Greening business: the role of risk and compliance
As environmental concerns become a priority for corporations managing their operational, regulatory or reputational risks, Michael Rasmussen examines some of the different shades of going green
Environmental causes are climbing quickly up the corporate priority list, driven by pressures from regulators, investors, competitors, aggressive non-government organisations, and even (in rare cases) the enlightened altruism of boards and executives. In the most successful cases, these efforts are ingrained in the corporate culture early on by the founder or chief executive as part of their mission to be good corporate citizens. In other cases, environmental practices have had a tendency to spring up in reaction to immediate risks – whether operational, regulatory, or reputational – with little central guidance or structure. Predictably, the proactive approach yields a more structured program with more quantifiable results.
There are many shades of green
Aspects of green business are as multifaceted as the pressures that drive them. While government regulations and public outcry have compelled businesses to reduce environmental impact for decades, more recent efforts have emerged flying new banners such as green IT. This particular movement is encouraging significant, positive changes in the way companies design products, buy materials, and even construct their offices. However, it is important to realise that green IT is just one element of broader green business efforts toward greater environmental responsibility.
Green business strives to: Reduce energy consumption. Energy efficiency is often closely associated with green IT – especially with electricity requirements of server farms and other large IT centres. However, energy efficiency has long been a target for companies in their eternal struggle to cut shipping, manufacturing, and other operational costs. This makes it a frequent starting point when companies begin promoting green business initiatives.
Manage hazardous materials. A multitude of government regulations restrict the distribution and use of hazardous substances, primarily concerned with their release – including emissions, run-off, and disposal. Manufacturing and utility firms may seem like the most probable targets, though companies across industries need to tightly monitor disposal of equipment, transportation-related emissions, and other operations that might release environmentally damaging materials.
Establish a safe and healthy work environment. Environmental factors constitute an important element of a corporation’s social responsibility to its labour force. For example, the US Department of Labor Occupational Safety & Health Administration (OSHA) requires that work environments be clear of hazardous materials. Such controls often have a direct and measurable benefit to the health and productivity of the workforce, so internal support should be reliable.
Minimise the use of resources. In many cases, this comes down to simple efficiency, but when dwindling supplies, waste disposal, and transportation impact are considered, it becomes an important conservational concern. Decisions to cut down on the use of environmentally valuable resources may have a negative impact on product quality and require costly R&D time to find alternatives. However, according to the National Resources Defense Council, long-term cost reduction is possible if cheaper materials can be used as substitutes. Companies are also reducing costs significantly by minimising packaging both for their own products and those of their suppliers.
GRC and green business are conjoined
Green business often struggles to find a home within distributed businesses, with various bits and pieces claimed by marketing, legal, procurement, and process managers. While these organisations all play their part, it’s the GRC program that provides the most strategic cohabitation – both in shared function and shared objectives.
To be effective, green business must build on a strong GRC foundation Companies adopting green business policies will find it difficult to achieve success without centralised controls and measurement. Security and risk professionals have learned this lesson already; responding to new legislation, breaches, or perceived threats creates cumbersome silos of management. Likewise, successfully implementing green business strategies is best achieved through a centralised GRC structure.
IT therefore plays a dual role in green business. The department can focus on reducing its own impact on the environment (eg green IT) to support the broader corporate environmental strategy, while the IT control framework for GRC programs provides the mechanisms to effect and measure organisation-wide change.
Good GRC requires attention to green business
It would be a mistake to think that environmental policies simply overlap with governance, risk, and compliance mechanisms. Green business falls within the scope of GRC and plays an important role in achieving key GRC objectives.
Improving governance.
Stakeholders want assurance that company efforts and investments are well controlled and fit within a broad strategy to improve corporate value, and increasingly this includes demonstrating good environmental responsibility. Shareholder resolutions for changes such as greenhouse gas reduction and climate change strategy continue to increase. Most large enterprises now publish either a separate corporate social responsibility annual report or include specific CSR details in their annual financial reports, and envirnmental impact is typically the biggest focus.
Managing risk. Green business objectives help reduce risk in many key areas. Operationally, companies with well-documented green policies and practices can avoid delays caused by regulatory bodies or environmental activists, and can reduce health-related disruptions in the labour force. Financially, the growing influence of socially responsible investment ratings may decrease funding opportunities for companies that score low in environmental criteria. Strategically, environmentalism is beginning to pervade criteria for business partner and buying decisions, so organisations lagging in the green trend run the risk that customers and partners will look for more desirable candidates with which to conduct business.
Achieving compliance.
Compliance with environmental regulations requires efforts as diligent as those for financial integrity or privacy protection, as the pressures keep mounting. In April 2007, the US Supreme Court pushed the EPA toward stronger enforcement of pollution requirements. While this may ultimately have little impact, it reflects a push toward increased control in the US. Globally, Europe continues to lead in environmental responsibility standards and regulations, while countries in other parts of the world are just starting to take such steps. China recently announced plans for the country’s first green regulatory measures to increase transparency of information regarding environmental protection.
Companies that don’t stay on top of good environmental practices are likely to see global or local regulatory measures force their hand – certainly a more costly prospect.Your first four steps down the green business path. As with any set of corporate policies, those for green business require a centralised, holistic system for communication, enforcement, and compliance measurement. However, few if any companies have the necessary resources or motivation for a full-scale overhaul at this point. Risk management will drive initial efforts, and recognising green business’ role within GRC will guide future consolidation of controls. Along these lines, there are several steps that will achieve more immediate momentum.Identify and prioritise environmental risks. These will be compliance risks in most cases – emissions, hazardous materials, etc – but may include others such as energy dependency or environmental activism as well. The two most important questions will be: “What is likely to have the most negative impact on company value?” and “What will auditors be checking for?”
Catalogue your current green controls. Look beyond compliance. Learn what operations, human resources, information technology, and other departments are doing to reduce the company’s environmental impact: how these efforts are monitored, how effective they are, and how marketing is promoting company initiatives.
Begin weaving green business efforts into GRC controls. Start with the most immediate risk areas first, and absorb existing controls (and newly created ones where necessary) into the GRC structure. Use established GRC mechanisms such as e-learning tools, hotlines, and workflow systems to bring consistency to your green business efforts.Develop the green business reporting structure. Regardless of the motivation for green business practices – compliance, marketing promotions, or business partner/investor audits – the primary benefits for the company rely on its ability to report the results. As with other elements of GRC, there will be some results that can be quantifiably linked to the bottom line (eg reduced consumption of electrical power) and others that will have more elusive links (eg increased employee awareness of policies)
News