“Governance” – often mentioned, seldom understood. Governance is the array of roles, responsibilities, checks and balances that enable an organization to run, and to meet organizational goals and objectives. Who does what, when? Who reports to whom, saying what, in what fashion, and how often? How does the organization operate under normal circumstances, and what provisions are there for non-routine situations?

DHC helps clients design, implement, and evaluate governance models for ESG. This can be on a macro level across the enterprise, or tailored for specific business units or topics. Governance systems and controls over the content of non-financial reports (aka ESG or Sustainability reports) is a common need in organizations.

Gone are the days when an Environmental Manager could take care of “all things Environmental.” Environmental issues extend to Facilities, HR, Investor Relations, Legal, Operations, Quality, Supply Chain and many other departments. Employees often fulfill their environmental duties as a portion of their job – often the portion between “100% and 120%” of their job – with little training and even less support. This poses risk to compliance, performance, and even to reputation. With an effective governance model, everything gets done – once; there is no duplicate efforts. Nothing substantial falls between the cracks. And the efforts align with organizational goals and objectives. DHC helps clients understand and improve the governance component of ESG management for more effective, efficient compliance and risk management.

ESG risk to the organization can arise via third parties. Proper governance can improve efficiency and effectiveness of managing ESG issues with third parties. Third Party Risk Management (TPRM) is a hot topic. Indeed, regulations for product content, product safety, product sourcing, conflict minerals, modern day slavery, waste management, and product end-of-life all rely on due diligence of other parties. DHC has helped Clients with governance of ESG aspects of TPRM, applying standard busines practices and frameworks, and tailoring each to be fit for purpose.

COVID-19 is inherently a health and safety (e.g., ESG) issue, and offers a stark illustration of the far reach of ESG issues across an organization. Adverse impacts have been amplified by weak governance structures and systems, notably where ESG topics play a role. Many organizations have seen dips in operations, revenues – some even for reputation – from the disarray of responses to COVID-19 by the government, the organization itself, and its business partners and stakeholders. There are lessons to be learned that can be applied to future organizational health – changes that can be more robust when informed by ESG specialist perspectives.

What governance model should be used for ESG? The Institute of Internal Auditors published the “Three Lines of Defense in Effective Risk Management and Control” in January 2013. The “3LOD model” described and illustrated roles and reporting relationships for [operational] management (“1LOD”); management controls (quality, compliance, etc. – the 2LOD), and Internal Audit (3LOD). The IIA publication was short – a scant eight pages of content – reflecting the intention to be high-level, and adaptable to all organizations. The 3LOD model has become widely referenced or adopted as a governance framework. The IIA updated it to “the Three Lines Model” in 2020, with several adjustments – including removing “Defense” from the title. The 2020 update offers more insights on operations, suggesting that many internal corporate functions (Environmental, Safety, Compliance) fall in the first line. DHC believes the update still falls short, especially given the number of organizations that use it as a model. First, the IIA stopped at their own doorstep – the third line is Internal Audit. The Board has ultimate governance authority and responsibility in an organization. External assurance providers acting on behalf of shareholders and the public are another line of defense or risk management. So are regulators – not just those who regulate environmental compliance (for example), but regulators who oversee the external assurance providers. Organizations may use the model for some aspects of ESG (Environmental, Safety), but few have matured to use it comprehensively for ESG. DHC believes the Three Lines model is still a useful framework to consider for ESG governance. But it is