December 1, 2021 By Ian Francis 3 min read

Today’s business leaders have inherited a turbulent market landscape in which they must understand, monitor and manage the impact their firms have on external entities, in a much wider sense than before. When considering their effect on the physical environment, their social responsibilities in areas like supply chain ethics, or their overall responsibility to society through effective governance practices, firms need to ensure they have a handle on environmental, social and governance (ESG) risk and compliance.

The benefits of ESG

An effective ESG practice delivers several benefits, including:

  • Reduced energy costs
  • Improved employee/labor relationships
  • Reduction in regulatory and legal intervention
  • Greater access to capital alongside revenue growth

A key challenge here is aligning the goals of ESG with current governance, risk and compliance (GRC) management disciplines and responsibilities already well-established within the business. Organizations must develop an integrated approach to the goals spanning ESG and GRC, using a data-driven approach.

The immediate future of ESG

A recent IDC FutureScape Report identified several predictions on sustainability that directly align with current GRC disciplines:

  • “By 2024, two-thirds of organizations worldwide will be tracking their diversity, equity, and inclusion performance using ESG metrics and KPIs.”
  • “Companies will extend their data privacy initiatives to surpass compliance requirements with 60% of enterprises establishing KPIs regarding the ethical use of data by 2023.”
  • “By 2023, 40% of organizations will mandate responsible sourcing policies and implement audit and accountability solutions requiring proof of compliance to build trust among consumers and stakeholders.”

These may sound like optimistic projections. But this sort of approach is a foundation for GRC management that firms have been applying for almost 15 years. ESG is simply an extension to these approaches.

Reduce, reuse, recycle

ESG risk management fits under the classic sustainability rubric of reduce, reuse, recycle:


“New” non-financial risk disciplines often bring a slew of additional solutions to market. But firms can reuse flexible GRC tools to extend their frameworks.

Reduction in the number of non-financial risk systems will reduce the overall running cost, deployment effort and environmental impact of implementing another platform. At a minimum, firms can minimize costly CAPEX and gain efficiencies in moving their risk management practices to the cloud.


An effective ESG program will look to:

  1. Identify ESG risks against business objectives and external reporting frameworks through a risk assessment
  2. Document and evaluate corresponding controls
  3. Monitor achievement progress objectives and potential impediments using key indicators (KRIs/KPIs) and metrics
  4. Manage the remediation of the gaps and identified issues through proper assignment, accountability and tracking mechanisms
  5. Report on the position, progress, outcomes and regulatory alignment of ESG requirements

ESG is inherently linked to multiple existing GRC domains including operational risk, third-party risk, and policy and compliance management. In an effective integrated risk management initiative, the above 5 steps are directly aligned to the processes already in place, so businesses can look to manage their ESG profile through the reuse of existing GRC processes.

Conceptually this is as simple as extending categorization models; enhancing risk, control and indicator libraries; and adding new reports. In reality, this can be a challenging exercise. A flexible GRC solution allows your organization to try and deploy configuration changes easily and rapidly.


ESG, like GRC, is a data-hungry activity. Firms must look at their existing data inventory and look to recycle. Whether it’s feeds of data related to third-party content such as those provided by Supply Wisdom, regulatory change content from Thomson Reuters or internally generated content related to HR hiring practices and profiles, this type of content is crucial to help you understand, manage, and monitor the ESG stance of your business. Accordingly, many existing GRC platforms embed these data feeds natively into the platform.


Delivering an effective ESG program is not a simple exercise. Firms can align their ESG objectives with enterprise risk by adapting and extending existing policies, processes and systems within their GRC frameworks and supplementing with additional third-party content. Those firms who see ESG as a separate discipline will most likely achieve their goals, but they may be saddling their firm with yet another silo of risk management. Managers who do this have missed some of the core ethos of ESG.

It’s not necessary to reinvent the wheel with ESG. Adding new data systems, technology or processes often results in costly, inefficient programs that lose sight of the overall business objectives and performance. By aligning ESG objectives with your enterprise risk management program, you’re more likely to meet your ESG goals. Solutions like IBM OpenPages with Watson support those goals by providing a flexible enterprise risk platform that breaks down silos and opens up GRC capabilities to leaders across the organization, giving total visibility of the company’s risk position from one integrated point of view.

Learn more about IBM OpenPages with Watson

Was this article helpful?

More from Business transformation

Rethink IT spend in the age of generative AI

3 min read - It’s the burning question for today’s CIOs: what do you spend your IT budget on? Cloud costs were already a challenge—in a recent survey, 24% estimated they wasted software spend. The explosion of generative AI makes it critical for organizations to consider frameworks like FinOps and technology business management (TBM) for visibility and accountability of all tech spend. But what does this all mean in practice? How can organizations shift to a more disciplined, value-driven approach to IT spend? What…

6 hard truths CEOs must confront in the generative AI era

5 min read - The rise of generative AI is a make-or-break moment for CEOs. All eyes are on them and the decisions they make now to steer their organizations into the future. There is an exciting canvas of opportunity ahead with generative AI: improving productivity across virtually every enterprise function, delivering exciting new kinds of customer experiences, and powering the development of new digital products and services—all underpinned by transformed technology delivery. To turn these opportunities into reality, IBM’s recent AI Academy episode…

Immutable backup strategies with cloud storage

4 min read - Cyberthreats, once a mostly predictable risk limited to isolated incidents, are now pervasive. Attackers aided by advancements in AI and global connectivity are continually seeking out vulnerabilities in security defenses so they can access critical infrastructure and customer data. Eventually, an attack will compromise an administrative account or a network component, or exploit a software vulnerability, ultimately gaining access to production infrastructure. These inevitable attacks are why having immutable offsite backups for both application and customer data is critical to…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters