ESG – Environmental, Social, and Governance – has been creating a barrage of pressure upon organizations across industries and around the world in recent years. Corporate investors are making capital investment decisions in companies based on ESG commitments, metrics, and ratings. Legislatures and regulators around the world are ensuring the regulations are focused on the breadth of ESG as well as specific aspects of ESG (e.g., modern slavery, carbon emissions). Employees are making decisions on who they work for based on shared values and not just benefits. Customers are engaging and buying products and services that share their values. ESG is getting attention from the top of the organization, the board and the executives, to the down into the depths of the organization.
In understanding the important scope of ESG, consider . . .
- The E in ESG is about the environmental impact and commitments of the organization. This focuses on carbon emissions and offsets as well as air, water, minerals, and waste use and disposal. This is the focus of a lot of current and pending regulations to address climate change, but there remains a lot of confusion and understanding on what needs to be done.
- The S in ESG is about the social accountability of the organization. This focuses on the commitment of the organization to abolish human slavery, child labor, forced labor, harassment, and discrimination and address important topics such as inclusivity, diversity, health and safety, and personal privacy. This is the area that has the current greatest reputation impact and risk to corporate brands.
- The G in ESG is about the governance of the organization. This is the most mature area of ESG. It is consistent across industries and addresses the ongoing challenges organizations have been struggling with for decades. This includes internal controls over financial reporting, fraud, anti-bribery and corruption, anti-money laundering, information security, tax transparency, and more.
Another challenge in ESG is that it is not just about traditional brick-and-mortar walls and employees. The modern organization is an extended enterprise. Suppliers, vendors, outsourcers, service providers, contractors, consultants, and more all impact the ESG program and reporting of an organization. An organization cannot address ESG without ensuring shared values and commitments, with assurance, across its third-party and downstream relationships. A few regulations have been focusing on this aspect of ESG, such as Tier 3 in the SEC’s carbon emission proposal as well as Germany’s Corporation’s Due Diligence Act and the corresponding EU Directive.
So where does an organization start to deliver on ESG? ESG, in the end, is about reporting the organization in its corporate filings and reports as well as to frameworks such as GRI and SASB (among others). Delivering on ESG reporting is done through what is known as GRC (governance, risk management and compliance as defined and operationalized in the OCEG GRC Capability Model) or its counterpart IRM (Integrated Risk Management).
While the individual elements of ESG will vary by industry and scope of ESG within organizations, the following common practical elements on delivering ESG come to the top-down approach of strategy, policy, process, and technology. Here are 4 practical elements of building a strong ESG proposition:

1. ESG Strategy
The organization needs to put someone in charge. Most often this is going to be the Chief Compliance Officer (CCO)/Chief Ethics and Compliance Officer (CECO) of the organization. But some organizations also assign it to risk management, legal, or internal audit functions. What is critical is understanding that this is a collaborative effort across many departments as the scope of ESG never falls to one department, role, or function because of its breadth. So, whoever is in charge needs to be a good facilitator and collaborator across departments of the organization. A charter should be in place as it is a collaborative effort across various functions in the organization.
2. ESG Policies
3. ESG Processes
4. ESG Technology
ESG processes are delivered through ESG technology. This is most often GRC/IRM platforms that can manage the forms, assessments, monitoring, incidents, and reporting on ESG across the organization and its third-party relationships. Technology streamlines the gathering of accurate information for ESG reporting while providing a robust system or record of ESG activities for greater assurance and auditability.
Conclusion
ESG is top of mind for forward-thinking enterprises that aspire to achieve their sustainability objectives. But building a robust ESG strategy can be complex; not every organization understands how best to approach it.
Register for our recent webinar—“Bringing Your ESG Strategy to Life” to learn how the latest technologies like Data Analytics & AI and ServiceNow can help your enterprise create a strong ESG proposition.
Author
Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC). With 28+ years of experience, Michael helps organizations improve GRC processes and choose technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in 2002 while at Forrester.