AuditBoard has released its 2023 ESG Maturity Benchmarking Report, exploring the role of effective ESG risk management in shaping a company’s financial standing and reputation. Two-thirds of organisations have insufficient controls.
- Nearly 24% of respondents don’t collect any evidence to support their ESG metrics, while 42% collect evidence — but only a portion of these are ESG metrics.
- Only 10% of respondents demonstrate strategic maturity in reporting and disclosures, and 0% scored in the groundbreaking category — representing significant room for growth and improvement.
- Two-thirds are yet to implement ESG controls, highlighting a low state of maturity in ESG data governance – and of those reporting on ESG only 31% third-party assurance on their ESG data.
The AuditBoard report found that two-thirds of organisations have not implemented ESG controls, and that 60% do not currently perform internal ESG audits. This lack of ESG program readiness raises the risk of reporting incomplete or incorrect data and leaves organizations unprepared to maintain compliance with future regulations, including the forthcoming ESG rules from the Securities and Exchange Commission (SEC).
The 2023 ESG Maturity Benchmarking Report report drew on a survey conducted between April and June 2023 of 200+ audit, risk, and ESG professionals, with 82% of the respondents from medium to large-sized companies and 74% representing public firms.
The report did however indicate that some organisations are more advanced than others in their ESG program readiness. For example, over 75% of respondents said they currently collect evidence for ESG metrics, and 26% reported that they plan to begin performing internal ESG audits in the next year. In addition, 61% reported having a dedicated ESG team or committee with representatives from audit, compliance, legal, and/or risk management.
Other key findings of the report include the fact that, as yet, ESG is not included as a strategic part of enterprise risk management at many organisations – 40% of organisations don’t include ESG risks in ERM strategy, and 35% of organisations have not performed a materiality assessment.
Of four key areas of ESG competency (which AuditBoard breaks down into investment and processes; breadth and depth; reporting and disclosures; and governance and controls), survey respondents displayed the highest maturity in investment and processes and the lowest maturity in reporting and disclosures.
Unsurprisingly the most tracked topic in the environmental category was climate change and carbon emissions, as that has been the main thrust of most discussion of climate risk. However the social and governance elements were also seen as significant, with gender and diversity tracked by 72% and board composition tracked by 66%.
There are challenges to overcome
Despite growing demand from investors and stakeholders for commitment to ESG,
the report says “many organisations face obstacles when it comes to ensuring they are accurately capturing and reporting ESG data and developing effective ESG risk management practices.”
Only one-third of respondents report being in compliance or planning to comply with the proposed SEC ESG rules. For those that do plan to comply, the report findings reveal that 90% currently fall within the bottom half of maturity levels for reports and disclosures.
Readiness gaps remain at many companies and there are a range of challenges that companies are facing, which run the gamut from a lack of understanding of what to track, a failure to centralise access to data and issues around budget and personnel. However the core challenges largely arise from two issues: 1) limited resources and infrastructure to support ESG data and metrics tracking and verification, and 2) the difficulty of navigating the confusing universe of ESG standard-setting organisations.
Resourcing is a definite issue, as 46% of respondents reported that there is no dedicated budget allocated for ESG technology or headcount. Even among those with an ESG budget, only 9% have a budget allocated for ESG program management technology.
For example, the report shows that while 86% have ESG personnel, 46% lack a dedicated ESG budget. And while 72% of respondents track some form of ESG data metrics, yet only 17% centralise this data for stakeholder accessibility.
Voluntary disclosure is accelerating
Voluntary disclosure efforts reveal that many businesses are concerned with ESG
optics: an astonishing 96% of the S&P 500 self-published sustainability reports in
2021, according to the Governance and Accountability Institute.
A PwC and Workiva survey reported similar findings in 2023, finding that 70% of business leaders were not waiting for the SEC ruling. That survey also found that significant challenges to compliance included deadlines, resourcing, technology, and budget.
In fact, while 68% of executives reported that their company already uses technology for ESG reporting, 85% were concerned that their business does not have the right technology in place to support the level of reporting required in the proposed rules.
Regulatory pressure grows as SEC announcement looms
There has been rapid growth in regulatory requirements around ESG and that continues to accelerate. While the SEC’s proposed climate disclosure rules remain open to public comment as of August 2023, many anticipate they will be formalised by the end of the year and many are already begun embracing them in response to mounting pressure. In the EU, the Corporate Sustainability Reporting Directive (CSRD) has already been adopted.
That means that companies operating within the EU with a turnover of at least €150 million are subject to reporting requirements, whether they are publicly listed or not.
“The AuditBoard survey on ESG maturity reveals an urgent need to align investment with controls and transparent disclosure. As companies face looming ESG regulations across the globe, the integration of ESG principles cannot remain segmented,” said John A. Wheeler, former Gartner IRM Analyst and Senior Advisor, Risk and Technology at AuditBoard.
“Integrated risk management (IRM) technology offers a pathway to unify these elements, ensuring that businesses are not just compliant, but are leading the way in sustainable practices. By marrying investment with robust controls and clear disclosure, companies can prepare for the regulatory landscape and position themselves as responsible stewards in the global market.”
There are clearly gaps in preparedness for ESG reporting, which is responsible for a lot of the push-back on reporting requirements. They will be time and cost intensive as companies are struggling to manage inflation, an energy crisis and ongoing supply chain challenges. Investors however require such information to make informed investment decisions and many companies could use the data uncovered to optimise efficiencies within their own business.
While implementation may prove a challenge, pressure on reporting is only likely to grow, which provides a strong opportunities for new tech players to solve pain points in the process.