The European Parliament recently approved the Corporate Sustainability Due Diligence Directive (CSDDD). This new law will require larger companies operating in the bloc to take reasonable actions to check whether their supply chains use forced labour or cause environmental damage. 

In light of this, and similar legislation around the world, CEOs must now ask: How do we gain visibility of these risks and ensure ongoing compliance throughout our operations? 

Meeting such heightened ESG expectations demands a proactive, digitally enabled approach to risk management. At LRQA we’ve coined this the era of ‘Assurance 4.0’.

Enhancing operational visibility

Due diligence initiatives like CSDDD will only yield worker welfare and sustainability benefits if they can be tailored to the unique requirements of suppliers in affected regions. 

For this reason, there is no one size fits all solution to diligence and compliance. The approach, however, can be consistent: robust oversight of operations and processes.

Regular assessments to identify, prevent and mitigate the risks of adverse impacts on human rights and the environment in both owned operations and third-party supply chains will be essential.

US legislation such as the Uyghur Forced Labour Prevention Act, and the Securities and Exchange Commission (SEC) rules on climate disclosures underscore the urgency for this. But it’s important for businesses to put the right processes in place to collect data from suppliers and instil best practice throughout supply chains. The challenge is that fragmented supply chains and systems hinder detection, amplifying risks to organisations and their reputations.

Fragmentation can result in a lack of information and data being shared throughout the supply chain. This lack of sharing can in turn mean a lack of transparency which ultimately results in inefficiencies, a lack of responsiveness and misalignment of activities. At its worst, it can leave risks hidden within the supply chain, which, when uncovered, are a complete surprise to the business further up the chain. 

Protecting data

Another risk that supply chains are exposed to is due to the increase of data processing through third-party technology partnerships across cloud, data management, hardware and software. This makes organisations more vulnerable to cyber attacks.

A report published by the Identity Theft Resource Centre (ITRC) revealed that 2023 was the worst year yet for occurrences of data breaches in the supply chain, highlighting that attacks have increased by 2,600% in six years.

The upcoming 2024 EU Digital Operational Resilience Act (DORA) will aid financial institutions manage operational risks, with organisations required to meet regulations surrounding cyber risk management, incident reporting, operational resilience and third-party risk monitoring. 

Continuous assurance

A strategy of continuous assurance can help address both reputational and digital threats throughout supply chains. 

Using tools like LRQA’s supply chain intelligence platform, EiQ, companies can now achieve near-time monitoring of their data along with their suppliers. This enables close observation of supply chain performance and ESG risks. 

Such enhanced monitoring can facilitate a proactive approach to risk management, allowing businesses to quickly identify and mitigate any potential issues before they become a crisis.

The silver lining is that, whilst the CSDDD legislation focuses on human rights due diligence, the monitoring systems, process and reporting structures required can help to deliver a more proactive approach to monitoring all risk across operations, improving integrity and asset protection at the same time.

Data collection and benchmarking capabilities can also be a source for predictive and preventative analytics. 

Building a resilient business

With the legislation now in place in the EU and US, these due diligence procedures are undoubtedly becoming the new norm for global businesses. Stakeholders, including investors, will continue to scrutinise businesses and CEOs against these benchmarks.

In an era defined by disruption, businesses that embrace Assurance 4.0 will proactively adapt to compliance challenges, gaining a competitive edge and ensuring financial stability.

Future-proofing your business using tools that can effectively leverage data to predict trends is vital in mitigating challenges even before they arise.

The post Navigating ESG legislation in an era of Assurance 4.0 appeared first on CEO Medium.

Pressures to remain competitive can override the need to be strategic about the use of these new technologies. Discerning what is hype, and what is real gets harder when every day brings new claims about AI’s capabilities (and risks), and everyone from cruise-ship operators to fast food chains is studying how to harness its power to transform their business. This work calls for a strategy about the medium-to-long-term impact and opportunities, all while managing a rapidly changing policy and security environment, demanding investors and most importantly, an anxious workforce.

So as a CEO, how do you lead and provide oversight in this environment and lead with a strategy to realize the opportunities but also minimize the risks to your business?

10 things you can do right now

1. Have a plan and commitment to separate hype from strategically significant developments, now and over time. Develop trusted resources for information and a framework for taking in information.
2. Empower a small advisory team dedicated to providing unvarnished, diverse perspectives on external and internal developments and possible impacts; a small advisory squad of internal and external voices for whom no question is off the table and difficult discussions are encouraged in order to advise the CEO and other senior executives and the Board.
3. Consider the immediate and medium-to-long-term impacts of these developments separately and with clear eyes about your strategies and resources. For example, are the AI tools today suitable for the nature and quality of the data you can access currently? Is your organization mature on technology training and security? What is likely to impact your workforce this year? And in two years? How will these technologies help you provide greater value to the customer/client or solve a particular business problem?
4. Develop a technology governance roadmap that sets a journey-not-a-destination mindset and allows your organization to start the work in steps and build competency. It is a visual plan that will help you consider your current capabilities and resources and likely regulatory environments, and plan a way forward that is consistent with internal standards and improves the odds the business generates value from investing in these new cutting-edge technologies.
5. Build a diverse and effective (for you) Digital Governance council for the company or similar group. They can be tasked as a resource and/or as arbiters who  reflect your organization’s needs and operational priorities while ensuring the boardroom also has the skills and knowledge to provide oversight
6. Understand and govern your

1. 1. Data needs and capabilities
   2. AI needs and capabilities
   3. Cybersecurity needs and capabilities

7.  Integrate cybersecurity, privacy, and, as needed, national security considerations into everything from corporate governance to operations to technology development and procurement.

8. Account for the people in your organization, by way of workflows and training, but also their resilience and how they are interacting with and being affected by advanced technologies. Consider the opportunities to build confidence in your people by informing and leading, as well as change management approaches and resources that support successful transformations.

9. Incentivize and accommodate good question-asking and critical thinking behaviors in addition to good and fast answers. This will help with engagement and encourage innovation across your organization.

10. Stay agile and curious and develop methods of leadership and strategic planning that expect the unexpected, change, and opacity.

CEOs are not alone in their excitement but also their concern about how advanced technologies will impact their businesses (and their lives). Creating the right environment now will help maximize down the road, so that your journey is towards a destination with purpose, success, and longevity.

Claudia Salomon, President of the ICC International Court of Arbitration, and Karen Silverman, CEO and Founder of The Cantellus Group

The post 10 Strategies for CEOs to realize the opportunities and manage the risks of cutting-edge technologies appeared first on CEO Medium.