ESG legislation requires a continuous approach to risk monitoring

Due diligence legislation recently passed in the EU and US has introduced new disclosure regulations for major global businesses and their supply chains.

The EU Council passed the Corporate Sustainability Due Diligence Directive (CSDDD) on 15 March after months of debate, mandating that companies identify, prevent, mitigate and account for negative human rights and environmental impacts throughout their operations and value chains.

The US Securities and Exchange Commission (SEC) passed the Climate-Related Disclosure rule on 6 March, requiring that companies promptly disclose details of how climate change affects their business and the climate impacts of their suppliers.

These are just two examples of global Environmental, Social and Governance (ESG) regulations coming into effect, with movement also seen beyond the EU and US from the China Stock Exchanges’ first ESG reporting guidelines.

In a fragmented, fast-moving global supply chain landscape, organisations should be asking – how do we need to adapt in light of these changes? Complying with these heightened ESG expectations requires a more proactive and continuous, digitally enabled approach to risk management. Welcome to the era of Assurance 4.0.

The need for visibility

While many companies have good visibility of their own operations, ensuring due diligence and compliance throughout complex global supply chains is a challenge.

We can all think of examples where poor labour or environmental practices have been uncovered by investigative journalists, to the surprise of the companies and brands whose supply chains they have been hidden in.

Fragmentation makes it harder for companies to detect these issues, safeguard their employees, protect their operations and their reputations. It can also impede the flow of information through a supply chain.

Reduced transparency may also result from a lack of integration among technology systems, internal functions, business processes and access to data. The resultant cost of inefficiencies, duplication of efforts, difficulties in sharing information, misalignment of activities and reduced responsiveness cannot be ignored.

The answer lies in increased visibility, achieved through improved data collection and analysis, as well as the embedding of these processes into business as usual.

A more proactive approach to risk

Although the legislation is focused on environmental and social due diligence, the monitoring systems, process and reporting structures required can deliver a more proactive approach to risk across business operations, including product integrity and asset protection.

The increasing demand for safe, high-quality products, components and services means that it is vital for businesses to demonstrate integrity across their supply chains.

One of the benefits of due diligence is an understanding that risk that exists from the origin of materials through to the product sale. Taking responsibility for that journey is essential to companies and brands delivering on their societal commitments. Often, they are looking to their suppliers to help them meet these promises.

Keeping cybersecurity in mind

Despite its necessity, increased data processing can also open supply chains up to new security risks. Many suppliers are becoming increasingly reliant on third-party technology partnerships across cloud, data management, hardware and software, making them vulnerable to cyber attacks.

In fact, a recent Identity Theft Resource Center report highlighted that the number of US organisations impacted by supply chain attacks has surged by more than 2,600% since 2018.

A strategy of continuous assurance – a concept initially born from the cybersecurity industry – can help address these threats, but can also be applied to supply chain monitoring.

In today’s landscape, scheduled traditional risk assessments and audits still offer value, but we need to go a step further to add value and insight that businesses can use to protect themselves. Continuous assurance and monitoring allow businesses to track data in real-time, including data from suppliers, facilitating a continuous and proactive monitoring approach.

Tools, such as LRQA’s supply chain intelligence platform, EiQ, allow companies to achieve near-time monitoring of their supply chain performance and ESG risks through data collection, analytics, benchmarking capabilities and risk alerts. If harnessed correctly, businesses can also process vast and various data sources for predictive analytics.

Future-proofing your business

In an era defined by disruption, future-proofing your business using tools that are able to effectively leverage data to predict trends is crucial in mitigating challenges even before they arise.

Businesses that acknowledge, understand and adapt to the era of Assurance 4.0 will be able to proactively futureproof their operations and gain competitive advantage.

And whilst we are likely to see more ESG legislation undergo voting and debate, supply chain due diligence procedures will be the new norm for businesses regardless of formal ratification. Stakeholders, including investors, will continue to scrutinise businesses against this benchmark.

Through effective risk management, businesses can evolve from value retention to value creation. As supply chain disclosures become a key driver for ‘cleaner capitalism’ in 2024, businesses should be re-assessing their assurance programmes to emerge stronger, more resilient and more agile that ever before.

This is guest post by Ian Spaulding (pictured above), chief executive of global leading assurance partner LRQA