In the last episode of GRC & Me, LogicGate CEO Matt Kunkel and GRC expert Michael Rasmussen discussed agility and resiliency and their importance to an organization's risk program. For part two of this series, Matt and Michael focus their conversation on integrity and its ties into ESG or Environmental, Social, and Governance.
ESG Is Not As Easy as 123
ESG is a broad concept that involves a lot of different and tricky pieces.According to Michael, many people get stuck on the E in ESG, thinking it's all about the environment. The environment is a critical pillar, but it's not the only one. The S or social aspect is complex and deals with child labor, forced labor, working hours, working conditions, and privacy. Under the G pillar, there is bribery and corruption, money laundering, internal controls, financial reporting, and IT security.
The E pillar is one of the big focuses right now. But E is also the most forgiving because we're all trying to figure out environmental impact and climate change as organizations. The E is very different from industry to industry. An environmental program for a bank looks very different from an environmental program for a petroleum company. There are too many E variances across sectors.
While the G pillar has the least variance across industries and is less forgiving, its elements are shared with all organizations in the form of rules, regulations, laws, and more.
The S pillar is the most unforgiving of all. Suppose you're having diversity, harassment, discrimination, child labor, or slavery issues that are trending on social media or the front page of The Wall Street Journal. In that case, those things are the hardest to recover from. According to Michael, people are the harshest in judging organizations regarding issues on the social pillar.
Some of the most outstanding reputation and brand exposure come about via ESG initiatives for companies. The challenge is that corporate social responsibility used to be just a bit of reporting and not much else. Usually, it landed on marketing's lap and became a branding exercise. Nowadays, the ESG that needs to be practiced is very different. It's got many teeth and requires accountability. So, how can organizations report on and show the results of their ESG programs?
You Can't Do ESG Without GRC
As Michael shares, “The challenge is that ESG is a lot about reporting. You have the GRI, the Global Reporting Initiative, the SASB, the Sustainability Accounting Standards Board, and all these different frameworks for reporting that give you guidance on what should be in the reports but don’t tell you how to manage ESG on an ongoing day-by-day basis.”
The answer is that you need the GRC processes to perform the ESG output. In ESG, reporting and communications take center stage. In contrast, GRC collects and provides assessments, identifies ESG related risks, and delivers the information architecture to feed into that ESG reporting.
To be successful, you need efficient processes and an agile GRC program to create and run ESG outputs, i.e., the reports you need to bring to different regulatory bodies or governance bodies.
To hear what Michael and Matt think is the biggest challenge in ESG check out the full podcast episode here: