Defining the G in ESG

Aarthi Natarajan
5 min read

This is part two of a four-part series. You can read the first part here.

Today, many enterprises are establishing their own ESG (Environmental, Social, and Governance) policies. As of 2020, 62% of banks and 56% of non-financial companies already have ESG policies in place. Most of those that don’t yet have ESG policies plan to establish them in the near future.

As investors become more conscientious of the ethical and sustainability positions of the companies they invest in, it’s become increasingly important for organizations to provide a transparent scorecard that demonstrates its position on initiatives related to political stances and corporate culture. Refusing to disclose this information will give your competitors who do provide clear ESG policies a competitive advantage, so it’s time to codify your stance and put it into practice, with an efficient system to monitor your performance.

What’s the G?

The “E” portion (environmental) has long held a set of standards and was previously known as a sustainability policy. Companies with sustainability policies have clear guidelines for mitigating their environmental impact, which might include ensuring carbon neutrality, reducing emissions and increasing landfill waste diversion by recycling and other re-use programs. (See BNY Mellon’s policy for a good example.)

As investors and customers have become more aware of social and cultural problems within organizational leadership, and broader human rights challenges, the “S” part (social) has gained prominence as well. Social policies within your ESG statement might include a commitment to avoiding transactions with companies that engage in human trafficking, as well as policies related to diversity and inclusion, including gender-based pay disparities and board representation.

The role of “G” (governance) is harder to identify. Broadly, your governance program should focus on these four components: structure and oversight, code and values, transparency and reporting, and cyber risk and systems. There is quite rightly a focus on ‘low hanging fruit’ and on the data points which are most easy to quantify, and of course, high-profile from a reputational perspective, such as diversity metrics. But eventually, organizations with ESG reporting obligations will need to grapple with what exactly the G means for them.

Companies with strong governance practices perform better than those without. Governance must be treated as a core component of ESG, not a footnote—but that’s not always the case in practice.

With poor governance, your organization can end up making bad decisions that reflect poorly on your company and may cause substantial financial damage. Take the Volkswagen “Dieselgate” scandal, for example: The company had a two-tier board system, and the “supervisory” board, meant to monitor corporate decisions, lacked the authority to perform independently, as a majority of shareholders controlled it. With a lack of independent supervision, the company signed off on decisions that included rigged emission reports.

To build an effective ESG program, organizations must provide assurance over and report on effective corporate governance to ensure their commitments are being met. But good corporate governance isn’t just about developing policies and procedures — they don’t mean anything without proper enforcement.

Businesses need a way to turn their policies and procedures into practical steps, with internal controls to verify compliance in real-time. And as governance risks like business ethics and management renumeration are often highly qualitative, they’re harder to assess. To combat this, it helps to create governance metrics and quality scores to create a transparent system for assessment and assurance.

Solving the “G” problem with IRM

In order to develop a framework for monitoring your ESG initiatives, it’s essential to use an integrated risk management (IRM) solution.

IRM enables a risk-first approach to corporate governance, in which all departments are aligned to organizational risk and strategic objectives. IRM empowers the enterprise to gather an integrated view of how well the organization manages its risks, providing visibility into risk trends and predictors for new threats.

With IRM, you can map out every individual risk and develop a unified system for assessing the success of your ESG programs. Your dashboard will give you the insights you need to predict the performance of your program going forward, so that you can make changes to your processes to correct issues, or develop improved benchmarks for future years based on promising metrics.

You’ll be able to use real-time, visual dashboards to get an instant spot check on the health of various initiatives, such as the diversity ratio of your board members and executive stakeholders, and to put mitigation plans into place immediately if you’re falling behind. You’ll also be able to quickly build out executive reports to empower your board and leadership to make better data-driven decisions related to the status of your ESG initiatives.

You can also integrate your ESG initiatives and their associated risks within global frameworks, benchmark your program and its performance against your competitors, and adhere to industry regulations. IRM can streamline compliance initiatives, automate your controls processes, freeing up your risk management team’s time to focus on broader strategic insights that will help you drive your business and its ESG program forward.


An effective ESG program begins with inventorying the risks and KPIs within each initiative and developing an efficient and transparent system for governing the programs and maintaining control of the risks. Using IRM will help your organization align around all of your ESG’s risks and strategic goals and provide visibility to analyze your data and make decisions that will drive your ESG goals forward.

>>Continue to part 3