December 1, 2021 By Ian Francis 3 min read

Today’s business leaders have inherited a turbulent market landscape in which they must understand, monitor and manage the impact their firms have on external entities, in a much wider sense than before. When considering their effect on the physical environment, their social responsibilities in areas like supply chain ethics, or their overall responsibility to society through effective governance practices, firms need to ensure they have a handle on environmental, social and governance (ESG) risk and compliance.

The benefits of ESG

An effective ESG practice delivers several benefits, including:

  • Reduced energy costs
  • Improved employee/labor relationships
  • Reduction in regulatory and legal intervention
  • Greater access to capital alongside revenue growth

A key challenge here is aligning the goals of ESG with current governance, risk and compliance (GRC) management disciplines and responsibilities already well-established within the business. Organizations must develop an integrated approach to the goals spanning ESG and GRC, using a data-driven approach.

The immediate future of ESG

A recent IDC FutureScape Report identified several predictions on sustainability that directly align with current GRC disciplines:

  • “By 2024, two-thirds of organizations worldwide will be tracking their diversity, equity, and inclusion performance using ESG metrics and KPIs.”
  • “Companies will extend their data privacy initiatives to surpass compliance requirements with 60% of enterprises establishing KPIs regarding the ethical use of data by 2023.”
  • “By 2023, 40% of organizations will mandate responsible sourcing policies and implement audit and accountability solutions requiring proof of compliance to build trust among consumers and stakeholders.”

These may sound like optimistic projections. But this sort of approach is a foundation for GRC management that firms have been applying for almost 15 years. ESG is simply an extension to these approaches.

Reduce, reuse, recycle

ESG risk management fits under the classic sustainability rubric of reduce, reuse, recycle:


“New” non-financial risk disciplines often bring a slew of additional solutions to market. But firms can reuse flexible GRC tools to extend their frameworks.

Reduction in the number of non-financial risk systems will reduce the overall running cost, deployment effort and environmental impact of implementing another platform. At a minimum, firms can minimize costly CAPEX and gain efficiencies in moving their risk management practices to the cloud.


An effective ESG program will look to:

  1. Identify ESG risks against business objectives and external reporting frameworks through a risk assessment
  2. Document and evaluate corresponding controls
  3. Monitor achievement progress objectives and potential impediments using key indicators (KRIs/KPIs) and metrics
  4. Manage the remediation of the gaps and identified issues through proper assignment, accountability and tracking mechanisms
  5. Report on the position, progress, outcomes and regulatory alignment of ESG requirements

ESG is inherently linked to multiple existing GRC domains including operational risk, third-party risk, and policy and compliance management. In an effective integrated risk management initiative, the above 5 steps are directly aligned to the processes already in place, so businesses can look to manage their ESG profile through the reuse of existing GRC processes.

Conceptually this is as simple as extending categorization models; enhancing risk, control and indicator libraries; and adding new reports. In reality, this can be a challenging exercise. A flexible GRC solution allows your organization to try and deploy configuration changes easily and rapidly.


ESG, like GRC, is a data-hungry activity. Firms must look at their existing data inventory and look to recycle. Whether it’s feeds of data related to third-party content such as those provided by Supply Wisdom, regulatory change content from Thomson Reuters or internally generated content related to HR hiring practices and profiles, this type of content is crucial to help you understand, manage, and monitor the ESG stance of your business. Accordingly, many existing GRC platforms embed these data feeds natively into the platform.


Delivering an effective ESG program is not a simple exercise. Firms can align their ESG objectives with enterprise risk by adapting and extending existing policies, processes and systems within their GRC frameworks and supplementing with additional third-party content. Those firms who see ESG as a separate discipline will most likely achieve their goals, but they may be saddling their firm with yet another silo of risk management. Managers who do this have missed some of the core ethos of ESG.

It’s not necessary to reinvent the wheel with ESG. Adding new data systems, technology or processes often results in costly, inefficient programs that lose sight of the overall business objectives and performance. By aligning ESG objectives with your enterprise risk management program, you’re more likely to meet your ESG goals. Solutions like IBM OpenPages with Watson support those goals by providing a flexible enterprise risk platform that breaks down silos and opens up GRC capabilities to leaders across the organization, giving total visibility of the company’s risk position from one integrated point of view.

Learn more about IBM OpenPages with Watson

Was this article helpful?

More from Business transformation

Empower your technical staff with hands-on technology training

2 min read - With a vast amount of technology training and education available today, it’s difficult to know what deserves your attention and what’s just a marketing ploy. Furthermore, most training and education in technology is only offered through text or video, meaning that the learner doesn’t have an opportunity to apply the theory that they are learning. This naturally reduces the effectiveness of the training. Few programs offer to integrate and weave new training into the pre-existing training that is offered within…

Innovation with IBM® LinuxONE

4 min read - The IBM® LinuxONE server leverages six decades of IBM expertise in engineering infrastructure for the modern enterprise to provide a purpose-built Linux server for transaction and data-serving. As such, IBM LinuxONE is built to deliver security, scalability, reliability and performance, while it’s engineered to offer efficient use of datacenter power and footprint for sustainable and cost-effective cloud computing. We are now on our fourth generation of IBM LinuxONE servers with the IBM LinuxONE Emperor 4 (available since September 2022), and IBM…

Customer service vs. customer experience: Key differentiators

5 min read - In many organizations, but not all, customer service is treated as part of the customer experience. Both are interested in driving customer satisfaction, but they focus on different parts of the customer journey to achieve it. So what are the key differences in customer service vs. customer experience? And why do both matter for your business? Customer experience, or CX, is a holistic accounting of customers’ perceptions resulting from all their interactions with a business or brand, whether online or…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters