Environment, Social and Governance (ESG) is always seen as something positive, and it should be. But many companies underestimate what risks can occur and the sources they come from. We spoke to Taylor Allis, Chief Product Officer at Avetta, about risk management and how to evaluate partners on their risk potential. More stories from November edition below:
Do you think logistics companies suffer from tunnel vision when it comes to risks?
Most large organisations are just realising how expanded the risk areas are and how disruptive they can be to the supply chain and logistics. Many clients we work with are focused on one particular area like cybersecurity, health and safety, ESG, or financial risks. Many of them are very siloed in their approach.
A great example on how risks can come from anywhere is Target’s data breach. The company was affected by brand damage and suffered a lawsuit. The breach happened not because of their systems but because of a partner’s system being hacked. The hackers managed to get into Target’s system through their partner.
Many companies would pre-qualify their partners only for the thing they are directly responsible for. But a cyber risk can occur due to your health and safety relationship too, and many people find this surprising.
We have also found out that companies that struggle financially tend to have more accidents and incidents too. They also are less sustainable and do not have good social policies in place because they can’t invest in them.
All risk is connected, and when you bring a partner into your supply chain, you have to think about them all at the same time.
What are the steps to bring partners in line with that?
We work with the suppliers and have them submit documents that prove their credentials. We conduct a series of risk assessments, and we also work with auditors that can personally inspect suppliers.
What are the risks around ESG? Most people just look at it as an opportunity.
New regulations are coming out soon that will force companies to accurately present their environmental reports. If they fail, they will get fined.
In Germany, a percentage of your revenue can be influenced if you do not disclose the information or do something wrong.
If you do not have ESG policies in place, legal fines will come your way. And if one of your partners is caught doing something wrong, it will affect you. You won’t be able to use that provider, which disrupts your supply chain. In addition, the brand is also damaged; there are fines and lawsuits.
How many of the companies you screen and audit fulfil all requirements and how many don’t?
In the beginning when we start to bring a new client on our platform, we see up to 80% not having all the policies they need in place. We tell people what corrective actions they should take and allow for some time for them to improve.
Our goal is to get 80% of all providers in the supply chains of our clients compliant. We also see incidents fall by 20-30%. Suppliers have a lot of questions, and they need to know how to put the policies in place. We support them 24/7, especially very small companies that can call us and discuss what they have to do to improve.
Is there a difference between what SMEs need to do compared to the large suppliers? They will have different abilities and knowledge.
The requirements are the same. But larger companies and those who have more dangerous operations, will get deeper audits. A small company or a sole proprietor could expect fewer assessments. We would send someone to those organisations that our clients really depend on and spend a lot of money with.
SMEs need more support because larger companies can hire someone and are more mature in their processes. ✷