IsoMetrix is running a weekly series of articles supplied by GRC analyst and pundit, Michael Rasmussen. The articles are focused on Environment, Health and Safety (EHS) and Environmental, Social and Governance (ESG), and contain valuable insights for any organization involved in a risk-oriented environment. This is the third article in the series, here you can read the first and second articles too.
ESG – Environmental, Social, Governance – is a dominant focus in organizations right now getting board-level scrutiny and attention. Organizations around the world and across industries are challenged to define, implement, and report on ESG. These pressures are coming from all directions: investors, customers, employees, regulators, and activists. The reality is that ESG has teeth, and organizations must do something about it. The goal is to be an organization of integrity to ensure that the values, ethics, statements, commitments, relationships, and transactions are a reality in practice, process, relationships, and transactions.
The most unforgiving aspect of ESG is the S – Social. The world collectively is rapidly trying to address the E – Environmental, but we are all in the same boat trying to figure out the path for this. The G – Governance can land organizations in a lot of hot water and negative attention. But it is the Social aspect that is the greatest reputation and brand concern today. When organizations have issues of child labor, forced labor, socio-economic inequality, diversity, inclusion, and working conditions and are being dragged through the negative press on this, it can take years to recover if they can recover at all. You mention child labor and our minds go instantly to certain brands that struggled with issues decades back.
The reality is that social accountability does not start and stop with traditional brick-and-mortar walls and employees. To address social accountability and sustainability requires that organizations address these risks in the context of the extended enterprise of third-party relationships. Martin Luther King Jr stated, “Whatever affects one directly, affects all indirectly. I can never be what I ought to be until you are what you ought to be. This is the interrelated structure of reality.” Business today relies and thrives on the value chain of third-party relationships; this is the extended enterprise, and it is the challenge of business today to manage social accountability and sustainability across these relationships. The integrity and ability of the organization to act with integrity in the context of social accountability risks within the enterprise and across its third-party relationships is no easy task.
Delivering 360° situational awareness of social accountability
The writing is on the wall, organizations need to fundamentally change how they approach social accountability and sustainability internally and across the extended enterprise.
A social accountability and sustainability strategy requires that the organization has full 360° situational awareness of social risks and controls across the extended enterprise. The success of a social accountability program relies on the organization’s ability to:
Understand your social risk. An organization must clearly define and monitor their social accountability risks. This includes ongoing monitoring of social risks in a dynamic environment as the business is continuously changing and so are its social risks across the extended enterprise. Social accountability risk assessments should cover exposure in specific processes, services, relationships, and geographies.
Approach social controls in proportion to risk. How an organization implements social risk treatment procedures and controls is based on the proportion of risk it faces. If a certain area of the world or a business partner relationship, like a supplier, carries a higher social risk exposure, the organization must respond with stronger controls.
Tone at the top. The social accountability program must be fully supported by the board of directors and executives. Communication with top-level management must be bidirectional. Management must communicate that they support the social accountability program. At the same time, they must be well-informed about the effectiveness and strategies for social accountability initiatives.
Know your business and who you do business with. It is critical to establish a social accountability risk framework that continuously monitors social risks across the extended enterprise, the value chain. If there is a high degree of risk exposure, additional controls may be established in response.
Keep information current. Social accountability risk assessment efforts must be kept current. These are not point-in-time efforts; they need to be done on a regular basis or when the business becomes aware of conditions that point to increased social risk it needs to be prepared to react.
Social accountability oversight. The organization needs a group who is responsible for the oversight of a social accountability strategy as part of a broader ESG program. This requires a collaborative relationship across departments and functions from legal, corporate compliance/ethics, human resources, procurement, health and safety, and operations.
Established policies and procedures. Organizations need documented and up-to-date social accountability policies and procedures that address risks and sets expectations of conduct. These policies and conduct must be clearly documented and adhered to.
Assessment and continuous risk monitoring. In addition to periodic risk assessment, the organization must also have regular social accountability monitoring process to ensure that social risks are addressed in a dynamic context and how it impacts changing business processes, transactions, relationships, and services.
Manage business change. The organization must monitor for changes that introduce greater social risk issues. The organization must document changes that result from observations and investigations, and address deficiencies through a careful program of change management.
Organizations need to move beyond manual processes for social accountability risk across the extended enterprise and address a strategy, processes supported by a robust information and technology architecture to address these risks. Organizations should start defining an integrated strategy for social accountability and sustainability to address these forthcoming requirements and stakeholder demands in a unified and consistent approach.
The right software platform enables these areas through an integrated information and technology architecture to automate social accountability processes and monitoring. With technology, organizations can deliver on 360° situational social accountability risk and awareness across and deliver on full ESG monitoring and reporting.
About Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.