Posted: 11 Mar. 2022 4 min. read

Partnering with customers in search of lost trust in the new risk environment

A guide for consumer products and services companies

Environmental, social, and governance (ESG) issues have been moving upward on senior executive agendas even before the Covid-19 pandemic. The past two years have accelerated that movement, particularly for consumer products and services companies.

ESG concerns find expression in consumer purchasing decisions, which are increasingly influenced by perceptions of organizational postures toward environmental stewardship, social justice, and good governance. These concerns are also shared by current and potential employees, investors, suppliers, business partners, activists, the media, and other stakeholders.

This means that companies in the consumer sector can build trust, gain competitive advantage, and better manage risks by understanding stakeholders' ESG concerns and strengthening their controls accordingly. Those steps should be part of the organization's journey to the Future of Controls.

However, strengthening ESG controls can present challenges. Controls have traditionally been geared mainly toward financial activities, product quality, and employee performance—not to ESG issues. Also, consider the broad range of ESG issues, which includes:

  • Sourcing, production, packaging, and distribution practices that can impact the environment, with product content, waste management, and carbon footprint being common concerns
  • Human resources matters, such as the presence of indentured or slave labor in the supply chain and issues of diversity and inclusion within the company and its partners
  • Regulatory compliance and matters related to executive compensation, investment policies, insider trading, bribery, and economic sanctions
  • Treatment of animals in research and development and production activities, and company impacts on ecosystems and endangered species
  • Uses of customer data, including practices regarding data privacy, monitoring of behavior and messages, and use of artificial intelligence and other evolving technologies
  • Executive and employee statements and behavior in both their official and private lives, and support of specific political positions across the spectrum

Given this range of issues and the emotional weight they carry for many consumers, how can a company best respond?

This article begins to address that question in the context of responsible business and the required NextGen control environment.

Partner with consumers

Companies in the consumer sector rely on creating experiences and relationships that engage customers, preferably at an emotional level. Meanwhile, customers increasingly want to do business with companies that reflect—or at least do not contradict—their values.

Many consumers see themselves as "voting" with their purchases when they buy from companies with ESG practices that align with their values. Many will avoid buying from companies they see as not aligned with their values, and some try to "punish" them with negative reviews, social media messaging, and word of mouth.

In this context, how can an organization "partner with the customer" in practice?

Let's start by viewing the customer as playing a role in ESG risk management.

A fifth line of defense

Partnering goes beyond learning about your customers' buying behavior and preferences for receiving alerts. It means engaging at a deeper level. One approach is to view your customers as participants in your risk management initiatives.

For example, the three lines of defense model of risk management has been widely adopted, to varying degrees, across most industries. It was supported by the Institute of Internal Auditors (IIA) in 2013 and by the Chartered Institute of Internal Auditors in 2017.

The three lines of defense are: the business (first line, which owns and manages risk), risk management functions (second line, which assists the first line with data, guidance, and tools), and internal audit (third line, which provides assurance regarding risk management effectiveness to senior leaders and the board). This model has been expanded to include external auditors (fourth line, which provides assurance to the organization, investors, and the public).

We propose that customers, in effect, constitute a fifth line, which provides the "last line of defense" in risk management. Customers provide that last line of defense through positive or negative buying behaviors, ratings, social media messaging, and word of mouth.

Unfortunately, customers are often activated by a real or perceived breach of ESG standards. The breach may be regulatory, for example, when the organization is censured by a government agency. Or it may be "unofficial" as when the media report that a CEO is unsupportive of diversity and inclusion. Even an incident at a vendor far down the supply chain can present risks in the form of consumers' responses to an event.

Partnering with customers enables you to get closer to them and to monitor and manage these risks more proactively.

Four steps to consider

Engagement around ESG enables you to enlist customers as participants in your approach to ESG risks.

Here are four steps to consider:

  • Know your customer:  Customers in different demographic groups and geographies will have different ESG concerns, reflecting your industry, business model, and markets. So, proactively engage customers and prospects to learn about specific concerns. Tools of engagement include brief surveys, focus groups, data analytics, and social media monitoring, among others.
  • Understand other stakeholders' priorities:  Identify the key ESG risks your organization faces from the perspectives of regulators, suppliers, investors, the media, and activists. These parties are not only important in themselves—they also influence consumers' views of an organization. Additionally, regulators and investors are increasingly focused on ESG risks, and ongoing engagement will enable you to track their evolving concerns.
  • Update your control environment:  Your control environment may need to be updated to address the full range of ESG risks to your organization. This process should include a review of your controls framework and extending the framework to account for specific ESG risks. Then you can design and embed the right controls into the relevant processes. You will also need data collection, analysis, and reporting mechanisms to support your ESG risk management strategy. That strategy should be closely aligned with your business strategy.
  • Use technology to integrate controls:  Data collection and visualization, voice recognition, and artificial intelligence (AI) technologies can enable your organization to integrate and automate controls. Embedding controls into processes enables employees to use them seamlessly as they do their jobs. Yet unless they are well-governed, those technologies can add new risks, for example when an AI system "learns" to discriminate against certain customer segments or potential employees. Given that data is intrinsic to digital technology, adequate cybersecurity and data privacy controls are essential.

Your stakeholders are at stake

Risks are now so interconnected that an ESG event can damage brand and reputation in ways that quickly translate to significant financial risks in the form of lost revenue, higher costs, and hits to market value.

The pandemic and its impacts have intensified stakeholders' focus on ESG, but it is not the only issue or concern. Therefore, companies that sell to consumers should waste no time in assessing their approaches not only to addressing ESG risks, but the full range of applicable regulations. In that way, controls can demonstrate compliance with all applicable regulations and act as an enabler for winning and retaining consumers over the long run.

Your organization's relationships with customers—and other stakeholders—are at stake.

Ricardo Martinez Martinez is a partner at Deloitte and Global Risk Advisory Consumer Industry Leader.

Return to the Responsible Business home page to discover more insights from our leaders.

Key Contacts

Ricardo Martínez

Ricardo Martínez

Consumer Industry Risk Advisory Leader

Ricardo is a Risk Advisory Partner who specializes in Cybersecurity and Technological Risk Management. He has led the planning, development and management of projects in companies in the Consumer, Transport & Logistics and Construction industry sectors. He is a Computer Engineer by background and graduated from the University of Deusto. His qualifications include: CISA, CISM, CGEIT, CRISC, BS7779-Lead Auditor and is SAP R/3 Certified. He is also a member of the ASIA association.