360° Situational Awareness: Start by Diagnosing ESG in the Organization

ESG (Environmental, Social & Governance) pressure is mounting from multiple fronts for organizations to implement ESG reporting. ESG has the momentum and force to become a significant measurement of an organization's integrity.

Over recent years, it has been easy to feel like ESG regulations are constantly popping up everywhere. The EU has led the way with regulations on reporting like the CSRD and the CSDDD, and meanwhile, global organizations have been compiling ESG reporting standards. These reporting and disclosure regulations and standards exist, in part, to thoroughly and accurately inform current and would-be investors, painting a picture of the organization’s commitment and integrity regarding ESG-related issues.

The number of entities operating within the EU that are required to comply with these regulations is already in the tens of thousands, and more will be added as these regulations expand over time. As the rest of the world begins to follow suit, all organizations should be prepared to comply with ESG regulations in the very near future if they are not already.

One thing to note, ESG is more than the E (environmental). Too often, organizations lead with the E and perceive that ESG is just about environmental values and climate change; it is so much more than this. The S (social) and the G (governance) need to be addressed as well in ESG.

• E=Environmental. This entails the measures and reports regarding the values and commitment of the organization to the stewardship of the natural world and environment. It includes reporting on and monitoring the organization’s environmental initiatives for climate change, waste management, pollution, resource use and depletion, greenhouse gasses, etc.
• S=Social. This entails the measures and reports regarding the values and commitments on how the company treats people. It includes employee and customer/partner relations, human rights (i.e., anti-slavery), diversity and inclusion, anti-harassment and discrimination, the privacy of individuals (both employees and others), working conditions, labor standards (e.g., child labor, forced labor, health and safety), and how the company participates and gives back to society and the communities it operates within.
• G=Governance. This entails the measures and reports regarding the culture and behaviors of the organization in context and alignment with its values and commitment. It includes finance and tax strategies, whistleblowing and reporting of issues, resiliency, anti-bribery and anti-corruption, security, board/executive diversity and structure, and overall transparency and accountability.

While these core elements of ESG will vary from industry to industry, as well as the scope of ESG within an organization, the common practical elements of delivering ESG boil down to the top-down approach of strategy, policy, process, and technology. Here are five practical elements of building a strong ESG proposition:

1. ESG Strategy. The organization needs to put someone in charge. Understanding that this is a collaborative effort across many departments is critical, as the scope of ESG never falls to one department, role, or function because of its breadth, extending even to third parties. Whoever is in charge needs to be a good facilitator and collaborator across departments of the organization and, hopefully, understands that these departments do not operate within silos. Having a coordinated strategy where all departments work in tandem and are held accountable at each phase is crucial to building 360º situational awareness for the organization. This will also be critical to accuracy and efficiency when the time comes for reporting on ESG. A charter should be in place as it is a collaborative effort across various functions within the organization.
2. ESG Objectives. It is then critical to define and map out your objectives for ESG. Each area under all three elements (the E, the S, and the G) has a series of objectives. Your environmental objectives could be to go carbon neutral, minimize emissions to a certain level, avoid pollution, responsible use of natural resources, etc. Social objectives could include diversity, inclusivity, elimination/no-tolerance for human slavery in operations and the supply chain, protection of customer data, etc. Governance objectives map to transparency, anti-bribery and anti-corruption, internal control, etc. And obviously, these are just a sampling of topics, and each objective needs to be measurable. Some of these are Boolean in nature (e.g., black and white, yes or no, true or false), and others are measured by numbers.
3. ESG Policies. Objectives end up being defined in policies, and the foundation of ESG is established in policies. This starts with understanding the scope of ESG in the organization, the regulations that need to be responded to, the expectations of investors and stakeholders, and what reporting standards (e.g., GRI, ISSB, ESRS, etc.) reports must be in accordance with. While regulations and expectations will help provide a framework for organizational policies, they do not have to stop there. Organizations should be encouraged to have their policies go beyond what is required and expected. This then flows into the organization's policies such as codes of conduct, harassment, discrimination, environmental, accounting, etc. Policies establish the ESG commitments of the organization as well as what is to be measured.
4. ESG Risks. Once ESG objectives and policies are in place, the organization can link the ESG risks to the objectives. Too often, organizations start with identifying ESG risks before even thinking of objectives if they ever do. But this puts the cart before the horse: ISO 31000, the international standard on risk management, defines risk as “the effect of uncertainty on objectives”. While certain regulations may identify risks that end up on an organization's radar, the order of operations remains the same. For a risk to exist, it must have a context. That context is the organization's objectives, in this case, the ESG objectives, and what are the risks to each defined ESG objective?
5. ESG Process Automation. The next step is to define the ESG processes and reporting. This is where processes are built out to schedule ESG assessments, gather information on ESG objectives and risks, monitor controls related to ESG, as well as respond to and resolve ESG-related incidents. ESG processes should filter information through ESG reporting along with regularly scheduled assessments. This requires structured accountability, auditability, workflow, and tasks. ESG processes are delivered through technology with solutions that can manage the forms, assessments, monitoring, incidents, and reporting on ESG across the organization and its third-party relationships. Technology streamlines the gathering of accurate information for ESG reporting while providing a robust system or record of ESG activities for greater assurance.

ESG is top of mind for forward-thinking enterprises that desire to achieve their sustainability objectives. Along with these regulations, both active and proposed, come goals with target years for ESG, notably decarbonization and reduction of GHG emissions. For companies committed to achieving these targets, the future is now. The changes necessary will take time to strategize, plan, and eventually implement.

The right software platform enables these areas through an integrated information and technology architecture to automate social accountability processes and monitoring. Choosing the right solution should be one of the very first steps taken toward achieving sustainability. The right solution will aid the organization and those tasked with addressing ESG in building a strategy, determining and outlining objectives, drafting policies that are complete and consistent, identifying and addressing risks within objectives, automating ESG processes and reporting, and monitoring the full scope of ESG within the organization along the way.

Organizations today are broad, complex entities with endless arms, layers, and relationships that all bring numerous, unique risks. And to add to the complexity, ESG risk is dynamic and shifting. A single event can introduce a new risk, increase the danger of another, or cause it to appear in other areas. By implementing this technology, organizations can deliver 360° situational social accountability risk and awareness across the organization and deliver on full ESG monitoring and reporting.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.