Green vision: how technology can help connect views of ESG across the organisation

In a fast-changing world, internal audit leaders must leverage digital technology to provide a holistic, integrated view of governance, risk and compliance (GRC) and environment, social and governance (ESG) risks throughout an organisation. Inefficient and outdated technology results in poor visibility and leaves them ill-equipped to tackle core challenges and provide the board with the information they need to make strategic decisions.

The three elements of ESG are interdependent and there is no single, overarching piece of UK legislation covering all ESG factors. Companies must comply with various regulations and some ESG metrics are already mandatory in the UK for specific groups of companies. For example, greenhouse gas reporting (for quoted companies), energy use (quoted companies and large businesses) and modern slavery (UK organisations with an annual turnover of £36m or more must publish an annual statement setting out the steps they take to prevent modern slavery).

This list is constantly developing. The UK Chancellor Rishi Sunak has already indicated that mandatory reporting of climate-related financial information, in accordance with the TCFD guidelines, will be implemented across the economy by 2025.

How can technology help?

If organisations are to meet evolving regulatory requirements worldwide, internal audit teams need a holistic view of their organisation’s ESG impacts and priorities. The best performing organisations take an integrated risk management (IRM) approach and this is especially important for managing diverse ESG risks.

IRM creates a common platform so that everyone involved in risk management and governance can share and visualise data around risk, which helps them to ensure compliance and communicate strategy and progress to executive teams. However, many organisations struggle to integrate their GRC functions fully, and rely on a network of separate technology systems.

First steps towards an IRM solution

Assess where you are today

Audit all the technology you use across your GRC functions. Look at which tools are fully integrated and who uses them, how often, and whether any of these duplicate functions.

Get feedback on the limitations of your tech

Talk to GRC management teams to find out what they struggle to do with their existing solutions.

Get buy-in from executive stakeholders

Hold a roundtable with executive stakeholders to discuss investing in an integrated solution. Spotlighting how IRM can make your company more competitive helps to convince managers of its value.

Evaluate IRM solutions

Use your knowledge of where current solutions fall short to identify an IRM platform that will bridge those gaps.

Choose a solution

Evaluate multiple vendors according to company size, industry and budget to refine your needs and identify the level of support you need to integrate your systems.

Review and prioritise your risks

Once you have a comprehensive overview of all your risks in one place, gather feedback from managers in each business unit to track risks across the organisation. You can then prioritise by importance.

Identify stakeholders and ask them to set up action plans

Identify a stakeholder responsible for monitoring each risk and managing a mitigation plan. Ask each one to outline risk thresholds and provide a step-by-step action plan to follow if risks increase.

Set up industry-specific compliance workflows

IRM solutions should come with pre-built compliance checklists based on your industry and its needs. Use these to set up compliance workflows suitable for your business.

Educate and train employees

Prioritise education.Run seminars for all GRC functions and train specific employees to help them understand their responsibilities using the
new system. 

This article was published in March 2022.