Developing a Strategy for Managing Non-Financial Environment, Social, and Governance (ESG) Risks and Opportunities


By Tim Bovy, Ian Hodges, and David Ryan

In Business, everything flows from strategy. Strategy requires that organisations prepare detailed assessments of risks and opportunities, and then find the ways and means to achieve their business objectives in response to those risks and opportunities. Today, and for the foreseeable future, this will necessitate being able to identify and manage the risks and opportunities that arise from non-financial environmental, social, and governance (ESG) issues. As the London Stock Exchange notes in its ESG Guidelines: “Issuers’ ESG performance on subjects such as resource use, human rights, health and safety, corruption and transparency is increasingly used to draw conclusions about the quality of their management, identify their exposure to business risks and assess their ability to leverage business opportunities.” They add that “it is becoming more and more important for companies and other issuers to communicate with investors clearly and accurately on these aspects of their performance” because “there is growing evidence that issuers that publish high quality information on the longer-term implications of ESG for their business are more likely to attract and retain long-term investors.” [1]

A recent paper from NYU Stern Center for Sustainable Business and the CEO Investor Forum argues that while “Earnings calls move markets… standard quarterly financial reporting and a lack of attention to ESG—and the impact that ESG performance can have on corporate financial performance—amplifies short-term market pressures. This can encourage myopic decision-making, such as cutting planned research and development spending, that hits short-term earnings targets at the expense of long-term value creation.”[2]

The paper proposes ways in which quarterly financial reporting can include ESG-driven long-term and sustainable value creation alongside short term earnings. This approach is echoed in a Harvard Business Review article, published in May 2020, which observes that “A consensus is emerging that society and diversified investors are best served by companies that focus on sustainable value creation and respect the legitimate interests of all stakeholders, not just stockholders.”[3] The article’s authors identify purpose and accountability as the twin pillars of a new corporate governance which will require businesses to demonstrate how they work for the benefit of all stakeholders in both the short and long term.

The major problem, however, is that in most cases investors are not receiving what they need in order to make informed decisions, primarily due to the inaccessibility of one important corporate commodity – relevant information. The LSE cautions that “investors [find] it difficult to access appropriate data and information; issuers [fail] to understand what information investors need.”[4] Issuers are accustomed to thinking of important information in terms of financial data, so when investors demand non-financial information many issuers struggle to provide it. “Whereas every large company has a sophisticated and robust IT infrastructure for generating financial reports,” observes Robert Eccles in a recent Harvard Business Review article, “few firms have reliable systems for measuring ESG performance. The result is untimely and poor-quality ESG data, which presents challenges not only to investors but to corporate managers themselves.”[5] Indeed, “for many organisations…their ESG information is rarely available at the same time and in a comparable format as financial information.” [6]

The reason for this state of unpreparedness is not difficult to fathom. While organisations have had many years of experience managing systems for producing financial information, very few of them have the information management systems required to provide ready access both to financial and non-financial ESG data. In addition, financial information goes to and through the Finance department at multiple points in its lifecycle, and is based on one common denominator for validation – money.

The value of a comprehensive ESG information management system is that it forms a panoply across the entire organisation, and can illuminate any single point when necessary, whether it be related to financial or non-financial data, and has the flexibility to incorporate new topics when necessary.  

“The ESG data universe is still expanding at an astounding rate,” according to Nasdaq. “New topics are still emerging, and the connections between company operation and downstream impact are being made clear. Since the previous version of this [Nasdaq ESG Reporting] guide, we have seen new KPIs focus on human rights, anti-slavery, data privacy, tax and payments to governments, water stewardship, and so on – all under the collective label of ESG.”[7] Gathering information related to such a wide range of subjects, in addition to data related to, for example, greenhouse gas emissions, board and management climate oversight, gender diversity, child and forced labor, and supplier code of conduct means that the best systems are capable of drawing information from a wide array of structured and unstructured data sources. To this end, the International Integrated Reporting Council (IIRC) recommends that organisations “invest in [information management systems] that can be used to improve the ability to search, access, combine, connect, customize, re-use, and analyze information.”[8] With such a broad remit, the question, of course becomes, where to begin.

Define and Communicate the ESG Strategy as a First Step

Defining an ESG strategy focuses the organization’s mind upon its most important ESG issues, and the risks and opportunities associated with them, while simultaneously providing it with a context for analyzing their effect on the company’s means for achieving its business objectives. If continuing to produce coal-fired power plants that damage the environment is considered socially unacceptable and discourages institutional investors from including an organization in their recommended investment portfolios, then what long-term impact will this have on sustainability? There may be complex reasons that a business cannot suddenly stop production, so what must the company do to convince investors of its future commitment to the use of, say, hydrogen technology towards which it is currently transitioning. Simply stating this plan in a glossy financial statement or on the organisation’s website is insufficient, since savvy institutional investors such as Blackrock will suspect greenwashing. A convincing narrative must be supported by convincing data.

The role of institutional investors

An influential research report from the United Nations Global Compact, UNEP Finance Initiative and the Principles for Responsible Investment entitled Fiduciary Duty in the 21st Century[9] makes a very strong case for the role of ESG in the decision making process of institutional investors. And the report itself puts forward an excellent argument for the inescapable rise of ESG.

In the UK, total private pension wealth amounted to £6.1 trillion in the two years to March 2018 and the total investment portfolio of UK insurance companies was £1.9 trillion in 2018. For comparison, the GDP of the UK in 2018 was £2.8 trillion. These are vast sums of money that underline the significance of institutional investment in the various financial markets and in the wider economy.

It is clear that the decisions institutional investors make have ramifications beyond the fundamental buy, sell, hold maximization of investment returns. The sums invested are large enough to influence any major corporate. With institutional investors now increasingly coming under pressure to consider ESG, any business looking to attract their investment will feel obligated to report on ESG along with their traditional financial reporting.

The report pulls no punches in its forthright advocacy of ESG, even to the extent of saying that to characterize ESG as non-financial reporting is an outdated perception. Instead the report argues that we must now regard ESG is a measure of long-term value.   “Failure to consider long-term investment value drivers, which include environmental, social and governance issues, in investment practice is a failure of fiduciary duty.”[10] When Standard Life Aberdeen sold all of its shares in Manchester-based fast fashion chain Boohoo in mid-July it did so on ESG grounds, namely that such appalling working conditions are not only unacceptable but also unsustainable and saying that Boohoo’s response regarding those conditions being made public was “inadequate in scope, timeliness and gravity”.[11]

This episode also makes clear the role of ESG in understanding the risk profile of a business, which is itself a measure of long-term viability and profitability. Fiduciary duties are expressions of the obligations of those who manage other people’s money to act only in their beneficiary’s interests. This is a bar already set very high; however, institutional investors striving to demonstrate the prudence of their decisions will increasingly be required to take account of ESG.

As investors, institutional and otherwise, step up demands for ESG reporting, reporting itself will come under greater scrutiny and questions of materiality will drive greater precision and more exacting metrics. After all, if investment decisions are now going to be made, at least in part, on ESG statements, then the reporting relating to them is material. Inaccurate and/or misleading claims will have important implications for those businesses which make them, potentially resulting in reputational damage and regulatory sanctions.

US regulators have already made public statements demanding more accountable reporting of ESG in clear, unambiguous language. Elad Roisman, a senior official at the US Securities and Exchange Commission, said recently: “Retail investors who want ‘green’ or ‘sustainable’ products deserve more clarity and information about the choices they make .” [12] This observation brings us back to the issue noted at the outset of this article: too few businesses, across a broad spectrum of industries, that wish to report with integrity can do so with accurate data, based upon relevant and verifiable metrics, because their information management systems are not sufficiently comprehensive to provide a convincing narrative to investors.

Creating a Comprehensive Information Management System

When a business first looks at an ESG issue, it is difficult to see it whole. It’s like a ball. Your view is of a single point, the point at which you are looking. There will always be something hidden: the dark side of the moon, as it were. To see the issue whole, you must be able to rotate it, so that you can see it from every conceivable angle.

A comprehensive information management system enables you to achieve this global view, as it allows management to gather information from across the enterprise from different departments and business units whose input is critical to produce a strong, persuasive statement that links accurate, verifiable data with the ESG narrative. This information collection exercise should include the good and the bad. The London Stock Exchange emphasizes that it is equally important for organizations to report unfavorable data accompanied by a narrative that both gives reasons and sets out remedial action. Otherwise, it risks creating “an environment of mistrust” with investors.[13]

Once management has defined its ESG strategy, it should communicate it throughout the organization, identifying the risks and opportunities that flow from the strategy and asking for additional comment. These multiple narratives form a library, which updates in real time as new information is added. It is sometimes difficult to identify all of the actors involved in any given issue, so a process can be simultaneously initiated, which identifies the employees involved in carrying out the day-to activities related to it.

Maintaining an ESG Obligations Register: Ensuring Accountability

Identifying the people engaged in the day-to-day activities of each ESG issue helps to create a reliable framework for establishing accountability. As organizations learned following the Enron fiasco and the subsequent passage of the Sarbanes-Oxley Act in 2002, accountability is vital to good corporate governance. Consequently, it is important for an organization to define its ESG obligations for each of the non-financial issues that it identifies as relevant to its business.

The organization’s information management system can facilitate this task by incorporating an ESG Obligations Register, linked with the roles responsible and accountable for each obligation. A typical ESG Obligations Register would include: a unique identifier for each one; the obligation itself, covering its intent and purpose; the relevant provision, taken from the appropriate ESG frameworks; the obligation type; its status; its source (agreement, legislation, regulation, guideline, internal policy, etc.); relevant Business Units; department/role; internal controls (relevant procedures, guidelines, standards, policies, etc.); topic allocation (greenhouse gas emissions, board and management climate oversight, gender diversity, child and forced labor, supplier code of conduct, etc.); internal audit ranking priority; verifiable evidence (such as data to support reaching GHG targets); comments (useful for sharing knowledge); ideas for improvement; and last review date. The ESG Obligations Register should also include automated alerts, where appropriate, to indicate areas of medium-to-high risk.

Internal Controls: Ensuring Accountability and Meeting ESG Objectives

Internal controls provide the checks and balances for ensuring accountability, and are vital for meeting non-financial ESG objectives. Organizations are accustomed to applying the COSO Internal Control Framework for financial reporting, so it is important to agree an appropriate framework for reporting non-financial ESG information. One solution is simply to adapt COSO for this purpose, since it is an internationally recognized standard. COSO itself anticipated the value of its applicability to “other important forms of reporting, such as nonfinancial and internal reporting” in the introduction to its guidelines. It also has the benefit of providing five clearly defined components: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring.

Below, we take a brief look at the first of these five controls in relation to managing ESG Obligations.

Control Environment: The Board’s Commitment to Managing ESG Issues

The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. []

The control environment has never been more important than it is today, as businesses challenge the Friedmanite model of shareholder capitalism, with its controversial claim that businesses have no responsibility either to people or to society. Klaus Schwab, the founder of the World Economic Forum (WEF) has recently noted that “this form of capitalism is no longer sustainable.” He attributes his change in thinking in part to “the ’Greta Thunberg’ effect: The young Swedish climate activist has reminded us that adherence to the current economic system represents a betrayal of future generations, owing to its environmental unsustainability.”[14]

Even if Friedman’s view is accepted, managing and improving ESG performance is in a company’s best interest, its core objective being to preserve and enhance shareholder value where possible. To avoid public relations disasters that impact on share price, to attract new investment (or to prepare a company for sale) and to retain high-caliber staff and long-term engaged customers, it is in the self-interest of companies to be competent at ESG and be able to report this effectively. As Bank of America Merrill Lynch noted in a 2018 study, “firms with a better ESG record than their peers produced higher three-year returns, were more likely to become high-quality stocks, were less likely to have large price declines, and were less likely to go bankrupt,” [15] an observation which this year’s World Economic Forum Annual Meeting highlighted in its discussion of sustainability and profitability.


What the WEF is addressing here is the need for a major strategic rethink in which non-financial ESG information is given parity with financial information. The two are now, in fact, inseparable. As Blackrock notes on its website: “There is increasing awareness that material environmental, social and governance (ESG) factors can be tied to a company’s long-term performance. As such, more and more investors are looking to integrate sustainability insights and data into their traditional investment processes.” On 10 September this year UBS, the Swiss-based multinational investment bank, announced it “is recommending sustainable investments over traditional investments for all of its clients that invest globally”.[16] The London Stock Exchange guidance adds that issuers “should explain the relevance of ESG factors to [their] business model and strategy,” describing how they are positioning themselves “either to benefit from these factors or to manage and mitigate the risks associated with them. Issuers should also explain how they intend to access the new opportunities and revenue streams generated by green and socially beneficial products and services.”

To implement such a strategy and illuminate for investors the risks and opportunities that underpin it, accurate, reliable, and timely data must be readily to hand. A comprehensive information management system enables management to assemble this data into a compelling ESG narrative that unleashes the power to attract maximum investment. As the Head of UK Equities at Aviva Investors has stated: “ESG data influences how we invest. We therefore need companies to report on ESG with the same level of diligence, controls and precision as they do for the data provided in their annual report and accounts.”[17]

About the Authors

Tim Bovy Tim Bovy has over 35 years of experience in designing and implementing various types of information and risk management systems for major law firms such as Clifford Chance; and for international accountancy firms such as Deloitte. He has also developed solutions for organizations such as BT, Imperial Tobacco, Rio Tinto, the Kuwaiti government, The Royal Household, and the US House of Representatives. Tim is an elected member of The Royal Institute of International Affairs, Chatham House, an Independent Think Tank based in Central London.  Tim holds a BA degree, magna cum laude, from the University of Notre Dame, and MA and C.Phil degrees from the University of California, Davis

Ian HodgesIan Hodges has worked in a variety of information management roles over a twenty-year career. He has designed and implemented records and information management systems at a national scale, developing parts of the digital archive at The National Archives (UK). At a corporate level he’s undertaken information management projects with The Royal Household and Her Majesty’s Treasury.  Ian also has information rights expertise developing policies and procedures for Freedom of Information and Data Protection compliance and working as a Data Protection Officer.  In addition to CISM, CIPP/E and CIPM certifications, Ian holds a BA degree from the University of Southern Queensland, a postgraduate diploma from Deakin University, Melbourne and an MA from Birkbeck, University of London. 

David RyanDavid Ryan is Managing Director of ReviewPoint and was formerly Director of Information Assurance at the Royal Household. As Head of Digital Preservation at the UK National Archives, his team won a Queen’s Award for Technology in 2011. David also served as Head of Information Management at Pfizer Ltd.  A graduate of King’s College, London, he also holds a Postgraduate Diploma in Archive Studies from University College, London.



Please enter your comment!
Please enter your name here