CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

While it’s true that many of the myriad ESG certifications/assurance mechanisms have responded to criticism by making systemic improvements, some have not. And even with improvements, gaps still exist. Either way, they don’t provide blanket protection from liability or business losses. Let’s dive in to how you can use industry assurance and labeling mechanisms in a prudent way.

In my opinion, there are two major elements to the risk:

  • Becoming a movie star villain. The Netflix documentary Seaspiracy is only the most recent example of becoming a reluctant movie star. A few years ago, another Netflix documentary brought economic devastation to one of my old consulting clients, and they are still struggling to get back where they were. Before that happened, I brushed off the idea that the film would have such impact. Having now seen it firsthand, I strongly suggest not ignoring it. Who knows what ESG matters – or companies – will be targeted next, and these documentaries have a track record of going viral.
  • Following the crowd. There are certainly advantages to using industry ESG assurance mechanisms, including the “safety in numbers” philosophy. In my experience, this tends to lead to complacency by individual companies about assurance quality and execution. But as previously discussed, those mechanisms are not perfect and you can essentially become a hostage to their flaws. Continuing to participate in or rely on these programs without doing something more may create more problems than expected.

Once a company recognizes the exposures, it should implement mitigation strategies. As a friend of mine at OECD frequently says: “You can’t outsource due diligence responsibility.” Perhaps the most effective of ways of taking responsibility are actually easy to do:

  • Invite your Internal Audit group to learn more about industry assurance programs your company uses. Ask them to do a deep dive into the program’s procedures, practices, standards and auditors/assurance providers.
  • Take an active role in shaping the industry assurance program(s) to close gaps or address concerns you or your Internal Audit group identified.
  • Do your own monitoring of the assurance program(s) by participating in their audits where possible. Compare your experience and results with the programs’ final results. Where differences are identified, explore those with the program(s).

Finally, while not necessarily easy, it is worth considering augmenting your company’s use of industry programs with your own activities, including further use of Internal Audit to evaluate ESG risks of business partnerships or hiring qualified and screened third party ESG assurance experts.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile