Many companies are coming to terms with new reporting requirements that span several ESG areas.
Over 50 countries now require some form of ESG reporting by companies, so there is naturally a hive of activity among companies learning the new reporting standards.
The challenge most companies are encountering is that these reporting standards require a large amount of data that the companies just don’t have, because they have not invested in adequate programmes to manage the key issues being raised in the reporting standards. This could have been because they never got around to it, or they were managing simpler programmes that relied on policies and some basic procedures.
Using financial reporting as an example, imagine you are being asked to report material from your financials as part of regulatory filings, corporate registry requirements or even to tax authorities, but you only have a finance policy with some basic spreadsheets. You have no financial IT system, accounting technology, finance and accounting programmes or people, and the accounting and financial systems lack clear ownership and accountability. You don’t even have a reliable way to produce your accounts.
At Speeki, we worked out many years ago that reporting key financial and accounting data required a solid accounting and financial system, and that system had to be created and managed following a best practice standard. These were the most basic things you needed to have in order to be able to report out key data on your financials. Having a finance policy alone is pretty useless without all the other essential elements of a programme and system.
What is clear in this new area of ESG is that, even when combined with some basic procedures, a policy is useless when it comes to generating sufficient data and guidance to report useful information. Companies are now coming to the realisation that they have not invested in programme development across key areas or built and developed initiatives to generate the data that needs to be reported. What’s more, the reporting standards are looking at trends and multi-year analyses of data, not a ‘point-in-time snapshot’. Data needs to be tracked over time and developed into detailed dashboards to be effective and understandable.
If you are in this situation, then you need to focus on developing programmes on at least the key areas identified in your materiality assessment. The priority should be on those material areas, and then on the areas that are not material but are still important to your company. There is a lot to do, but there are some easy wins that you can implement.
There has never been a better time to consider how the already existing ISO management system standards can help you. The standards (and their simpler guidelines) are step-by-step guides that are almost identical in their structure and format. They cover key topics that can be built as an ‘integrated’ management system, meaning one system but with multiple areas, standards and guidelines being addressed. There is absolutely no point in going it alone or creating things based on best practices when all the hard work has been done for you and all you need to do is implement. Every country and any number of laws, internal policies, procedures and rules can be incorporated into your management system. Because management systems are risk-based and totally specific to your company and its scope of operations, they can be perfectly customised.
If you effectively implement management systems that follow ISO standards, you can almost guarantee that you will have more than enough data to enable you to comply with any ESG reporting requirement.
The below covers the most relevant standards and guidelines, broken up into environmental, social and governance. While there are many more standards, these will get you started.
- ISO 14001:2015 – Environmental management systems – Requirements and guidance for use
- This standard helps organisations improve their environmental performance by setting goals, identifying and controlling environmental impacts, and continually improving their environmental management system.
- ISO 50001:2018 – Energy management systems – Requirements and guidance for use
- This standard helps organisations improve their energy performance by setting goals, identifying and controlling energy use, and continually improving an energy management system.
- ISO 45001:2018 – Occupational health and safety management systems– Requirements
- This standard helps organisations reduce workplace accidents and injuries by setting goals, identifying and controlling hazards, and continually improving their occupational health and safety management system.
- ISO/IEC 27001:2022 – Information security management systems –Requirements
- This standard helps organisations protect their information assets from unauthorised access, use, disclosure, disruption, modification or destruction.
- ISO 37301:2021 – Compliance management systems – Requirements and guidance for use
- This standard helps manage multiple compliance areas across several topics in ESG, including human rights, modern-day slavery, privacy, the workplace, sanctions and other key risk areas.
- ISO37000: 2021 – Governance – Guidelines for managing corporate governance
- ISO 37001:2016 – Anti-bribery management systems – Requirements and guidance for use
- This standard helps organisations prevent and detect bribery by setting goals, identifying and controlling bribery risks, and continually improving their anti-bribery management systems.
- ISO 37002:2021 – Whistleblower guidelines to drive compliance and ESG reporting
These are just some of the many ISO management system standards that are available. The specific standard that is most appropriate for an organisation will depend on its industry, size and geographic location. However, the above will cover a significant amount of the ESG landscape. If you integrate all of these into one management system, the implementation time will significantly reduce. Each of these standards and guidelines will help you build risk-based programmes on key ESG topics and allow you to generate key data for ESG reporting.
Of course, the benefits simply aren’t just in gaining data to report. Implementing these might also help your company and its stakeholders and save the planet in the process.