IsoMetrix is running a weekly series of articles supplied by GRC analyst and pundit, Michael Rasmussen. The articles are focused on Environment, Health and Safety (EHS) and Environmental, Social and Governance (ESG), and contain valuable insights for any organization involved in a risk-oriented environment. This is the second article in the series, you can read the first article here.
We are at a critical point in history, a point that can lead to two very different outcomes. The decisions organization’s make today and how they manage environmental, health and safety risk set all of us on a path for our world in the future.
In my keynotes and presentations, I ask the question: What is our future?
Are we, as a global society, that our organizations are part of, headed toward a Blade Runner future or a Star Trek future? In Blade Runner, you have a dark dystopia of social, ethical, and environmental disasters. In Star Trek, you see a green and prospering world where the environment and society thrive, and there is great social diversity and cooperation across galactic races.
My issue is that many enterprise risk management programs, and the technology they utilize to manage risk, are limited in scope. If you look at these programs you would think that IT risk (e.g., cyber risk, digital risk) are the greatest concern. My point of view is that IT/information risk is a great concern, but environmental and health and safety risks, are a GRAVE concern. And I mean that term literally. Environmental and health and safety risks need to be a critical part of the organization’s enterprise risk, operational risk, integrated risk, and supporting technology agendas.
The reality is that organizations need a true enterprise view of risk, and this view must include environmental risk and climate change impact on the business as well as health and safety risks. This is becoming even more critical with the focus on ESG Reporting – Environmental, Social & Governance. Pressure is mounting from multiple fronts for organizations to implement ESG reporting in their organizations as they respond to pressure from investors, regulators, lawmakers, employees, clients, and activists.
CALL TO ACTION: It is time that our risk management information and technology architecture address and support an integrated view of ESG (environmental, social, governance) and EHS (environment, health and safety) in context of enterprise/operational risk management.
However, when the organization approaches EHS in manual processes and disconnected silos that do not collaborate with each other there is no possibility to be intelligent about risk decisions that could impact the organization and its operations. Siloed initiatives never see the big picture and fail to put risk in the context of the organization and its objectives, resulting in complexity, redundancy, and failure. When the organization approaches EHS risk in scattered silos that do not collaborate with each other, there is no possibility to be intelligent about risk and understand its impact on the organization.
EHS software facilitates risk data collection, improves data accuracy, and streamlines risk reporting. This enables the organization to effectively manage the regulatory and policy-based guidelines and processes for protecting and reporting on the workforce, workplace, resources-under-management, and external environment impact of an organization’s activities. This includes the management of risks to:
Environment. EHS software monitors, analyzes, records, and reports organizational activity focused on compliance with environmental laws and regulations, related corporate policy related to managing environmental controls and conditions, and assessing the environmental impact of the corporation’s operations, strategies, and plans.
Health & safety of the workforce and customers. EHS software manages the regulatory and policy-based guidelines and processes for protecting and reporting on the workforce, workplace, resources-under-management, and external environment impacted by an organization’s activities.
Critical capabilities organizations should evaluate in assessing EHS software to streamline EHS risk data collection, data accuracy, and risk reporting are the capability to:
- Manage the overall EHS management program from planning, staff, projects, assessments, workflow, tasks, and activities.
- Maintain a register of all EHS risks and compliance obligations that is cross-mapped to policies, risks, controls, organizational/entity structure, subject matter experts, and more.
- Manage change to EHS obligations as regulations, enforcement actions, ethics, ESG statements, standards, and related sources.
- Provide for EHS risk assessments and evaluation.
- Have a defensible audit trail of EHS activities to demonstrate an effective program to stakeholders.
- Track EHS attestations, interactions, and regulatory reporting where needed.
- Manage and process EHS related forms.
- Report and remediate issues of EHS in the enterprise.
In the end, the right EHS software should provide greater context and information into ESG as well as enterprise and operational risk reporting. It also delivers value by providing an integrated process, information, and technology architecture to manage and monitor EHS risks that is more efficient, effective, agile, and resilient over manual processes encumbered by documents, spreadsheets, and emails.
About Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.