Dan Zitting, previously Chief Product Officer, now holds the title of CEO at Galvanize, a software company that helps its clients achieve their goals and objectives. He is also now the Chief Product Officer of Diligence. Tom Fox welcomes him back to this week’s show to take a look back at the GRC professional’s role in corporate ESG and risk management.
GRC On The Frontline
A company’s defenses have to be in the remit of their GRC professional, not left up to the CSO. Dan remarks that while there is engagement by GRC professionals in minimizing company cyber risk, more needs to be done. GRC professionals have to ask themselves if they are managing cyber risk in ways that are helpful to the company’s CSOs, by providing tools and resources to support them. “There’s still work to be done in making sure that everything we’re doing from a policy, controls, and compliance standpoint is actually adding value for the CSO and helping them deploy their programs, as opposed to just feeling like they’re being checked on by the police to see if they’re doing it right,” Dan tells Tom.
ESG and Investment
Investor dollars are fueling the growth and expansion of ESG and aren’t only coming from investment funds anymore. Private equity firms and banks are getting involved. If someone wants to borrow money, insurance companies assess ESG risk as part of their overall risk management strategy. “If companies want to access capital, they need to have an ESG program in place,” Tom remarks.
A Role To Play
The best way, Dan suggests, to get GRC professionals to understand the ownership roles they have to play in ESG, is by creating a center of excellence for ESG. By creating this center, and making ESG a business objective, you can then split the responsibilities across the organization. “Splitting the responsibilities across those different lines of defense for those different functions in a way where somebody…can get a combined view of how effective we think we are from an ESG standpoint, should be the goal,” Dan adds.
The Importance of Real-Time Reporting
Real-time reporting is the G in ESG. Being able to give an accurate picture of risk to a company’s board is intrinsic to ESG, and is vital to acting on those risks efficiently. “Risk professionals too often are asking ‘Why don’t I have real-time information,’ instead of actually being the one out creating it and bringing in the technical skill necessary to be able to analyze data fast enough to get real-time insight,” Dan expresses. Governance in the present and future needs to move at a pace faster than it has in the past, in order to report on risks. Being able to point out to the board when governance is failing, so that measures can be implemented, is also extremely important.
Resources
Dan Zitting | LinkedIn | Twitter
Galvanize
Diligence