs. A list of the reported risks is provided below:
  • Risks related to recruiting and managing staff, the building of structures, transfer of knowledge, dynamics of the labor market, and the management of own resources (including the risk associated with difficulties in recruiting qualified staff and increases in employment costs);
  • Risks related to the loss of key employees;
  • The risk of losing key customers;
  • Risks related to the activities of competing companies;
  • Risks related to economic factors and external environmental impacts (including the risks associated with rising inflation);
  • Risks related to the general economic situation, level of competition in the market and changes in legal regulations;
  • Risks related to new services and new technologies;
  • Operational risks related to the conflict in Ukraine;
  • Risks related to the epidemiological situation (COVID).
No mention was made of ESG-related risks in any of the financial statements. In order to cross-check this initial result, the authors referred to the respective group (higher level) websites to discover whether or not ESG is reported. In all cases, the group web pages reported information on corporate responsibility and ESG awareness. Thus, it can be reasonably concluded that the results of the case study confirm the results of the survey, i.e., that ESG awareness has not yet cascaded down to the shared service center level, where the “S” factor remains the most crucial factor for the business.

4. Discussion

The concept of using third parties to provide services has been applied for thousands of years in the business context; it was first used for the collection of taxes in Rome [60]. According to official records, Adam Smith was the first to consider the idea of outsourcing in The Wealth of Nations, published in 1776 [61]. Since the division of labor and specialization foster enhanced cooperation between employee groups and the advancement of individual efficiency, they exert significant impacts on the optimization of productivity [62].
Businesses have been increasingly outsourcing administrative support functions, including information technology, finance, accounting and human resources, in addition to facility management, over the past 20 years. In certain situations, companies decide to outsource their operations to a third party rather than performing them internally, usually due to cost and efficiency considerations [63]. As Henry Ford suggested, “If there is a thing that we cannot do more efficiently, cheaper or better than the competition, there is no point in doing it further—we should hire someone who does it better than we do” [64].
SSCs and outsourcing companies share certain similarities, including the fact that both are independent businesses with ongoing operations. The main way in which SSCs differ from outsourcing companies is that instead of outsourcing tasks, they are handled by a specially created unit within the organizational structure and are managed by the parent company. SSCs are organizationally independent and fully accountable for controlling costs, quality and delivery times. They conclude service-level agreements (SLA), i.e., legal contracts, with their internal clients that specify the type, extent and cost of the services provided. Furthermore, with their own set of specialized resources, SSCs offer clearly defined processor knowledge-based services to multiple business units or divisions within the respective organization [65].
In terms of costing and improving service performance, SSCs provide a competitive alternative to outsourcing, re-engineering, organizational restructuring and other similar “solutions”. Global performance standards and rapid technological advancement lead to creative structures and tactics and answers to challenging business issues [65].
The 1990s saw a significant increase in interest in improving the ability to cope with uncertainty and its negative impacts at the organizational level. This led to the development and application of tools, techniques, processes and methodologies typically classified as “risk management”. This was due mainly to the growing importance of work that requires knowledge rather than physical effort, the adopting of a holistic view of the organization and its activities, the growing importance of project work and process management, the increasing importance of the role of technology and the uncertainty associated with it, constantly growing competitive pressure, increasing turbulence in the business environment, the increase in the complexity of business activities and the emergence of advanced structures with specialized units for process management, the continuing trend toward globalization and the growing burden of regulation [66]. This resulted in the need for ready-made risk management methods and techniques, which, after some time, were standardized, unified and embedded in the frameworks of standards and good practice.
Risk management should consider both the business activities of the entity and form one of the components of the broader management process of the company. It is worth noting that the models created for the risk management of projects should be consistent with the company’s risk management framework. Risk management principles make up a central part of the enterprise management process. The initial stage consists of determining the overall risk management system concept; this is then followed by the development of the risk management procedures and their subsequent implementation.
Operational risk concerns the current functioning of the organization and is related to the implementation of existing objectives and activities. Operational risk includes organizational risks, decision risks, documentation risks, supervision and control risks, information (other than financial reporting) and communications risks, human resources risks, and risks relating to internal regulations, contracts, environmental aspects, IT systems, and the company’s internal infrastructure [24]. Table 4 presents a list of selected operational risks and their sources, focusing on correlation with ESG aims. The table was introduced as the result of the analysis of multiple sources, including the risk registers of selected public sector entities.
It would seem logical that shared service centers are willing to engage in the trend toward increasing transparency via the reporting of operational risks, particularly since the extension of ESG-related legal regulations to include small and medium-sized entities will require the reporting of environmental, social and governance components of operational risks. However, the empirical research conducted indicated that most shared service centers do not take an active role in the wider analysis of risk; rather, they focus exclusively on the financial risk perspective and provide stakeholders with only basic information.
In this context, it is worth considering the role of financial auditors in advocating the extension and quality improvement of the risk analysis systems of such entities. From the different angle, the use of IT increases the analytical capacity of internal auditors, which translates into expected gains in terms of detecting irregularities in accounting records, theft of assets, or inefficient operations. As a consequence, improvement in the quality of internal audits will have a positive effect on corporate governance, helping organizations to achieve higher levels of sustainability [67].
Corporate social responsibility (CSR), which has been under discussion for many years, has been extended via the adoption of environmental, social and governance (ESG) principles. ESG essentially comprises a forward-looking integrated risk management (IRM) approach, driven by investors due to climate change, aimed at identifying those companies that are likely to prosper and those that are likely to decline in an increasingly uncertain social and environmental landscape.
ESG is complex and, in order for coherent corporate reporting to be eventually contained in one report, i.e., the main report, and not merely in terms of financial capital as is currently the case, but in terms of all forms of capital, reporting across the various ESG standards that define and specify metric requirements is set to become more difficult since such requirements are interwoven with legal regulations and statutes. In the new world of stakeholder capitalism, where issues are addressed “in the round” and not simply through the narrow perspective of the few, it is necessary to have one view of what matters most in order to understand what is important for all stakeholders, not just shareholders, so that investors can invest confidently and consumers can consume confidently. Investors are searching for evidence-based reporting that explains how risk factors are anticipated in terms of impacting the company’s financial performance. The long-term viability and sustainability of organizations lie at the center of this investigation process. While the business landscape has always included regulators, regulators now expect businesses to act responsibly and sensibly in all their operational areas, including financial reporting and the reporting of environmental impacts. Although organizations have faced uncertainty in the past, there is now a renewed urgency to not only address risks but also to clearly take action that speaks to all of these stakeholders and points to a robust, viable and productive future [68]. The main contributor to a greater awareness of the company’s role in achieving the SDGs, and the importance of their integration into business models is the company’s culture and values are the main motivation for integrating the SDGs (Sustainable Development Goals) [69].

5. Conclusions

The main objective of this paper was the identification of the role of ESG factors in operational risk management and performance reporting in shared service centers (SSCs) in Poland. This study aimed to significantly contribute to the existing state of the art of ESG initiatives. The previously mentioned analysis described in Section 3.2 provides significant insights that could improve corporate decision-making and ease the creation of policies in this specific area by the initial development of a structural, relational model that examines the relationship between environmental, social, and governance (ESG) variables and risk management in shared services structures.
ESG risks should be analyzed with a much higher probability in entities employing more than 301 people and SSCs having more than 51 entities in the scope of services. In large SSC entities, there is an inevitable blurring of responsibility for the risk management process in favor of focusing on the elementary elements of the process performed within the SSC. This may directly impact risk management in the ESG area and pose a threat to identifying this risk in the activities of the shared services center. Based on empirical studies, it is evident that ESG risk are unrecognized in these organizations. Risk management in diffused organizations such as SSCs is characterized by blurred responsibility for risks and difficulties regarding ownership, accountability, and communication. This only confirms the novelty of this research and provides further direction.
The conclusion concerning Hypothesis 1 is as follows: The supposition that, to date, environmental, social and governance risks have not been considered by selected shared service centers was positively validated. At this stage, they focus only on basic financial risks and ignore the broader perspective. Thus, the promotion of the ESG practices of such organizations is currently the most critical consideration.
Concerning Hypothesis 2, following the introduction of a new EU directive, international corporations will be required to change their risk reporting strategy in cases of service outsourcing, one of the essential elements of the study concerned cross-checking as to whether the analyzed entities at the group level confirmed the implementation of a broadly understood corporate social responsibility approach; the answer was affirmative, which did not come as a surprise. However, the key question relates to how ESG-related activities will be cascaded down to subsidiaries, especially those that follow internally separated processes and often operate globally. Concerning the analysis of financial statements, at this stage, few entities even consider operational risk, including ESG-related risks.
However, the most significant change resulting from the CSRD will concern how management reflects the sustainability agenda in the company’s business strategy. Although some executives already incorporate ESG-related issues into their key activities, this practice is not yet widespread. The CSRD should change this situation by increasing the level of transparency. Under the provisions of the directive, management must demonstrate how they have assessed the business opportunities and risks related to sustainability issues and the possible impact on the company’s financial results. Company managers must explain whether and how the company’s overall strategy considers sustainability factors and their economic implications and plans to improve the company’s sustainability performance.
ESG comprises the core framework for enterprises pursuing sustainable development objectives. Integrating ESG into the business management and investment decision-making processes has become an international passport for enterprises to practice sustainable growth [70]:
  • Companies should re-examine their internal governance approach to consider how to fully exploit the positive impact of ESG on the economic consequences of aspects surrounding the appointment of senior management, the design of the organizational structure and employee training so as to actively build effective risk prevention and “protection” mechanisms.
  • Based on providing a comprehensive understanding of the importance of ESG, sustainable development policies and regulations and information disclosure systems should be designed in order to standardize the behavior of enterprises and to provide substantive suggestions for improving the ESG evaluation system from the practical perspective.
The policy directions indicated above will also serve to determine the direction of further research in this area, specifically regarding SSCs. The creation of a comprehensive set of potential operational risks, including ESG risks, would help prepare SSC entities to devote more attention to operational risks in their financial statements. At a time when robots and artificial intelligence can do work, and constant standardization and automation are becoming everyday occurrences, the fact that companies will look for ready-made solutions no longer arouses any emotions. Considering that processes in shared service centers are practically unified on a national and international scale, creating a standard relational model to be used at the organization level and at the process level that would apply to every structure (only if specific conditions are met) is the innovative direction for further research.
In addition, because purposive sampling was used in the article, a representative sample was not obtained, and inferences concerned a selected group of entities. The first results from the empirical research and the lack of appropriate data about the surveyed entities from a reliable source constitute a further research direction, which should address obtaining data on the entire population of entities meeting the study criteria requiring a nationwide survey. As a result of a nationwide study, conclusions that would apply to all SSCs in Poland could be obtained.

Author Contributions

Conceptualization, Z.Z. and M.S.; methodology, Z.Z. and M.S.; writing—original draft preparation, Z.Z.; writing—review and editing, M.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data presented in this study are available on request from the corresponding author. The data are not publicly available due to privacy restrictions.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Lee, S.; Park, J.-W.; Choi, D. The Effects of ESG Management on Business Performance: The Case of Incheon International Airport. Sustainability 2023, 15, 16831. [Google Scholar] [CrossRef]
  2. Au, A.K.M.; Yang, Y.-F.; Wang, H.; Chen, R.-H.; Zheng, L.J. Mapping the Landscape of ESG Strategies: A Bibliometric Review and Recommendations for Future Research. Sustainability 2023, 15, 16592. [Google Scholar] [CrossRef]
  3. Jámbor, A.; Zanócz, A. The Diversity of Environmental, Social, and Governance Aspects in Sustainability: A Systematic Literature Review. Sustainability 2023, 15, 13958. [Google Scholar] [CrossRef]
  4. Badia, F.; Bracci, E.; Tallaki, M. Quality and diffusion of social and sustainability reporting in Italian public utility companies. Sustainability 2020, 12, 4525. [Google Scholar] [CrossRef]
  5. Camilleri, M.A. Environmental, social and governance disclosures in Europe. Sustain. Account. Manag. Policy J. 2015, 6, 224–242. [Google Scholar] [CrossRef]
  6. European Union. Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 Amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as Regards Corporate Sustainability Reporting (Text with EEA Relevance); European Union: Brussels, Belgium, 2022. [Google Scholar]
  7. MfiPR. Raportowanie Niefinansowe—Kluczowy Element CSR/RBC.; Ministerstwo Funduszy i Polityki Regionalnej: Warszawa, Poland, 2019. [Google Scholar]
  8. Information Raportowanie Niefinansowe—Nowa Dyrektywa CSR. 2022. Available online: https://ksiegowosc.infor.pl/wiadomosci/5424598,Raportowanie-niefinansowe-nowa-dyrektywa-CSR.html (accessed on 11 August 2023).
  9. CSRD. Sprawozdawczość Przedsiębiorstw w Zakresie Zrównoważonego Rozwoju. 2022. Available online: https://www.consilium.europa.eu/pl/press/press-releases/2022/11/28/council-gives-final-green-light-to-corporate-sustainability-reporting-directive/ (accessed on 12 August 2023).
  10. ESGinfo. Dyrektywa CSRD—Kogo Dotyczy, Co Zmieni, Od Kiedy Obowiązuje. 2023. Available online: https://www.esginfo.pl/dyrektywa-csrd-czego-dotyczy-i-co-zmieni/ (accessed on 12 August 2023).
  11. Wartościowych, G.P.; ESG Reporting Guidelines. Guide for Issuers. 2023. Available online: https://www.gpw.pl/pub/GPW/ESG/ESG_Reporting_Guidelines.pdf (accessed on 11 August 2023).
  12. Nugroho, D.P.; Hsu, Y.; Hartauer, C.; Hartauer, A. Investigating the Interconnection between Environmental, Social, and Governance (ESG), and Corporate Social Responsibility (CSR) Strategies: An Examination of the Influence on Consumer Behavior. Sustainability 2024, 16, 614. [Google Scholar] [CrossRef]
  13. PWC. Dyrektywa CSRD Zmienia Strategię Tworzenia Wartości Firm. 2023. Available online: https://www.pwc.pl/pl/artykuly/dyrektywa-csrd-jakiezmiany-wprowadza-w-raportowaniu-esg.html (accessed on 12 August 2023).
  14. Moher, D.; Liberati, A.; Tetzlaff, J.; Altman, D.G.; The PRISMA Group. Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. Int. J. Surg. 2010, 8, 336–341. [Google Scholar] [CrossRef] [PubMed]
  15. Czakon, W. Podstawy Metodologii Badań w Naukach o Zarządzaniu; Oficyna a Wolters Kluwer Business: Warsaw, Poland, 2011. [Google Scholar]
  16. ABSL. Sektor Nowoczesnych Usług Biznesowych w Polsce 2022. 2022. Available online: https://www.paih.gov.pl/wp-content/uploads/0/145401/145483.pdf (accessed on 12 August 2023).
  17. Glinka, B.; Czakon, W. Podstawy Badań Jakościowych; Polskie Wydawnictwo Ekonomiczne Warszawa: Warsaw, Poland, 2021. [Google Scholar]
  18. ABSL. EMEA’s Business Services LANDSCAPE 2023. In A Snapshot of 18 Countries in the Region; ABSL: 2023. Available online: https://absl.pl/en/emeas-business-services-landscape (accessed on 12 August 2023).
  19. Ayyub, B.M. Risk Analysis in Engineering and Economics; Chapman and Hall/CRC: Boca Raton, FL, USA, 2003. [Google Scholar]
  20. Crouhy, M.; Galai, D.; Mark, R. The Essentials of Risk Management, 2nd ed.; McGraw-Hill Education: New York, NY, USA, 2014. [Google Scholar]
  21. Bernstein, P.L. Against the Gods: The remarkable Story of Risk; Wiley: New York, NY, USA, 1996. [Google Scholar]
  22. Kaczmarek, T.T. Zarządzanie Ryzykiem. Ujęcie Interdyscyplinarne; Difin: Warsaw, Poland, 2010. [Google Scholar]
  23. Zawiła-Niedźwiecki, J. Zarządzanie Ryzykiem Operacyjnym w Zapewnianiu Ciągłości Działania Organizacji; edu-Libri: Kraków/Warsaw, Poland, 2013. [Google Scholar]
  24. Jajuga, K. Zarządzanie Ryzykiem; PWN: Warsaw, Poland, 2019. [Google Scholar]
  25. Watkins, G.P. Knight’s Risk, Uncertainty and Profit. Q. J. Econ. 1922, 36, 682–690. [Google Scholar] [CrossRef]
  26. Sinkey, J.F. Commercial Bank Financial Management in the Financial-Services Industry; Prentice Hall: Hoboken, NJ, USA, 2002. [Google Scholar]
  27. Doerig, H.U. Operational Risks in Financial Services: An Old Challenge in a New Environment; Institut International D’Etudes Bancaires: London, UK, 2000; Available online: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=3f850df4c9cb94834356abfa91a921e7c667b3b7 (accessed on 12 August 2023).
  28. Tyszka, T.; Zaleśkiewicz, T. Racjonalność Decyzji: Pewność i Ryzyko; Ekonomiczne: Warsaw, Poland, 2001. [Google Scholar]
  29. Sierpińska, M.; Jachna, T. Ocena Przedsiębiorstwa Według Standardów Światowych; Wydawnictwo Naukowe PWN: Warszawa, Poland, 2007. [Google Scholar]
  30. ISO 31000:2018; Risk Management—Guidelines. ISO: Geneva, Switzerland, 2018.
  31. COSO. Compliance Risk Management: Applying the COSO ERM Framework. 2020. Available online: https://www.wlrk.com/docs/Compliance-Risk-Management-Applying-the-COSO-ERM-Framework_(1).pdf (accessed on 12 August 2023).
  32. COSO. Internal Control, Integrated Framework: Framework. 1992. Available online: https://www.coso.org/guidance-on-ic (accessed on 12 August 2023).
  33. BIS. Principles for the Sound Management of Operational Risk; Bank for International Settlements Communications: Basel, Switzerland, 2011. [Google Scholar]
  34. Zawiła-Niedźwiecki, J. Pojęcie ryzyka operacyjnego i klasyfikacja jego rodzajów. Przegląd Organizacji 2010, 30, 19–21. [Google Scholar] [CrossRef]
  35. Bizon-Górecka, J. Strategie zarzadzania ryzykiem w organizacji gospodarczej. Przegląd Organizacji 2001, 13–15. [Google Scholar] [CrossRef]
  36. Williams, R.; Bertsch, B.; Dale, B.; Van Der Wiele, T.; Van Iwaarden, J.; Smith, M.; Visser, R. Quality and risk management: What are the key issues? TQM Mag. 2006, 18, 67–86. [Google Scholar] [CrossRef]
  37. COSO; WBCSD. Enterprise Risk Management. Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks. 2018. Available online: https://aaahq.org/portals/0/documents/meetings/2021/ia%20cpe/sustainability%20cpe%20session%20july%2030%2021%20sobel%20slides.pdf (accessed on 12 August 2023).
  38. Bolibok, P.M. Does Firm Size Matter for ESG Risk? Cross-Sectional Evidence from the Banking Industry. Sustainability 2024, 16, 679. [Google Scholar] [CrossRef]
  39. Galletta, S.; Goodell, J.W.; Mazzù, S.; Paltrinieri, A. Bank reputation and operational risk: The impact of ESG. Financ. Res. Lett. 2023, 51, 103494. [Google Scholar] [CrossRef]
  40. BIS. Principles for the Effective Management and Supervision of Climate-Related Financial Risks. 2022. Available online: https://www.bis.org/bcbs/publ/d532.htm (accessed on 12 August 2023).
  41. Yazo-Cabuya, E.J.; Herrera-Cuartas, J.A.; Ibeas, A. Organizational Risk Prioritization Using DEMATEL and AHP towards Sustainability. Sustainability 2024, 16, 1080. [Google Scholar] [CrossRef]
  42. Nielsen, C. ESG Reporting and Metrics: From Double Materiality to Key Performance Indicators. Sustainability 2023, 15, 16844. [Google Scholar] [CrossRef]
  43. Blim, M.; Byczkowski, M.; Zawiła-Niedźwiecki, J. Koncepcja Zintegrowanego Zarządzania Bezpieczeństwem Organizacji; Marecki, F., Grabara, J.K., Nowak, J., Eds.; Systemy informatyczne; Bankowość i finanse; WNT: Warsaw, Poland, 2005. [Google Scholar]
  44. Matkowski, P. Zarządzanie Ryzykiem Operacyjnym; Oficyna Ekonomiczna-Wolters Kluwer Polska: Kraków, Poland, 2006. [Google Scholar]
  45. Conrow, E.H.; Pohlmann, L.D. Effective Risk Management: Some Keys to Success. Insight 2004, 6, 44. [Google Scholar] [CrossRef]
  46. Tarczyński, W.; Mojsiewicz, M. Zarządzanie Ryzykiem: Podstawowe Zagadnienia; Polskie Wydawnictwo Ekonomiczne: Warszawa, Poland, 2001. [Google Scholar]
  47. Bollinger, R. Lean risk management. In Proceedings of the PMI®Global Congress 2010, Washington, DC, USA, 9–12 October 2010; Project Management Institute: Newtown Square, PA, USA, 2010. [Google Scholar]
  48. De Giuli, M.E.; Grechi, D.; Tanda, A. What do we know about ESG and risk? A systematic and bibliometric review. Corp. Soc. Responsib. Environ. Manag. 2023, 31, 1096–1108. [Google Scholar] [CrossRef]
  49. Antoncic, M. Why sustainability? Because risk evolves and risk management should too. J. Risk Manag. Financ. Inst. 2019, 12, 206–216. [Google Scholar]
  50. dos Santos, E.F.; dos Santos Nunes, L. Methodology of Risk Analysis to Health and Occupational Safety Integrated for the Principles of Lean Manufacturing. In Advances in Social & Occupational Ergonomics. Advances in Intelligent Systems and Computing; Goossens, R., Ed.; Springer: Cham, Switzerland, 2017; Volume 487, pp. 349–353. [Google Scholar]
  51. Arvidsson, S.; Dumay, J. Corporate ESG reporting quantity, quality and performance: Where to now for environmental policy and practice? Bus. Strategy Environ. 2022, 31, 1091–1110. [Google Scholar] [CrossRef]
  52. Kaplan, R.S.; Ramanna, K. How to Fix ESG Reporting; Harvard Business School Accounting & Management Unit Working Paper: Cambridge, UK, 2021. [Google Scholar]
  53. Casciotti, P. A Comparison between Sustainability Frameworks: An Integrated Reading through ESG Criteria for Business Strategies and Enterprise Risk Management; FEEM Working Paper; Fondazione Enl Enrico Mattel: Milan, Italy, 2023; p. 18. [Google Scholar]
  54. Janicka, M.; Sajnóg, A. The ESG Reporting of EU Public Companies. Does the Company’s Capitalisation Matter? Sustainability 2022, 14, 4279. [Google Scholar] [CrossRef]
  55. Darnall, N.; Ji, H.; Iwata, K.; Arimura, T.H. Do ESG reporting guidelines and verifications enhance firms’ information disclosure? Corp. Soc. Responsib. Environ. Manag. 2022, 29, 1214–1230. [Google Scholar] [CrossRef]
  56. OECD. Policy Guidance on Market Practices to Strengthen ESG Investing and Finance a Climate Transition; OECD Business and Finance Policy Papers; 2022. Available online: https://www.oecd.org/publications/policy-guidance-on-market-practices-to-strengthen-esg-investing-and-finance-a-climate-transition-2c5b535c-en.htm (accessed on 12 August 2023).
  57. UN. The 17 Goals 2021. Available online: https://sdgs.un.org/goals (accessed on 18 December 2022).
  58. Zhao, Y.; Elahi, E.; Khalid, Z.; Sun, X.; Sun, F. Environmental, social and governance performance: Analysis of CEO power and corporate risk. Sustainability 2023, 15, 1471. [Google Scholar] [CrossRef]
  59. Hosmer, D.W., Jr.; Lemeshow, S.; Sturdivant, R.X. Applied Logistic Regression; John Wiley & Sons: Hoboken, NJ, USA, 2013. [Google Scholar]
  60. Duffy, M.N. Outsourcing a 401 (K) plan. J. Account. 2001, 191, 30. [Google Scholar]
  61. Smith, A. An Inquiry into the Nature and Causes of the Wealth of Nations. In Readings in Economic Sociology; Blackwell Publishers Ltd.: Oxford, UK, 2002; pp. 6–17. [Google Scholar]
  62. Porter, G. The Rise of Big Business: 1860–1920; John Wiley & Sons: Hoboken, NJ, USA, 2014. [Google Scholar]
  63. Trocki, M. Outsourcing: Metoda Restrukturyzacji Działaności Gospodarczej; Polskie Wydaw Ekonomiczne: Warsaw, Poland, 2001. [Google Scholar]
  64. Ciesielska, D.; Radło, M. Outsourcing w Praktyce; Poltex: Warsaw, Poland, 2011. [Google Scholar]
  65. IMA. Implementing Shared Services Centers. 2000. Available online: https://www.imanet.org/-/media/2b85bcf1f2c64b73b28a0562ff7947e9.ashx?as=1&mh=200&mw=200&hash=EE04FE44D7822316EBBCE0BBE5F96E1BBA5EA91C (accessed on 1 April 2021).
  66. Raz, T.; Hillson, D. A comparative review of risk management standards. Risk Manag. 2005, 7, 53–66. [Google Scholar] [CrossRef]
  67. Samagaio, A.; Diogo, T.A. Effect of computer assisted audit tools on corporate sustainability. Sustainability 2022, 14, 705. [Google Scholar] [CrossRef]
  68. Archer. ESG and Integrated Risk Management. 2021. Available online: https://go.archerirm.co/ESG_And_Integrated_Risk_Management?utm_source=google&utm_medium=cpc&utm_term=esg%20risk%20management&gad_source=1&gclid=CjwKCAiAgeeqBhBAEiwAoDDhn1aXENnboqW5ZUyv9xCwvjj7PLaHtO_2Pg5iswAA5_azlE0SCWbuKRoC_eYQAvD_BwE (accessed on 1 October 2021).
  69. Florêncio, M.; Oliveira, L.; Oliveira, H.C. Management Control Systems and the Integration of the Sustainable Development Goals into Business Models. Sustainability 2023, 15, 2246. [Google Scholar] [CrossRef]
  70. Li, T.-T.; Wang, K.; Sueyoshi, T.; Wang, D.D. ESG: Research Progress and Future Prospects. Sustainability 2021, 13, 11663. [Google Scholar] [CrossRef]
Figure 1. Characteristics of the sample based on employment and the number of entities in scope. Sources: Own study.
Figure 1. Characteristics of the sample based on employment and the number of entities in scope. Sources: Own study.
Sustainability 16 02413 g001
Figure 2. Processes migrated into the SSC structure based on employment. Sources: Own study.
Figure 2. Processes migrated into the SSC structure based on employment. Sources: Own study.
Sustainability 16 02413 g002
Figure 3. Processes migrated into the SSC structure based on entities in scope. Sources: Own study.
Figure 3. Processes migrated into the SSC structure based on entities in scope. Sources: Own study.
Sustainability 16 02413 g003
Figure 4. Structured risk management. Sources: Own study.
Figure 4. Structured risk management. Sources: Own study.
Sustainability 16 02413 g004
Figure 5. Reduction of losses for human errors, frauds and system issues based on employment. Sources: Own study.
Figure 5. Reduction of losses for human errors, frauds and system issues based on employment. Sources: Own study.
Sustainability 16 02413 g005
Figure 6. Reduction of losses for human errors, frauds and system issues based on entities in scope. Source: Own study.
Figure 6. Reduction of losses for human errors, frauds and system issues based on entities in scope. Source: Own study.
Sustainability 16 02413 g006
Figure 7. Confidence level for responses. Source: Own study.
Figure 7. Confidence level for responses. Source: Own study.
Sustainability 16 02413 g007
Table 1. Examples of materialization of ESG risks in corporations.
Table 1. Examples of materialization of ESG risks in corporations.
Name of the Company Time and Description of Event
BPIn April 2010, BP’s oil rig Deepwater Horizon exploded in the Gulf of Mexico, creating an environmental disaster and significantly impacting biodiversity. The total bill topped an estimated $65 billion between fines and cleanup costs. It is an example of realization ESG risk, operational risk (loss of reputation) and financial risk.
Volkswagen (VW)Poor governance resulted in millions of Volkswagen (VW) cars being recalled after the company admitted to falsifying emissions tests. As of mid-2020, the scandal had cost VW $33.3 billion in fines, penalties, financial settlements, and buyback costs. This is also an example of the realization of interconnected ESG, operational and financial risks.
McDonald’sIn 2019, McDonald’s introduced paper straws that turned out to be nonrecyclable. Aside from the questionable practice of cutting down trees to make disposable straws, this was a classic example of a corporate giant pretending to address an issue—in this case, plastic pollution—without actually doing anything. This is an example of so called Green Washing—the practice of making brands appear more sustainable than they really are.
Sources: own elaboration.
Table 2. Variables in the Equation.
Table 2. Variables in the Equation.
Sig.Exp (B)
Number of employees0.8260.895
Number of entities in scope0.6041.217
Sources: Own study.
Table 3. Analysis of the risks considered by Polish SSCs.
Table 3. Analysis of the risks considered by Polish SSCs.
Type of RiskCredit RiskLiquidity RiskExchange Rate RiskInterest Rate RiskOther Risks
No. of entities that analyze the specific risk3830464212
Structure
(no. of responses/total entities)
63%50%77%70%20%
Own study results.
Table 4. Operational risks and their sources in ESG.
Table 4. Operational risks and their sources in ESG.
Operational Risk TypeSource of Risk
Organizational riskFrequent changes in the organizational structure
Lack of an ESG risk management process or a process inadequate to the risk incurred
Incorrect definition of operational goals, tasks, and measures of their implementation
Documentation riskErrors in documentation
Incorrect documentation
Incorrect document flow
Supervision and control riskInadequate supervision of document flow
No control other than financial
Information and communication riskImproper circulation of information
No ESG procedures
Different interpretations of information
Human resources riskInternal fraud: unauthorized actions, intentionally made mistakes
Inappropriate HR policy and failure to maintain occupational safety: high employee turnover, too small a team of people to perform tasks, employee incompetence resulting from lack of training, improperly defined and/or assigned duties, responsibilities, and rights at individual positions, ineffective motivation system, personnel changes resulting from changes in the organizational structure
No candidates for specific positions
Failure of employees to comply with procedures and regulations
Unintentional mistakes made by employees
Untimely and unreliable performance of tasks
Health hazards due to working conditions
Taking no action
Risk of internal regulations and contractsNo instructions, adjustments, or updates
Occurrence of events unforeseen in instructions and regulations
Errors of a legal nature when drawing up contracts—risk related to failure to provide services, delivery of services or products by suppliers that are inconsistent with the order, failure to perform the contract due to errors of a legal nature
Risk of relations with the environmentLack of cooperation/conflicts between individual departments
Bad relationships with service providers
Bad relations with service beneficiaries
Own study based on [24].
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Zaporowska, Z.; Szczepański, M. The Application of Environmental, Social and Governance Standards in Operational Risk Management in SSC in Poland. Sustainability 2024, 16, 2413. https://doi.org/10.3390/su16062413

AMA Style

Zaporowska Z, Szczepański M. The Application of Environmental, Social and Governance Standards in Operational Risk Management in SSC in Poland. Sustainability. 2024; 16(6):2413. https://doi.org/10.3390/su16062413

Chicago/Turabian Style

Zaporowska, Zuzanna, and Marek Szczepański. 2024. "The Application of Environmental, Social and Governance Standards in Operational Risk Management in SSC in Poland" Sustainability 16, no. 6: 2413. https://doi.org/10.3390/su16062413

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop