E-BOOK

TAKING A STAND ON ESG

WHAT COMPANIES NEED TO KNOW ABOUT ENVIRONMENTAL,
SOCIAL, AND GOVERNANCE RISKS AND REPORTING
ESG – AT THE TIPPING POINT
Environmental, Social, Governance – ESG – reporting has risen to the top of the corporate priority list
at dramatic speed.

Employees, investors, customers, regulators, and other stakeholders are increasingly holding
companies accountable for their ESG practices like those relating to climate change and social
equality. At the same time, a rapidly evolving regulatory and legislative landscape is upping the stakes
to proactively manage these risks and be more transparent through ESG reporting.

While ESG discussions to date have largely been confined to the boardroom, that’s changing.
Heightened interest means heightened risks – so companies need to treat ESG reporting like the
integrated effort that it is. Failure to act may result in significant financial or reputational damage.

This e-book will explain what ESG is, what the risks are, and how to begin reporting so you can
prepare for what may be headed your way.

1
TABLE OF CONTENTS
What is ESG? 3

What Risks Are Associated with ESG? 5

How to Report on ESG 9

What Risk and Compliance Leaders Can Do Now to 13

Prepare for ESG Reporting

2
WHAT IS ESG?

ESG stands for Environmental, Social, and Governance. While each of the three disciplines has its own set of
standards and practices, together they indicate an organization’s dedication to achieving the greater good.

Many elements of ESG have long been part of various corporate initiatives. But managing a broad spectrum of
environmental, social, and governance issues under one ESG umbrella is relatively new – and is fast becoming an
integral part of doing business.

The trick now is to pull that information together

from wherever it currently resides into a cohesive
ESG narrative – a task that could be relatively
easy if you have integrated technology or
insurmountably difficult if you don’t.

Today’s ESG programs look at business

practices across the enterprise to ensure that
what the business says it’s doing is aligned with
what the business actually does. Climate-change
initiatives are often the most visible ESG-
related program, but there are other important
components to consider within each discipline.

3
ENVIRONMENTAL
Environmental criteria focus on the company’s impact on the planet. In addition to climate-change
initiatives, this category includes energy usage, pollution outputs, water management, and other
environmental impacts.

SOCIAL
The social element of ESG focuses on the way the company treats people. It includes the
relationships that organizations have with their workforces, the societies in which they operate, and
the current political atmosphere, including diversity, equity and inclusion, health and safety, labor
management, data privacy, and community relations.

GOVERNANCE
The governance portion refers to a set of organizational practices, controls, and procedures used to
make effective decisions, remain compliant, and meet stakeholder demands, including fraud, anti-
bribery and corruption, security, financial performance, business ethics, and internal audit, as well
as executive leadership and pay.

4
WHAT RISKS ARE ASSOCIATED WITH ESG?
While there are obvious benefits to prioritizing corporate integrity and employee well-being, ESG activities also pose
serious risks to a company’s brand, market position, customer relations, recruiting ability, and culture. Whether your
company is private or public, the potential cost of inaction is simply too great to ignore.

38% 33% 47%

of respondents in Deloitte’s Global
Risk Management Survey named
ESG as one of the three risk
types that will increase the most in
importance for their institutions over
the next two years.
of respondents considered their of respondents said it will be an
institutions to be extremely or very extremely or very high priority for
effective at managing ESG risk. their institutions to improve their
ability to manage ESG risk.

5
COMPLIANCE RISK
Most ESG reporting is voluntary – at least so far. While some companies do disclose information about climate risks,
for instance, there is no global standard for how those risks are measured or reported. As a result, the facts can be
inconsistent, subjective, and difficult to compare between companies.

International independent standards organization, Global Reporting Initiative, provides some reporting guidance on ESG
issues, as does the Value Reporting Foundation. These organizations, however, have their own agendas, and companies
are left to decide what works best for their stakeholders.

Meantime, Germany has taken a stand with its new corporate due diligence act that requires companies to identify
supply-chain risks associated with human-rights violations and environmental destruction and to establish an effective
system for managing those risks. Could this be the start of a watershed event for ESG reporting standards – similar to
what GDPR did for data privacy?

Stateside, the Securities and Exchange Commission is currently formulating a proposal to require public companies to
disclose climate change-related risks to investors in regulatory filings like annual reports.

While regulation of some sort appears to be moving ever closer, what form that will eventually take remains to be seen.
This is not to say, however, that the compliance function should sit back and wait for detailed requirements to shake out.

Compliance is, after all, primarily a governance function and much can be done right now to add structure and controls
to help establish consistent, repeatable processes for handling and reporting crucial ESG data. Compliance departments
can develop procedures for third-party verification and identify other potential risks, such as gaps in what is reported.
Without a strong governance mechanism in place, your ESG efforts are likely to fall short.

6
REPUTATIONAL RISK
More and more consumers and other stakeholders are holding companies accountable for being environmentally,
socially, and fiscally responsible. And they’re putting their money where their mouths are.

Indeed, 64% of consumers surveyed said they choose, switch, avoid, or boycott brands based on their stance on
societal issues.

Making ESG-related promises and failing to deliver, however, could be worse in the long run than not taking
a stand at all. Disappointed stakeholders can lead to reduced sales, lower employee morale, and difficulties
accessing capital. And once the damage is done, your reputation can be extremely difficult to restore.

TALENT RISK
ESG performance is becoming an increasingly important factor in attracting and retaining talent – especially
younger talent. Gen Z and younger millennials are demanding diversity, equity, and inclusion in their workplaces
and from their leaders. They want jobs that are compatible with their values and want their employers to be good
corporate citizens. Nearly 40% of millennials have accepted one job over another because that company was seen
as more environmentally sustainable.

Companies that demonstrate commitment to ESG also are more likely to have higher employee engagement.
Organizations with highly satisfied employees score significantly higher on ESG scores than the global average.
Research has consistently shown that satisfied employees work harder, stay longer, and produce better results for
the organization. And that’s especially valuable in a tight labor market.

7
FINANCIAL RISK
The financial risks associated with ESG have a number of facets. Reputational damage and noncompliance both
can have financial consequences for organizations. Beyond that, ESG has become a nascent factor in corporate
valuations, ratings, and access to capital.

Capital allocators are backing companies that can prove action on sustainability issues, such as inequality, public
health, and climate change – all of which can also pose significant liabilities. The financial markets, in turn, are
rushing to address heightened interest in ESG with sustainable investment opportunities.

The Global Sustainable Investment Alliance reports that global sustainable investments have reached US$35.3
trillion in assets under management. That represents 36% of all professionally managed assets across the US,
Canada, Japan, Australasia, and Europe – that’s up 15% in just two years.

In addition, a growing number of banks have committed to align their lending and investment portfolios with net-
zero emissions by 2050. The Net-Zero Banking Alliance currently includes 55 banks from 28 countries with over $37
trillion in assets – that’s almost a quarter of global banking assets.

Among asset owners recently surveyed, 80% said they are actively integrating sustainable investing because of
increased constituent demand, perceived potential for attractive financial performance, and evolving regulations
that are driving greater disclosure on ESG factors. And in fact, incorporating ESG into an investment strategy does
appear to be good for business. Sustainable funds delivered above-market returns, while reducing volatility.

As more investors align their portfolios with net-zero targets, companies will face mounting pressure to adopt
credible plans and improve disclosures of ESG risks. But beware of falling to the temptation of easy money by
rebranding older offerings as green. If this new label is simply greenwashing, the rebranding could backfire.

8
HOW TO REPORT ON ESG
While demand for ESG-related information is high, the ability to meet those demands can be a challenge.
Nonexistent ESG reporting standards often leaves companies struggling to decide just how far they should go.

The good news is that many of the metrics that fall under the ESG umbrella might already exist within your
organization – although they might not be labeled as “ESG.” One department might collect data on, for instance,
carbon audits or water usage for separate purposes. Another department might track employee wellness initiatives
or the number of minority directors. Knowing what data exists, where it is located, and who owns it can be one of
the most difficult parts of ESG reporting.

Companies that use integrated risk management technology to collect all risk-related information in one place
definitely have an advantage. Existing data is easy to find and ready to be pulled into a report.

If data is collected in a variety of disparate systems – like spreadsheets – however, locating, consolidating, and
building ESG reports will be much more challenging. And the more extensive your ESG reporting needs, the more
challenging it will be to keep up.

Either way, though, you first must decide what information to report on. The metrics you choose to disclose should
clearly align with the values and purpose of your organization. While it may be tempting, don’t simply pick the
metrics most favorable to you. What you choose to report on not only reflects your commitment to ESG principles,
it demonstrates your dedication to improvement.

9
Here’s a checklist to guide your ESG reporting efforts:
1. Why are you reporting on ESG?
Companies decide to report on ESG for a variety of
reasons. Some organizations share ESG metrics
because they truly believe in ESG concepts. Doing
the right thing is part of their culture and sharing
that message is important. Other organizations want
to influence stakeholders by showing that their ESG
strategy drives value. Still others want to do just enough
to satisfy stakeholder expectations and mandatory
reporting requirements. How you answer this question
will dictate your ESG reporting strategy.
WHAT IS THE PRIMARY DRIVER BEHIND
ADOPTING EFFECTIVE ESG CONTROLS?
35% 24% 17%
Better Increase in Moral obligation
reputation company valuation
2. Who are your priority stakeholders what ESG
information do they want?
HR, employees, shareholders, creditors, customers,
the board, and more all can be valid stakeholders. But
you can’t be all things to all people. Focus on those
who matter most with your ESG reporting.
3. What information do you want to disclose?
Don’t just report on what’s easiest to calculate.
Report on ESG-related information that best aligns
with your organization’s values and strategy, as well
as with industry touchpoints. And be sure your ESG
claims can withstand scrutiny. Public declarations are
subject to audit and fact checking by stakeholders –
including investors, employees, and regulators.
More than half of S&P 500 companies
had some form of assurance or
verification over ESG metrics.
10
4. What information do you have? 6. How will you manage ESG reporting on an
And what do you want to start tracking? Establish a ongoing basis?
controlled ESG reporting process and clearly define Standardized policies, procedures, controls and
who is responsible for providing the data. This could governance are crucial for effectively managing ESG
be different departments, divisions – or even third- reporting. Establish a clear process, and determine
party suppliers. board oversight. And be prepared to evaluate and
update as needed.

5. What ESG framework(s) do you want to use?

No one framework currently offers a truly comprehensive 7. Do you have the technology to efficiently gather
overview of ESG reporting. As a result, many companies the information?
choose to partially adopt multiple frameworks to guide Once you decide what information to report, you
their disclosures. need to figure out how to accurately and effectively
collect, analyze, and report that information. And given
the breadth of ESG data – and the market’s desire
MOST POPULAR ESG FRAMEWORKS for investor-grade data – this can be extraordinarily
complex. Can your existing tools handle new
33% 32% 25% requirements – or would it be worth investing in an
integrated solution to streamline and automate the
Global Reporting Sustainable Task Force for Climate-
Initiative (GRI) Accounting related Financial reporting process?
Standards Board Disclosures (TCFD)
(SASB)

11
8. How will you maintain ESG reporting
consistency year over year?
Using the same methodology year after year adds consistency
and credibility to the information you’re reporting. Including
prior year information also demonstrates your commitment
to the truth, and that you won’t manipulate or mislead by just
showing whatever information is currently most positive.
10. How frequently do you want to report on ESG
metrics?
The most common place to disclose ESG information is
in the company’s annual report. Will your stakeholders
consider a once-per-year update sufficient – or will
they demand more?

9. Is the information you are reporting comparable

to your peers?
Providing similar metrics helps stakeholders compare
results between companies and make informed
decisions. This also can provide additional assurance
that you aren’t cherry-picking favorable metrics.

12
WHAT RISK AND COMPLIANCE LEADERS CAN DO NOW TO
PREPARE FOR ESG REPORTING
Attitudes toward environmental, social, and governance issues are markedly different now than five years ago
– or even one year ago. Expectations continue to build for businesses to address some of the core issues that
contribute to societal health and to act ethically and responsibly in ways that support the broader objectives of the
community.

Stakeholders are demanding transparency and accountability around

ESG metrics, goals, and progress – and are not afraid to loudly
question the accuracy or reliability of the disclosures provided.

To date, most ESG reporting is voluntary. However, with climate

change, sustainability, and other ESG concerns gaining traction
with governments, regulators, investors, and other stakeholders,
regulated ESG reporting is all but inevitable.

But don’t wait for regulatory requirements to be ironed out or a

seminal societal event to happen to force you into action. Now is the time to benchmark where you are on ESG
matters and prioritize your response. By voluntarily reporting on ESG, you send a signal to stakeholders that you
are aware of these issues, have a plan to mitigate the risks, and are committed to making improvements.

13
 What is ESG?
We haven’t started yet.
5%
14%
In a recent Riskonnect/ 39%
OCEG webinar poll, 18% We are working on it.
participants described I’m not sure.

the current state of their 23%

We just started.
ESG programs as:

To be effectively surfaced and addressed, ESG matters can no longer remain in their own silos. An ESG mindset must
be embedded into an organization’s entire operations and strategy. These issues are not going away – so put in the
integrated systems, processes, and controls to smooth your ability to report timely and credible ESG information.

Despite the challenges, ESG reporting is already sparking positive change at all levels. And the momentum is building.

14
ABOUT RISKONNECT
Riskonnect is the leading integrated risk management software solution provider that empowers organizations
to anticipate, manage, and respond in real-time to strategic and operational risks across the extended enterprise.
Through its unique risk correlation technology, over 900 customers across six continents are benefitting from
actionable insights that have not been previously attainable to deliver better business outcomes.
To learn more, visit riskonnect.com.