Some companies look at the main areas of ESG and think they have nothing to do because they have managed those areas for many years. In some cases, that may be correct: well-run companies may have addressed many of the underlying topics of ESG for some time. Although they may not have labelled these initiatives ‘ESG’, they have been managing the underlying risks. This is seen when companies have, for example, established environmental management systems, health and safety systems and information security management systems according to ISO standards. These systems were never built with ESG in mind, but were built to manage risks around key areas and according to international standards.
Companies are now starting to tackle ESG areas and sustainability, and are analysing key risk areas across the ESG spectrum. Leaders of ESG initiatives need to research their companies’ expectations and reporting obligations and work out their current status. It is common for ESG leaders to identify that they already have advanced programmes in place to manage some of the risk areas covered by ESG (e.g. environmental, health and safety, anti-corruption) and are receiving some pushback from existing programme owners who are responding with ‘We have nothing to do here because we have been doing this for many years’.
While there is certainly some basis to make that comment, it is not quite correct that there is nothing to do. If a company has been operating a certified ISO management system there is certainly less to do, but there will still be some work to be done. For companies running uncertified programmes or programmes that are not built according to a standard (like a typical whistleblower, anti-corruption, human rights or workplace programme), there is definitely a lot more to do. The rigour of a certified ISO management system will be more ready to be adapted to meet ESG requirements than a programme that is neither certified nor run according to a standard.
When applying an ESG perspective across an existing programme, some common issues arise that need to be rectified before the programme can be validly included as part of the ESG programme.
What are the common issues when considering a certified programme with an ESG lens?
Looking at a certified programme with an ESG lens can sometimes highlight that the programme:
- lacks clear and precise objectives and useful reporting against those objectives
- rarely considers a broader set of stakeholders, especially those outside the company that may be relevant from an ESG perspective
- has been written and developed internally for an internal audience with not enough consideration given to outside factors
- is focused on legal compliance and not on broader values, integrity and non-legally required policy (which are important elements of an ESG-driven programme)
- is confidential, with contents that cannot be seen by an outside party, which may not work in an external-reporting ESG world.
What are the common issues when considering uncertified programmes or programmes built without reference to a standard with an ESG lens?
Applying an ESG lens to an uncertified programme or programme that has been built on best practices rather than according to a standard can highlight that:
- the ‘programme’ is actually just a collection of unmanaged policies masquerading as a programme
- the programme is untested and has not been audited or verified, so it has generated few (if any) data points or observations, has little or no documented objectives, and is not connected to any business objective
- reporting is overly simplistic, with a lack of data to identify whether the programme is functioning as intended
- reporting comes in the form of a simple one-paragraph report that identifies the number of issues reported, people trained or investigations completed without any trending, root-cause analyses, predictive analyses or anything that would indicate that the programme is performing according to its (often unstated) objectives.
At Speeki, we encourage all of our clients to look at their existing programmes again and determine whether they are ready to be incorporated as part of a comprehensive ESG programme. We suggest looking at each existing programme through an ESG lens and determining how to modify and improve it to be suitable for ESG initiatives.
Speeki’s top six areas to focus on when considering existing programmes with an ESG lens
Most programmes – even those that have been prepared according to a standard – have failed to consider the expanded set of stakeholders that would be applicable to ESG. These stakeholders include both internal and external groups, and there is a broader list of ESG stakeholders that includes the community, the planet, customers and even ratings services like Google and social media. While not broadly considered part of a typical programme, the public has a very big stake in any ESG programme. A company will be reviewed, rated and assessed by the public on everything it does, often with little or no input from the company itself. It is important to think through who, where and what groups will be doing this and include them as part of a stakeholder assessment.
2. Roles and responsibilities
When looking at a programme from an ESG perspective, it is important to include the ESG leadership as a programme participant. ESG leaders can assist in packaging the programme to meet the ESG requirements and take ownership of some of the external stakeholder reporting elements. They have some important datasets that they need to ensure are being developed by the programmes, and they are important for identifying any gaps in what is currently being measured.
3. Incident reporting
Most programmes, whether health and safety or anti-corruption programmes, have access to an incident reporting system to report misconduct or potential failures or problems. Most of these systems use older technology that lacks modern features. Some companies are still relying on emails and phone calls and are not app-ready or mobile-ready, and do not support anonymous reporting or reporting in other languages. There has been a large improvement in technology, so these systems are now capable of receiving reports, conducting triage and conducting investigations. The management of incidents is very important to ESG as it is a key reporting element under various reporting standards. Moreover, information about previous incidents can be utilised in more detailed predictive monitoring solutions that can start to produce better predictions of potential issues.
4. Awareness, communications and training
As ESG considerations are applied to existing programmes and more stakeholders are added (many of whom might be external), the awareness, communication and training initiatives of these programmes will need to be revisited. Much will need to be done around stakeholder awareness and training and the corresponding reporting.
5. Monitoring and measuring
The ESG team will need to assess the current monitoring and measuring of the programmes that are in place to see if they are measuring the right areas and generating the right data that needs to be reported to stakeholders or as part of an external filing. The monitoring completed under many programmes is more focused on failures than on trends or the performance of the system itself. Much can be done to look at dashboards and broader trending analysis through better data management. These elements are what ESG professionals will need to report on.
6. Enhanced reporting and government filings
Most of the current programmes run by companies are internal-focused, rarely reporting to the company at large or externally. The ESG world requires much broader reporting, and government filings will likely be required as part of new reporting standards. While the ESG team will be very helpful in this area, much of the data will need to be generated by the programme itself. A lot of work will need to be done to marry the current reporting with a broader audience of stakeholders who are interested in ESG. This may involve deep analysis of privilege, legal, privacy and competitive issues to determine how much data can be released.
Several companies have existing programmes built over the last 20 years. While many of these are world-class and were built according to standards and certified by accredited certification bodies, some rework will need to be done to build in ESG areas for those programmes to be included as ESG initiatives. This advice is equally appropriate for those companies that have no programmes at all and are new to building programmes to manage key ESG risks. Engage with content owners and programme owners to build a programme that manages risk and maximises its value for ESG purposes.