ESG has emerged as a critical factor shaping an organization's reputation, investor relations, and long-term viability because of heightened corporate responsibility and growing environmental and social concerns.
The demand for ethical and sustainable practices is driving businesses to prioritize ESG performance. ESG is now a foundational part of many modern organizations and a critical component of value propositions to stakeholders, partners, and clients.
However, ethical and sustainable practices often extend beyond individual organizations to include an intricate web of relationships within supply chains. Within these networks exist a multitude of potential ESG risks, ranging from environmental concerns like resource depletion and carbon emissions to social issues related to labor practices and community engagement, as well as governance challenges involving compliance and ethics.
Managing these diverse ESG risks and commitments as an organization and especially among suppliers can be a daunting task.
Third-party products and services expand an organization’s capabilities and consolidate its resources. But it can place them in a precarious position if there is a lack of visibility and control over those third-party operations.
It may lead to unseen risks and liabilities that cannot be controlled.
Holistic risk management needed
What’s needed is a system that unifies disparate variables and enables ESG risk management and compliance teams to proactively identify and solve ESG concerns throughout third-party relationships. Technology-enabled systems identify, integrate, and unify contributing risk factors within each relationship in a holistic, sustainable, and easily accessible way.
Everything is brought together in a way that allows decision-makers to be agile, efficient, and effective. They can unify and consolidate supply chain processes and frameworks into a third-party platform that manages ESG objectives as well as the risks that may exist within third-party relationships.
Create a framework
A comprehensive risk management system answers the right questions and makes connections between seemingly disparate concerns. The following three considerations are foundational to a risk management framework:
- Identify third-party risks. Risk identification is an ongoing process of monitoring an organization’s business, working, and process environments to identify opportunities and emerging risks that may impact overall ESG objectives and organizational performance. Regulatory, environmental, economic, geopolitical, and internal business factors can affect the success or failure of any organization and its relationships. There must be monitoring of relevant ESG legal and regulatory environments in corresponding jurisdictions to identify changes that could impact the business and its relationships.
- Assessing and prioritizing risks. Once an organization identifies an ESG risk, it’s necessary to consider how it might help or hinder overall achievement of ESG objectives. It’s a matter of assessing third-party relationships and the risks that may be apparent in those relationships. An organization should do ongoing due-diligence assessments that might start with survey questionnaires and attestations by partnering with third parties regarding ESG risks and controls in place. These assessments should consider relationships and the components that build those relationships.
- Mitigate risks and enhance ESG performance. Strong ESG risk management controls address problems and mitigate concerns brought to light by the first two steps. Strong ESG initiatives are enabled by fundamentally sound risk management practices, such as those established in ISO 31000. Strong document and policy controls help ensure risk mitigation and control measures are properly communicated and relevant. Unified data, monitored controls, and enabling actors throughout the first, second, and third lines of defense, plus a robust operational resilience program are all key pillars in an ESG risk management strategy and will contribute to positive outcomes. Extending these paradigms to third-party partners allows them to also gain value from diligent controls used throughout a supply chain.
Long-term risk mitigation requires continuous monitoring mechanisms to ensure there is sustained ESG compliance and accountability. Continuous monitoring reveals emerging threats and allows organizations to identify anomalies and take action at the first signs of systemic weaknesses.
This blog post is an excerpt from the Enablon whitepaper, Identifying Third-Party Risk in the Context of ESG.
