During SearchCompliance.com’s August virtual trade show, Enterprise Risk Management: Mitigation Strategies for Today's Global Enterprise, industry experts discussed how companies can alleviate the increased risks of business in a global economy. A recurring theme was the importance of engaging every person in the company -- right up to the CEO -- in establishing an effective enterprise risk management strategy.
As part of the event, SearchCompliance.com contributor and analyst Adrian Bowles delivered a session examining the C-level executive's role in sustainable risk management and where sustainability fits into an enterprise risk management strategy. Bowles’ session drew a lot of great questions from attendees, many of which couldn’t be answered during the live event due to time constraints. Here, Bowles responds to some of those queries.
What advice can you give to firms that produce products that are seen as inherently nonsustainable or threatening to the environment? For examples, petroleum companies or those that offer services such as leisure cruises?
Adrian Bowles: I don’t want to judge a particular process or product -- I think we’ll have cars running on gasoline for many more years, for example, and I’m personally having trouble weaning myself from my motorcycle habit. But I would encourage firms to look at their complete ecosystem and make sure their net carbon footprint is not increasing. We would also recommend that they consider the risk/reward scenarios of beginning activities or investments to offset their carbon production or excessive energy use. It may be appropriate to make changes within their current ecosystem. They could also even buy carbon credits or support environmental activities, especially in areas that may become markets for them down the road.
When would you expect to see a completely integrated enterprise risk management/sustainability tool set, like you described in your recommendations?
Bowles: Real integration of risk management and sustainability systems will require a new common set of analytics. We should see mature offerings in that market in two to three years. For now, it is a combination of do it yourself (with some assembly required) and solutions driven by professional services. That will change.
Can you give an example of a firm showing economic improvements based on sustainability investments uncovered by the risk management approach that you're advocating?
Bowles: Some of the leading tech vendors offer products or services in both the risk management and sustainability domains, and take this kind of integrated approach.
For example, IBM's "smarter buildings" initiative was based on risk management issues and proven internally, particularly at their headquarters and their Rochester, Minn., facilities. Now they are working with cities throughout the United States and internationally, based on the lessons learned in those engagements.
Another tech vendor that has done a great job with enterprise risk management and internal sustainability is SAP. They have made sustainability part of the corporate culture, and with their enterprise risk management expertise and products it is easy to see how they justified significant investments internally, such as their LEED-certified U.S. headquarters at the same time they were rolling out products to the market. Growing their sustainability portfolio is a big part of their future.
We also mentioned Wal-Mart, which has been transformed from a pariah in some people's eyes to a sustainability leader that pushes suppliers relentlessly to improve. This was likely in response to risks from customers and NGOs [nongovernmental organizations], but now it is part if the culture.
Cloud computing, particularly a well-run public cloud, should have sustainable economies of scale that reduce the carbon footprint for all users.
How long does it take to see payback from an enterprise risk management strategy that specifically addresses sustainability?
Bowles: With an incremental approach (starting with energy management, for example), you could expect to start seeing savings in a few months. If you look at a broad program that includes supply chain monitoring and changes in the ecosystem, it could take two to three years to finish implementation -- although some of the benefits would accrue almost immediately. I would estimate that with that size investment, a full payback could take the entire length of the implementation, plus six months to a year. This is assuming that the implementation is staged and prioritized so that early dividends continue throughout the life of the program.
How might moving to a cloud computing approach affect our enterprise risk management and sustainability strategies?
Bowles: Cloud computing, particularly a well-run public cloud, should have sustainable economies of scale that reduce the carbon footprint for all users. For a private cloud , especially for a large organization, the same holds true.
The risk question is interesting -- some will move to a public cloud because there is a reasonable perception or assumption that a well-established public cloud vendor will provide a more stable and secure environment than all but the biggest firms could create on their own. As we’ve seen with recent failures, however, that may not always be the case. The long-term prognosis is great for risk-reduction using cloud computing, but the onus is still on the customer to spell out the disaster recovery or business continuity requirements in a service-level agreement. The reputational risks also cannot be delegated to a cloud provider.
You say that the markets regulate faster than government. But can we be sure that these regulations are actually good for the economy?
Bowles: Regulation by the market over the long term should result in economic benefits, but short-term results could vary. If we assume that consumers behave rationally, their self-interest includes a balance of economic and social benefits.
Adrian Bowles has more than 25 years of experience as an analyst, practitioner and academic in IT, with a focus on IT strategy and management. He is the founder of SIG411 LLC, an advisory services firm in Westport, Conn., and director of the Sustainability Leadership Council.