ESG - Environmental, social and governance compliance is a critical factor regardless of the nature of your business.
Companies must look closely at their health and safety, environmental and broader human rights practices to ensure compliance to both their legislative and ethical principles.
Compliance is a heavy burden. Client needs, expectations and resultant contracts are looking to mitigate their risk through increased demands for compliance from their supply chain.
If you are part of a supply chain, you are part of another organisation’s risk mitigation strategy. Equally you need to manage your own risk mitigation strategy.
This means you need to practice due diligence with health and safety, environmental and wider human rights and fair-trading practices to ensure compliance not only with legislation, but also with moral and ethical standards.
Take a risk management approach
The risk management principles typically described in ISO standards such as ISO 31000 (risk management0 and imbedded in other standards provides a manageable framework for tackling ESG compliance.
Taking a risk approach means identify the scope of what ESG compliance means to your business, then quantifying the risks to your organisation and prioritising the management of risk. You can’t do everything:
Prioritise what is the law, client contractual and in the best interests of the organisation.
Assign resources according to priority and work through your priority list to achieve good ESG compliance.
Typically this approach results in an effective ESG Business Risk Register that forms the strategic approach and basis of good decision-making. The Risk Register remains a work in progress throughout the life of the business strategic planning process.
Initiate an integrated compliance management system
As with all decision making processes, decisions must be actioned – deliverables are required.
Take an integrated approach to systems management. Systems are key across the whole organisation, the days of siloed approaches to safety, HR, environmental and production systems are repetitive and cumbersome. They are no longer effective in today’s compliance and technological age.
The principles of compliance management as prescribed in ISO 19600 [compliance management systems] is a good model. The standard defines compliance as ‘an outcome of an organisation meeting its obligations’ by embedding it in the culture of the organisation and in the behaviour and attitude of its people and contractors/suppliers.
The integrated compliance management system should include:
Available and developing technologies
Legal and regulatory obligations
Ethical codes of conduct
Client/customer demands
Business needs including market advantage over competitors
The system must also be sustainable and to this end requires real time monitoring and performance reviews:
Due diligence audit structure – internal and also external where risk remains high
Systematic executive review and improvement program - senior management and Board reviews
Independent incident/breach reporting and investigation process