How can your GRC technology support your ESG goals?
In our last blog post, we discussed the growth in demand for ESG programs, the role of GRC in ESG, and how GRC plays into your ESG goals.
With ESG becoming such a priority among regulators and investors, the need to set up your GRC technology solution to support your ESG program is more important than ever.
As we’ve previously discussed, although GRC/IRM solutions do not inherently execute any controls or compliance activities autonomously, they increasingly include ESG content and workflows to monitor and report progress toward organizational risk and compliance goals. These workflows and content can be used to support your ESG controls and compliance activities, as well as to tie your ESG data in with the rest of your organization’s risk and compliance workflows and data.
With that being said, below is a five-step framework of how your organization can utilize your GRC technology to document and manage your ESG:
Step 1: Identify Current ESG Processes and Goals
An initial discovery phase of identifying the various ESG processes, owners and goals will provide an overview of the current state of ESG initiatives at your organization and set the foundation for future tool governance and implementation.
Key questions to ask in this stage:
- What are the various ESG initiatives?
- Who is the owner/primary point of contact for each initiative?
- What tools/technologies are currently being leveraged or planned to be leveraged to achieve the ESG goals?
Step 2: Define the ESG GRC Data Model and Objectives
Defining a common ESG data model and taxonomy for the GRC solution will enable your organization to establish and monitor the appropriate data points and create an actionable plan for measuring success.
Key questions to ask in this stage:
- What are the key goals for your organization’s ESG initiatives?
- What are the risks of not achieving those key ESG goals?
- How do I want to track my ESG action plans to achieve the ESG goals?
- Consider an ESG Framework, such as:
- GRI
- SASB
- TCFD
- CDP
- Consider an ESG Framework, such as:
- What actionable insights are necessary to meet and monitor the ESG goals?
Step 3: Select a GRC Tool
Almost all GRC tools and vendors are designed to meet particular objectives, so it’s critical to understand exactly what your GRC vendors are doing and if they can support your ESG program.
Key questions to ask in this stage:
- Can my existing vendors support what actions are needed to reach those ESG objectives?
- What is the cost to integrate these vendors into the ESG process, and is the return on investment justifiable?
Step 4: Develop an ESG Tool Implementation Roadmap
Once you’ve determined the right insights and technology to support your organization’s ESG goals, it’s time to create a roadmap to implement. We recommend only selecting a new tool if existing tools do not meet the requirements. In this stage, it’s critical to lean on a strong governance structure and a clearly defined, step-by-step plan.
Key questions to ask in this stage:
- How do the key goals for your organization’s ESG initiatives fit in with other corporate objectives?
- What are the existing audit, risk, and compliance activities occurring that could be included to gain efficiency, reduce redundancy of effort, and produce a complete organizational risk dashboard?
- How should we prioritize ESG implementation activities while considering prioritization within the overall risk program?
- What existing business and GRC processes will need to be altered in order to achieve identified KPIs?
- What will the reporting and monitoring process look like in order to effectively communicate with leadership?
Step 5: Incorporate Your ESG Goals Into Your Business Processes
Once ESG objectives and the necessary processes to reach those objectives have been defined, it’s key to evaluate your existing business processes—starting with your vendors/customers.
Key questions to ask in this stage:
- How can we integrate ESG processes with our existing business processes—or do we need to create entirely new processes?
- What is the priority level and/or timeline for the creation or integration of these processes?
In doing this work, it’s likely that you’ll find your GRC vendors and processes leave a gap between your current state and your desired ESG outcomes.
There’s a good chance you may have to integrate new processes with your existing ones, add new processes entirely, customize your current GRC solutions to include ESG, or perhaps even move forward with an entirely new GRC solution.
ESG processes can be a lot of effort to implement on the front end, but it’s important to establish your ESG processes sooner rather than later because of the expanding role of ESG in business today.
If you need support with determining ESG objectives, establishing the necessary processes required to meet those objectives, or finding the right technology solution to support these processes, contact us or download our ESG quick-start checklist with seven steps to get started on your ESG goals.