As you might have read, there are several new regulations from the EU that impact the way organisations conduct their business in the EU. Three examples of new regulations that will impact many organisations are the Corporate Sustainability Reporting Directive (CSRD), the Directive on Corporate Sustainability Due Diligence, and the Directive on Pay transparency.
All of these will impact how you work in your organisations and how you report on that work. They will require both transparency and likely adaptation of your business processes. After all – your business processes are what describe your ways of working. If you understand the processes, you will understand where you need to make changes to follow the new regulations.
For many organisations and managers this feels like an overwhelming topic, and as a help, we have listed 5 questions to get you started:
- Do we know which parts of our operations are affected by the new regulations?
- Do we have a solid risk management process?
- Do we have a good level of transparency in our processes?
- Do we have the necessary data to fulfil the reporting requirements?
- How do we engage our stakeholders and employees?
These questions provide a good starting point for discussions between you and your colleagues to help get a more concrete action plan in place.
1. Do we know which parts of our operations are affected by the new regulations?
For some directives this might be relatively easy to identify – the Pay transparency directive has its main impact on processes related to documenting and reporting on salaries, as well as acting on gender pay gaps. For other directives, the regulatory impact might not be as obvious.
One example is the Corporate Sustainability Reporting Directive (CSRD). For CSRD, companies have to assess their entire value-chain process widely to identify what to report and assess where there are data gaps – where non-existing data need to be extracted throughout the processes. Since this is a heavy task, organisations are recommended to as a first step perform a CSRD Assessment, followed by a CSRD action plan/specification and gap-analysis of what to get in place. Organisations that know their business processes are way more prepared for these necessary activities.
Another example is the directive on Corporate Sustainability Due Diligence. It establishes that companies have a responsibility to identify, bring-to-an-end, prevent, mitigate, and account for negative human rights and environmental impacts in the company’s own operations, as well as their subsidiaries and their value chains. That is also quite a big scope, and organisations need to be able to identify where they need to focus their resources. This brings us to the next question.
2. Do we have a solid risk management process?
Risk management is a practice well suited for helping you manage new regulations, like the Corporate Sustainability Due Diligence directive. There are many methods for risk management that are applicable to adapting to new regulations:
- Proactive risk identification: You can apply this when identifying areas that you need to act on due to regulatory changes.
- Prioritisation: You will not be able to address all areas once, a materiality analysis can help you with prioritisation.
- Data gathering and follow-up: Make sure you have the infrastructure and ways of working to gather data about the risks to support a continuous follow-up. This will for example also help you with the CSRD.
If you already have an established risk management process in place, a recommendation would be to verify that it is ready to manage more risks and risk assessments. If you want to know more about risk management – feel free to check out this blog post.
3. Do we have a good level of transparency in our processes?
When you have figured out what part of your operations are impacted, the next obvious step is to figure out what to do about it. Adjusting a business process and ways of working to new regulations requires that you know what your processes look like and what adaptations you need to make. Do you know what your supply chain looks like? Do you know what your salary process looks like?
There are several ways to get started mapping out your processes, and a recommendation would be to start at a high-level viewpoint before diving into the details. Working with SIPOC models is one way to do that, as they cover suppliers, input, process, output, and customer. And as a tip – you can also add requirements to the analysis.