GRC 2020’s key tips for ESG reporting in 2022
IsoMetrix is running a weekly series of articles supplied by GRC analyst and pundit, Michael Rasmussen. The articles are focused on Environment, Health and Safety (EHS) and Environmental, Social and Governance (ESG), and contain valuable insights for any organization involved within a risk-oriented environment. This is the first article in the series.
ESG – Environmental, Social, Governance – received a lot of attention in 2021. Organizations across industries and around the world have had to respond to investor, stakeholder, regulator, customer, employee, and activist demands to address ESG. The pressure is on, organizations are being held accountable and it is now time for the organization to build a strategic ESG plan for reporting in 2022.
In 2021 we saw a lot of discussions and growing regulatory and investor pressure on ESG. This caused organizations, starting with the board and senior executives, to determine what ESG means in their context and put it on the organization agenda from the board-level down into operations. This next year, 2022, will move ESG programs in their maturity as organizations move from thinking about ESG and how to approach it to executing on ESG in the context of ongoing organization strategy and operations.
GRC 20/20 has four key tips to implementing ongoing and sustainable ESG reporting in 2022, these are:
1. ESG Strategic Plan. It starts with the ESG strategic plan. You cannot report on what is not defined. The organization must have clear accountability with a central head responsible for ESG reporting in the enterprise. However, ESG is a distributed effort as well. While it needs centralized oversight it also needs federated collaboration and engagement across departments that each play a part in ESG, as ESG involves a breadth of areas. This requires that there be a clear charter for a cross-department ESG committee that is responsible for the overall ESG processes and reporting across these functions and roles.
2. ESG Reporting Processes. Organizations then need defined processes with workflow and tasks on what ESG metrics and information are to be gathered, when and how often they are to be gathered, and what reporting is to be delivered and to who internally and externally to the organization it is to be delivered to. This starts with identifying ESG related risks and metrics needed for ESG reporting, identifying where and how this information is to be collected, and assigning scheduled responsibilities to gather this information and compile it for reporting. From there reports are reviewed, refined, and delivered to the appropriate stakeholders within and without the organization.
3. ESG Information Architecture. To deliver on ESG reporting requires a robust ESG information architecture that breaks out and defines the detail needed for each area of ESG across environmental, social, and governance risks and obligations. The organization should establish clear and actionable ESG key performance indicators (KPIs) and key risk indicators (KRIs) for each element of ESG reporting for ongoing and continuous monitoring. Each ESG domain/risk area should have clearly defined owners and subject matter experts.
4. ESG Technology Architecture. The ESG strategic plan, processes, and information architecture are automated with a robust ESG technology architecture that ensures that ESG reporting is done on time with accuracy. Technology makes ESG reporting more efficient (time saved and money saved), effective (accurate, less things slipping through cracks, thorough), and agile (keeping up with business and regulatory change to ensure ESG reporting is relevant in a changing business). Technology ensures structures of ESG reporting accountability and responsibility through defined workflow and tasks, so things do not get missed. It automates the reporting process by removing the hundreds of hours spent in manual ESG reporting in reconciling and aggerating information in mountains of documents, spreadsheets, and emails.
The writing is on the wall. In 2022, organizations need to move to scrambling to figure ESG reporting out to defining their structured and sustainable ESG strategy and processes that is supported and delivered through a robust ESG information and technology architecture.
About Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.