Environmental, social, and governance (ESG) issues have been moving upward on senior executive agendas even before the Covid-19 pandemic. The past two years have accelerated that movement, particularly for consumer products and services companies.

ESG concerns find expression in consumer purchasing decisions, which are increasingly influenced by perceptions of organizational postures toward environmental stewardship, social justice, and good governance. These concerns are also shared by current and potential employees, investors, suppliers, business partners, activists, the media, and other stakeholders.

This means that companies in the consumer sector can build trust, gain competitive advantage, and better manage risks by understanding stakeholders' ESG concerns and strengthening their controls accordingly. Those steps should be part of the organization's journey to the Future of Controls.

However, strengthening ESG controls can present challenges. Controls have traditionally been geared mainly toward financial activities, product quality, and employee performance—not to ESG issues. Also, consider the broad range of ESG issues, which includes:

• Sourcing, production, packaging, and distribution practices that can impact the environment, with product content, waste management, and carbon footprint being common concerns
• Human resources matters, such as the presence of indentured or slave labor in the supply chain and issues of diversity and inclusion within the company and its partners
• Regulatory compliance and matters related to executive compensation, investment policies, insider trading, bribery, and economic sanctions
• Treatment of animals in research and development and production activities, and company impacts on ecosystems and endangered species
• Uses of customer data, including practices regarding data privacy, monitoring of behavior and messages, and use of artificial intelligence and other evolving technologies
• Executive and employee statements and behavior in both their official and private lives, and support of specific political positions across the spectrum

Given this range of issues and the emotional weight they carry for many consumers, how can a company best respond?

This article begins to address that question in the context of responsible business and the required NextGen control environment.

Partner with consumers

Companies in the consumer sector rely on creating experiences and relationships that engage customers, preferably at an emotional level. Meanwhile, customers increasingly want to do business with companies that reflect—or at least do not contradict—their values.

Many consumers see themselves as "voting" with their purchases when they buy from companies with ESG practices that align with their values. Many will avoid buying from companies they see as not aligned with their values, and some try to "punish" them with negative reviews, social media messaging, and word of mouth.

In this context, how can an organization "partner with the customer" in practice?

Let's start by viewing the customer as playing a role in ESG risk management.

A fifth line of defense

Partnering goes beyond learning about your customers' buying behavior and preferences for receiving alerts. It means engaging at a deeper level. One approach is to view your customers as participants in your risk management initiatives.

For example, the three lines of defense model of risk management has been widely adopted, to varying degrees, across most industries. It was supported by the Institute of Internal Auditors (IIA) in 2013 and by the Chartered Institute of Internal Auditors in 2017.

The three lines of defense are: the business (first line, which owns and manages risk), risk management functions (second line, which assists the first line with data, guidance, and tools), and internal audit (third line, which provides assurance regarding risk management effectiveness to senior leaders and the board). This model has been expanded to include external auditors (fourth line, which provides assurance to the organization, investors, and the public).

We propose that customers, in effect, constitute a fifth line, which provides the "last line of defense" in risk management. Customers provide that last line of defense through positive or negative buying behaviors, ratings, social media messaging, and word of mouth.

Unfortunately, customers are often activated by a real or perceived breach of ESG standards. The breach may be regulatory, for example, when the organization is censured by a government agency. Or it may be "unofficial" as when the media report that a CEO is unsupportive of diversity and inclusion. Even an incident at a vendor far down the supply chain can present risks in the form of consumers' responses to an event.

Partnering with customers enables you to get closer to them and to monitor and manage these risks more proactively.

Four steps to consider

Engagement around ESG enables you to enlist customers as participants in your approach to ESG risks.

Here are four steps to consider:

Your stakeholders are at stake

Risks are now so interconnected that an ESG event can damage brand and reputation in ways that quickly translate to significant financial risks in the form of lost revenue, higher costs, and hits to market value.

The pandemic and its impacts have intensified stakeholders' focus on ESG, but it is not the only issue or concern. Therefore, companies that sell to consumers should waste no time in assessing their approaches not only to addressing ESG risks, but the full range of applicable regulations. In that way, controls can demonstrate compliance with all applicable regulations and act as an enabler for winning and retaining consumers over the long run.

Your organization's relationships with customers—and other stakeholders—are at stake.