Informa Markets

Author Bio ▼

Safety and Health Practitioner (SHP) is first for independent health and safety news.
April 4, 2024

Get the SHP newsletter

Daily health and safety news, job alerts and resources

Understanding the relationship between the key sustainability principles

Florian Haarhaus, International General Manager at management software firm, NAVEX, explores common buzzwords around sustainability and the importance of having the right compliance program in place.

Florian Haarhaus

The importance of Governance, Risk, and Compliance (GRC) in achieving a business’ Environmental, Social, and Governance (ESG) goals is much talked about in today’s highly regulated landscape already. But how do all the critical sustainability principles – Environmental, Health, and Safety (EHS), Security Risk Category (SRC), GRC, and ESG – work together?

A considerable amount of overlap exists among these acronyms. They can be mapped into a word square:

E  H  S

S       R

G  R  C

That is, all EHS risks are also ESG risks and GRC risks, which are considered in SRC; but not all ESG risks are GRC risks, and vice versa. They all have different intents, scopes, and impacts, so it is important to understand what each principle entails and how they are applied.

With the everchanging risk and regulatory landscape, Compliance Officers must be able to capture all necessary information about these intertwining priorities, so the company can both fulfil its regulatory compliance obligations and meet its risk management goals in an efficient, reliable manner.

Differentiating the buzzwords

It is essential to decipher what those acronyms mean as Compliance Officers need to be able to guide other employees to manage risk in a cohesive manner. To demystify the governance of these sustainability principles, it is essential to fully understand what each entail as they all have a legitimate role to play.

  • EHS (Environmental, Health, and Safety) – a specific subset of regulatory obligations that can include legally required environmental protection measures, sanitary standards for consumer products, and workplace safety rules.
  • SRC (Security Risk Category) – categorises every threat as either physical, human, or cyber. This is a critical aspect of risk management that empowers Compliance and/or Security Officers to focus their security risk strategies and simplify tasks.
  • GRC (Governance, Risk, and Compliance) – a GRC program is at the heart of risk management as it helps a business to comply with its regulatory obligations and govern its operations so that emerging threats can receive prompt attention and be mitigated.
  • ESG (Environmental, Social, and Governance) – these factors need to be addressed by most companies right now as they might be required by regulation, such as anti-pollution or fair labour standards. Others might be voluntary, such as a commitment to using clean energy or offering employees paid time off to volunteer for good causes.

The convergence of these areas has become far more prominent in the business world, with sustainability, risk management capabilities, and social responsibility being competitive advantages.

As companies continue to move forward into an era of corporate sustainability, however, the need for strategic planning and coordination within the organisation is going to become even more important: an indispensable capability that compliance and risk teams will need to get right.

How to manage the regulatory landscape

SustainabilityThe key to successfully managing the regulatory landscape is understanding the risks involved. With this knowledge, the responsible teams can collect the relevant data and immediately commence the mitigation process.

To put this into perspective, consider the risk of forced labour in the supply chain. This can easily become a GRC issue as the company might be required to perform supply chain due diligence to comply with the German Supply Chain Due Diligence Act, the Norwegian Transparency Act, and the Modern Slavery Act in either the United Kingdom or Australia, and other laws.

Forced labour is simultaneously a ‘S risk’ in ESG, since it can lead to bad publicity, consumer boycotts, and soured business relationships.

An effective compliance program, that leverages the right technology, will bring overlapping demands to light and help an organisation to map risks and regulatory compliance obligations visually so decision-makers can see which issues occur repeatedly. With that insight, they can determine the policies and controls that will serve all those interests most effectively.

As corporate sustainability and regulatory compliance keep intersecting (per the forced labour example above), a compliance system that can help navigate that convergence will become increasingly more important. The correct compliance technology for the business will be able to deliver the following:

  • Incorporate new regulations and sustainability demands into existing compliance frameworks.
  • Identify the overlap among those EHS, SRC, ESG, and GRC demands to determine which controls, policies, or procedures will satisfy multiple needs.
  • Help collect and track that data in one central repository, for better reporting and a sense of the organisation’s ‘compliance posture’ at any given moment.

Whilst financial reporting, privacy, and security have been business concerns for decades already, the most pressing challenge for companies right now is sustainability. However, with clever use of GRC technology, decisionmakers will be able to identify and manage risks efficiently and at scale for the long term.

Related Topics

Notify of

Inline Feedbacks
View all comments