The ‘G’ in ESG: Understanding What it Takes to Govern

Nearly nine out of 10 publicly-traded companies in the United States, the United Kingdom, France, and Germany have environmental, social, and governance (ESG) initiatives in place, and other countries are following suit. Canada will start phasing in ESG mandates to its financial institutions in 2024. Most of the buzz centers around environmental and social impacts, from climate data, recycling, and pollution, to diversity, equity, inclusion metrics, and volunteer activity. But the third leg of ESG is also critically important for organizations everywhere as it underpins the achievement of the E and the S. 

Governance refers to the internal rules that organizations adopt based on its risk tolerance, and impacts not only the board of directors — who sits on the board and sets the tone from the top — but more intimately and immediately on how an organization is run on a daily basis.

Essentially, governance sets the tone, based on risk appetite and decision making criteria, for both internal and external compliance to create, maintain, and sustain an organization. 

External compliance includes adhering to government regulations at the local, state, and federal level, as well as vendor and customer contracts. It may also include industry body requirements. Internal compliance involves setting the requirements for more discretionary elements related to running the organization, such as dress codes, work from home, and ethical issues, amongst others.

Why the ‘G’ matter?

Governance influences a company’s culture and holds business ethics to a clearly defined standard. Because governance is closely intertwined with how to actually achieve environmental and social objectives, there’s a lot at stake for ESG programs. Good governance leads to more sustainable businesses.

To achieve your overall ESG goals, take these governance factors into consideration:

• Board composition and capability. The board defines the ethics and values of the organization. Therefore, your board should include experts to make informed decisions around environmental and social issues. Some board members must be independent — read: no company shareholders — and of a diverse background to reflect all aspects of society where possible. Board membership should principally be based on required competence first, followed by the other criteria.

• Board compensation and oversight. Board compensation vs. employee income is a factor that requires dedicated thought. The way in which board members can be held accountable to shareholders and stakeholders needs to be clearly defined.  

• Business ethics. The board must be above fraud and corruption and set the tone for the rest of the organization. Establishing a formal policy on business ethics will help clarify a company’s position on unethical behavior. It may seem obvious, but the board shouldn’t work with a contractor that provides a kickback to decision makers, such as a trip to the Caribbean.

• Information security. The board must support the protection of its information and minimize the cybersecurity risk. Clear governance ensuring that information security, including data privacy, is properly implemented will help achieve this. Consult any relevant rules, from vendor contracts to state and federal legislation and even overseas rules, such as the GDPR from the EU, that apply to your organization.

• Quality management. Mandating the delivery of quality products and services requires establishing quality assurance measures to achieve that goal. This may include straightforward compliance with product development standards or simple site visits to ensure you’re happy with the quality of the product. 
• The board may decide that implementing a Quality Management System will position the organization for continued growth and competitiveness. Monitoring current industry risks such as supply chain issues and creating a plan of action to address them can help maintain the delivery of quality products and services.

• Business continuity practices. Business continuity must be managed from the top down. Having a plan to prepare for disruptions such as worker strikes, natural disasters like floods, cyber incidents and supply chain breakdowns is essential to keep your business running. 
• Purchasing and finance criteria. Consider what is happening in the world. If you’re doing business with China or Russia, government sanctions may apply. Protect yourself by staying abreast of current world events. Establishing policies that focus on the delivery or return of your company’s products can help you circumvent external factors out of your control.

3 pillars of governance 

Good governance doesn’t just occur. It’s the result of deliberate action. Governance practices need to reflect the societal values of organizations and their shareholders. Establish these three pillars for good governance today.

Step I: Create relevant internal policies, procedures and practices 

Each organization should have policies and procedures that address topics such as data privacy, information security, sexual harassment, and many more thay may be relevant. The type of policies required will depend on a company’s size, location, and the level of industry regulation. 

All businesses must as a minimum have documentation that addresses the legally required elements such as health, safety, and human resources concerns.

Create documentation that informs employees, shareholders, and outside parties of rules that govern the organization to ensure clarity. Policies and procedures should periodically be assessed to ensure they are up to date and reflect the societal and board values with due consideration of business imperatives. 

Decision making practices and delegation of authority and responsibility needs to be made clear and well communicated so everyone in the organization understands how authority and control is deployed across the organizational hierarchy.

The goal is to have as few policies and procedures as possible but as many as necessary, while still meeting all the legal, risk mitigating, and competitive requirements. A company’s size, industry type, regulatory environment, and the board’s risk appetite will determine the number of policies and procedures needed.

Step II: Train your staff

Governance is only as effective as the managers and employees who are following it, which is why it’s essential you communicate your organization’s expectations surrounding governance, compliance, and decision making through training. 

Some companies may create a handbook that compiles and combines policies and procedures for employees. Other organizations have many separate policies and procedures that employees need to read and acknowledge their understanding. Governance often flows from HR practices, so ensure your HR policies and procedures are robust and compliant with regulatory requirements. 

Make policies and procedures easy to understand, and mandate that employees review and sign them before they can access your organization’s network, systems, and physical offices. Often it will be required that temporary and contract workers also know the content of basic policies and procedures to ensure they act in compliance with what is expected of them.

Step III: Adopt a management system to monitor all elements

There are software platforms that make governance easier. These platforms can easily curate and manage all data and tasks related to governance and offer reporting capabilities to understand the governance status of the company. 

In many cases, simple risk management and document management tools are enough. But for those in complex business environments or regulated industries, a specific governance, risk and compliance (GRC) tool may be a better choice as they can help create, manage, correct, and report on broad governance elements in your organization, aimed at diverse stakeholders.

Veriforce helps organizations manage and collect ESG data from their supply chains to ensure inclusion in their ESG Programmes.