Guest Article: Collaborating with Three Lines of Defence - Mitigating Greenwashing in Sustainability Reporting
- Deepa Rao
- Oct 29, 2024
- 5 min read
In her final article of a three part series, guest writer and ESG Governance and Reporting expert Deepa Rao explains how to integrate ESG considerations into the Three Lines Model of risk management - and how this can prevent greenwashing.
The Institute of Internal Auditors' (IIA) "Three Lines Model" offers a structured approach to managing risks and implementing controls within organizations, emphasizing distinct roles for key stakeholders in governance. This model, widely adopted over the past two decades, is now critical for sustainability reporting to ensure transparency, accuracy, and compliance. Given the increased risk of "greenwashing"—the act of making misleading claims about sustainability practices—organizations must understand how the Three Lines Model can support sustainable practices and mitigate these risks effectively.
Source: Integrating ESG considerations into the Three Lines Model, system for mitigating greenwashing risk, developed by Deepa Rao
Breaking Down the Three Lines Model
To understand how the Three Lines Model applies to sustainability reporting, lets understand each line's distinct responsibilities and how they contribute to risk management:
The Governing Body
This overarching group, which includes the board, audit committee, senior management, and C-suite leaders, is responsible for providing organizational oversight. It ensures that sustainability initiatives align with regulatory requirements and stakeholder expectations. The governing body reviews reports from the three lines of defence and external auditors, offering direction on risk management and sustainability governance.
The First Line: Operational Management Teams
The first line consists of operational teams, business units, and functional departments responsible for managing day-to-day risks and applying controls within their areas. They embed sustainability criteria into their operations, ensuring compliance with legal, regulatory, and ethical expectations. By integrating ESG principles into core processes, these teams help the organization manage greenwashing risks by establishing accurate and verifiable sustainability practices.
The Second Line: Risk Management and Compliance
The second line complements the first by monitoring risk management practices, providing guidance, and offering independent assessments. It includes functions such as compliance and the ESG sustainability team, which ensures sustainability initiatives are integrated across the organization. Placing the ESG team in the second line strengthens an organization’s commitment to sustainability and responsible business practices.
The Third Line: Internal Audit
Internal audit provides independent assurance that risk management and internal controls are functioning effectively. It assesses whether processes for sustainability data collection, validation, and reporting can withstand external scrutiny, enhancing transparency, accountability, and stakeholder confidence.
External Assurance Providers
Although not part of the internal governance framework, external assurance providers play a crucial role in verifying the accuracy of ESG disclosures, further safeguarding against misleading claims.
Mitigating Greenwashing Risk with the Three Lines Model
To combat greenwashing, each line of defence must strategize and perform tasks that reinforce sustainability practices. Here’s how the Three Lines Model can help tackle this challenge:
First Line: Embedding ESG Principles into Business Operations
The first line acts as the initial layer of protection against greenwashing by incorporating ESG considerations into every aspect of the organization:
Incorporating Greenwashing Risk into the Risk Management Strategy
Greenwashing often arises from exaggerated sustainability claims or setting ambitious goals without a concrete action plan. By integrating greenwashing risk into risk management strategies, organizations can maintain transparency and credibility in their sustainability efforts.
Integrating Sustainability Requirements into Business Processes
Embedding sustainability criteria throughout the business lifecycle, from planning to execution, ensures that ESG considerations are integrated into all operations. This alignment makes it less likely for the organization to fall into the trap of overstating its sustainability commitments.
Establishing Robust Governance Mechanisms
Effective oversight and controls help identify and address greenwashing risks. Establishing governance frameworks that incorporate sustainability into decision-making processes ensures a consistent approach to managing greenwashing concerns.
Establishing a Data Management Strategy
Accurate data is vital to avoiding greenwashing. Organizations should develop a plan for collecting, analyzing, and using sustainability-related data to ensure it reflects real progress toward ESG goals.
Fostering Open Communication
Internal and external communication channels for discussing sustainability issues enhance collaboration and understanding across all stakeholders.
Second Line: Strengthening Oversight and Monitoring
The second line plays a critical role in challenging the first line's practices and offering a more objective perspective:
Strengthening Collaboration with Stakeholders
The journey toward sustainability requires engagement with suppliers, customers, investors, and communities. Continuous collaboration ensures that sustainability efforts are aligned across the organization and externally.
Establishing Robust Reporting Standards and Governance Processes
Transparency is key to combating greenwashing. Organizations should develop clear reporting standards for ESG metrics, backed by strong governance processes to ensure data is accurate, reliable, and auditable.
Implementing Independent Verification and Audits
To build trust, companies should establish verification processes for their ESG reports. Regular audits provide evidence of the organization’s commitment to responsible practices and accurate information disclosure.
Enhancing Disclosure Requirements
Organizations need to disclose specific details about their sustainability practices, challenges, and progress. For example, instead of stating, "Our products are sustainable," they should say, "Our water bottles are made from recycled plastic, reducing single-use waste." This specificity helps the second line validate claims more effectively.
Continuous Monitoring and Improvement
The second line must regularly assess sustainability efforts and evolve with changing circumstances, ensuring ongoing adherence to sustainability commitments.
Third Line: Providing Independent Assurance
The third line acts as an independent reviewer, verifying the effectiveness of sustainability controls:
Assessing Internal Controls Over ESG Reporting
Internal audit evaluates whether the ESG data collection, validation, and reporting processes are robust enough to handle regulatory and external scrutiny.
Providing Assurance on Risk Management Practices
Internal audit reviews the risk management practices surrounding sustainability, ensuring that greenwashing risks are adequately addressed.
Strengthening Accountability
Through audits and independent reviews, internal audit provides transparency and accountability, ensuring that stakeholders can trust the organization’s ESG disclosures.
Leveraging Technology to Enhance the Three Lines
An essential component of managing sustainability reporting effectively is using technology for data collection, analysis, and validation. Advanced technology solutions streamline these processes, reducing the risk of errors and increasing data accuracy. A "single source of truth" for ESG data, centralized in a unified platform, allows for seamless data consolidation across departments and ensures consistency in reporting.
Navigating the Future of Sustainability Reporting
Managing internal controls in a complex regulatory environment requires a proactive approach that gives equal emphasis to non-financial and financial data. Organizations must build a robust framework of controls, reviews, and independent assessments to filter ESG data and ensure its reliability. Integrating advanced technology solutions and applying the Three Lines Model helps organizations mitigate greenwashing risks, comply with regulations, and foster stakeholder trust.
By strategically collaborating with the three lines of defence, companies can establish a transparent, credible, and effective sustainability reporting framework. This holistic approach is not only vital for regulatory compliance but also for navigating the evolving landscape of corporate reporting where financial and non-financial metrics must be seamlessly integrated.
What does all this mean?
The Three Lines Model provides a comprehensive structure for managing sustainability risks and preventing greenwashing. Each line of defence plays a distinct yet interrelated role in strengthening an organization's commitment to responsible business practices. When implemented effectively, this approach, supported by technology, enables organizations to maintain transparency, uphold accountability, and build stakeholder trust specially now that sustainability reporting is no longer optional but essential.
Deepa Rao is a Chartered Accountant and seasoned internal audit professional who transitioned into the ESG field. She leads Global ESG Reporting and Controls at Cognizant, focusing on strong processes and governance for ESG reporting. Based in the UK, she brings expertise from consulting roles at KPMG and PwC, with a background in corporate risk management, internal controls, and ESG reporting.
An advisor to startups and recognized Subject Matter Expert, Deepa speaks at forums like the World Economic Forum, IIA, and FinTech Global Summit. She was nominated as a “Rising Star for ESG Governance” at the 2023 Corporate Governance Awards, and her team at Cognizant has won awards for ESG innovation and management excellence.
You can find Deepa on LinkedIn here.