ESG Reporting: The Definitive Guide

Environmental, Social, Governance – ESG – reporting has risen to the top of the corporate priority list at dramatic speed.

Employees, investors, customers, regulators, and other stakeholders are increasingly holding companies accountable for their ESG practices like those relating to climate change and social equality. At the same time, a rapidly evolving regulatory and legislative landscape is upping the stakes to proactively manage these risks and be more transparent through ESG reporting and disclosures.

While ESG discussions to date have largely been confined to the boardroom, that’s changing. Heightened interest means heightened risks – so companies need to treat ESG reporting like the integrated effort that it is. Failure to act may result in significant financial or reputational damage.

Here’s what risk and compliance leaders should know now about ESG to prepare for what could get handed down from above.

What is ESG?

ESG stands for Environmental, Social, and Governance. While each of the three disciplines has its own set of standards and practices, together they indicate an organization’s dedication to achieving the greater good.

Many elements of ESG have long been part of various corporate initiatives. But managing a broad spectrum of environmental, social, and governance issues under one ESG umbrella is relatively new – and is fast becoming an integral part of doing business.

The trick now is to pull that information together from wherever it currently resides into a cohesive ESG narrative – a task that could be relatively easy if you have integrated technology or insurmountably difficult if you don’t.

Today’s ESG programs look at business practices across the enterprise to ensure that what the business says it’s doing is aligned with what the business actually does. Climate-change initiatives are often the most visible ESG-related program, but there are other important components to consider within each discipline.

ESG global icon


Environmental criteria focus on the company’s impact on the planet. In addition to climate-change initiatives, this category includes energy usage, pollution outputs, water management, and other environmental impacts.

ESG Social icon


The social element of ESG focuses on the way the company treats people. It includes the relationships that organizations have with their workforces, the societies in which they operate, and the current political atmosphere, including diversity, equity and inclusion, health and safety, labor management, data privacy, and community relations.

ESG Governance Icon


The governance portion refers to a set of organizational practices, controls, and procedures used to make effective decisions, remain compliant, and meet stakeholder demands, including fraud, anti-bribery and corruption, security, financial performance, business ethics, and internal audit, as well as executive leadership and pay.

Why Address ESG Today?

While there are obvious benefits to prioritizing corporate integrity and employee well-being, ESG activities also pose serious risks to a company’s brand, market position, customer relations, recruiting ability, and culture. Whether your company is private or public, the potential cost of inaction is simply too great to ignore.

of respondents in Deloitte’s Global Risk Management Survey named ESG as one of the three risk types that will increase the most in importance for their institutions over the next two years.
of respondents considered their institutions to be extremely or very effective at managing ESG risk.
of respondents said it will be an extremely or very high priority for their institutions to improve their ability to manage ESG risk.

Compliance RiskCompliance Risk

Most ESG reporting is voluntary – at least so far. While some companies do disclose information about climate risks, for instance, there is no global standard for how those risks are measured or reported. As a result, the facts can be inconsistent, subjective, and difficult to compare between companies.

International independent standards organization, Global Reporting Initiative, provides some reporting guidance on ESG issues, as does the Value Reporting Foundation. These organizations, however, have their own agendas, and companies are left to decide what works best for their stakeholders.

Meantime, Germany has taken a stand with its corporate due diligence act that requires companies to identify supply-chain risks associated with human-rights violations and environmental destruction and to establish an effective system for managing those risks. Could this be the start of a watershed event for ESG reporting standards – similar to what GDPR did for data privacy?

Stateside, the Securities and Exchange Commission is currently formulating a proposal to require public companies to disclose climate change-related risks to investors in regulatory filings like annual reports.

While regulation of some sort appears to be moving ever closer, what form that will eventually take remains to be seen. This is not to say, however, that the compliance function should sit back and wait for detailed requirements to shake out.

Compliance is, after all, primarily a governance function and much can be done right now to add structure and controls to help establish consistent, repeatable processes for handling and reporting crucial ESG data. Compliance departments can develop procedures for third-party verification and identify other potential risks, such as gaps in what is reported. Without a strong governance mechanism in place, your ESG efforts are likely to fall short.

Reputational RiskReputational Risk

More and more consumers and other stakeholders are holding companies accountable for being environmentally, socially, and fiscally responsible. And they’re putting their money where their mouths are.

Indeed, 64% of consumers surveyed said they choose, switch, avoid, or boycott brands based on their stance on societal issues.

Making ESG-related promises and failing to deliver, however, could be worse in the long run than not taking a stand at all. Disappointed stakeholders can lead to reduced sales, lower employee morale, and difficulties accessing capital. And once the damage is done, your reputation can be extremely difficult to restore.

Talent RiskTalent Risk

ESG performance is becoming an increasingly important factor in attracting and retaining talent – especially younger talent. Gen Z and younger millennials are demanding diversity, equity, and inclusion in their workplaces and from their leaders. They want jobs that are compatible with their values and want their employers to be good corporate citizens. Nearly 40% of millennials have accepted one job over another because that company was seen as more environmentally sustainable.

Companies that demonstrate commitment to ESG also are more likely to have higher employee engagement. Organizations with highly satisfied employees score significantly higher on ESG scores than the global average. Research has consistently shown that satisfied employees work harder, stay longer, and produce better results for the organization. And that’s especially valuable in a tight labor market.

Financial RiskFinancial Risk

The financial risks associated with ESG have a number of facets. Reputational damage and noncompliance both can have financial consequences for organizations. Beyond that, ESG has become a nascent factor in corporate valuations, ratings, and access to capital.

Capital allocators are backing companies that can prove action on sustainability issues, such as inequality, public health, and climate change – all of which can also pose significant liabilities. The financial markets, in turn, are rushing to address heightened interest in ESG with sustainable investment opportunities.

The Global Sustainable Investment Alliance reports that global sustainable investments have reached US$35.3 trillion in assets under management. That represents 36% of all professionally managed assets across the US, Canada, Japan, Australasia, and Europe – that’s up 15% in just two years.

In addition, a growing number of banks have committed to align their lending and investment portfolios with net-zero emissions by 2050. The Net-Zero Banking Alliance currently includes 55 banks from 28 countries with over $37 trillion in assets – that’s almost a quarter of global banking assets.

Among asset owners recently surveyed, 80% said they are actively integrating sustainable investing because of increased constituent demand, perceived potential for attractive financial performance, and evolving regulations that are driving greater disclosure on ESG factors. And in fact, incorporating ESG – with its improved risk management, governance, and oversight – into an investment strategy does appear to be good for business. Sustainable funds delivered better financial performance with above-market returns, while reducing volatility.

As more investors align their portfolios with net-zero targets, companies will face mounting pressure to adopt credible plans and improve disclosures of ESG risks. But beware of falling to the temptation of easy money by rebranding older offerings as green. If this new label is simply greenwashing, the rebranding could backfire.

How to Report on ESGHow to Report on ESG

While demand for ESG-related information is high, the ability to meet those demands can be a challenge. Nonexistent ESG reporting standards often leaves companies struggling to decide just how far they should go.

The good news is that many of the metrics that fall under the ESG umbrella might already exist within your organization – although they might not be labeled as “ESG.” One department might collect data on, for instance, carbon audits or water usage for separate purposes. Another department might track employee wellness initiatives or the number of minority directors. Knowing what data exists, where it is located, and who owns it can be one of the most difficult parts of ESG reporting.

Companies that use integrated risk management technology to collect all risk-related information in one place definitely have an advantage. Existing data is easy to find and ready to be pulled into a report.

If data is collected in a variety of disparate systems – like spreadsheets – however, locating, consolidating, and building ESG reports will be much more challenging. And the more extensive your ESG reporting needs, the more challenging it will be to keep up.

Either way, though, you first must decide what information to report on. The metrics you choose to disclose should clearly align with the values and purpose of your organization. While it may be tempting, don’t simply pick the metrics most favorable to you. What you choose to report on not only reflects your commitment to ESG principles, it demonstrates your dedication to improvement.

Here’s a checklist to guide your ESG reporting efforts:

  1. Why are you reporting on ESG? Companies decide to report on ESG for a variety of reasons. Some organizations share ESG metrics because they truly believe in ESG concepts. Doing the right thing is part of their culture and sharing that message is important. Other organizations want to influence stakeholders by showing that their ESG strategy drives value. Still others want to do just enough to satisfy stakeholder expectations and mandatory reporting requirements. How you answer this question will dictate your ESG reporting strategy.

What is the primary driver behind
adopting effective ESG controls?

35% Better reputation
24% Increase in company valuation
17% Moral obligation
  1. Who are your priority stakeholders what ESG information do they want? HR, employees, shareholders, creditors, customers, the board, and more all can be valid stakeholders. But you can’t be all things to all people. Focus on those who matter most with your ESG reporting.

  2. What information do you want to disclose? Don’t just report on what’s easiest to calculate. Report on ESG-related information that best aligns with your organization’s values and strategy, as well as with industry touchpoints. And be sure your ESG claims can withstand scrutiny. Public declarations are subject to audit and fact checking by stakeholders – including investors, employees, and regulators.

More than half of S&P 500
companies had some form of assurance or verification over ESG metrics.

  1. What information do you have? And what do you want to start tracking? Establish a controlled ESG reporting process and clearly define who is responsible for providing the data. This could be different departments, divisions – or even third-party suppliers.

  1. What ESG framework(s) do you want to use? No one framework currently offers a truly comprehensive overview of ESG reporting. As a result, many companies choose to partially adopt multiple frameworks to guide their disclosures.

  2. How will you manage ESG reporting on an ongoing basis? Standardized policies, procedures, controls and governance are crucial for effectively managing ESG reporting. Establish a clear process, and determine board oversight. And be prepared to evaluate and update as needed.

Most Popular ESG Frameworks

33% Global Reporting Initiative (GRI)
32% Sustainable Accounting Standards Board (SASB)
25% Task Force for Climate-related Financial Disclosures (TCFD)
  1. Do you have the technology to efficiently gather the information? Once you decide what information to report, you need to figure out how to accurately and effectively collect, analyze, and report that information related to ESG factors. And given the breadth of ESG data – and the market’s desire for investor-grade data – this can be extraordinarily complex. Can your existing tools handle new requirements – or would it be worth investing in an integrated solution to streamline and automate the reporting process?

  2. How will you maintain ESG reporting consistency year over year? Using the same methodology year after year adds consistency and credibility to the information you’re reporting. Including prior year information also demonstrates your commitment to the truth, and that you won’t manipulate or mislead by just showing whatever information is currently most positive.

  3. Is the information you are reporting comparable to your peers? Providing similar metrics helps stakeholders compare results between companies and make informed decisions. This also can provide additional assurance that you aren’t cherry-picking favorable metrics.

  4. How frequently do you want to report on ESG metrics? The most common place to disclose ESG information is in the company’s annual report. Will your stakeholders consider a once-per-year update sufficient – or will they demand more?

At the Tipping Point

Attitudes toward environmental, social, and governance issues are markedly different now than five years ago – or even one year ago. Expectations continue to build for businesses to address some of the core issues that contribute to societal health and to act ethically and responsibly in ways that support the broader objectives of the community.

Stakeholders are demanding transparency and accountability around ESG metrics, goals, and progress – and are not afraid to loudly question the accuracy or reliability of the disclosures provided.

To date, most ESG reporting is voluntary. However, with climate change, sustainability, and other ESG concerns gaining traction with governments, regulators, investors, and other stakeholders, regulated ESG reporting is all but inevitable.

But don’t wait for regulatory requirements to be ironed out or a seminal societal event to happen to force you into action. Now is the time to benchmark where you are on ESG matters and prioritize your response to global sustainability regulations. By voluntarily reporting on ESG, you send a signal to stakeholders that you are aware of these issues, have a plan to mitigate the risks, and are committed to making improvements.

In a recent Riskonnect/OCEG webinar poll, participants described the current state of their ESG programs as:

39%    We are working on it.

23%    We just started.

18%    I’m not sure.

14%    We haven’t started yet.

5%      What is ESG?

To be effectively surfaced and addressed, ESG matters can no longer remain in their own silos. An ESG mindset must be embedded into an organization’s entire operations and strategy. These issues are not going away – so put in the integrated systems, processes, and controls to smooth your ability to report timely and credible ESG information.

Despite the challenges, ESG reporting is already sparking positive change at all levels. And the momentum is building.

Learn more about Riskonnect’s ESG software solution