Gartner has named ESG as one of its Top 12 Audit Plan Hot Spots for 2023. That trend is expected to continue as many new ESG regulations take effect in 2024. With this global spotlight, organizations must adjust to develop compliant ESG strategies for the future.
This IDC Spotlight, sponsored by AuditBoard, The Coming ESG Reporting Imperative, educates leaders involved in ESG program management on implementing purpose-built ESG reporting. Download the full guide here, and continue reading below for an overview of best reporting practices, how technology can support those reports, and how AuditBoard’s solutions impact ESG management.
Best Practices for ESG Reporting
The new era of compliance-driven ESG reporting will have similar outcomes to the effects of SOX on financial reporting. Just as SOX compliance improved the accuracy, transparency, and completeness of financial reporting, ESG compliance will have a similar outcome for nonfinancial disclosure of environmental and social sustainability performance. To achieve the task of developing investor-grade, assured ESG disclosures, organizations should follow several best practices, including:
- Lay the groundwork. To develop rigorous ESG reporting, organizations must begin with sound governance. By establishing policy and practices for strategic ESG reporting, organizations can efficiently apply resources to achieve maximum effectiveness.
- Source the data. Lack of trustworthy data is a significant impediment in developing sound ESG strategy and will affect organizations’ ability to achieve compliance with reporting requirements. As ESG data comes under increasing regulatory scrutiny, a foundation of data governance controls to create consistent, comparable, and decision-useful disclosures will be imperative.
- Automate processes. To offset the potentially massive manual requirements of assuring both data integrity and compliance, organizations should automate as many of these processes as possible.
- Systematize management. As with other risk management processes, ESG requires controls to be linked to policy. Organizations should be careful to systematically select controls that specifically relate to the reported metrics, as linkage of unnecessary controls complicates testing and adds unnecessary costs.
- Plan for assurance. Audits will be a component of emerging legislation, with requirements likely intensifying over time.
By establishing the governance, policy, and documentation initially, organizations will have established an ESG reporting program that can support both internal and external audits for assurance.
How Technology Can Support ESG Reporting
Investor-grade, auditable, compliant ESG reporting will be a seismic shift even for organizations that have mature ESG programs. Purpose-built software solutions are coming to market that support the various requirements outlined for ESG reporting.
Specific capabilities of an ESG reporting platform should include the following:
- Automated data ingestion and data management. ESG data management platforms, through pre-built integrations or APIs, enable the automated ingestion of ESG data from disparate software and OT sensors across the organization. Data is organized and tied to associated metrics.
- Framework mapping. Once data has been tied to the appropriate metrics, those metrics can then be mapped to one or multiple frameworks, which connects the incoming data to the output framework seamlessly and enables automatic updates.
- Automated compliance updates. Pulling from traditional compliance management platforms and applying an ESG overlay, these solutions monitor the ever-changing regulatory environment and automatically notify users as well as update policy based on pertinent changes.
- Reporting. Organizations may choose to align reports with a specific framework or a hybrid of frameworks. The steps taken to map data to frameworks, and the software supporting that process, are leveraged to generate custom reports. ESG reporting software solutions typically enable report generation across multiple formats for both periodic external facing documents as well as spontaneous internal documents.
- Audit/assurance. Solutions employed for data management and mapping, as well as version monitoring for reporting and change documentation, support the audit and assurance process.
IDC research indicates strong demand for these capabilities. Organizations are seeking software solutions to help them understand their ESG performance, the principal risks, and how they can accurately report on their ESG activities.
Considering AuditBoard for ESG Management
AuditBoard provides an integrated audit, risk, and compliance management platform to some of the largest global organizations. With a foundation in SOX compliance, the platform has rapidly transitioned over the past two years with solutions for risk management, compliance, and third-party risk management —most recently with the launch of an ESG module.
AuditBoard’s ESG solution leverages the company’s experience in risk, compliance, and audit management software. Specific capabilities of the ESG software include:
-
Audit-ready data. With the growing focus on auditability of ESG data, AuditBoard’s core ability for audit management through centralization of data and traceability will be important features for next -generation ESG reporting. Audit Board’s ESG solution can be leveraged for internal audit as well as support documentation for external sustainability audits.
-
Centralized data management. The AuditBoard platform enables data to be ingested across organizations, mapping incoming data to one or multiple ESG frameworks that are used by organizations to monitor and report on their ESG performance. Centralized data management also enables organizations to better assess their sustainability performance, monitor risk, and drive strategic analysis.
-
Risk management. From materiality assessment and mitigation workflows, applying a risk management lens to ESG will enable organizations to prioritize sustainability issue management and more effectively remediate risk. With emerging legislation requiring ESG risk management, selecting a solution that has risk management capabilities will be important.
-
Reporting. Dashboards present real-time visibility into ESG risk and performance metrics from which reports can be automatically generated for either internal or external stakeholder audiences.
IDC’s Spotlight sponsored by AuditBoard, The Coming ESG Reporting Imperative, educates leaders on best practices for a compliant, purpose-built era of ESG reporting.
Amy Cravens is Research Manager for IDC’s Security and Trust Group responsible for the Governance, Risk, and Compliance (GRC) Technology practice. Ms. Cravens is responsible for research related to the innovation and transformation of governance, risk, and compliance software including analyzing technologies aimed at solving fraud, third-party risk, and other types of risk across the enterprise. Connect with Amy on LinkedIn.