The latest enterprise risk management news from around the world

Why greenwashing risks are a real issue and how enterprises can manage this area

In this Q&A style article Ian Beale, VP, Advisory at Gartner, discusses greenwashing risks and impacts. Greenwashing is where organizations intentionally, or not, mislead investors, regulators, and the public about the impact of their products and services on the environment.

Q: Why have concerns about greenwashing risks accelerated in 2022?

A: As a result of the alarming climate changes on our planet, companies are expected to actively and visibly play their part in accelerating their moves to a carbon free world. Hence consumers, investors, regulators, employees, and the media are more focused than ever before on what companies are saying and, even more importantly, what they are doing – whether they are doing enough, whether they are acting on it fast enough, and whether they are accurately telling the whole story in their public announcements.

Q: How might organizations be exposed to greenwashing risks?

A: CEOs may make pronouncements about their companies’ performance and plans; they may sign up to protocols and commit their companies to certain goals, targets and timelines. They may do this because they feel it is the right thing to do or, more cynically, to try and gain a competitive edge. However, unless there is genuine commitment, investment, resources, and the project management process in place to achieve these goals (and to ensure that they are the right goals), there are risks that poor goals are chosen, company strategy is not aligned to the goals, resources are not committed to the right activities and targets will be missed.

If statements are made, and not delivered upon, or inaccurate information is reported (intentionally or through carelessness) there will be a swift and negative impact in today’s world of 24/7 news and immediate social media commentary. Consequences could be more severe in relation to investors and whether a company is considered ‘investable’ by ESG mandates. In addition, moving towards a carbon neutral or carbon negative world, for example, offers enormous business opportunities, but those upsides could also be missed without appropriate strategy, governance, management, and reporting.

Q: What role should internal audit play in identifying and mitigating greenwashing risks?

A: Firstly, audit can challenge the commitments being made by management. For example, is management making genuine and substantive commitments to meet the right protocols and adjusting those commitments as new protocols that are announced e.g. by the UN, or others? Is management aware of the regulations to which they need to comply and making optimal decisions where regulations appear to conflict or overlap?

Internal audit leaders should ensure that the right management teams (in terms of seniority and expertise) are clearly responsible and empowered to deliver the necessary activities quickly enough. They should also check to see that progress and performance are being reported accurately and consistently internally, and that appropriate metrics are being fully, accurately, and honestly reported externally with appropriate context.

Q: Can the above be accomplished through enhancing existing internal audit processes, or do organizations need specialized controls for this risk?

A: These approaches use standard audit techniques to understand a process, assess the risks to the satisfactory achievement of stated goals, and to map the controls needed to mitigate those risks within an agreed and defined acceptable tolerance. This approach must also use audit skills to identify and collect data, to challenge management, to robustly critique their plans and statements, to maintain independence (while being a critical friend in this fast-changing area) and to interact professionally with senior management are also all essential.

There is clearly a need for many teams to upskill in specific ESG areas that are most critical to their organizations, to be able to adequately assess management statements, their activity and system data. That is always needed for any new and evolving complex risk area.

About the Gartner Audit & Risk Practice

The Gartner Audit & Risk practice equips Audit & Risk leaders and their teams with insights, advice, and tools to better navigate high-risk growth decisions. Additional information is available here.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.