ESG risks affect organizations, both from their own actions and those of suppliers and other stakeholders. ESG risks can affect operations, ability to achieve or demonstrate compliance, reporting expectations from financial markets and other stakeholders, and organizational reputation. Furthermore, the ESG issues, their risks, their impacts, and options for mitigating them are far from clear. In fact, stakeholder expectations, new regulations and social media make them ever-more challenging.

Society has demanded greater ESG protections, leading to thousands of laws and regulations at country, state and local levels. ESG issues have also led to global treaties, compacts and standards. The very notion of “compliance” extends beyond requirements enforceable by government authorities to anything enforceable by contract, commitments to widely accepted standards or frameworks – even voluntary comments made by organizational leaders.

Auditing is a classic mechanism to mitigate risk, notably where there are risks of substantial penalties from enforcement. ESG Audits have evolved from environmental and safety compliance in the early 1980s to supply chain audits of human rights, environmentally responsible sourcing, and ESG audits of investments – and more. DHC helps clients achieve more effective and efficient ESG audit, risk, and compliance programs.

DHC helps clients meet challenges in:

• Audit (External) – ESG audits sponsored by external parties, and for distribution outside the organization
• Audit (Internal) – ESG audits sponsored by Management, for internal use
• Environmental Fraud – prevent and detect environmental fraud via procedures, training and audits
• Quality Assurance Review – independent review of ESG audit programs, to fulfill international audit program standards
• ESG/ Environmental Risk – risk identification, assessment, mitigation efforts for ESG risk
• ESG/ Environmental Compliance – develop or improve ESG compliance programs, including training

DHC brings a unique array of experience in operations, compliance, internal audit, external audit and a high-profile monitorship.  DHC has applied many widely accepted frameworks to the ESG area.  These include both frameworks for broad organizational use (COSO, DOJ, IPPF, CEI, etc.) and those developed specifically for the ESG area (GRI, ISO, SASB and more) to the ESG area.

DHC applies this distinctive blend of experience to convey ESG issues in the language of business, improving effectiveness, efficiency, and performance of ESG programs to achieve compliance, mitigate risk, seize opportunities, and enhance organizational reputation.

What’s an audit?  An audit is a comparison of an “actual” to any “standard” using a structured, documented process, with the intention of looking for conformance or gaps.  Identifying the “standard” (also “audit criteria”), understanding the “actual”, and defining and documenting the process are easier said than done.

  Audit, Risk, Compliance – How are they related?  Compliance is meeting applicable standards or orders.  Laws and regulations promulgated by governments are non-negotiable.  Compliance extends beyond this to legally-binding requirements - such as via contracts with other parties – and other commitments.  Risk is the chance that an outcome will vary from the plan.  Risk is most commonly considered a negative (a downside, or an adverse impact), but risk can also mean the failure to seize opportunities to grow (think Blockbuster and Netflix).   One risk is the risk of non-compliance, and its consequences – fines, penalties, reputational damage.  Some risks (societal recognition of environmental pollution or climate change) lead to laws and regulations – and more compliance.

  Audit, Risk, Compliance – Where to start?   It depends.  Management often turns to Audit to get better, trustworthy information on where they stand.  Many types of ESG audits are standard practice in some sectors (environmental management systems audits), but these do not address many significant aspects of environmental compliance or environmental risk.  Audits of many other facets of ESG are expected by customers or other stakeholders, or required to achieve compliance.  Yet Audit, Risk and Compliance work hand in hand.  Audits consider risk in setting scope and developing plans.  Compliance is one consideration for the audit criteria.  If Management already knows the ESG problem area, sometimes an audit isn’t the answer – resources for compliance and risk management is a better allocation of resources.  In deciding where to start for ESG issues, the answer is usually “it depends.”

  The very notion of “compliance” has changed, with ESG compliance changing fast.  This poses risk – to operations, compliance, content of [financial and non-financial] reports, and business reputation.  Climate change, ecosystems and biodiversity, product content, microplastics, circular economy, human rights – these issues and more have increased in visibility and importance.  Governments have passed new laws and regulations.  These may be the most visible (and pose the risk of enforcement), but they are hardly the end of the story.  Industry groups, customers, investors, and other stakeholders have established their own standards and expectations.  Losing market share can be more costly than a regulatory fine.