Florian Haarhaus, International General Manager at management software firm, NAVEX, explores common buzzwords around sustainability and the importance of having the right compliance program in place.
Florian Haarhaus
The importance of Governance, Risk, and Compliance (GRC) in achieving a business’ Environmental, Social, and Governance (ESG) goals is much talked about in today’s highly regulated landscape already. But how do all the critical sustainability principles – Environmental, Health, and Safety (EHS), Security Risk Category (SRC), GRC, and ESG – work together?
A considerable amount of overlap exists among these acronyms. They can be mapped into a word square:
That is, all EHS risks are also ESG risks and GRC risks, which are considered in SRC; but not all ESG risks are GRC risks, and vice versa. They all have different intents, scopes, and impacts, so it is important to understand what each principle entails and how they are applied.
With the everchanging risk and regulatory landscape, Compliance Officers must be able to capture all necessary information about these intertwining priorities, so the company can both fulfil its regulatory compliance obligations and meet its risk management goals in an efficient, reliable manner.
It is essential to decipher what those acronyms mean as Compliance Officers need to be able to guide other employees to manage risk in a cohesive manner. To demystify the governance of these sustainability principles, it is essential to fully understand what each entail as they all have a legitimate role to play.
The convergence of these areas has become far more prominent in the business world, with sustainability, risk management capabilities, and social responsibility being competitive advantages.
As companies continue to move forward into an era of corporate sustainability, however, the need for strategic planning and coordination within the organisation is going to become even more important: an indispensable capability that compliance and risk teams will need to get right.
The key to successfully managing the regulatory landscape is understanding the risks involved. With this knowledge, the responsible teams can collect the relevant data and immediately commence the mitigation process.
To put this into perspective, consider the risk of forced labour in the supply chain. This can easily become a GRC issue as the company might be required to perform supply chain due diligence to comply with the German Supply Chain Due Diligence Act, the Norwegian Transparency Act, and the Modern Slavery Act in either the United Kingdom or Australia, and other laws.
Forced labour is simultaneously a ‘S risk’ in ESG, since it can lead to bad publicity, consumer boycotts, and soured business relationships.
An effective compliance program, that leverages the right technology, will bring overlapping demands to light and help an organisation to map risks and regulatory compliance obligations visually so decision-makers can see which issues occur repeatedly. With that insight, they can determine the policies and controls that will serve all those interests most effectively.
As corporate sustainability and regulatory compliance keep intersecting (per the forced labour example above), a compliance system that can help navigate that convergence will become increasingly more important. The correct compliance technology for the business will be able to deliver the following:
Whilst financial reporting, privacy, and security have been business concerns for decades already, the most pressing challenge for companies right now is sustainability. However, with clever use of GRC technology, decisionmakers will be able to identify and manage risks efficiently and at scale for the long term.
