In light of the increasing integration of environmental, social, and governance (ESG) across corporate programs, third-party risk managers should examine the impact of the new ESG regulations and standards within their third-party risk management (TPRM) programs.
In our recent How Risk Leaders Mitigate ESG Risk In Their Supply Chains and Expedite Due Diligence webinar, panelists examined how risk leaders can shift to adopt ESG principles. They also shared best practices and emerging research on how to mitigate ESG risk to ensure due diligence in their third-party risk programs.
Speakers in the webinar included:
The webinar began with a poll asking attendees if they know what stage their ESG program is in within their organization. Below are the results:
ESG stands for Environment, Social, and Governance throughout the supply chain. Environmental considerations include climate change mitigation and adaptation. Social considerations refer to issues of inequality, inclusiveness, labor relations, investment in human capital and communities, as well as human rights issues. Governance touches on the public and private institutions – including management structures, employee relations, and executive remuneration – that play a fundamental role in ensuring the inclusion of social and environmental considerations in the decision-making process.
Fiona O’Brien shared that her organization has been focusing on their strategy for the past year based on data being reported. She has shared with the board at her organization an ESG plan for the next two years, how they’re going to grow and develop it, and how they’re going to integrate. She said, “ESG has been at the forefront of discussions the last couple of years. If you are an organization just now creating an ESG program start by looking at the sourcing side and see what can mature there. The second is looking at the data.” Here is a checklist when reviewing the data:
“Technology is going to be key a factor. As part of our planning, you are looking at the resourcing that’s going to be needed for the budget. How are you going to get the assurance? How much could you automate?” explained O’Brien. She continued, “Policies have developed, processes have to be defined, and executing the practices is crucial.”
O’Brien emphasizes: “When it comes to data and reports, the sourcing of data is a challenge. A few factors to consider are what are you going to assess it against? Who’s going to do the assessment? Who is going to monitor it?” When you’re setting that criteria for ESG, or exclusion criteria, the data then needs to be able to provide you with the information in the right format in the right way to make those decisions based on your criteria. The whole database is key to all of this and getting where’s the source of our data? What data do we have existing data that we can use? How can we use it across the business?”
“Start by applying a lot of different standards and asking questions. Secondly, look at the existing population of vendors that your organization has from the supply and sourcing side. Think about an action plan if one of your vendors is not meeting your new requirements,” stresses John Bree. He continues, “It’s not about ESG data, it’s about relationship data.”
Organizations without effective ESG strategies or practices could suffer far worse consequences as ESG concerns continue to grow in light of the global events and conditions. We encourage members of our community to join Shared Assessments ESG TPRM Strategy Group. This group will focus on mature third-party risk management sustainability practices in today’s fast-paced ESG arena. This committee seeks participants from all organizations with an ESG third party risk agenda, no matter what level of ESG TPRM experience an entity has under its belt.