Today’s business leaders have inherited a turbulent market landscape in which they must understand, monitor and manage the impact their firms have on external entities, in a much wider sense than before. When considering their effect on the physical environment, their social responsibilities in areas like supply chain ethics, or their overall responsibility to society through effective governance practices, firms need to ensure they have a handle on environmental, social and governance (ESG) risk and compliance.
The benefits of ESG
An effective ESG practice delivers several benefits, including:
Reduced energy costs
Improved employee/labor relationships
Reduction in regulatory and legal intervention
Greater access to capital alongside revenue growth
A key challenge here is aligning the goals of ESG with current governance, risk and compliance (GRC) management disciplines and responsibilities already well-established within the business. Organizations must develop an integrated approach to the goals spanning ESG and GRC, using a data-driven approach.
The immediate future of ESG
A recent IDC FutureScape Report identified several predictions on sustainability that directly align with current GRC disciplines:
“By 2024, two-thirds of organizations worldwide will be tracking their diversity, equity, and inclusion performance using ESG metrics and KPIs.”
“Companies will extend their data privacy initiatives to surpass compliance requirements with 60% of enterprises establishing KPIs regarding the ethical use of data by 2023.”
“By 2023, 40% of organizations will mandate responsible sourcing policies and implement audit and accountability solutions requiring proof of compliance to build trust among consumers and stakeholders.”
These may sound like optimistic projections. But this sort of approach is a foundation for GRC management that firms have been applying for almost 15 years. ESG is simply an extension to these approaches.
Reduce, reuse, recycle
ESG risk management fits under the classic sustainability rubric of reduce, reuse, recycle:
“New” non-financial risk disciplines often bring a slew of additional solutions to market. But firms can reuse flexible GRC tools to extend their frameworks.
Reduction in the number of non-financial risk systems will reduce the overall running cost, deployment effort and environmental impact of implementing another platform. At a minimum, firms can minimize costly CAPEX and gain efficiencies in moving their risk management practices to the cloud.
An effective ESG program will look to:
Identify ESG risks against business objectives and external reporting frameworks through a risk assessment
Document and evaluate corresponding controls
Monitor achievement progress objectives and potential impediments using key indicators (KRIs/KPIs) and metrics
Manage the remediation of the gaps and identified issues through proper assignment, accountability and tracking mechanisms
Report on the position, progress, outcomes and regulatory alignment of ESG requirements
ESG is inherently linked to multiple existing GRC domains including operational risk, third-party risk, and policy and compliance management. In an effective integrated risk management initiative, the above 5 steps are directly aligned to the processes already in place, so businesses can look to manage their ESG profile through the reuse of existing GRC processes.
Conceptually this is as simple as extending categorization models; enhancing risk, control and indicator libraries; and adding new reports. In reality, this can be a challenging exercise. A flexible GRC solution allows your organization to try and deploy configuration changes easily and rapidly.
ESG, like GRC, is a data-hungry activity. Firms must look at their existing data inventory and look to recycle. Whether it’s feeds of data related to third-party content such as those provided by Supply Wisdom, regulatory change content from Thomson Reuters or internally generated content related to HR hiring practices and profiles, this type of content is crucial to help you understand, manage, and monitor the ESG stance of your business. Accordingly, many existing GRC platforms embed these data feeds natively into the platform.
Delivering an effective ESG program is not a simple exercise. Firms can align their ESG objectives with enterprise risk by adapting and extending existing policies, processes and systems within their GRC frameworks and supplementing with additional third-party content. Those firms who see ESG as a separate discipline will most likely achieve their goals, but they may be saddling their firm with yet another silo of risk management. Managers who do this have missed some of the core ethos of ESG.
It’s not necessary to reinvent the wheel with ESG. Adding new data systems, technology or processes often results in costly, inefficient programs that lose sight of the overall business objectives and performance. By aligning ESG objectives with your enterprise risk management program, you’re more likely to meet your ESG goals. Solutions like IBM OpenPages with Watson support those goals by providing a flexible enterprise risk platform that breaks down silos and opens up GRC capabilities to leaders across the organization, giving total visibility of the company’s risk position from one integrated point of view.