Third-party environmental, social and governance (ESG) risk assessments are an important way to ensure that your company works with partners that share its values. At the same time, they can help to head off reputational damage, operational disruptions, and regulatory penalties stemming from ESG issues in your supply chain.
However, The Prevalent 2021 Third-Party Risk Management study revealed that only 45% of companies actively track ESG risks in their extended ecosystems. What’s keeping organizations from assessing third-party ESG risks?
In this article, we outline the third-party ESG regulatory environment; uncover common hurdles to ESG risk assessments; and share some best practices for addressing ESG in your third-party risk management program.
Although ESG risks aren’t new, lawmakers are getting more aggressive in enacting legislation to address environmental threats, hiring and labor inequities, and corporate governance issues (e.g., bribery and corruption). Examples include:
Each of these laws outlines tangible penalties for offending companies, and some also impose liabilities on organizations that contract the services of offenders.
The Prevalent study showing that less than half of companies actively track ESG risks also revealed that 42% of organizations still use spreadsheets to assess their third parties. Collecting environmental impact statements, hiring guidelines, and governance practices from large vendor communities can be a crushing manual process with no way to consistently reveal, score or weight risks. Relying on manual processes saddles risk management teams with inefficiencies, limits actionable insights, and can result in important risks bring overlooked.
Managing ESG Risks Across the Extended Enterprise
This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.
Public scrutiny of ESG practices is on the rise, and penalties for ESG shortfalls are getting more severe. This increased focus has exposed the cracks in manual approaches to evaluating ESG risks from vendors and suppliers. So, how can you ensure that your organization is insulated from these risks?
GRC 20/20 has published new report, Managing ESG Risks Across the Extended Enterprise, that reviews the most important best practices to consider when determining how to expand third-party risk management to include ESG risks. Here’s a preview of some of the best practices you’ll find in the report.
The report goes on to identify key capabilities in the Prevalent Third-Party Risk Management Platform that deliver on these best practices.