Sustainability: Frequently Asked Questions Home Basics Strategy Stakeholders Data & Tools Operations Governance Reporting Acronyms Our Services Introduction “Meeting the needs of the present without compromising the ability of future generations to meet their own needs.” In 1987, the United Nations’ Brundtland Commission published this definition of sustainability in its report, which called for a strategy that incorporated both economic development and consideration for the environment. Over the years, other definitions of sustainability have emerged, but the Brundtland definition remains a useful explanation that distills sustainability in a concise manner while also making clear the enormity and complexity of the undertaking.A few short decades later we are facing a world that’s changing, and at a very rapid pace. The world also continues to become more complex, where the success of one organisation is now highly dependent on the performance of other organisations, and the future success of any organisation is dependent on the continued viability of the markets and communities it serves.Organisations need to adapt quickly to these changes and respond to these complexities to ensure their future.While sustainability strives to create and preserve value over the long term — beyond next quarter and surely beyond next year — there is also pressure to balance short-term gains with long-term value. Without question, traditional and satisfactory financial performance must exist alongside sustainability-related activities; they depend on each other for long-term viability. Taking a structured approach to sustainability is a way to reconcile these competing priorities.Sustainability is about balancing operations with intention to preserve and sustain economic, environmental and social resources. There will always be uncertainties about succeeding over the long term, yet there are many opportunities for those organisations that choose to embrace change and execute on new norms and expectations from stakeholders. What these opportunities look like will differ from one organisation to another — “what matters” from a sustainability perspective is dependent upon an organisation’s focus, industry, business model and even its geography, just as it does for financial reporting.As of the writing of this FAQ guide, there are many moving parts not yet settled when it comes to sustainability, particularly in the area of communication and reporting to stakeholders, including regulators. 2024 signals a more concerted effort by regulators to move companies from voluntary to required disclosures with the hope that the “alphabet soup” of frameworks and regulatory acronyms abates; but clearly, more change is yet to come in the next several years. In addition, localised sustainability requirements, i.e., “if you do business here, you owe us sustainability information,” have become a popular way of designing sustainability-related regulation and legislation that transcends the traditional incorporation and stock exchange nexus.Our objective with this FAQ guide is to provide users with helpful insights, knowing that it cannot be an “end all, be all” publication due to the dynamic nature of the subject. We expect to add and update this information as the landscape shifts. What we do know is that sustainability is here to stay and will continue to be of interest and concern to a broad range of stakeholders who are also not going away.A publication like this is never enough. Our hope is that it encourages dialogue and engagement to help address the risks and take advantage of the opportunities that sustainability presents to all of us.ProtivitiMarch 2024 Sustainability Basics What is sustainability? + The United Nations’ Brundtland Commission defines sustainability as “meeting the needs of the present without compromising the ability of future generations to meet their own needs.” In other words, sustainability is the degree to which an organisation’s operations can be managed with intention to avoid depleting natural or physical resources so that they will remain available for future use over the long term. There are three pillars or dimensions at the focus of sustainability that organisations need to balance: Environmental – Leaving natural ecosystems unharmed, maintaining natural environments and resources, and supporting biodiversity.Social – Supporting various stakeholders, including communities, employees and consumers through activities ranging from charitable donations to promoting a healthy work-life balance for employees.Economic – Maintaining a profitable business over the long term. What is corporate social responsibility? + Corporate social responsibility (CSR) is a broad concept that varies across companies and industries. Companies practicing CSR are operating in ways that contribute positively to society and the environment throughout the ordinary course of business. CSR is typically broken down into four categories: Environmental responsibilityEthical responsibilityPhilanthropic responsibilityFinancial responsibility In addition to benefiting the community, CSR can increase brand recognition, drive employee engagement and improve investors' view of the company. What is ESG? + This acronym stands for “environmental, social and governance.” It was first mentioned in the 2006 United Nations’ Principles for Responsible Investment report and has grown in popularity ever since. It underpins a set of reporting criteria used by the investment community to measure the sustainability and impact of a company's operations. By using these criteria, investors seek to channel capital flows to those companies that are responsible stewards of the environment (E), good corporate citizens with regard to their workforce and surrounding communities (S) and led by management teams able to drive positive change (G). Examples of environmental, social and governance topics are included in the table below. Image What is the difference between sustainability, CSR and ESG? + Sustainability, CSR and ESG are similar topics for organisations from an operational perspective. All three concepts recognise the dependence and impact of companies on the environment and on societal development. However, reporting on each topic can be quite different as the intended audiences tend to vary. Sustainability reporting – Sustainability reports (also referred to as impact reports) are intended for a broad audience, including employees, customers and shareholders. Reports include past and present activities, and future plans to improve sustainability.CSR reporting – CSR reports are focused on the past and how a company has contributed to society based on data that measures progress. The reports are targeted toward a broad audience including employees, investors, suppliers and the community. ESG reporting – ESG reports are investor-focused and intended to show material non-financial information affecting the long-term value to the company. ESG reporting is specific and measurable, and report contents are relatively similar across organisations based upon established frameworks. Is sustainability important to all organisations? + Yes. Stakeholders such as regulators, employees, customers, suppliers and shareholders are increasingly focused on organisations' impact on the environment, employee well-being and the surrounding communities, and are demanding positive, responsible action and transparency with regard to progress. Increasingly, customers are choosing brands based on sustainability programs and actions, driving a wedge between brands that do and brands that don’t. Green investment capital is often directed at companies with proven sustainability track records as well. In addition, many corporations are requiring sustainability metrics from their partners and suppliers and are rebuilding their supply chains around sustainability. A dedicated effort to improve sustainability can be a differentiator for organisations in all of these areas. What is the global regulatory landscape for sustainability? + The regulatory landscape around sustainability continues to change on a near-daily basis. Regulations vary from country to country and, in some cases, across local jurisdictions within countries (e.g., states or regions). Learn more about some of the major regulations in play today by clicking on our publications below. This is not an exhaustive library of regulations: rather, it is a view into a continually evolving landscape. Consult with your organisation's legal or compliance teams to confirm what regulations are relevant to your organisation. Time to Act: SEC Issues Final Climate-Related Disclosure Rules (with updates) Regulations and Demand for Accountability Set the Tone for ESG Disclosures (global)ISSB Approves First Two Sustainability Disclosure StandardsAdoption of European Sustainability Reporting Standards Starts the Clock for PreparationEU Extends Certain CSRD Adoption Timelines for Sector-Specific Standards and Non-EU Companies – But Read Between the LinesAustralian Sustainability Reporting Is Coming: What Companies Need to KnowGovernor Signs California Climate Disclosure Requirements Who at an organisation has overall responsibility for sustainability? + In recent years, many organisations have created specific sustainability departments or leadership roles to help execute sustainability efforts from an operational and/or reporting perspective. These roles include, but are not limited to, Chief Sustainability Officer and Vice President of ESG. For organisations that don’t have separate sustainability functions, many companies give this responsibility to investor relations and/or the general counsel. Oversight of sustainability programs is also provided at the board level. This oversight can be provided by the board as a whole, or within one or more board committees. Transparency of both governance on the management level and at the board level should be considered as this is an important focus area for many external stakeholders. For additional information on specific roles and responsibilities, refer to the Governance, Risk and Compliance and Performance and Reporting sections. ESG Responsibility by Role Image As reported by participants in Protiviti webinar “Auditing ESG” Strategy & Planning Should an organisation have a sustainability strategy? + A company should have a sustainability strategy to set direction, measure the success of its efforts and adapt to change in a strategic manner. Other benefits of having a strategy include: Risk mitigation – Sustainability strategies often involve assessing and mitigating risks related to ESG factors. By identifying potential risks, companies can develop strategies to address them, reducing potential financial and reputational harm.Regulatory compliance – Governments around the world are implementing stricter sustainability-related regulations. A proactive sustainability strategy can help businesses stay ahead of regulatory requirements, avoiding potential fines and legal issues.Cost reduction – By optimising resource use, reducing waste and improving efficiency, organisations can realise cost savings over time.Enhanced global reputation – Consumers, investors and stakeholders increasingly value businesses that can be categorised as “sustainable.” Adopting a sustainability strategy that enables a review of progress toward measurable targets and goals can enhance a company's reputation and lead to increased brand loyalty, trust and market differentiation.Supply chain resilience – Sustainable practices, such as responsible sourcing and efficient logistics, can make supply chains more resilient to disruptions, ensuring continuity of operations and customer satisfaction.Employee engagement and talent attraction – Employees are increasingly looking to work for companies that align with their values. A strong sustainability strategy can help attract and retain top talent by demonstrating a commitment to ethical practices and responsible business operations.Long-term viability – Strong sustainability strategies can ensure that resources are utilised in a way that meets current needs without compromising the ability of future generations to meet their own needs. This long-term perspective can help businesses remain viable and competitive in the long run.Innovation opportunities – A focus on sustainability can drive innovation by encouraging companies to develop new products, services and business models that are more environmentally friendly and socially responsible. This can lead to new revenue streams and market opportunities. A sustainability strategy integrated with the overall corporate strategy can respond to investor expectations, meet consumer demands, reduce costs, augment the brand, serve as a magnet for talent and address regulatory issues. A periodic fresh look at new opportunities and emerging risks keeps the strategy aligned with changes in the market. Who sets the sustainability strategy for an organisation? + A sustainability leadership team or an ESG steering committee comprised of executive team members are becoming more common in setting the sustainability strategy for an organisation, with oversight from the board of directors. The ESG steering committee may be comprised of senior leaders from finance, operations, human resources, legal and compliance, investor relations, and sustainability, among others. The specific roles, responsibilities, and composition of the committee may vary depending on the organisation's industry, structure and size. The committee’s deliberations should be factored into the overall corporate strategy-setting process to ensure that sustainability is not an afterthought. How should organisations develop their sustainability strategy? + The following activities are part of the sustainability strategy-setting process: Maturity assessment and benchmarking – Understand the organisation’s current state and context related to sustainability, including internal governance, processes, competitive landscape, ESG-related regulations and trends, and actual and potential risks and opportunities.Stakeholder analysis and materiality assessment – Identify the relevant internal and external stakeholders and analyse their expectations, priorities and impact on the company’s business model and corporate value. Identify the societal, economic and environmental issues for the company as well as the company’s impact on society and the environment. Identify material topics germane to the industry and company. (See questions on materiality and materiality assessment below.)Framework and standards selection – Select relevant sustainability and ESG frameworks and standards to set sustainability goals and measure and monitor performance toward them. Use these frameworks to provide transparency and accountability to investors, regulators and other stakeholders. (See “What are the standard frameworks or methodologies used for sustainability reporting?” in the Performance and Reporting section.)Strategy-setting – Prioritise areas of action and devise a strategy tailored to your company’s characteristics. Translate strategies into clear goals with information on how they will be achieved and why they matter and set specific targets and commitments so that progress can be monitored.Program management – Operationalise the strategy by identifying the team(s) needed to execute it, and oversee all ongoing activities, based on defined work streams. Design and integrate newly developed controls into the new sustainability processes and structures as part of the existing internal control framework. Define a clear communication plan, empowering your organisation and creating a distinctive sustainability narrative. Why is benchmarking a good idea? + Benchmarking against peers and competitors can help a company evaluate its own performance, identify gaps and focus on areas where sustainability efforts can be improved. Benchmarking can be done internally if the organisation has the right resources (i.e., a dedicated sustainability team) or through a third party. Some useful benchmarks include ESG material topics, frameworks and standards, memberships and affiliations, and ESG ratings. What is materiality in the sustainability context and how is it used? + In the sustainability context, materiality refers to the significance or importance of ESG issues to a business and its stakeholders. The concept is similar to financial statement materiality but with some differences. Financial materiality refers to the significance of financial information (e.g., assets, revenue) that could influence the decisions of users of the financial statements, such as investors, creditors, regulators and other stakeholders, and is determined in compliance with established accounting standards and regulations. Sustainability materiality focuses on societal and environmental factors that can influence the performance of the company and are important to the company’s stakeholders. From a sustainability perspective, climate change, biodiversity, community engagement, labor practices and supply chain management, among other factors, can all be considered material issues. (See also “What is double materiality?” below). According to the International Sustainability Standards Board (ISSB), information is considered material if omitting, misstating or obscuring that information could reasonably be expected to influence decisions made by the primary users of general-purpose financial reporting (such as investors). This definition aligns with the same criteria applied under International Financial Reporting Standards (IFRS). In simpler terms, materiality focuses on providing relevant information that matters to investors, rather than not providing it, providing incomplete information, or overwhelming them with all possible details. Organisations are expected to disclose material sustainability topics in their reporting to stakeholders, along with information on how they are relevant to the business; its goals and targets; the strategy for addressing its goals; and the data that demonstrates progress toward these goals. Increasingly, and notably in Europe, the results of sustainability materiality assessments need to be integrated into financial statements. In general, it is important for reporting organisations to describe and link sustainability materiality to financial statement materiality to the best possible extent because the expectation is that the reporting of sustainability issues will require an equivalent level of formalisation and control in the future. What is double materiality? + Double materiality is a concept that extends the traditional understanding of materiality in the context of ESG/sustainability considerations. Traditionally, materiality assessments have focused on the impacts of ESG issues on a company’s financial performance and operations, or an “outside-in” perspective. Double materiality expands the perspective to also include the impact of the organisation on ESG issues, often referred to as impact materiality or an “inside-out” perspective. In other words, double materiality considers both the external ESG/sustainability factors that affect the company’s performance (financial perspective) and the effects of the company’s operations on people and the planet (impact perspective). Below are examples of the two perspectives: Impact perspective – The organisation’s impact on climate change via its greenhouse gas emissions (inside-out).Financial perspective – The risks or opportunities to the organisation's business model and revenue streams which result from climate change (outside-in). Note that in a double materiality assessment, a topic is material if it is material from either one or both perspectives. Image Guidelines on reporting climate related information (cited by COSO) What is a materiality assessment and why is it performed? + A materiality assessment is the process through which a company identifies and evaluates ESG topics to determine which ones are important to the company and its key stakeholders. Materiality assessments are considered important activities by major ESG frameworks such as the Global Reporting Initiative (GRI), the International Sustainability Standards Board (ISSB) and the Carbon Disclosure Project (CDP), and in some cases are already required by regulation. A well-conducted materiality assessment can help a company focus its efforts on addressing the ESG issues that have the most impact on the organisation’s ESG performance. A company can share its materiality assessment with stakeholders to demonstrate transparency and accountability. How does management conduct an ESG materiality assessment? + Engaging an external party to conduct the materiality assessment is not required but can often bring expertise and efficiency to the process until such skills are developed internally. Typical actions in performing a materiality assessment include: Identifying key internal and external stakeholders (including investors, employees, customers, suppliers and community members)Researching and compiling a list of ESG material issues from various sources, including the stakeholders mentioned aboveDeciding what terms best represent material issues relevant to the organisation and establishing a common languageEngaging stakeholders for input through surveys and interviewsCompiling data from surveys and interviews for analysis and validating the results through a management-facilitated discussionCreating an ESG materiality matrix based on stakeholder response dataAssigning ownership and action items for each high-priority material topic Note: This is just a high-level approach of possible steps during a materiality assessment and does not guarantee regulatory compliance. Companies should always consider the regulatory requirements in the various jurisdictions where they operate, as some of these stipulate specific ways for performing the materiality assessment (e.g., the Corporate Sustainability Reporting Directive [CSRD] in Europe). Example Materiality Matrix Image How often does management need to conduct a materiality assessment? + The frequency of conducting a materiality assessment can vary based on factors such as regulatory requirements and changes, the nature of the business, its industry, and the pace of change in ESG issues. Organisations should consider a combination of scheduled assessments (e.g., annual) and monitoring based on changes in the internal and external landscape. How can management implement the ESG strategy? + Management should use the results of the materiality assessment to inform the creation and prioritisation of specific initiatives with which to implement the organisation’s sustainability strategy. Management can assign roles to various team members to execute each initiative and define a clear plan to monitor and report progress. Example activities include: Translate priority initiatives into targets and commitments so that progress can be monitoredIdentify key performance indicators (KPIs) to provide transparency about progressSupervise and manage ESG initiativesReport on the progress of the initiatives and undertake action as necessary to stay on course How often should an organisation refresh its sustainability strategy? + The frequency depends on factors specific to the organisation: for example, existing planning cycles, major changes to the organisation, stakeholder engagement activities and other factors that may impact the sustainability strategy. The strategy can also be refreshed in sync with the materiality assessment and the overall business strategy (e.g., annually), however, this will vary based on the factors and activities described above. Stakeholders & People Who are the key stakeholders involved in a sustainability program? + The key stakeholders in an organisation’s sustainability program are a diverse group comprised of people and entities from both within and outside the organisation. The list below is not exhaustive, and the specific stakeholders involved will vary depending on the organisation, the nature of its operations, as well as where it operates. It is important to note that each stakeholder has unique interests and agendas. It is crucial to understand those interests in order to engage with each group effectively. INTERNAL STAKEHOLDERS: Board of directors — The board of directors has a strong interest in the sustainability program for several reasons, including long-term business viability, regulatory compliance and risk management. The board’s role is to drive genuine change and ensure that sustainable practices are embedded in the corporate fabric and fully integrated into every facet of an organisation’s operations. The board serves as a bridge between the investors (who elect the board) and management (whom the board oversees). Senior management — Engaging senior management is crucial for strategy formulation and execution, resource allocation, cultural influence and risk management. Functional teams — Functional teams within the organisation execute specific aspects of the sustainability program, such as environmental management, supply chain sustainability and employee engagement. Engaging functional teams allows for operational integration, skills and knowledge utilisation, and cross-functional collaboration. Employees/employee groups — Employees are interested in working for an organisation that is aligned with their values and provides opportunities for sustainable career development. Engaging employees in the organisation’s sustainability program facilitates knowledge sharing, fosters the development of innovative solutions for the sustainability program and builds a fit-for-purpose culture. EXTERNAL STAKEHOLDERS: Investors — Investors look to a company’s sustainability program as an indicator of long-term resilience and growth potential. They are aware that such programs often lead to enhanced operational efficiency, risk mitigation, brand reputation, regulatory compliance and customer loyalty — all factors contributing to long-term sustainable financial performance. By engaging with investors, organisations can understand investors’ expectations and fine-tune their sustainability strategies, potentially attracting more investment. Investors elect the board. Customers — Engaging customers ensures alignment with their increasing environmental concerns and builds trust. Successful engagement not only meets but also anticipates customer expectations, differentiating the organisation. It turns customers into brand advocates, improving the company’s reputation. Suppliers/business partners — Suppliers and other partners have an interest in aligning with the organisation’s ESG efforts to ensure the longevity of their relationship. For the organisation, a collaborative approach across the value chain amplifies the impact of its sustainability efforts, reduces risks, fosters innovation and strengthens relationships, ultimately leading to a more sustainable and resilient business ecosystem. Nongovernmental organisations (NGOs) and environmental groups — Organisations should engage NGOs for their expertise, networks and influence, which can enhance the effectiveness and credibility of sustainability initiatives and foster innovation within them. Local communities — Local communities have a vested interest in an organisation’s sustainability program because they are often directly affected by operations of the company. By incorporating locally informed perspectives into sustainability programs, organisations can reduce community resistance and build enduring partnerships that add value both to the company’s operations and the well-being of the communities in which they operate. ESG raters (e.g., CDP, ISS, MSCI, EcoVadis, Sustainalytics) — Engaging with ESG raters allows organisations to be formally evaluated by an independent party and can assist with their benchmarking efforts. The rating process itself can enhance transparency and highlight areas for improvement and potential ESG risks. A high ESG rating can attract investors and provide competitive advantage in the marketplace. How can organisations engage the board of directors? + The following actions can help ensure the board of directors is not only informed about the sustainability programs of the organisation but is also actively involved in shaping it. This leads to better alignment between sustainability strategy and sustainable practices: Educate the board: Start by providing directors with compelling information about the importance of sustainability, its relevance to business strategy, and its potential risks and opportunities. This could involve bringing in external experts for talks or workshops, sharing relevant literature and case studies, or conducting site visits to illustrate the impacts of sustainability initiatives.Integrate sustainability into strategic planning: Make sustainability a key part of strategic discussions at board meetings. This could mean integrating sustainability targets into corporate strategy, discussing how sustainability trends might impact business operations or considering sustainable practices when making key decisions.Establish a sustainability committee: The board must decide how to organise its oversight of the company’s sustainability initiatives. There are different options available to boards for this purpose, e.g., the full board or one or more board committees. Some organisations create a dedicated committee within the board that focuses on overseeing the company’s sustainability efforts. This committee would regularly review progress toward sustainability goals and advise the full board on related matters.Set and report clear goals and metrics: Establish clear, measurable goals related to sustainability and track them over time. Presenting these metrics to the board on a regular basis will keep directors engaged in progress and aware of any challenges.Leverage for stakeholder engagement: Involve board members in dialogues with key stakeholders — such as employees, customers, investors and government agencies — who have an interest in the company’s environmental and social performance. How can organisations engage senior management? + The following strategies can help increase senior management’s commitment to sustainability and drive better business outcomes: Demonstrate the business case: Start by showcasing how sustainability can enhance business performance. This could involve sharing research on the subject, presenting case studies from similar organisations, or developing scenarios that illustrate potential financial, reputational and operational benefits.Align with strategic objectives: Link sustainability initiatives to the organisation’s strategic goals. When senior managers see how these efforts support their objectives — whether it is growing market share, improving operational efficiency or attracting top talent — they’re more likely to get involved.Create clear roles and responsibilities: Define what involvement in the sustainability program means for senior managers. This might include setting specific expectations for supporting sustainability initiatives, integrating sustainable practices into their departments, or championing the company’s sustainability message internally and externally.Provide regular updates: Keep senior management informed about progress toward sustainability goals through regular updates. These could take the form of written reports, presentations at management meetings or one-on-one discussions. How can organisations engage functional teams? + The following tactics can help management engage and involve functional teams in an organisation’s sustainability initiatives and empower them to actively contribute to their success: Provide leadership support: Secure endorsement and active support from the top levels of management. When leaders demonstrate a commitment to sustainability, it sets a tone that encourages involvement across all departments.Tailor involvement: Identify how each team’s specific functions can contribute to sustainability goals. For example, the procurement team can focus on sourcing sustainable materials, while the marketing team promotes the company’s environmental efforts.Provide training and resources: Provide necessary training and resources that enable functional teams to integrate sustainable practices into their work. This could include workshops, guidelines and access to sustainability experts.Communicate clearly: Maintain open lines of communication regarding the organisation’s sustainability objectives and progress. Provide regular updates via townhalls, newsletters, intranet updates, etc., to make teams feel connected to the initiative’s success.Recognise achievements: Implement recognition programs that reward departments and individuals for meeting or exceeding sustainability targets. This incentivises participation and innovation within functional teams.Collaborate across teams: Create cross-departmental groups tasked with developing and implementing sustainability projects. This collaboration creates synergy by bringing together expertise from different areas within the organisation. How can organisations engage employees? + The following actions encourage employee participation in the sustainability program and foster a culture that values and prioritises sustainability: Provide education and training: Organise training sessions, workshops or seminars on sustainability to help employees understand the importance of sustainability and how it can be incorporated into their daily tasks and responsibilities.Form sustainability teams: Creating dedicated sustainability teams or committees that include representatives from different departments can boost engagement and cross-functional coordination. These teams can lead various initiatives, fostering a sense of ownership among participants.Conduct employee surveys: Regular surveys can be used to gauge employee attitudes toward sustainability, identify areas for improvement and solicit ideas for new initiatives.Create incentive programs: Recognising and rewarding employees for sustainable practices encourages participation. This could include public recognition, bonuses or other rewards for individuals or teams who excel in meeting sustainability goals.Establish regular communication: Keeping employees informed about the organisation’s sustainability goals, progress made and challenges faced helps maintain interest and involvement. This could be done through newsletters, emails, meetings or digital dashboards that track progress.Offer volunteering opportunities: Offering opportunities to participate in voluntary activities related to environmental conservation or social responsibility promotes active involvement while also demonstrating the organisation’s commitment to sustainability. How can organisations engage investors? + An ongoing dialog with investors — in accordance with regulatory protocols for sharing information with the public — can keep them informed about the company’s commitments to sustainable development and, in turn, provide the organisation with valuable insights that can help shape future policies to attract green capital. The following strategies can help: Regular communication: Maintain transparent and consistent communication about the organisation’s sustainability goals, strategies, progress and impacts. This could be done via annual reports, newsletters, dedicated sustainability updates or regular investor meetings.Integrated reporting: Incorporate sustainability information into financial reports to provide a holistic view of the organisation’s performance. This allows investors to see the direct impacts of sustainability initiatives on financial results.Investor meetings and calls: Organise specific meetings or conference calls with investors focused on discussing the company’s sustainability initiatives and progress. This provides opportunities for direct dialogue and feedback.Sustainability roadshows: Conduct roadshows with the goal of showcasing the company’s sustainability achievements and plans to current and potential investors. This not only demonstrates the organisation’s commitment to sustainability but also allows senior leaders to engage in person with the investment community.Stakeholder engagement events: Invite investors to events such as site visits or stakeholder-engagement forums where they can witness firsthand the implementation of the organisation’s sustainability initiatives.Investor surveys: Conduct surveys among the investor base to understand their expectations and concerns related to ESG issues. The responses can guide improvements in the company’s reporting process and overall ESG strategies.ESG ratings and rankings participation: Actively seek out ESG ratings, rankings and indices that assess companies based on their ESG practices. High scores can attract more sustainable investment. How can organisations engage customers? + The following approaches assist in engaging customers and creating a sense of shared purpose and community around the organisation’s sustainability efforts: Communicate transparently: Share the organisation’s sustainability goals, initiatives and achievements openly with customers. Use various platforms such as social media, newsletters and packaging to communicate the environmental impact of customers’ purchases.Involve customers in decision-making: Encourage customer feedback on product design and company policies related to sustainability. This can be done through surveys, focus groups or community forums.Educate your customers: Provide information about why sustainability matters and how your products or services offer sustainable solutions. Educational content can be shared through blogs, webinars and infographics.Offer rewards for sustainable actions: Offer incentives for customers who engage in sustainable behaviors; for example, discounts for returning packaging or rewards for choosing eco-friendly products.Adopt a lifecycle approach to sustainability: A lifecycle approach to sustainability addresses the environmental impact of a product through its lifecycle, including customer use, provisions for recycling and final disposal.Organise collaborative projects: Launch initiatives where customers can actively participate, such as tree-planting events or cleanup drives, which also serve as educational opportunities. How can organisations engage with suppliers and other business partners? + Effective engagement with these stakeholders requires open communication, transparency, mutual respect and a willingness to collaborate on achieving shared objectives. The following actions can help: Develop sustainability standards: Create clear and comprehensive sustainability guidelines that outline expectations for sustainable practices in the supply chain. These standards can be shared with suppliers and business partners, providing a clear framework of what is expected from them and their respective supply chains.Offer training and education: Invest in training programs to educate suppliers and business partners about the importance of sustainability, to share best practices and to align them with the company’s specific sustainability goals.Collaborate on projects: By collaborating on specific projects related to sustainability, the organisation can actively involve suppliers and business partners in its initiatives, leading to greater buy-in and engagement.Encourage regular communication: Maintain continuous dialogue about sustainability initiatives, progress, challenges and successes through regular meetings or newsletters.Establish recognition programs: Introduce recognition programs or awards for those who make significant contributions toward achieving the organisation’s sustainability targets.Set shared goals: Establish common sustainability goals with your suppliers and partners; this will contribute to a collective sense of purpose and commitment.Embed sustainability clauses in contracts: Incorporate clauses within contracts that require adherence to relevant aspects of your organisation’s sustainability program.Conduct supplier audits: Conduct regular audits to assess the compliance of suppliers with these sustainability standards. This not only helps ensure adherence but also identifies areas where they may need assistance or improvement. How can organisations engage NGOs and environmental groups? + NGOs are a unique type of stakeholder that may require companies to extend their stakeholder engagement practices. These organisations may possess unique expertise and experience in specific areas of sustainable development that offer a source of guidance and support to companies focused on cost-effective ways to advance their CSR initiatives and achieve their ESG goals. Here are some strategies for engaging these organisations: Develop partnerships: Form strategic partnerships with NGOs and environmental groups with which there is a shared interest in sustainability issues. Host regular meetings or forums where NGOs and environmental groups are invited to discuss sustainability challenges and cocreate solutions. This can create a joint ownership of sustainability goals for a greater impact.Build capacity: Provide training, resources and expertise to empower NGOs and local community groups. This aligns with the goal of creating self-sufficient advocates for sustainability who can contribute effectively to the organisation’s programs.Collaborate on projects: Engage these entities in specific projects or initiatives. This collaborative work delivers tangible outcomes that can support achievement of the organisation’s sustainability objectives.Offer financial support: Offer grants or funding for research and projects led by NGOs and environmental groups that align with the company’s sustainability vision to help scale up their impact.Share reports and information: Share progress reports, audits, practices, challenges and successes openly with these stakeholders to build trust and awareness about the company’s efforts toward sustainability.Engage in advocacy and policy: Work together on policy-related initiatives to advocate for regulatory changes that support sustainable development goals.Participate in volunteer programs: Encourage employee participation in volunteer activities organised by NGOs or environmental groups to foster hands-on engagement while supporting community-based initiatives. How can organisations engage local communities? + Genuine engagement with the communities in which the company operates involves listening to their needs and treating them as partners in the organisation’s sustainability journey. The goal should be not only to gain approval for organisational activities but also to build a long-term relationship based on mutual trust and respect. The following methods can help: Hold community meetings and workshops: Organise meetings and workshops to discuss the organisation’s sustainability initiatives, gather feedback and encourage involvement. These platforms provide an opportunity for open dialogue where community members can express their concerns or suggestions.Collaborate on projects: Collaborating with community members on sustainability projects can foster a sense of ownership within the community, making them active participants rather than passive recipients. This could include tree-planting activities, cleanup drives, or even co-development of sustainable products or services.Organise educational programs: Launch educational initiatives related to environmental conservation and other sustainability topics. This could involve partnering with local schools or organising community-based educational events.Foster transparent and regular bilateral communication: Maintain transparency about the organisation’s sustainability efforts by regularly updating the community about progress, challenges and plans, and seeking feedback and input. Communication channels might include newsletters, dedicated sections on the company website, social media updates or local media partnerships.Invite participation on advisory panels: Establish advisory panels consisting of community representatives who can provide valuable insights into local issues and help guide the organisation’s sustainability strategy.Involve community members in decision-making: Incorporate opportunities for decision-making by residents about projects that will affect them directly. This can be done through public hearings or participatory budgeting processes where residents have a say in how resources are allocated for different sustainability initiatives.Support local sustainability efforts: Support existing sustainability efforts within the community through funding, volunteering, and providing resources like expertise or equipment. How can organisations engage ESG raters? + The goal of engaging with these groups is not just to receive a high rating but also to use the engagement process as an opportunity for continuous improvement toward becoming more sustainable. There are several different rating agencies so organisations should prioritise raters based on industry, importance to their key stakeholders, methodology and peer benchmarking. Here are some suggested strategies for engagement: Be open and honest in your reporting: Provide complete and accurate information on your ESG initiatives and performance.Communicate regularly: Keep the lines of communication open with these agencies. This can range from responding promptly to their inquiries to sharing updates proactively about your sustainability programs.Understand their criteria: Each rating agency may have different criteria for evaluating companies’ ESG efforts. Understand what these are and ensure that your actions align with them.Work on integrated reporting: Combine financial data with nonfinancial information about ESG issues in your company reports.Obtain third-party verification: Get your sustainability metrics, or a subset of metrics, audited by a credible third party, as this can provide additional assurance of the reliability of your disclosures.Highlight stakeholder engagement: Show how you actively engage with various stakeholders (employees, suppliers, local communities, etc.) in developing and implementing your ESG initiatives.Commit to continuous improvement: Demonstrate commitment to improving your ESG performance over time through setting goals, monitoring progress and making necessary adjustments based on feedback or changing circumstances. How can management leverage the results from stakeholder engagement? + Management should analyse the feedback gathered from various stakeholder engagements to enact meaningful organisational change. This involves identifying common themes, concerns and suggestions brought forth by stakeholders and incorporating these themes into existing initiatives. If a new initiative is created to address stakeholder feedback, management should confirm it aligns with the overall business strategy and with the action plan resulting from the materiality assessment. Stakeholder feedback from engagement activities should be used the next time the organisation re-evaluates and adjusts its sustainability strategy. How can companies effectively communicate ESG efforts to stakeholders? + To communicate ESG efforts effectively to stakeholders, organisations can use a variety of methods — for example: Sustainability reporting: Create comprehensive reports that detail the company’s ESG initiatives and performance. These should follow recognised frameworks such as the Global Reporting Initiative (GRI) or the International Sustainability Standards Board (ISSB) Standards to maintain credibility as well as in accordance with applicable regulations for the jurisdiction where the company operates and address any additional items that are material to key stakeholders.Investor communications: Tailor communications for investors that highlight how ESG efforts contribute to long-term financial performance and risk management.Dedicated ESG web pages: On your company’s website, develop dedicated sections for sustainability matters where updates and impacts are regularly posted.Social media campaigns: Use social media platforms to share stories and updates about your ESG activities in an engaging format that can reach a broad audience.Stakeholder engagement sessions: Host webinars, workshops and roundtable discussions with stakeholders to discuss ESG goals, progress and challenges.Internal communication channels: Ensure that employees are informed and motivated about ESG initiatives through newsletters, intranets, feedback channels and regular meetings so they can act as ambassadors for the company’s efforts.Awards and certification highlights: Display any environmental or social awards or badges prominently on websites, company literature and other stakeholder-focused materials. Data Management & Tools What is sustainability data? + Sustainability data is information related to the ESG factors that impact or are impacted by an organisation and its activities. Data is the cornerstone of measuring progress toward sustainable operations. A data-driven approach allows organisations to understand, manage, monitor and communicate the impact of sustainability initiatives to their stakeholders and value chain. Some examples of sustainability data include greenhouse gas (GHG) emissions, energy and water consumption, waste generation, resource use, biodiversity impacts, and metrics pertaining to employee well-being, diversity and inclusion performance, community engagement, labor practices, human rights, product safety, ethics and corporate social responsibility practices. Where can sustainability data be found? + Sustainability data typically comes from multiple departments (e.g., HR, procurement, facilities), as well as external third parties. What adds complexity to sustainability data is the number and types of data sources and various structured and unstructured format in which it exists. Some locations where sustainability data can be found include: Enterprise resource planning (ERP) systems: ERP systems can contain data on relevant financial, human capital, procurement and operations activities and outcomes, including energy spend, resource use, etc., and they integrate with department-specific databases.Building management systems (BMS): These systems can contain data on energy use, water consumption and indoor air quality within offices.Supply chain management systems: These systems may hold data on supplier emissions, sustainable sourcing practices and transportation logistics.Manufacturing execution systems (MES): MES capabilities can be used to capture data on resource efficiency, waste generation and product emissions during production processes.Third-party sources (value chain partners): Data owners throughout a company’s value chain, from raw material suppliers to end-users, will have insight and information about a company’s sustainability impact.Other third parties: External data owners, like government agencies or industry databases, have sector-average data that can be used to estimate resource use or impacts that may be difficult to measure directly. Why should organisations collect sustainability data? + Collecting sustainability data may be a regulatory requirement, or it may be what stakeholders expect to see in the company’s sustainability disclosures or demand in order to fulfill their own reporting needs. In any case, sustainability data can help organisations with the following: Transparency and accountability: Provides data-driven insights to enhance stakeholder engagement and demonstrate a company’s commitment to sustainability goals. As the adage states, one cannot manage that which is not measured.Benchmarking and improvement: Allows comparison with industry peers and identification of best practices for continuous improvement of sustainability performance.Informed decision-making: Helps inform strategic decisions and identify areas for improvement in operations and products to enhance sustainability performance.Improved measurement and reporting: Tracks progress toward sustainability goals and allows for transparent reporting through standardised frameworks like the Global Reporting Initiative (GRI) and the Carbon Disclosure Project (CDP).Proactive risk management: Enables proactive identification and mitigation of ESG risks, minimising potential financial and reputational damage. How is sustainability data collected? + Sustainability data exists in a variety of formats and locations with dozens of internal and external data owners. Manual gathering and in-person engagement with owners of sustainability source data is common, at least early on in the process. Depending on the needs of the organisation and the size and complexity of its data structure, selecting and implementing a software tool to help consolidate the data may be a good idea — or a necessity. Applications exist that can help automate data collection, and the technology in this space continues to evolve as the sustainability landscape matures. More robust, application programming interface (API)-enabled automation is inevitable as data sources stabilise. What sustainability data metrics should be prioritised within an organisation? + The metrics that should be prioritised within an organisation largely depend on the nature of the business and its strategic goals, the material topics as prioritised by external and internal stakeholders, and the industry in which the business operates. Guidance on these metrics is often driven by sustainability frameworks, such as the International Sustainability Standards Board (ISSB) standards, peer benchmarking, or specific regulatory or analyst expectations. However, GHG emissions and human capital management metrics continue to be two areas of general interest to all stakeholders, and organisations should begin to collect and monitor them now, if they are not doing so already. In some cases, prioritisation of metrics is determined primarily by the regulatory environment. For example, for companies subject to the Corporate Sustainability Reporting Directive (CSRD), the metrics are determined by the double materiality assessment aligned with the European Sustainability Reporting Standards (ESRS). What are some risks associated with the management of sustainability data? + The risks associated with sustainability data are no different from data risks generally but come with different challenges and consequences. Examples of data risks include: Data management challenges: Managing large volumes of sustainability data from disparate sources can be complex and resource-intensive. Without robust data management processes and systems in place, businesses may struggle to collect, organise and analyse sustainability data effectively.Data accuracy: Sustainability data often involves complex metrics and measurements, which can lead to inaccuracies if the data is not collected and managed properly. Inaccurate data will likely result in flawed analysis and decision-making, leading to ineffective sustainability initiatives, as well as accusations of “greenwashing” — the practice of making a product or action appear more environmentally friendly than it really is. Greenwashing is a serious accusation that can lead to regulatory penalties and erode trust in the company.Compliance and regulatory risks: Many jurisdictions have regulations and reporting requirements related to sustainability disclosures, which must be supported by sustainability data, often in specified formats. Failing to comply with these regulations can result in fines, penalties and legal and reputational consequences for businesses.Data privacy and security: Sustainability data may contain sensitive information about a company’s operations, suppliers or stakeholders. Inadequate data protection measures can expose this information to security breaches, leading to reputational damage, legal liabilities, and loss of trust from stakeholders. To mitigate these risks, organisations should implement robust data governance frameworks, invest in data quality assurance measures, prioritise data privacy and security, ensure compliance with regulations, and engage stakeholders transparently throughout the sustainability reporting process. How can sustainability data risks be mitigated? + Mitigating sustainability data risks requires cross-functional collaboration among various departments, data management, data security, data privacy and business leadership. Risk-mitigating measures include: Centralised data management: Invest in a unified platform or system to consolidate ESG data and facilitate analysis and reporting. (See “Should an organisation have a sustainability data management program?” below.) Data governance: Establish clear policies, procedures, and standards for managing sustainability data through its life cycle and implement robust data governance frameworks to ensure data integrity, security and compliance with regulations.Data quality controls and assurance: Implement data quality assurance measures to verify the accuracy, completeness and consistency of sustainability data. Conduct regular data audits, validations and reconciliations to identify and address data quality issues proactively. Document data sources and methodologies transparently.Compliance management: Monitor new and evolving regulations and guidance, such as the CSRD in the EU or the Non-Financial Corporate Reporting guidance from the U.S. Securities and Exchange Commission, and adjust data practices accordingly to anticipate and maintain compliance in data management practices. Sustainability frameworks that standardise and help evaluate corporate sustainability data, such as the Global Reporting Initiative (GRI) or the International Sustainability Standards Board (ISSB) also have requirements for how data is reported, as do industry-specific organisations, such as the U.S. Green Building Council or the Global Sustainable Tourism Council.Robust cybersecurity measures: Employ firewalls, data encryption and access controls to protect ESG information from unauthorised access.Robust reporting methods: Establish clear procedures for data analysis, reporting and communication to stakeholders.Training and awareness: Provide training and awareness programs for employees, suppliers, partners and other stakeholders to enhance their understanding of sustainability data management best practices, data privacy principles and security protocols.Culture of data integrity: Embed ethical data practices within the organisation to ensure responsible handling and usage of ESG data. Foster a culture of data ethics, responsibility and accountability across the organisation.Continuous improvement: Regularly review and evaluate sustainability data management processes, systems and controls to identify areas for improvement and optimisation. Implement feedback mechanisms and performance metrics to monitor progress and measure the effectiveness of risk mitigation efforts. By adopting these strategies, organisations can effectively mitigate sustainability data risks and enhance their ability to manage and leverage sustainability data for informed decision-making, stakeholder engagement and long-term business success. Should an organisation have a sustainability data management program? + A sustainability data management program can help organisations enforce a corporate-wide discipline around sustainability reporting by establishing robust processes around data collection and designating an approver of all sustainability data used for public consumption (a role increasingly assumed by the finance function). This can help mitigate the regulatory and reputational risks which may occur when various parties within the organisation use incomplete or unverified data from disparate sources to issue ad hoc reports to external parties outside of the annual report (for example, to customers, lenders, insurance companies, etc.). It can also improve comparability of data, which is critical for stakeholders and the integrity of external reporting. A typical sustainability data management program is a framework or platform of tools, processes and procedures that facilitate the capture, storage, tracking and analysis of ESG-related data for purposes of extracting and presenting ESG insights in standardised and customised reports. In addition to addressing risks, it can also uncover opportunities: Managing sustainability data in a disciplined and systematic way enables business leaders to see where possibilities exist for new methods, products and services to meet new customer demands. Sustainability data management should be viewed as another use case of existing data management disciplines (e.g., data governance, quality, metadata, master data) and measured by standard data management operational metrics for security, quality, timeliness, access, and so on. What data management components need to be considered in a sustainability program? + There are five key components to consider in a sustainability data management program: Data identification and scoping – Includes identifying relevant data based on the company’s sustainability objectives and relevant regulatory frameworks; establishing data boundaries or scope of data collection based on geography, time periods, etc.; and identifying data categories (e.g., GHG emissions, energy and water usage, waste generation) that allow the tracking and measurement of progress.Data collection and storage – Includes identifying data collection methods (e.g., manual, sensors, third-party); developing data collection tools and processes; implementing data quality controls (validation, verification); and storing sustainability data as securely as other publicly disclosed data to protect corporate integrity.Data governance and management – Includes assigning roles and responsibilities for data collection, management, analysis and reporting; establishing data quality standards; implementing data security measures; educating data owners on best data practices; and proactive and ongoing monitoring of third-party data sharing using third-party risk management principles.Data analysis and reporting – Includes cleansing, standardising and organising data; identifying patterns, trends and insights; and generating reports on sustainability performance and progress.Continuous improvement – Includes periodic review of data management processes; integrating feedback from stakeholders; and staying abreast of sustainability reporting frameworks to ensure ongoing alignment and compliance. What tools and technologies are used to manage sustainability data? + Every organisation likely has some technology available in-house that can be utilised for the collection and management of sustainability data. Management should take an inventory of what systems are already in place to manage portions of the data and evaluate whether there is an opportunity to expand the use of existing tools to encompass more, if not all, of the organisation’s sustainability metrics. Many ERP systems now offer sustainability modules, facilitating the management of sustainability data across the entire lifecycle. Since all ERP solutions already store some critical data needed for sustainability purposes and possess the core technical capabilities to ingest and analyse data, extending ERP products into the sustainability domain seems like a natural fit. In addition, a number of technologies have entered the market to help organisations manage sustainability data. See “What are some considerations in selecting and implementing new sustainability data tools?” below. What are some considerations in selecting and implementing new sustainability data tools? + The primary consideration in selecting and implementing new sustainability data tools and technologies is meeting the organisation’s sustainability goals and the expectations of stakeholders, including investors, analysts, regulators, customers and end-users. To this end, organisations must consider the following: Scope of ESG requirements. The organisation must consider the overall scope of ESG-related requirements/demands of the organisation as a baseline. Is it seeking support for data collection, reporting and disclosure only, or are there other needs, including GHG accounting, water usage estimation, science-based target setting and tracking, etc.? Depending on this scope determination, an ecosystem of products and services may need to be considered to meet those scoping demands.Scope alignment to product capabilities. Available products on the market have different ranges of capabilities and cover different topical areas. Organisations should start by identifying their ESG scope and required capabilities, aligning them to what they already have from an enabling product perspective, and then deciding what additional enabling products and services may be needed to close the capability.Target audiences and users. Different tools target different audiences. Understanding what data must be reported, how it will be collected, and what analysis and output is needed for decision-makers and stakeholders are key inputs to the selection process.Integration capabilities. IT can provide input on the ability to integrate any new products into the current software and data management products utilised by the enterprise. Cost. Besides the cost of tool implementation, pricing schemes must be considered. Numbers of site locations, geographical regions and data metrics may all influence price. Contract timing and customer service may have different tiers and prices, too.Ease of implementation. An ESG tool will likely have to connect with internal and external databases and diverse data platforms. Buyers will want to make sure any product is either customisable or meets exact specifications, and the transition process to the new system is as seamless as possible. Where do organisations typically store sustainability data? + Ideally, all sustainability data from multiple sources should be aggregated into a single repository to enable effective integration, internal control and management. Whether this sustainability data is then integrated with other business data assets is based on the individual goals of each institution in terms of utilising that data for other purposes. Below are some locations where data can be aggregated: Spreadsheets and manual records: In smaller organisations or for certain types of data, spreadsheets or manual records may still be used to store sustainability information. While not ideal for large-scale data management, these methods can be a starting point for data collection, management and storage.Cloud-based storage solutions: Cloud storage solutions, like Google Cloud Platform or Microsoft Azure, offer scalable and accessible storage for large datasets, including sustainability data. This can facilitate data sharing and collaboration across the organisation.Dedicated sustainability data platforms: Many organisations implement software specifically designed for collecting, managing and analysing sustainability data from multiple sources. These platforms offer centralised data storage, visualisation tools and reporting functionalities. What controls should be in place for sustainability data management? + Ensuring that sustainability data that is collected and analysed is complete and accurate requires a systematic approach to data management, verification and validation. Organisations should have internal controls in place to help mitigate and minimise risks associated with their management of sustainability data. For example, organisations should: Ensure there are independent reviews of analyses and calculations prior to publication, similar to all other critical data within the organisation (e.g., data for financial reporting). The level of rigor of application of these reviews is typically risk-based. The Committee of Sponsoring Organisations (COSO) framework for sustainability reporting is an example of a foundational approach to enabling trusted data. Define clear data collection protocols and guidelines for collecting sustainability data, including the types of data to be collected, data sources, data collection methods, and frequency of data collection. Standardise data collection processes across departments and business units to ensure consistency and reliability.Implement IT general controls for ESG reporting applications and tools to verify data is complete and accurate, and reliable for management. The application of IT risks and controls is no different than in any other data and reporting use case and utilises common frameworks that are already well established (e.g., NIST, ISO, COSO).Engage internal audit to perform reviews of sustainability data management practices, processes and controls; and compliance with reporting standards, regulations and stakeholder expectations.Engage third-party assurance providers to assist with regulatory requirements applicable to the organisation. Image COSO.org What role can third parties play in a sustainability data management program? + A substantial part of any organisation's sustainability narrative is shaped by its collaborations with vendors, customers and other third parties to achieve sustainability objectives. This collaborative effort involves harnessing data from third parties both inside and outside the company’s value chain to fill any gaps in the organisation's own reporting, as well as using third-party technology and validation of the data. Examples in each of these areas include: Data collection: If vendors can’t provide the data a company needs, other external organisations can assist in collecting such data from other sources such as industry databases. They can employ specialised tools and techniques to gather relevant data efficiently and accurately.Data validation or assurance: Independent third parties can validate and verify the accuracy and integrity of sustainability data to ensure that it meets established standards and guidelines. This verification adds credibility to the data and enhances trust among stakeholders.Technology implementation: Third-party vendors offer sustainability management software and platforms that streamline data collection, analysis and reporting processes. They can customise solutions to meet specific organisational needs and integrate with existing systems for seamless data management. Overall, third parties play a vital role in supporting organisations in their sustainability efforts by providing expertise, resources and technology solutions to manage data efficiently. What controls should be considered when using third-party data in an organisation's sustainability program? + Classic third-party risk management (TPRM) controls should be applied to ESG data gathered from vendors and third parties just as they are applied to other data requiring trust and transparency. When contractually-driven controls are not available or possible, organisations need to apply risk-based controls internally to determine management's level of confidence in that data. Common frameworks leveraged in this space include COSO, Sarbanes-Oxley (SOX), and/or General Data Protection Regulation (GDPR). These frameworks are well established and can be extended based on the organisation’s risk tolerance and related levels of rigor. What is the impact of artificial intelligence on sustainability? + The impact of artificial intelligence (AI) on sustainability data and data management for businesses is complex. Companies must consider emerging AI regulations, such as in the EU, when utilising AI. Utilising AI in and of itself has sustainability implications, as building and training AI models is highly carbon-intensive. There are emerging companies trying to leverage AI to improve the availability of data across all dimensions of sustainability. Candidate topics for AI enablement include: Data management — For example, proactively managing data for quality and consistency leveraging machine learningStorytelling — For example, leveraging generative AI to support initial drafting of the narrative portion of the report and suggesting key insights for considerationTarget setting — For example, analysing regulations, peer disclosures and internal data to suggest targets that meet compliance and pragmatic goalsUnstructured data analysis — For example, in analysing qualitative ESG data, such as social impact and employee well-being It is critical that AI is effectively governed and utilised responsibly. Leveraging a “human in the loop” AI philosophy to review, verify and edit AI-enabled outputs is critical. Listen to our ESG and AI podcast to learn more. Operations What are sustainable operations, and why are they important for business? + The term “sustainable operations” refers to performing business activities in ways that optimise resources, reduce environmental impact and ensure the long-term health of an organisation as well as the well-being of society and natural ecosystems. This approach integrates principles of sustainability into all business operations — from supply chain management to production processes, workplace practices and product design. A related concept is circularity, or circular supply chain — optimising the lifecycle of a product in a way that reduces waste and increases the reuse and recycling of the materials and components integrated into the product. Sustainable operations are not only important from an ethical standpoint; they can also bring significant, tangible advantages to an organisation, both operationally and in the marketplace. Engaging in sustainable operations often leads to resource efficiency and cost reduction/savings, particularly in the areas of energy, water usage and waste generation;greater innovation within the business; magnified brand equity and loyalty from consumers who are increasingly environmentally and socially aware; improved access to capital; increased employee engagement and morale; and a greater chance at attracting top talent as employees seek out workplaces that share their values. Businesses with sustainable operations are also better prepared to address current and future regulatory requirements around sustainability. Do sustainable operations differ across industries? + Sustainable operations can vary significantly across industries due to the different environmental impacts, regulations and business models that characterise each sector. Customer expectations, regulatory environments, technological advancements and competitive dynamics play a significant role in shaping how each industry approaches sustainability. For example, within the manufacturing industry, sustainable operations often focus on reducing waste through lean manufacturing techniques and implementing closed-loop systems for material use to increase energy efficiency and reduce waste. In the agriculture industry, stakeholders might implement organic farming methods, integrated pest management and water conservation techniques to emphasise soil health and biodiversity conservation. For the service industry (including information technology and finance), organisations might concentrate on reducing energy usage within office spaces, encouraging remote working arrangements to reduce transport emissions, digitalisation to reduce paper usage and responsible investment strategies. In the transportation industry, companies can improve fuel efficiency of vehicles, implement usage of electric vehicles and/or invest in route optimisation software to reduce unnecessary travel. The energy sector can implement strategies like focusing on renewable energy sources and investing in research and development for innovative technologies that can provide clean energy or improve energy-storage capabilities. Retail businesses may work toward sustainability by offering eco-friendly products, reducing packaging materials, ensuring sustainable sourcing practices and implementing programs to repurpose goods at the end of their lifecycle. The construction industry can focus on using sustainable building materials and incorporating green design principles into new projects like efficient water management systems and energy-efficient light fixtures. What are some key sustainable-operations areas common to all industries? + Areas of sustainable operations that are common to all industries include greenhouse gas (GHG) emissions, water management, and waste reduction and management: GHG emissions refer to the release of certain gases into the Earth’s atmosphere that contribute to the greenhouse effect. GHG emissions reporting is becoming a standard requirement among approved and proposed sustainability regulations, such as the Corporate Sustainability Reporting Directive (CSRD), the International Sustainability Standards Board (ISSB), the Securities and Exchange Commission (SEC), and other jurisdictions and standards-setters. Water management refers to the optimisation of water usage to minimise waste, along with safe disposal of wastewater to prevent environmental damage.Waste reduction and management focuses on minimising waste generation through efficient operational practices and product design, along with appropriate waste management strategies such as recycling or composting. Other areas of focus that span multiple industries include implementing energy-saving measures and using renewable resources as a cornerstone of sustainable operations; rethinking supply chain practices to involve ethical sourcing of materials; fair trade practices; promoting diversity, equity and inclusion in the workplace; community engagement; and designing products that have minimal environmental impact throughout their lifecycle — from sourcing materials, manufacturing processes and usage efficiency to end-of-life disposal. What are greenhouse gas (GHG) emissions? + GHG emissions refer to the release of certain gases into the atmosphere that contribute to the so-called greenhouse effect and raise Earth’s temperature. These gases include carbon dioxide, methane, nitrous oxide and fluorinated gases, all of which trap heat from the sun in the atmosphere near the Earth’s surface, leading to global warming and climate change. Managing GHG emissions is an important part of sustainable operations regardless of industry sector. Companies can reduce their GHG emissions through various means such as improving energy efficiency, switching to renewable energy sources or cleaner fuels, reducing material waste and improving waste management practices, among others. It is important for businesses to analyse their operations and understand which activities contribute to GHG emissions. Aside from natural processes, such as respiration and volcano eruptions, for example, human activities like deforestation, land-use changes and burning of fossil fuels contribute to the release of carbon dioxide. Other greenhouse gases, such as methane, are emitted during the production and transport of coal, oil and natural gas. Methane is also emitted by livestock and other agricultural practices and by the decay of organic waste in municipal solid-waste landfills. Agricultural and industrial activities, combustion of fossil fuels and biomass, and certain treatments of wastewater contribute to the emission of nitrous oxide. Lastly, fluorinated gases are utilised in a variety of industrial applications. While fluorinated gases are less common, they are a much more potent greenhouse effect contributor than other GHGs due to the longer periods they can remain in the atmosphere. How are GHG emissions calculated and reported? + GHG emissions are calculated through a process that involves identifying the sources of emissions, measuring or estimating the amount of GHGs emitted, and then converting these into carbon dioxide equivalents for ease of comparison and aggregation. The first step is to identify the sources of emissions. These sources are typically grouped into three “scopes” as defined by the Greenhouse Gas Protocol, a widely used international standard for GHG accounting: Scope 1 includes direct emissions from owned or controlled sources, such as fuel combustion in company vehicles or furnaces. Scope 2 covers indirect emissions from the generation of purchased electricity, steam, heating and cooling consumed by the reporting company. Finally, Scope 3 includes all other indirect emissions that occur both upstream and downstream in a company’s value chain, e.g., encompassing suppliers, logistics, channel partners and end-users. Once the sources have been identified, companies measure or estimate the amount of GHGs emitted from each source. This can be based on direct measurement (for example, using meters or sensors), fuel-usage data combined with emission factors (a coefficient that quantifies the emissions produced per unit of activity), or other estimation methods depending on the source type and availability of data. The last step is to convert these GHG emissions into carbon dioxide equivalents (CO2e). This is done because different greenhouse gases have different global warming potentials (GWP). The GWP is a measure of how much heat a greenhouse gas traps in the atmosphere up to a specific time horizon compared to carbon dioxide. Converting all GHGs into CO2e using their respective GWPs allows for a like-to-like comparison and aggregation across different greenhouse gases. It is important to note that the process of measuring GHG emissions requires rigorous data collection and management systems as well as robust verification procedures to ensure accuracy and reliability of reported emission figures. That is why many companies often seek third-party assurance for their GHG emission calculations as part of their sustainability reporting efforts. Image Corporate Value Chain (Scope 3) Accounting and Reporting Standard (cited by COSO) What are science-based targets, and how are they relevant? + Science-based targets are GHG emission reduction goals that are in line with what the latest climate science deems necessary to meet the goals of the Paris Agreement — to limit global warming to well below 2° Celsius above preindustrial levels and pursue efforts to limit warming to 1.5° Celsius. These targets are developed by organisations to ensure that their share of emission reductions is aligned with the decarbonisation required to keep temperature increases within these limits. For businesses and organisations, setting science-based targets involves several steps. First, companies must measure current emissions across all three scopes defined by the Greenhouse Gas Protocol. Second, they must model different scenarios for reducing emissions over time. Once a reduction pathway is established, companies should have their targets validated by the Science-Based Targets initiative (SBTi) to ensure credibility and alignment with climate science. Next, organisations should develop strategies for achieving these targets through sustainable changes in processes, products, services and supply chains. Lastly, companies must establish regular reporting on the progress of emissions reduction, verified by a third party for transparency. The relevance of science-based targets is multifold for businesses: They help companies comply with or prepare for future regulations and policies related to climate change mitigation, align with an increasing trend of investors preferring companies with clear plans for sustainability, differentiate from their competitors, achieve cost savings, and earn brand/reputational equity among stakeholders. Adopting science-based targets reflects an organisation’s commitment to doing its part in preventing the most severe impacts of climate change while also positioning itself strategically for a low-carbon future. Why should an organisation track water usage? + An integral part of sustainable operations is understanding the risks of inadequate water management and implementing robust measures for tracking and managing water. One of these risks is water scarcity, which many believe is the biggest threat to organisations in the coming decades. According to the World Economic Forum, by 2030, water demand is expected to exceed supply by 40% worldwide, and half of the human population will live in water-stressed areas. Another risk is the financial impact; a survey by the environmental nonprofit Carbon Disclosure Project (CDP) in 2020 showed that reported potential financial impacts of water risks exceeded $300 billion among 357 surveyed companies. This study also found that the cost of response was much less than the potential financial impact. Water-usage tracking is crucial for effective water management within organisations. It starts with gaining visibility into the organisation’s own consumption by analysing water usage to identify waste and improve efficiency. There are several key performance indicators, such as water intensity ratio, water recycling rate and water leakage rate, that businesses can use to gauge their progress toward sustainability goals and benchmarks. This measurement helps identify opportunities for conservation and efficiency improvements, leading to cost savings. Advancements in technology are further transforming how industrial companies capture, manage and analyse water data at every stage of their operations. Automation, analytics and remote monitoring are becoming critical components of meaningful water sustainability programs. Why should an organisation track and manage waste? + Poor waste management can lead to several significant risks. A key one is the detrimental impact on ecosystems and human health from the increasing volume and complexity of waste associated with the modern economy. For instance, every year, an estimated 11.2 billion tons of solid waste is collected worldwide, and decay from the organic portion contributes about 5% of global greenhouse gas emissions. Moreover, improper disposal of harmful substances, such as medical wastes or toxic industrial wastes, can cause severe health hazards. As such, poor waste management poses a direct challenge to a company’s sustainability efforts. Organisations can use various methods to monitor and manage waste as part of their sustainability initiatives. A common approach involves implementing lifecycle waste management processes that focus on reducing, reusing, recycling and preventing waste right from the product’s origin until its final disposal. For example, companies can use fewer materials for packaging or opt for recyclable or reusable alternatives whenever possible. Reducing excess packaging not only minimises resource usage but also reduces costs associated with waste disposal. Another method of waste reduction is maintaining a diversion rate — the percentage of total generated waste that is diverted from landfills through recycling, composting or donation efforts versus what is sent directly to landfills. Advancements in technology have allowed for even more sophisticated monitoring methods, like using smart bins equipped with Internet of Things (IoT) sensors and AI capabilities that sort recyclables from non recyclables and indicate when the bins need emptying. This tech-driven approach helps maintain the waste-diversion rate and reduces GHG emissions from vehicles picking up empty or half-full bins. How can management engage with supply chain partners to improve sustainable operations? + Various collaborative strategies and technologies can enhance supply chain performance while simultaneously addressing the sustainability goals of the organization. Some best practices include: Intelligent network design and risk managementSmart forecasting and integrated business planning360-degree sourcing analysisTouchless and agile order-to-delivery modelsSupply chain as a serviceSupply chain control tower and end-to-end performance managementExpanding the supply chain beyond top-tier suppliersSharing best practices and technologies with supply chain partnersInvesting jointly in sustainability initiatives The visibility and collaboration resulting from these strategies allows management to map out potential risks related to sustainability, plan inventory management to reduce waste, communicate transparently with suppliers about sustainability goals and embrace agile methodologies that allow for continuous enhancement of sustainability practices in the supply chain. How can organisations best leverage third-party relationships to support sustainable operations? + Technology providers, industry groups, public-private partnerships and third-party experts in specific areas can all help a company improve sustainability in its operations and supply chain. For example: Engaging with technology providers can help drive insight into real-time tracking of resources to optimise resource utilisation.Engaging with industry groups can inform best practices and facilitate knowledge-sharing.Outsourcing certain operations to third-party providers who are known for their sustainability can improve the overall score of the business.Investing in renewable energy projects via third parties can be part of an organisation’s carbon-offset strategy.Engaging with public-private partnerships can help secure funding for large-scale sustainability projects that otherwise may be financially burdensome. Remember that while each of these strategies can help boost an organisation’s sustainability efforts, they also come with their own set of challenges and risks — including costs, time commitment, data security, dependency on other entities, etc., — hence, it is crucial to consider carefully your organisational needs and capabilities before engaging with external entities. Governance, Risk & Compliance Which functions are typically involved in the governance, risk and compliance aspect of a sustainability program? + Sustainability governance, risk and compliance (GRC) should span multiple functions of an entity, including but not limited to sustainability, legal, risk, compliance, finance and internal audit. The nature of GRC requires collaboration cross-functionally to achieve success, just as it does in an entity’s general GRC program. The shared responsibilities of a sustainability GRC program will vary depending on the entity’s governance and operational structure, the maturity of the current sustainability program and its resources, and the vision for the future of the sustainability program. Best practice is to integrate sustainability GRC into the existing GRC framework, in whatever form it currently operates. Who typically owns the sustainability program in an organisation? + Ownership of the program varies based on the organisation and available resources. However, executive leadership should oversee sustainability initiatives, similar to other strategic initiatives. Executive sponsorship conveys a program's importance, urgency and value, and is vital to driving awareness, engagement, buy-in and ownership of necessary change across the organisation. In recent years, many organisations have created specific sustainability departments or leadership roles to help oversee sustainability efforts from an operational and/or reporting perspective. In certain industries, senior management might assign a responsible department such as environmental, health and safety (EHS) or quality assurance to lead certain aspects of the overall sustainability effort. A sustainability working group can be established to coordinate the work with related departments. See also “Who at an organisation is responsible for sustainability?” in the Sustainability Basics section. What is an example of a governance infrastructure of a sustainability program? + Governance structure will vary from one organisation to another based on size, industry and other factors. An example of a sustainability program governance infrastructure is below. Image How can an organisation implement a governance structure? + Here is an example of the steps involved in implementing a governance structure: Approval: The board or an appropriate board committee approves the plan and climate-related targets.Oversight: The board or an appropriate board committee oversees execution of the plan.Accountability: Senior management is responsible for execution of the plan, and responsible parties have adequate authority and access to the resources they need to ensure effective execution.Incentives: Compensation and other incentive targets are aligned with the organisation’s climate goals, as described in the plan.Reporting: The board or an appropriate board committee and senior management receive regular status reports.Review: The organisation periodically reviews and updates plans, activities, metrics and targets.Transparency: The organisation reports on goals and performance to external stakeholders, including financial outcomes, performance against targets and impacts on the organisation’s business.Assurance: The organisation’s reporting is subject to independent review or third-party assurance. How is risk managed within the sustainability program? + Various sustainability GRC responsibilities will fall within the three lines. The first line should understand and track the progression of sustainability risks created by the business processes and activities for which it is responsible (e.g., climate risk, sustainable supply chain risk) and know the organisation’s plan to mitigate these risks.The second line should oversee the assessment of risks, including climate scenario analysis and the development of a climate risk framework, internal controls and tooling, and should provide support to the first line as needed.The third line, the internal audit function, should assess the progress achieved by the first and second lines and conduct specific sustainability audits. What is the role of the board of directors? + The board of directors is responsible for oversight of the ESG steering committee (see “What is the role of an ESG steering committee?” below) or the sustainability program. The board’s ESG responsibilities are often assigned to one or more existing board committees (such as the governance committee, audit committee, or compensation committee) and are documented in the respective committees’ charters. Example responsibilities of board committees may include: Oversee the company’s ESG strategy, initiatives, risks and opportunitiesOversee final sustainability reportingReceive updates on ESG efforts, third-party assurance, and progress on goals and initiativesApprove compensation targets related to sustainability goals What is the role of an ESG steering committee? + The ESG steering committee is an executive committee that provides oversight and strategic input to the ESG program. It typically reports to the board, either directly or through a C-suite executive such as the CEO or COO. This is intended to be a cross-functional committee that engages senior leaders across business units, regions and functions. Example activities may include: Approve reported ESG metrics and the publishing of a sustainability reportSet and lead the annual ESG strategyProvide leadership oversight over ESG matters, risks and complianceEnsure ESG efforts are sufficiently resourcedReview progress toward ESG goalsSupport efforts to improve performance against priority ESG ratings, rankings and awardsMonitor global ESG regulatory updates and oversee readiness and alignment effortsSupport efforts to ensure effective internal control over sustainability reportingFacilitate communication between the executive leadership team, board of directors and ESG working groups (see ”What is the role of ESG working groups?” below) What is the role of ESG working groups? + ESG working groups or sub-committees may be established to expedite execution of different aspects of the ESG strategy and report to the ESG steering committee. Each working group should be responsible for a specific, essential effort to drive the ESG program forward, such as data and reporting, stakeholder engagement and strategic planning, and should track program improvements in its dedicated area of responsibility. The types of working groups will vary depending on an entity's ESG strategy and goals. Example activities may include: Enable the execution of specific aspects of the ESG strategyAct as the coordinator for executing activitiesStay aligned and informed on key risks, regulations, emerging trends and stakeholder prioritiesInfluence decisions that could impact the company’s ESG strategyMonitor performance against ESG goals and priority ESG ratings, rankings and awardsEngage and provide updates to and from the ESG steering committee What role do process owners play? + Process owners should own tactical activities in existing departments that support the ESG program in its current state. Typically, process owners are also participants in ESG working groups. While the activities will likely change as the ESG program evolves, the role of process owners is to integrate these activities into business units to sustain ESG initiatives. Example activities may include: Collecting data for reported metrics to monitor progressExecuting, or monitoring the execution of, ESG policies and proceduresCollaborating cross-functionally with other ESG process ownersMaking decisions to undertake remedial or corrective actionDeveloping and maintaining effective internal control over sustainability reporting How should the organisation address the internal control environment around sustainability? + The internal control environment around sustainability should be integrated into an entity’s existing internal control and enterprise risk management frameworks. (See COSO’s guidance on applying enterprise risk management to environmental, social and governance-related risks.) Sustainability reporting relies heavily on data provided to support material metrics, and as such, internal controls over sustainability reporting should be designed and implemented with the same discipline and rigor applied to financial reporting controls. Sustainability risks should also be evaluated as part of the annual ERM assessment and integrated into the internal audit plan. Sustainability risks should be included in existing risk categories (e.g., credit risk). The COSO 2013 Internal Controls – Integrated Framework applies to sustainability controls and reporting, as outlined in the Internal Controls Over Sustainability Reporting (ICSR) guidance. Some examples of internal controls that can be leveraged include: At the entity level: Annually, the ESG Steering Committee performs an ESG materiality assessment to evaluate and understand the material topics that are relevant and impact the organisation.At the process level:Transactional - As needed, data owners perform a review of all metrics and disclosures contained in the report and compare them to the supporting evidence. The manager reviews this tie-out and evidences it via tick marks, comments and sign-offs by the respective preparers. Data owners define the materiality thresholds for allowable variances in reconciliations and the appropriate management reviews the reconciliation materiality values.Monitoring - As needed, ESG disclosures, including KPI data, are independently prepared and reviewed prior to issuance. Prior to disclosure, significant disclosures are discussed with the ESG committee. What is the role of internal audit in sustainability programs? + Both the Committee of Sponsoring Organisations (COSO) and The Institute of Internal Auditors (The IIA) emphasise the critical role that internal audit can play in ESG assessments and internal control activities. For this reason, internal audit should be involved in or consulted early on by the functions that set sustainability strategy. Sustainability should be included in the risk assessment and audit planning process, and systems and tools used to collect sustainability data should be evaluated by internal audit as well. The internal audit function takes on the critical role of providing objective internal assurance, independent from management, over the effectiveness of sustainable business risk management, reporting, and related regulatory compliance. Additionally, the IA function should develop remediation recommendations and action plans and provide updates to the audit committee. For more on the role of internal audit in sustainability reporting, see Internal Audit’s Role in Supporting Sustainability Reporting. What is an ESG controller? + An ESG controller is an emerging position some organisations are creating to support their ESG program. The ESG controller’s job is to track ESG requirements and integrate ESG reporting into the business, while understanding the implications of ESG reporting on financial reporting. Typically, the ESG controller will oversee the ESG reporting policy, ESG risk assessments and internal controls, and the development and monitoring of material metrics, scenario analyses, and other forecasts and calculations. This position is different from a chief sustainability officer, sustainability lead or internal audit in that it focuses on sustainability specifically as it relates to ESG reporting and its impact on corporate reporting. There is generally not an expectation for the ESG controller to drive operational sustainability initiatives. What is the requirement for third-party assurance? + Third-party assurance requirements vary by jurisdiction. For example, assurance (limited and then reasonable) is a requirement of the Corporate Sustainability Reporting Directive (CSRD) and the Securities and Exchange Commission’s (SEC’s) climate-related disclosure rules based on business criteria outlined in the schedule of each of the respective regulation’s requirements. Reasonable assurance is the more robust level of assurance, stating that the information is correct based on an independent review and testing of processes and controls. Limited assurance, meanwhile, relies less on testing and more on management information and may be limited to certain components of a report. Organisations should consult with their legal counsel and reporting departments on a regular basis, as reporting requirements will continue to develop and evolve, and based on whether certain criteria are met, assurance will likely be required in some form. Third-party assurance often needs to be provided by an entity meeting certain prescribed qualifications. CSRD and ESRS Timelines Image How does ESG integrate into enterprise risk management (ERM)? + ESG should be integrated into an organisation’s ERM program as outlined in COSO’s ERM Framework, using their sustainability guidelines. This integration requires alignment between the organisation’s sustainability strategy and its overarching strategy, risk and performance. The entity will need to decide whether sustainable business risks will be standalone items or integrated into broader risks. The European Banking Authority recommends the latter. As sustainability risks are integrated into the broader risk assessment, their importance and the focus and attention they receive are elevated. Just as with existing risks in an entity’s ERM framework, risk tolerance and financial performance impacts of ESG risks should be evaluated. ESG material topics should be the focus when analysing internal and external risk factors to the extent that they exist in sustainability reporting (often by way of omissions and misstatements). Emerging trends, business model changes and the external ESG landscape should be given extra attention within the assessment as well, given the rapid pace of change in sustainability reporting requirements. What are the compliance requirements around sustainability programs? + Compliance requirements will vary by regulation. Some variables include: Where the sustainability report content is located (e.g., annual report, management report, 10-K, company website)The type of assurance — limited or reasonable, required or recommendedThe topics that need to be reported (based on applicable regulatory standards, materiality assessment and/or industry)The frequency of the report (typically, annually)Time period covered (depending on the frequency; typically, the fiscal year) Companies need to determine their specific requirements based on the regulations relevant in the jurisdiction where they operate and their materiality assessment. It is recommended that companies consult their legal counsel to ascertain the reporting required of them. Performance & Reporting Why do companies engage in sustainability reporting? + Companies engage in sustainability reporting for a variety of reasons, including demonstrating the company’s commitment to its mission and values, meeting stakeholder expectations and demands, compliance with regulatory mandates, advancing investor relations, sustaining reputation and competitive advantage, engaging employees, improving access to green capital and, ultimately, realising long-term value. Companies should consider the pressures exerted by all these factors to determine the rigor, focus and level of depth and specificity in their sustainability reporting. See also “Why should an organisation have a sustainability strategy?” in the Strategy and Planning section, and “Why is sustainability important to all organisations” in the Sustainability Basics section. How does sustainability reporting information differ from traditional financial reporting? + Sustainability reporting differs from financial reporting in several areas, including scope, regulatory requirements, target audience, types of data, future-looking metrics, etc. There are efforts globally to bring closer alignment between sustainability reporting with financial reporting in the long term. (For example, this is the aim of the Corporate Sustainability Reporting Directive [CSRD].) The Committee of Sponsoring Organisations of the Treadway Commission (COSO) has summarised the differences between sustainability reporting and traditional financial reporting as shown in the graphic. But there is one important similarity between the two types of reporting in regard to disclosing material information to the investor community. Information is deemed “material” if a reasonable person would consider it important when making an investment decision or if it would significantly affect the existing mix of publicly available information about a company. In the United States, the Securities and Exchange Commission (SEC) states that any doubts as to whether information is material “should be resolved in the favor of the investor.” See also “Differences Between Conventional Financial Reporting and Sustainable Business Information” on page 28 of COSO’s publication Achieving Effective Internal Control Over Sustainability Reporting. Where should sustainability teams disclose their reporting? + The location of reporting will differ based on organisational factors, including whether the reporting is required or voluntary. ESG regulations may specify a location for the sustainability report, such as in the management report under the CSRD, the annual report, Form 10-K, etc. For voluntary sustainability reports, a typical location is the company website. The team can research where the company’s peers and competitors are publishing their sustainability reports to help determine what makes the most sense for the organisation. Does sustainability reporting differ by industry? + Yes, sustainability reporting can vary significantly by industry. It is important for companies to tailor their sustainability reporting to address industry-specific challenges and stakeholder expectations using materiality as a guide. Industry-specific sustainability reporting frameworks, such as those developed by SASB, can provide guidance on relevant disclosure topics for different sectors. Different industries may prioritise distinct ESG factors based on their operations, supply chains and stakeholder expectations. Globally, there are also efforts to standardise sustainability reporting and to take industry-specific standards into account in order to ensure a certain level of comparability of information. What are the standard frameworks or methodologies used for sustainability reporting? + This is an evolving topic, and there are several standards, both voluntary (as listed below) and regulatory (for example, the CSRD and the European Sustainability Reporting Standards (ESRS)). Below are some common sustainability frameworks: CDP — Founded in 2000 by the not-for-profit organisation, the Carbon Disclosure Project, the CDP is a voluntary reporting framework that companies use to disclose environmental information to their stakeholders. It aspires to promote a global economic system that operates within environmentally sustainable parameters.Task Force on Climate-Related Financial Disclosures (TCFD) — Created in December 2015 and disbanded in October 2023 after accomplishing its task, the TCFD’s aim was to assist companies across the globe in articulating the actual and potential impact of climate-related risks and opportunities on performance. The TCFD’s framework consists of four disclosure areas: governance, strategy, risk management, and metrics and targets. Currently, the TCFD recommendations are fully incorporated in the sustainability standards issued by the International Financial Reporting Standards (IFRS) Foundation, which is also taking over the monitoring of companies’ progress toward these goals.Global Reporting Initiative (GRI) — An international independent standards organisation that helps businesses, governments and other organisations understand and communicate their impact on sustainability. GRI is a globally applicable guideline and a United Nations–recognised standard for a range of sustainability concerns. It is the most widely used comprehensive sustainability reporting standard in the world.Sustainability Accounting Standards Board (SASB) — This framework is a set of industry-specific sustainability accounting standards for businesses and all forms of organisations to report sustainability matters that are financially material to investors. The SASB is now part of the International Sustainability Standards Board, similar to TCFD. It organises its industry standards through its Sustainable Industry Classification System (SICS). The framework consists of 11 sectors and 77 industries. How should management determine which framework or methodology to follow? + Management should determine the framework and methodology based on the organisation's regulatory requirements, industry, size and target audience. Choosing a framework aligned with the regulatory requirements and industry can help the company address relevant and material issues and ensure compliance. Many reporting companies use more than one standard and framework in their reports. Additionally, the framework(s) and standards used can evolve over time based on organisational priorities, evolving regulatory requirements, changes in guidance, etc. How should management determine what to report? + Organisations should determine which topics are important and material to the key stakeholders. Based on the results, management should determine which topics they want to prioritise and disclose publicly versus track internally and identify data needs and data availability for the selected topics. How should management approach goal setting and monitoring? + Goal setting is industry-specific and should consider stakeholder expectations. Setting the right goals and targets is a strategic process that involves aligning overall corporate objectives and sustainability principles. Organisation should consider how different activities - such as the results of their materiality assessment, alignment with global standards, achievability of goals, stakeholder expectations, resource management, and the monitoring and reporting process – impact goal setting. Continuous monitoring of goals should also be in place. Companies should establish a regular cadence or schedule to monitor progress and review goals for continued relevance. Factors to consider include: Are the goals still relevant, clear, and supported by KPIs?Are technology and tools in place for effective monitoring?Have we established a regular reporting cycle for goals?Are the right stakeholders involved and engaged?Should audits be performed to help support goal achievement?Do we have proper management and board oversight for the goals?How do we continue to adapt and improve as the business changes? Both the goals and the progress toward them should be disclosed to stakeholders. See also “What are science-based targets?” in the Operations and section. What is the common process for sustainability reporting? + The process for sustainability reporting involves the same steps as the process for financial reporting: planning and strategy, stakeholder engagement, materiality assessment, data collection and management, internal controls (to provide reasonable assurance of the completeness, accuracy, timeliness and consistency of information intended for disclosure) drafting, management review, reporting and disclosure. Organisations will need to develop similar processes, people and tools to collect, manage, consolidate and report data on ESG matters as they do on financial matters. Who in an organisation needs to be involved in sustainability reporting? + Internally, data collection will come from multiple teams across the enterprise — e.g., sustainability, finance, operations, legal, compliance, personnel and others — some of which have not had to provide disclosure-grade data before. This poses challenges related to completeness and accuracy. One way to mitigate these challenges is through the substantial involvement of the CFO and controllership function leaders in the ESG reporting process. (This involvement has been regularly reported in surveys and at conferences, particularly with public companies, given the applicability of the COSO framework to both financial and sustainability reporting.) Involving these functions allows for the exercise of “muscle memory” with regard to completeness, accuracy, timeliness and consistency of the data being reported. There will inevitably be instances of judgment and estimation used in this reporting, which (similar to financial reporting) must be appropriately considered and documented. Members of the legal and executive teams should review and approve any external sustainability reporting, just as they do with financial reporting. Organisations may also want to obtain external assurance prior to reporting. In some cases such assurance may be a requirement. Why should the CFO be involved in sustainability reporting? + The increasing involvement of chief financial officers in sustainability reporting is driven by several realities: The bar for reliable and consistent reporting is rising and the prevalence of greenwashing — real or perceived — is increasing. Regulators expect ESG reporting, whether voluntary or required, to meet an auditable standard. Lenders, insurers and investors expect trustworthy data behind the reports and narratives they receive concerning ethical supply chain risks, operations in flood and wildfire zones and access to raw materials. Thus, disjointed efforts to collect data of varying levels of reliability from a wide variety of disparate sources across the organisation to produce sustainability and ESG disclosures to customers, lenders, insurers and other parties upon request that may be inconsistent with the formal sustainability report will not suffice. To improve the discipline, rigor and consistency of the data underlying all reports to the market, companies are looking to the finance function to provide the same level of oversight that is directed to financial reporting. The finance function can take the necessary steps to ensure there is a “single version of the truth” in all sustainability disclosures. See also “Should an organisation have a sustainability data management program?” in the Data Management and Tools section. How often should organisations report on sustainability initiatives? + The cadence of reporting can vary considerably from one organisation to another. Some organisations opt for more frequent reports and updates, for example, if they want to answer customer inquiries or report to raters. Such updates are typically posted to the company website. Others focus on including all updates within their annual sustainability report. Organisations will also have to consider their regulatory requirements, as they may impact the nature, extent and frequency of reports. How often should an organisation’s reporting methodology be reviewed by oversight committees? + Best practice is to include a requirement and a mechanism for review of the reporting frequency and methodology in the governing document(s) for the ESG program. Regardless of whether that has happened, a typical approach is to revisit the reporting methodology and frequency anytime a regulatory change occurs that affects the business, whenever a material change occurs in the company or the applicable reporting standards, or at least annually. What is the role of ESG ratings? + ESG ratings provide a third-party view of ESG performance by attempting to aggregate information about an organisation’s sustainability performance and quantify the results. This quantified view allows investors and other stakeholders to compare sustainability performance between organisations easily. Can organisations be penalised for inaccurate sustainability reporting? + Yes, organisations can be penalised for inaccurate ESG reporting. This is true whether the report is made voluntarily or in response to a regulatory requirement. Regulatory enforcement could involve fines, sanctions or legal consequences. Additionally, organisations can face reputational damage and investor backlash if the organisation's reporting is misleading or wrong. This erosion in the brand can ultimately affect customer loyalty. For example, organisations have been called out for greenwashing — overstating or manipulating ESG information to create a false impression of sustainability. Companies engaged in greenwashing often exaggerate their commitment to environmental sustainability, eco-friendliness or other green initiatives to attract environmentally conscious consumers when, in reality, their claims and assertions may be unsupported or may represent only a small aspect of the company's overall practices. Some so-called “green funds” have been investigated and fined for ESG misstatements as well. As sustainability reporting becomes more regulation-driven, organisations should expect penalties and fines for inaccurate reporting to become more common. Given these risks, organisations should carefully consider frameworks and guidelines to improve the transparency and accuracy of ESG reporting. Acronyms Defined AcronymFull NameAPIApplication Programming InterfaceBMSBuilding Management SystemCDPCarbon Disclosure ProjectCO2eCarbon Dioxide EquivalentCOSOCommittee of Sponsoring OrganisationsCSRCorporate Social ResponsibilityCSRD Corporate Sustainability Reporting DirectiveERMEnterprise Risk ManagementERPEnterprise Resource PlanningESGEnvironmental, Social and GovernanceESRSEuropean Sustainability Reporting StandardsGDPRGeneral Data Protection RegulationGHGGreenhouse GasGRIGlobal Reporting InitiativeGWPGlobal Warming PotentialIOTInternet of ThingsISOInternational Organisation for StandardisationISSBInternational Sustainability Standards BoardIFRSInternational Financial Reporting StandardsKPIKey Performance IndicatorMESManufacturing Execution SystemsNGONon-Governmental OrganisationNISTNational Institute of Standards and TechnologySASBSustainability Accounting Standards BoardSBTiScience-Based Targets initiativeSECSecurities and Exchange CommissionSICSSustainable Industry Classification SystemSDRSustainability Disclosure RequirementTCFDTask Force on Climate-Related Financial DisclosuresTPRMThird-Party Risk Management UN SDGUnited Nations Sustainable Development GoalsUN GCUnited Nations Global Compact Legal DisclaimerThe responses to the questions have been drawn from myriad regulatory publications, issuances, and guidance from other governmental agencies and law enforcement, industry publications, media reports, and Protiviti's work with a wide range of companies. It is important to note that the information listed in this guide (the "Information") is provided for general information only at a point in time. Laws, regulations, and industry standards are evolving continuously, and the Information does not reflect any future developments. While the Information is designed to assist companies with their compliance efforts, the Information is not intended to address the circumstances of any specific industry or company. Because the Information does not constitute legal or accounting advice, companies should seek the advice of legal counsel or other appropriate advisers on specific questions related to their unique circumstances. Protiviti makes no representation or warranty of any kind, expressed or implied, regarding the Information's accuracy, adequacy, validity, reliability, or completeness. Topics Business Performance ESG/Sustainability