Environmental, social, and governance (ESG) issues have been moving upward on senior executive agendas even before the Covid-19 pandemic. The past two years have accelerated that movement, particularly for consumer products and services companies.
ESG concerns find expression in consumer purchasing decisions, which are increasingly influenced by perceptions of organizational postures toward environmental stewardship, social justice, and good governance. These concerns are also shared by current and potential employees, investors, suppliers, business partners, activists, the media, and other stakeholders.
This means that companies in the consumer sector can build trust, gain competitive advantage, and better manage risks by understanding stakeholders' ESG concerns and strengthening their controls accordingly. Those steps should be part of the organization's journey to the Future of Controls.
However, strengthening ESG controls can present challenges. Controls have traditionally been geared mainly toward financial activities, product quality, and employee performance—not to ESG issues. Also, consider the broad range of ESG issues, which includes:
Given this range of issues and the emotional weight they carry for many consumers, how can a company best respond?
This article begins to address that question in the context of responsible business and the required NextGen control environment.
Partner with consumers
Companies in the consumer sector rely on creating experiences and relationships that engage customers, preferably at an emotional level. Meanwhile, customers increasingly want to do business with companies that reflect—or at least do not contradict—their values.
Many consumers see themselves as "voting" with their purchases when they buy from companies with ESG practices that align with their values. Many will avoid buying from companies they see as not aligned with their values, and some try to "punish" them with negative reviews, social media messaging, and word of mouth.
In this context, how can an organization "partner with the customer" in practice?
Let's start by viewing the customer as playing a role in ESG risk management.
A fifth line of defense
Partnering goes beyond learning about your customers' buying behavior and preferences for receiving alerts. It means engaging at a deeper level. One approach is to view your customers as participants in your risk management initiatives.
For example, the three lines of defense model of risk management has been widely adopted, to varying degrees, across most industries. It was supported by the Institute of Internal Auditors (IIA) in 2013 and by the Chartered Institute of Internal Auditors in 2017.
The three lines of defense are: the business (first line, which owns and manages risk), risk management functions (second line, which assists the first line with data, guidance, and tools), and internal audit (third line, which provides assurance regarding risk management effectiveness to senior leaders and the board). This model has been expanded to include external auditors (fourth line, which provides assurance to the organization, investors, and the public).
We propose that customers, in effect, constitute a fifth line, which provides the "last line of defense" in risk management. Customers provide that last line of defense through positive or negative buying behaviors, ratings, social media messaging, and word of mouth.
Unfortunately, customers are often activated by a real or perceived breach of ESG standards. The breach may be regulatory, for example, when the organization is censured by a government agency. Or it may be "unofficial" as when the media report that a CEO is unsupportive of diversity and inclusion. Even an incident at a vendor far down the supply chain can present risks in the form of consumers' responses to an event.
Partnering with customers enables you to get closer to them and to monitor and manage these risks more proactively.
Four steps to consider
Engagement around ESG enables you to enlist customers as participants in your approach to ESG risks.
Here are four steps to consider:
Your stakeholders are at stake
Risks are now so interconnected that an ESG event can damage brand and reputation in ways that quickly translate to significant financial risks in the form of lost revenue, higher costs, and hits to market value.
The pandemic and its impacts have intensified stakeholders' focus on ESG, but it is not the only issue or concern. Therefore, companies that sell to consumers should waste no time in assessing their approaches not only to addressing ESG risks, but the full range of applicable regulations. In that way, controls can demonstrate compliance with all applicable regulations and act as an enabler for winning and retaining consumers over the long run.
Your organization's relationships with customers—and other stakeholders—are at stake.
Ricardo Martinez Martinez is a partner at Deloitte and Global Risk Advisory Consumer Industry Leader.
Ricardo is a Risk Advisory Partner who specializes in Cybersecurity and Technological Risk Management. He has led the planning, development and management of projects in companies in the Consumer, Transport & Logistics and Construction industry sectors. He is a Computer Engineer by background and graduated from the University of Deusto. His qualifications include: CISA, CISM, CGEIT, CRISC, BS7779-Lead Auditor and is SAP R/3 Certified. He is also a member of the ASIA association.