The Abbreviation-
ESG ("Environmental, Social, and Governance") refers to the new requirements in the field of social responsibility and environmental sustainability. ESG is a de facto assessment of the collective responsibility of a company in the area of social and environmental factors. Like we have a credit score for individuals similarly ESG is business´s social credit score.
ESG is divided into three basic parts,
E – Environment. Evaluation criteria targeted at environmental topics, for example, what resources are drawn – use of raw materials, emissions, level of innovation. Society's impact on the environment
S – Social. A criterion focusing on the evaluation of the degree of social responsibility of a given company. These criteria include, for example, the evaluation of working conditions, how the company approaches respect for human rights, the impact of the company's production on society.
G – Governance. A criterion targeting the way the company is managed, emphasizing internal controls and procedures (usually set by various standards, i.e. ISO and their implementation), supplier responsibilities and the management of the company as such.
Practical Implications for Organizations-
The goal of ESG is to capture all the non-financial risks and opportunities inherent to a company's day to day activities. ESG would soon become a factor for the investors to decide if they should invest in your business. Financial institutions, investors, business partners and other stakeholders and the public rightly view ESG as a potential risk for firms that do not adequately articulate these standards, or even do not comply with them.
How would GRC help with ESG?
Like any new compliance which is complex and left for implementing organizations to figure out, different organizations would look at only one dimension to meet the requirements and miss out on looking at the big picture. With GRC, the goal is to always look at the big picture and not work in silos.
The way GRC sits in the organization strategy, it is the perfect component to help you derive all the information you need from different teams who already have information about not only governance but also the environmental impact and the social impact. This is where the OCEGs Capability Model will work as the binding factor to bring all the information together to generate you ESG report.
The 4 components of Learn, Align, perform and review
LEARN. Here we clearly understand both the internal and external ESG context of the organization. The external context includes what is expected of the organization from stakeholders, regulators, customers, and other influencer groups for ESG. The internal context looks at what executives and employees are doing and expects and the processes, transactions, and relationships of the organization. Learn then takes a close look at the organization’s culture and how it aligns with ESG, and how it may need to adapt. Finally, it identifies and documents stakeholders that are part of the ESG program and reporting requirements and relationships.
ALIGN. Next, we have to align the organization to work together as an ESG team and clearly detail the ESG objectives, risks, and controls. This starts with direction in providing an established ESG working group/committee led by someone with authority to deliver on ESG and GRC. The overall objectives of ESG are documented, and the process begins to identify the supporting objectives and related risks in ESG. These objectives and risks are assessed for uncertainty and conformance to requirements, and an overall program is designed with appropriate policies, processes, monitoring, issue reporting, and assurance.
PERFORM. This then moves us to perform. Once we have the ESG/GRC process designed, it needs to become operational. This starts with clearly defined ESG related controls and policies to be implemented across the extended enterprise. From here, various groups need to be communicated and educated on their role and responsibilities in ESG. There should be clearly established incentives for achieving objectives while providing an appropriate response to issues and failures. The organization should have established processes for reporting issues, assessing ESG/GRC, reporting, and responding to issues that arise.
REVIEW. From here, we move to the review component, the continuous improvement, and assurance. This involves ongoing monitoring and reporting on ESG to various stakeholder groups. Audit provides a critical role in providing assurance on ESG objectives, risks, and related processes, policies, and controls. And the organization looks for ways to continuously improve ESG in the organization’s context and its broader objectives and operations.
