Posted on: November 15, 2021
Environmental, Social, and Governance (ESG) Series
In a Fusion Roundtable on November 10, 2021, Paula Fontana, Senior Director Product Marketing, and I discussed how resiliency, risk, and compliance professionals know that ESG is much more than just a marketing activity – it is the missing link to an operational resilience strategy.
ESG is critical to the success of an organization’s resiliency strategy for three reasons:
- Companies are facing growing expectations and reporting requirements from regulators and investors.
- Climate, political, social, and business ethics pose some of the greatest threats to organizations today. Climate, in particular, is receiving unique focus as non-governmental organizations like the UN are working with private industries to reduce the effects of climate change on our planet; and
- Globally there have been a growing number of climate, social, and ethics-related in incidents, with greater impact to the firm and the global community.
Organizations and their boards are becoming increasingly aware that the core pillars of ESG are critical success factors for driving stakeholder value, preserving brand reputation, and attracting and retaining the latest generation of employees.
However, 61% of global organizations are early in their journey with ESG (Fusion ESG: The Missing R Webinar – September 2021 (n=250) and have talked about some practical steps to implement a program.
We discussed how organizations need to both understand how ESG risks impact their business and how their businesses impact the broader world around them. This is the heart of the concept of double materiality and is what makes ESG reporting different than general financial reporting. According to the US Securities Exchange Commission, information is considered material and therefore subject to disclosure if a reasonable person would consider it important. As such, risk assessment of material ESG issues is the first critical step in defining what information to report and share with stakeholders.
Perhaps one of the biggest struggles organizations face is unlike other reporting obligations, there are no prescriptive mandates on what to report, how to report it, and what frameworks to use. There are also no consistent scoring or reporting models. The ESG reporting landscape contains many reporting frameworks and can feel overwhelming, like swimming in alphabet soup. As such, we noted that it is much more important to right-size the approach for your organization than to figure out how to navigate every metric in every framework. It is also critical to understand that most of the existing frameworks have synergies, can build upon one another, and at times overlap in both intent and terms of content. We discussed some places to start looking at frameworks and at a high level, mentioned the major players in ESG reporting frameworks have referred to themselves as “The Big 5” and are the Carbon Disclosure Project (CDP), the Climate Disclosure Standards Board (CDSB), the Global Reporting Initiative (GRI), the International Integrated Reporting Council (IIRC), and the Sustainability Accounting Standards Board (SASB).
We also discussed that there is no single “right-way” to design an ESG program. In fact, that is part of the fun of assuming a leadership position within ESG. You get to help define and carve your organization’s path and it allows for creativity and collaboration across organizations. We noted that an organization’s ESG programs maturity levels can vary by size and type of organization. In areas where there are tighter regulatory requirements on climate-related issues like manufacturing, programs are likely to be more mature while consulting firms may not have advanced climate programs. Progressive organizations that are concerned with reputational risk may have strong social programs. And we talked about how it is so important to document what you are already doing to get credit for it with your stakeholders, rather than scrambling to figure out everything. To recap, ESG principles are fundamentally changing how organizations think and respond to the world around them and it’s a critical factor for success to learn how to navigate the complexities while building out a risk and resiliency program.
Recommendations on how to get started defining an ESG program
1. Understand what is important to your stakeholders
Any ESG reporting effort should answer the questions “who is going to use this information” and “what will it be used for.” As such, your analysis of what is material to your organization should take into consideration the needs of investors, customers, suppliers, and employees. The ESG movement can have far reaching impacts when tied to corporate mission, vision, and value statements and leaders are recognizing this by expanding on programs tied to the S column – “In my view the successful companies of the future will be those that integrate business and employees’ personal values. The best people want to do work that contributes to society with a company whose values they share, where their actions count and their views matter .” Jeroen van der Veer, Committee of Managing Directors (Shell).
Once you have worked through what is important, it is time to choose your frameworks. Considerations to include when selecting metrics can include benchmarking against your peer organizations and your investors’ requirements. This process will enable your organization to report in a manner which is easily digestible by your core stakeholders.
2. Set your strategy: harness your strengths and develop your program based on material risks
ESG programs can feel overwhelming because they are so expansive. As such, organizations that are just getting started should work to document processes, collect data based upon what they are already good at doing, and take into consideration threats and opportunities to your organization that can best inform your strategy. For example, many organizations already have governance programs or have strong Diversity, Equity, and Inclusion (DE&I) programs but are not defining metrics in a way that is meaningful for ESG reporting that their stakeholders consume. Leveraging metrics from ESG frameworks is an easy low-effort, high-value task to help improve your ability to communicate with stakeholders.
Another way to consider setting your strategy is to look for opportunities to flesh out where you have gaps. In general, climate risk has a huge impact on risk profiles and can disrupt the supply chain and impact our land and water. Organizations that have not previously considered climate change as a risk factor can start small by understanding their Carbon Footprint and take small steps to reduce it (i.e. business travel only when absolutely necessary, leveraging LEED-certified or other energy-efficient buildings for office space, and working with SaaS providers that have sustainable energy practices).
3. Set goals, targets, and processes for measurement
When defining an ESG strategy, setting quantitative goals and targets can help you measure your success. If your organization wants to align to best practices, the UN SDG Compass, a business resource for achieving the SDGs, recommends that sustainability goals be linked to baseline and target dates. Measure KPIs by a point in time (e.g., increase the number of ESG compliant suppliers by 50% by 2030). Measure KPIs by a defined period of time (e.g., decrease C02 emissions by 15% by 2030). Areas to look for metrics are some of the more prescriptive frameworks like the SASB or GRI. For example, with increasing scrutiny on diversity in organizations’ leadership, GRI seeks to measure the percentage of employees per category (ELT, Managers, Personnel) by age group, gender group, and other indicators of ethnicity (GRI 405-1b). Once you understand your organizations’ data in response to the measurement you can then set goals to improve over time.
4. Anticipate that ESG reporting will become mandatory
At this point, all of the aforementioned frameworks are voluntary. Voluntary disclosure is a good thing for climate change but it often raises questions about the accuracy of the data reported. While various non-governmental organizations and companies are moving toward standard reporting methodology, many governments are considering adding or have already added legislation that covers practices related to sustainable investing and reporting. This will further increase the scrutiny placed upon what information companies are disclosing to the public about their practices and add to a growing list of compliance requirements. For example, as investor demand for climate and other environmental, social, and governance (ESG) information soars, the SEC is anticipated to provide rules related to disclosure.
5. Leverage Fusion technology to manage data quality, integrity, and accuracy in reporting
Whatever ESG framework and metrics you choose to define your program, the reliability of your reporting is dependent on how you collect, manage, and measure your data. ESG reporting is generally the outcome of any program and is a mechanism to drive trust with consumers and that the underlying programs support and enhance existing governance structures. Consumer and investor trust help to drive better outcomes for corporate reputations and market performance (ECI).
6. Sense, prevent, prepare, test, respond and learn from ESG risks and disruption over time
With the increasing focus on organizations’ ability to respond to change, there has been a shift from reactive risk management to defining a risk and resiliency strategy that is actively monitoring the environment in which organizations operate and responding to changes as they arise.
Risk and resilience teams are already using technology to address ESG-related concerns, and sometimes it may be more about repackaging things you are already doing. Here are some common ways teams are employing technology to manage climate, social, and governance risks and disruption:
Risk sensing, registers, and controls
The foundation of this process is having strong internal controls related to the collection of your ESG data, akin to your compliance and risk management controls. Climate, social, and governance risks can be cataloged in Fusion, their impact measured, and controls set.
Third-party assessment and collaboration
Companies can assess their suppliers and third parties against regulatory and organizational benchmarks surrounding ESG. Fusion can help you take a proactive approach by providing real-time insight into climate, social, or governance risk; practice vendor risk management as a natural extension of your crisis and incident response; leverage key indicators to continuously track the most important risk and performance metrics; surface key ESG risk metrics for the vendors which are most critical to your operational landscape
Scenario testing and incident management
Teams have been leveraging incident management to direct teams’ response to climate, political and social, and other events. This technology can help you plan and prepare for disasters that may be looming on the horizon and enable to still serve your customers.
Stay tuned, as there will be more to come on active and pending ESG mandates as the situation develops.