This primer on operationalizing Environmental, Safety and Governance (ESG) goals explores the evolution of risk and compliance management, articulates the key role of ethics and compliance learning, and highlights the transformative power of platforms that connect risk management data with an ethical culture across the enterprise.
In this article, ESG: Strategic Approaches to Thrive in the New Era of Risk and Compliance Management, It is no longer the case that Risk and Compliance management are quiet, unseen activities, only visible when something doesn’t work. Companies now are expected to demonstrate in stark relief how they are managing their impact on the Environment and Society around them and to be transparent about how they Govern themselves.
- Expansion of the risk & compliance domain
- Streamlining safety
- Adding sustainability to the equation
- Emphasizing societal impact and governance
- What to look for in a connected platform for ESG
Managing organizational, financial, regulatory and reputational risk has long been a core discipline of organizations in highly regulated industries. However, in recent years the rise of the activist shareholder, followed by increasingly sophisticated regulators and deeply empowered customers and employees has combined with a more complex array of risks to elevate the importance of broad, comprehensive and integrated risk and compliance programs.
Risk and compliance management is no longer a quiet, unseen activity only visible when something doesn’t work. Companies are now expected to demonstrate in stark relief how they are managing their impact on the environment and society around them and to be transparent about how they govern themselves. In the face of this challenge, the enterprises that thrive will be those who build unified, connected and integrated ESG (Environmental, Social and Governance) strategies that build on and elevate their GRC (Governance, Risk and Compliance), EHS&S (Environment, Health, Safety and Sustainability) and Ethics and Compliance Learning programs.
In the face of this challenge, the enterprises that thrive will be those who build unified, connected and integrated ESG (Environmental, Social, Governance) strategies that build on and elevate their GRC (Governance, Risk and Compliance), EHS&S (Environment, Health, Safety and Sustainability) and Corporate Learning programs.
This primer will explore the evolution of risk and compliance management, articulate the key role of ethics and compliance Learning and highlight the transformative power of platforms that connect risk management data with ethical culture across the enterprise.
Expansion of the risk and compliance domain
The role of risk and compliance, critical to the success of any enterprise, has evolved over many years to meet very specific objectives—often within specialized departments. For example, the wider range of financial, enterprise or operational risks may be tracked, measured, mapped to controls and monitored by one department while business continuity and vendor risk would reside elsewhere. Regulatory compliance is often managed in the office of the Chief Compliance Officer or General Counsel, while IT risk has become quite specialized. Managers responsible for environmental matters, workforce and workplace Health and Safety, and community matters each remained focused on the risks inherent to their own objectives.
This approach developed largely due to reliance on manual processes, a simpler risk taxonomy and specialized knowledge sets, with less focus on the complete risk picture at the board and C-Suite level.
In the new era of ESG, it is not sufficient to address risks quietly in the shadows. Companies are expected to show not just financial results but to be transparent about their impact on the environment and society in increasingly measurable ways. Shareholders, regulators, customers and employees expect more—and to thrive in this new paradigm, organizations must connect data, information, knowledge and values across the enterprise.
Central to achieving this is the enterprise-wide distribution and understanding of the right level of information to each employee, to enable every worker to mitigate risk and drive safety performance within their role. That information must include clear and consistent policies that support the organization’s stated ESG posture and an integrated training program that brings employees together around clearly defined goals and shared values. These policies and programs are key to bolstering a culture that encourages consistent ethical, responsible and compliant choices.
Beyond policy and training, the organization’s risk management systems must be able to gather risk and safety information along with measurable KPIs (Key Performance Indicators) around impact and ESG goals and synthesize this information for executives and board members.
For risk management leadership to be effective, every area of the business must be united. Leaders throughout the organization must have the full picture of risk to coordinate between departments. Leadership should align this picture of risk with the organization’s Code of Conduct and the outcomes of compliance learning programs, providing the framework to set priorities and define behaviors that achieve desired ethics and compliance goals. Systems must advance to collect, centralize and analyze data from each area of the business to create a comprehensive view of risk and progress toward objectives.
Streamlining safety
The global shock of the Covid-19 pandemic has fundamentally and rapidly changed the way organizations look at protecting customers and employees, elevating the importance of safety in deeply palpable ways. From the offices of the C-Suite to the desktop, store front, production line or emergency room, safety is now a stronger priority than ever before.
The pandemic has caused major upheaval in the way organizations manage and report on safety processes. Crucial audits, inspections and training must be completed consistently and in a timely manner. After the significant increases in need for Covid-19-related inspections, tracking of employee health checks, collecting information on vaccination status and communicating proper protective procedures (e.g., mask requirements) it is clear that paper-based methods cannot scale to support the need for auditproof, traceable, accurate and timely information.
Organizations also face the challenges of an increasingly distributed workforce, with work-from-home broadening the definition of the workplace. Beyond managing the delicate balance of the hybrid workplace and adjusting policies as the pandemic evolves, companies must also grapple with a new phenomenon: the Great Resignation. With employees leaving and joining jobs at never-before-seen levels, onboarding, ramping up and engaging talent is a laborious undertaking and organizations cannot afford to lose precious time. Automation is now essential.
Add to these growing burdens the original responsibility of addressing and preventing non-Covid-19 incidents and accidents, safety has become a responsibility that can only be addressed through technology.
The solution to this extra burden on managers and employees is a shift from legacy manual programs to a digital platform that scales to meet the challenges of the moment.
A digitized EHS & Sustainability technology platform enables real-time data capture and puts essential information in the hands of employees and managers who need it to make the right decisions faster. Employees can complete audits and inspections, create safety alerts and submit crucial hazard and incident reports with a simple tap of their mobile app. Submissions are instantly recorded in the centralized data center and managers can have a 360-degree view of what is happening in real time rather than waiting for data to be collected and analyzed for overall trends retroactively.
Digitizing safety processes ensures work can continue and critical tasks can be completed safely and more efficiently. It also continually engages workers in safety, anywhere, anytime. With a mobile workforce, frictionless access and the ability to share critical safety information regardless of location encourages strong participation from all stakeholders in the organization’s risk mitigation programs. A mobile platform can only drive reporting change if employees know how to use it and are motivated to do so, making it essential to choose one that provides access to the relevant compliance and safety training that guides behavior.
A connected platform with integrated training aligned to policy, procedure, code of conduct and values is the sound path that safety leaders can follow for ESG results.
Adding sustainability to the equation
Sustainability is a broad umbrella term encompassing the responsibility to conserve our environment and natural resources and to protect global ecosystems to support health and wellbeing–now and in the future. It’s an increasingly visible priority and top-of-mind for shareholders, customers and employees—not to mention regulators. Beyond doing the right thing, climate change and climate-related events are increasingly being acknowledged as material business risks that must be accounted for. The focus on the environment as part of sustainability efforts has come to the forefront for the majority of the world’s organizations.
A 2021 survey of CEOs around the globe indicates that 89 percent are intent on maintaining and building upon the sustainability efforts made during the onset of the pandemic.
Investors are a significant motivator for organizations to set, make and meet sustainability goals, from both a reputational and financial point of view. It has long been evident that ignoring the will of activist investors can make a company a target for divestiture, but a new survey from Gartner reveals that CFOs who take a responsive “capital activist” approach to allocation strategy can add 2.5 percentage points to economic value added compared to unresponsive peers.
With reputation and economic value on the line, it’s clear that sustainability must become an integral part of doing business and be seen as critical in safeguarding investments—but leaders in these spaces don’t know where to start.
Finding tools for transparency
Many companies have experienced the major risks associated with “greenwashing” in corporate sustainability or ESG reports. This term refers to the action of portraying a company’s sustainability or climate-friendliness as much more significant than it is, with the intention of placating consumers and investors. A popular mode of greenwashing is companies attempting to get down to “net-zero” carbon emissions by buying carbon offsets rather than modifying operations to release less carbon in the first place.
This tactic is falling out of favor as regulators and investors place metrics under greater scrutiny. A recent analysis of climate pledges from the world’s biggest companies revealed that these organizations have been significantly exaggerating the impact of their climate actions through greenwashing and dubious or incomplete reporting on emissions. On the heels of this revelation, the U.S. Securities and Exchange Commission (SEC) has introduced proposed rules that will require standardized reporting with the goal of making sustainability data accessible and digestible for investors.
Sustainability efforts are first and foremost an exercise in transparency. Any steps you take must be communicated to stakeholders, and the results need to be crystal clear and auditable. To achieve these two goals, the platform used must enable leadership to:
- Understand what policies are and regulations are applicable
- Capture the current state of sustainability concerns such as greenhouse gas emissions (GHG), water and energy use, and waste management
- Set manageable sustainability goals, targets and action plans
- Standardize the management of qualitative and quantitative sustainability metrics
- Automate data collection for enhanced quality and auditability
- Report on sustainability performance and communicate progress transparently to stakeholders
Of course, digital tools can only support effective sustainability efforts when the CEO fully backs the programs and makes it clear through stakeholder communications. Sustainability must become a core value and taken seriously as a potential risk if organizations are to make needed changes swiftly enough to keep up with reporting requirements and stay ahead of intensifying investor sentiment on ESG issues.
Emphasizing social impact and governance
In measuring their impact on society, companies may consider a wide range of initiatives. Community investment and equity in access to services, governance guardrails that ensure ethical supply chains, internal controls to ensure that the company’s records are beyond reproach, a culture where employees are empowered speak up and solid IT risk programs to protect the privacy of employees and customers are all imperatives.
Among the most visible however, is how companies manage Diversity, Equity and Inclusion (DEI). DEI initiatives have long been rolled out in companies large and small, but with mixed results. There is little evidence that such programs are making the intended impact. The ESG imperative now requires that leaders create new ways to measure progress going forward as DEI metrics become increasingly more important to consumers and investors.
A STUDY OF DEI EXECUTIVES REVEALS SOME KEY STATISTICS:
- 89% of organizations have a formal DEI strategy
- 79% of companies are raising the DEI budget for 2022
- 58% of DEI leaders say the CEO or other executives are involved in DEI decisions, but only 13% of those senior executives are publicly proactive in their support
- Only 15% of those surveyed felt “extremely confident” that employees felt “a sense of belonging, inclusion, and psychological safety”
This major disconnect between resource allocation, executive participation and confidence in outcomes leads back to one central failure: A lack of data and analysis across time. The bar for presenting data is currently quite low, but as leading companies continue to use sophisticated platforms to present a more holistic view of what is working and shape strategy for the future, failure to integrate DEI into ESG through metrics is becoming an alarmingly large risk.
Organizations must be able to capture employee self-identification, rates of training completion, levels of employee satisfaction and rates of hiring, promotion and attrition when it comes to marginalized groups. This must then be leveraged to drive tangible actions and programs to close gaps.
Having the capacity to capture DEI data is a must but providing effective learning on the topic is the way to drive organizational change on the matter. Without a company culture that supports DEI and belonging, the needle won’t move—so integrating training that helps uncover unconscious biases that maintain the status quo is central to connected DEI intelligence.
Handling the hybrid workforce
Adapting to the risks and opportunities of the fully or partially remote workforce is a difficult and fast-changing challenge for most companies. On one hand, remote work has increased the potential talent pool, eliminated burdensome commutes for many and allowed employees to enjoy more flexibility of work and life balance. Companies have been able to reduce their office space costs and, in many ways, their environmental impact. However, this does not come without risks.
THREE RISKS IN PARTICULAR STAND OUT:
- Data breaches: While IT safeguards go a long way to prevent attacks, the most susceptible area is employees. Phishing attempts by cybercriminals are constant and in a remote world, IT departments have less control over factors like wireless network security and the physical security and privacy of laptops and other devices.
- Employee engagement: While many employees enjoy the freedom and flexibility of remote work, some yearn for connection with their team and others still will be less engaged with the company mission and more susceptible to attrition. Finding new ways to bring people together when they want to interact, with the flexibility to work remotely in a way that respects their work-life balance and safety is critical. This must be supported by clearly articulated HR and IT policies, which is only possible through policy management automation and engaging, measurable and effective corporate training.
- Conduct and HR violations: Communication over increasing numbers of digital channels without in-person oversight has resulted in a surge in harassment and other misconduct that 51% of employees have personally experienced. Streamlining reporting and analyzing the data is a key tool in ensuring an ethical and respectful culture despite remoteness and a critical defense against losing employees or costly litigation.
This is another area in which learning and technology combine to take center stage as a risk mitigation tool. While some of the above incidents are perpetrated with malicious intent, a significant percentage occur due to a lack of understanding of code of conduct and internal policies. Having a learning system integrated into a compliance platform is the most effective way to identify and track and improve competence in these areas.
A connected platform can pull in information from HR, IT and other areas of the business and put it into the context of risk. Leaders can discover key relationships such as the correlation between the rate of data incidents and learning outcomes, or the rate of HR reports after a policy audit. A comprehensive view of internal risks will be key to maintaining strong IT risk management, preserving organizational reputation and retaining workers through the Great Resignation.
What to look for in a connected platform
Upon examining the rapidly evolving threats organizations contend with, it is clear the solution is to break down silos and connect risk, compliance, safety, sustainability and learning management. To do so, organizations need an intelligent platform that streamlines the discovery, analysis and mitigation of threats the business. The ideal platform is:
- Unified: Eliminates silos altogether with a central repository of data and common platforms
- Modular: The platform should support your goals today, with modular extensibility to support you in the future
- Simple: A frictionless user experience without excess complexity is the best way to ensure fast adoption at scale
- Mobile: Users should be able to interact with the platform anytime, anywhere, making mobile integration a key advantage
- Visual: Smart data visualization is the most effective way to bring risk management data to life and inspire strategic thought about next steps
- Intelligent: Automation reduces the administrative burden on risk management professionals so they can focus on meeting goals and mitigating threats
The right platform brings disparate areas of risk into full view so organizations can spend less time on redundancies and manual processes, and more time on strategizing to meet business goals. It should also offer relevant learning solutions to empower employees at all levels to strengthen the organization’s compliance and risk mitigation efforts.
