Practically Understanding and Delivering ESG in Today’s Organization

ESG – Environmental, Social, and Governance – has been creating a barrage of pressure upon organizations across industries and around the world in recent years. Corporate investors are making capital investment decisions in companies based on ESG commitments, metrics, and ratings. Legislatures and regulators around the world are ensuring the regulations are focused on the breadth of ESG as well as specific aspects of ESG (e.g., modern slavery, carbon emissions). Employees are making decisions on who they work for based on shared values and not just benefits. Customers are engaging and buying products and services that share their values. ESG is getting attention from the top of the organization, the board and the executives, to the down into the depths of the organization.
What is ESG and Why is it Important?
That is a good question. ESG varies in breadth and depth of scope by industry, company size, and even geography and regulatory frameworks. It also varies by individual departments that focus on aspects of ESG but not the breadth of ESG. Too often, ESG can be like the parable of the blind men and the elephant where one feels the side and thinks it is a wall, another feels the trunk and thinks it is a tree, and another the tail and thinks it is a rope.

In understanding the important scope of ESG, consider . . .

  • The E in ESG is about the environmental impact and commitments of the organization. This focuses on carbon emissions and offsets as well as air, water, minerals, and waste use and disposal. This is the focus of a lot of current and pending regulations to address climate change, but there remains a lot of confusion and understanding on what needs to be done.
  • The S in ESG is about the social accountability of the organization. This focuses on the commitment of the organization to abolish human slavery, child labor, forced labor, harassment, and discrimination and address important topics such as inclusivity, diversity, health and safety, and personal privacy. This is the area that has the current greatest reputation impact and risk to corporate brands.
  • The G in ESG is about the governance of the organization. This is the most mature area of ESG. It is consistent across industries and addresses the ongoing challenges organizations have been struggling with for decades. This includes internal controls over financial reporting, fraud, anti-bribery and corruption, anti-money laundering, information security, tax transparency, and more.

Another challenge in ESG is that it is not just about traditional brick-and-mortar walls and employees. The modern organization is an extended enterprise. Suppliers, vendors, outsourcers, service providers, contractors, consultants, and more all impact the ESG program and reporting of an organization. An organization cannot address ESG without ensuring shared values and commitments, with assurance, across its third-party and downstream relationships. A few regulations have been focusing on this aspect of ESG, such as Tier 3 in the SEC’s carbon emission proposal as well as Germany’s Corporation’s Due Diligence Act and the corresponding EU Directive.

So where does an organization start to deliver on ESG? ESG, in the end, is about reporting the organization in its corporate filings and reports as well as to frameworks such as GRI and SASB (among others). Delivering on ESG reporting is done through what is known as GRC (governance, risk management and compliance as defined and operationalized in the OCEG GRC Capability Model) or its counterpart IRM (Integrated Risk Management).

While the individual elements of ESG will vary by industry and scope of ESG within organizations, the following common practical elements on delivering ESG come to the top-down approach of strategy, policy, process, and technology. Here are 4 practical elements of building a strong ESG proposition:

esg proposition

1. ESG Strategy

The organization needs to put someone in charge. Most often this is going to be the Chief Compliance Officer (CCO)/Chief Ethics and Compliance Officer (CECO) of the organization. But some organizations also assign it to risk management, legal, or internal audit functions. What is critical is understanding that this is a collaborative effort across many departments as the scope of ESG never falls to one department, role, or function because of its breadth. So, whoever is in charge needs to be a good facilitator and collaborator across departments of the organization. A charter should be in place as it is a collaborative effort across various functions in the organization.

2. ESG Policies

The foundation of ESG is established in policies. This starts by understanding the scope of ESG in the organization, the regulations that need to be responded to, the expectations of investors and stakeholders, and what reporting standards (e.g., GRI, SASB) need to be reported to. This then flows into the organizations policies such as code of conduct, harassment, discrimination, environmental policies, accounting policies, and much much more. Policies establish the ESG commitments of the organization and what is to be measured.

3. ESG Processes

The next step is to define the ESG framework and processes. This is where processes can be built out to schedule ESG assessments, gather information on developing ESG risks, monitor controls related to ESG, and respond to and resolve ESG-related incidents. ESG processes should have scheduled assessments to filter information into ESG reporting processes with regularly scheduled assessments. This requires structured accountability, auditability, workflow, and tasks.

4. ESG Technology

ESG processes are delivered through ESG technology. This is most often GRC/IRM platforms that can manage the forms, assessments, monitoring, incidents, and reporting on ESG across the organization and its third-party relationships. Technology streamlines the gathering of accurate information for ESG reporting while providing a robust system or record of ESG activities for greater assurance and auditability.

ESG is top of mind for forward-thinking enterprises that aspire to achieve their sustainability objectives. But building a robust ESG strategy can be complex; not every organization understands how best to approach it.

Register for our recent webinar—Bringing Your ESG Strategy to Life to learn how the latest technologies like Data Analytics & AI and ServiceNow can help your enterprise create a strong ESG proposition.


Michael Rasmussen

Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC). With 28+ years of experience, Michael helps organizations improve GRC processes and choose technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in 2002 while at Forrester.

Social Share
Related Articles