Transcript | The State of ESG Reporting Requirements and Mandates

ESG reporting is garnering a growing amount of attention today, particularly among board members seeking to understand and possibly comply with specific requirements in their country or their industry. But when it comes to ESG reporting, there are a lot of questions. Who specifically is required to issue these ESG reports? Who is issuing them voluntarily? And more importantly, what do organisations need in order to issue them in terms of data and operational processes?

In this latest episode in our Board Perspectives podcast series, we talk with Protiviti managing directors Jonathan Wyatt and Chris Wright regarding these issues. They offer some great insights that should be especially interesting to board members in a broad range of organisations.

Jonathan is the European regional leader for Protiviti, and Chris is the global leader for Protiviti’s Business Performance Improvement solution, as well as the firm's ESG services.

Kevin Donahue:

ESG reporting is garnering a growing amount of attention today, particularly among board members seeking to understand and possibly comply with specific requirements in their country or their industry. But when it comes to ESG reporting, there are a lot of questions. Who specifically, is required to issue these ESG reports? Who’s issuing them voluntarily? And, more importantly, what do organisations need to issue them in terms of data, operational setups and processes?

This is Kevin Donahue, a senior director with Protiviti, welcoming you to a new edition of our Board Perspectives podcast series, in which we delve into numerous challenges and areas of interests for boards of directors. I recently spoke with Protiviti Managing Directors Jonathan Wyatt and Chris Wright regarding these issues. They provided some great insights that I’m excited to share with you today. Jonathan is the European regional leader for Protiviti, and Chris is the global leader for Protiviti’s Business Performance Improvement solution as well as our firm’s ESG services.

Chris, great to speak with you today.


Chris Wright:

It’s good to see you again, Kevin.


Kevin Donahue:

And Jonathan, it is great to speak with you as well.


Jonathan Wyatt:

Thanks, Kevin. It is great to be here. Thanks very much.


Kevin Donahue:

Jonathan, let me ask you our first question: What are we seeing today from companies in terms of required ESG reporting?


Jonathan Wyatt:

From my perspective, it’s far from straightforward. Anyone who’s tried doing the simple Google search to try and work out what is actually required will recognise quite how confusing this can be. And I think part of that’s coming from the fact that in most of the market — at least that I serve, from a European perspective — there aren’t really any formal reporting requirements at the moment, although that position is rapidly changing as various governments are starting to implement regulations and requirements, having set out goals that they need to achieve over the coming years.

There are many different frameworks and standards out there, and for global companies and for those board directors that are working in those types of roles, I think you can see the complexity because of the different countries that are aligning with different standards, with different requirements, and as we’ve seen with many of these types of areas, that makes it particularly challenging for global companies. The EU, in particular, is working on a topic called the CSRD, the Corporate Sustainability Reporting Directive, which will apply to all large companies and to all companies listed on regulated markets in Europe, but that is still a work in progress. In Switzerland, we’ve got the Responsible Business Initiative, which is been through a variety of different folks and presents a different structure.

The U.K. perhaps is the most developed in that they have made the statement that for all financial years starting after April 2022, there will be a requirement for U.K. companies to align with the TCFD, the Task Force on Climate-Related Financial Disclosures. You’re going to discover a lot of acronyms in all of this as we look at all the different regulations out there. But that is very much a framework, not really a set of rules, not really a set of regulations, which in the U.K. market is something that many organisations are quite comfortable with. We’re very used to a principles-based approach, but there are plenty of other markets, which really want something much more defined, much more structured, much more rules driven. And it’s not the optimal framework for that, but there are a lot of different regulations out there, and I’m happy to share some bit more background on the TCFD and the structure and the guidelines.


Kevin Donahue:

Our audience is very interested in how these frameworks are structured, as well as, are there different levels of who’s required to report, and the level of detail involved? I would imagine that these frameworks provide some insight into that.


Jonathan Wyatt:

The TCFD is a framework, and there are a number of markets aligning with it. The EU is aligning with it, Switzerland and Japan, as well as the U.K., have specifically focused in on it, but we’re also seeing Brazil, Singapore and New Zealand aligning to some extent with principles within the framework. And it covers a number of topics: governance, strategy, risk management, metrics, targets, and then sets out under each of those areas a set of recommended disclosures — the types of disclosures.

It is not specific to the industry. It talks about the types of things that an organisation should be looking to disclose. Then it sets out a set of principles that people should follow when they are thinking about these disclosures. And there are a number of elements to that, and making sure the information that’s being provided is very relevant, specific and complete — not being misleading by reporting elements that are just beneficial to the organisation. Being clear, being balanced, being consistent over time — not picking and choosing based on particular years, but becoming consistent in terms of what they report. Being sensitive to what others in the industry and the segment are also reporting, and trying to be comparable. Making sure that the data that’s being provided is reliable and verifiable, and providing it on a timely basis.

But you can see it’s very much a set of principles, and if organisations worry less about what they are being required to report and take a little bit more of a sense of stepping back and thinking about what they feel they ought to report — and part of that means taking a step back again and asking the questions “Who are the key stakeholders that want this information?” “What information do they need?” — then follow the principles that are set out by the TCFD, that probably is an organisation in good shape.


Kevin Donahue:

Thanks, Jonathan. Chris, what are your thoughts on this topic of required reporting? I’m especially interested in how board members today are viewing this requirement and what role they’re playing in working with management in their organisations to ensure that they’re met.


Chris Wright:

I’ll reflect on some of what Jonathan offered as well. In the United States, while it is not specifically called out as a requirement to make ESG disclosures, the Securities and Exchange Commission is increasingly reflecting on a standard from 2010, which did require public companies to make climate-related disclosures if material, and they have mandated human capital disclosures, which are arguably the S in ESG, around people and how employees experience the workplace at companies. The board members of public companies in the United States and elsewhere, and particularly audit committees — which might be the default committee, because there is disclosure unless there is a separate committee mobilised around this area — should reflect with management on whether they have also revisited their view of whether climate change is material on one hand and whether the required disclosures around human capital are being made accurately.

You can expect that they may be prompted to do that by comment letters from the Securities and Exchange Commission. The SEC has indicated that they will be sending them where they think that makes sense. Following up on what Jonathan said, when the SEC reflects on disclosures around ESG, we understand from some of their commentary that they too reflect on the TCFD framework. That said, where it’s not required — and this may be prompting some of the inquiries by some of the third parties, we understand, from the Center for Audit Quality, which has put out a report of the disclosure from last year, that just over 450 of the Fortune 500 did make ESG disclosures.

So, it’s out there, and when it comes to standards, about a third of them reflected on four standards. Another third, just a few companies less, reflected on three standards. Some reflected on only one or two, but that’s a fairly large percentage of companies that are availing themselves of a number of metrics against which to measure their ESG progress and success, probably because there’s a lack of clarity around the standard. And then, as we signed on to speak to you this morning, Kevin, we were aware that the Committee on Sponsoring Organisations of the Treadway Commission, known as COSO, has now put out a release that they’re going to consider adding to their Internal Control — Integrated Framework, the ICIF, matters concerning internal controls over sustainability and ESG reporting. So, enter a new potential set of standards or frameworks against which to measure results.

All of that suggests that it should be a topic for boards and audit committees in particular — perhaps a standing topic while there are no formal guidelines, just to make sure they’re being tracked. Also, to understand from management whether the SEC has made any inquiries, and to be prepared to deal with that. Board members, many serve on more than one board, and so they’ll bring the experience they have from one company that may have gotten a comment letter to the next board meeting of a company that may not yet or may never get such a letter.

The cross-company awareness that is enabled by individuals who serve on more than one board will also help focus companies on this more holistically and perhaps result in more alignment. We would imagine that over time, as standard centers merge or as there is clarity around which industries are best suited for which standards, you’ll see fewer companies reporting on more than one standard and more companies gravitating toward one in particular.


Kevin Donahue:

The development with COSO is remarkable, and I would imagine it’s going to have a widespread impact given the widespread use of the Internal Control — Integrated Framework by organisations. Chris, I wanted to have you touch further on what we’re calling voluntary reporting. We spoke just now about required reporting, and you mentioned some of the things you’re seeing from there. What is your view right now on who’s requesting that voluntary reporting of ESG? Is it employees, customers, vendors? Is it analysts? The investment community? Is it all of the above?


Chris Wright:

It’s just as widely distributed as the variety of standards that Jonathan discussed just a few moments ago. The SEC may be inquiring in a way about your view on materiality that makes you feel like it’s mandatory, although it is a judgmental disclosure for public companies that choose to voluntarily disclose. They may be doing that in the anticipation of the fact that others may view their view of materiality different. The entire ecosystem is really asking — if you think about all of the companies that have some level of reporting required by someone or some organisation in their ecosystem, then they are requesting others in their ecosystem.

Think about a customer who inquires of you. Your company uses third-party service providers. You’re going to ask your third-party service providers. So the flow of information is moving through the entire supply chain because the ecosystem is asking. Employees are very insistent, interested — there are various levels of animation in various parts of the world, in the various industries, but they are increasingly speaking out and making it known that a buyer value for them and choosing where to work is driving requests for ESG information that’s relevant to their considerations.

Think about what’s going on with people being able to work remotely and perhaps work anywhere they like — the Great Resignation, it’s called in some areas. Those employees are now adding that to the mix of things they consider in choosing where to work or where to keep working. Board members who serve on multiple boards may be doing the requesting because they had an experience on one company and think that the other companies should consider it. A lot of the large organisations with whom a lot of other companies do business are requesting that questionnaires be filled in.

So, it may not be external reporting, but it may be voluntary reporting that feels fairly involuntary, because it’s coming from your largest customer, or coming from your largest vendor or coming from your lender. Lenders are also interested, particularly where some of the capital raising of late is pegged to an interest, or rates of return are based on ESG metrics that need to be reported — and, in that case, also subject to audit, and so, auditors are asking too.

It’s all of the above here, but broadly speaking, you could view it as somewhere end to end in your ecosystem between vendors, customers, employees, stakeholders, investors. I should add investor analysts, and we’re all familiar with BlackRock requesting or demanding ESG disclosure from their investees. The state pension system in California, the state controller of New York, who’s the sole trustee of the state pension system of the state of New York, they’re all requesting or demanding it at various levels as well. You have Fidelity, which has announced that they expect to lower the carbon footprint of their portfolio by 50% in 10 years, and you can achieve that in a number of ways. You could feel the pressure to have a lower carbon footprint, or you could also be dropped from the portfolio so that they can get to the 50%.

There are a number of forces afoot there from the capital-raising perspective. There’s a fairly wide variety of pressures, and, quite frankly, companies that want to do it because they want to do the right thing and they’re interested. It’s not as if everybody’s doing it at the  demand of someone else. Many companies for whom voluntary disclosure has been chosen have done so organically.


Kevin Donahue:

Thanks, Chris. Jonathan, I’d like to hear your perspective on this as well, particularly from the EU perspective. Are you seeing a rise in voluntary reporting?


Jonathan Wyatt:

We are. Many organisations are making some level of disclosure. We see quite a lot of organisations making disclosures which are more related to their goals and targets and their aspirations than necessarily the progress they are making. You’ll start to see, “We aim to be carbon neutral by 2030 or 2045” or “We aim to reduce our carbon footprint by 15% or 20%.” I was reading a cement company’s one yesterday — 35% within 10 years. Those types of more aspirational goals, with indications of the types of things the organisation is doing to achieve those goals and less in terms of fair reporting always on the progress that has been made to date. There are a number of reasons as to why that’s happening.

This is going to accelerate rapidly. There have been a lot of targets set by governments fairly recently, and the easiest way for many of those governments to achieve their targets is to pass that problem on to the organisations that work within their jurisdiction and to then enforce it on their supply chain. And through that, it becomes something that’s quite rapid and quite accelerating, and one of the things that we are starting to see is — and maybe the stakeholder was slightly understated in some of the comments that Chris made, although he did reference it — those elements of supply chain.

We are starting to see demands from our customers to provide quite specific information about elements such as diversity and diversity inclusion metrics being an important factor, but we’re starting to see the ones around climate — our impact on climate companies showing demands that have been very specific about providing a clear view as to how we will achieve certain goals by certain dates, and wanting measures and metrics. As that starts to get enforced on us, we then have to pass that onto our supply chain, because our carbon footprint is usually impacted by our supply chain.

As we start to select the organisations that we work with, we have to start passing on those demands. And in order to make the judgments and to make the assessments, we need some form of reporting that we can fall back on and that we feel that we can trust. You can start to see how this can accelerate very rapidly, and that is starting to happen. Climate is a very hot topic in the EU, and as a result of the goals, the demands, that have been set, I do see an awful lot of change in that space.

The nature and extent of reporting does vary significantly, and typically, at least one of the factors that determines this is how closely aligned elements of ESG and, particularly, climate are with business strategy. I referenced the cement industry in an earlier comment — maybe in oil and gas. If you’re in some of those industries that are very close, you would typically see very extensive reporting, and that’s been coming for a number of years. Whereas, if you’re engaged with an organisation that is less directly in a pipe, you’ll likely see a lot less information being provided voluntarily, but it is changing and the pressure to the supply chain is going to accelerate this very fast.


Kevin Donahue:

That’s a great rundown. Thank you both. I’d like to pivot and begin to talk about some of the operational aspects of ESG-related reporting. Jonathan, first, let me ask you, who in the organisation do you see being tasked with this reporting at the moment? What are some of the C-suite officers or other individuals who are leading the way on this?


Jonathan Wyatt:

I don’t know that there is a consistent home for this. We do see some organisations that have gotten dedicated teams focused on it, and that is more likely to be where this is a little bit more advanced, and maybe linking to some of the industries where this is a critical component to their medium-term strategy, if not short-term strategy in some organisations. But in many, it’s been more closely aligned historically with those responsible for the investor-relations side of the business. That is going to change, and is starting to change.

As we start out moving much more to required reporting, we’re starting to see that aligned often with financial reporting. The expectation is that we’re seeing more of this moving under the CFO, but that’s not necessarily where it sits today. And maybe, Chris, you’ve got a more specific view on some of that, but my sense is, it’s often scattered as well. ESG as a topic is not necessarily always owned, so you may well have the HR team much more responsible with some of the diversity inclusion and some of those elements, the CIO owning some of the data and privacy elements, and then some of those more strategic elements may well be sitting with the CEO and the COO and others. It does vary, but there will be a need with some of this to pull it together in a more structured and organised way, and some organisations have recruited senior people to own that and to take that responsibility, but many have yet to get there.


Kevin Donahue:

Chris, are you seeing any trending on your end with regard to specific individuals or functions tasked with reporting? I also wanted to ask you, in relation to that, are some organisations building out a specific department or function that’s focused entirely on ESG reporting and related activities?


Chris Wright:

Jonathan covered this well. It really depends on how the companies are organised and who’s getting the reporting. Let’s say it’s a public company. Regardless of where they file, in the U.S. or otherwise, the standard public company report of operating or financial data is typically signed by two people: a CEO or their equivalent and a chief financial officer or their equivalent. And what we are finding, because it’s generally a table with numbers, is that it’s the CFO’s problem or responsibility, whether she likes it or not. That’s the go-to for that type of information in that type of filing. Obviously, they’re leveraging information.

We talked a little bit about COSO starting to weigh in now. The notion of internal control over financial reporting, those premises and those tenets, would apply to this. It’s just that the data is not necessarily financial. In fact, it’s likely to not be financial, and so what should we do to make sure it’s correct? At one level, it’s the same, but the sources are all different. That’s for broad ESG reporting.

As public companies in the United States had to report human capital metrics, they were relating to or relying on chief human resources officers, if they have one. Most companies have one. Because the data was HR in nature, chief human resources officers were coming up with that information, but they weren’t necessarily the person doing the reporting. They were just doing the providing of the information, and then, of course, the follow-up investor relations is on deck once the data is out there, once the information has been provided. Quite often, investor relations people, departments or firms, if they’ve outsourced that or co-sourced it, are involved. It has moved through those chairs rather rapidly.

We see with every private company with whom we are engaged in some form of reporting to get ready for an IPO. It’s on the agenda for 100% of those companies, because they realised that it’s new and it’s emergent and the commission has expressed interest, obviously, even in that 2010 climate-change provision as perhaps a lever to get people to do more disclosure. That becomes an external SEC council matter as well, since private companies getting ready to go public typically rely heavily on attorneys who are preparing filings.

To answer your final question, Kevin, we are seeing, increasingly in particular industries, consumer products and retail in particular, oil and gas and utilities, where a lot of customer or media focus has been on ESG metrics of some kind. We are seeing persons or departments that are built around sustainability and who are responsible not only for reporting but also for organising green programmes and diversity, equity, inclusion programmes throughout their organisations. Those people tend to be involved in the reporting but also are very much involved in the operations.


Kevin Donahue:

Thank you, and I want to remind our audience here that Protiviti has published a wealth of content on this evolving world of ESG standards reporting and the like. One piece of our Board Perspectives newsletter series, “10 ESG Reporting Questions Directors Should Consider,” will be of especially strong interest to our board member audience. You can find that through a link I’ll put in our show notes.

Jonathan, continuing on my line of questions regarding the operational aspects of ESG reporting, today we expect a lot of work related to ESG reporting to be manual. Now, we do also expect things to evolve like they do in other parts of the organisation. What tools are being used or developed to enable or even automate ESG reporting if not today, perhaps in the near future?


Jonathan Wyatt:

There are an awful lot of tools out there that are being branded at least at the moment as having an ESG component. For me, it’s a little bit like digital was a few years ago. Every tool was going to enable digital transformation, and when you got to the heart of it, it was often a fairly standard traditional tool repackaged, rebranded, and we are seeing quite a lot of that in the ESG space. For me, the real challenge for many organisations here is, first, identifying the data that you’re being asked to report on.

For many organisations, it’s not information that they have historically captured. Most organisations, you just take a high-level goal that many organisations will have, which is to get to carbon neutral by a particular point in time. Some organisations are being more serious in that than others. Actually measuring your carbon footprint and capturing the carbon footprint and just even capturing the data that would enable you to start to attempt to quantify that is not straightforward, and it’s not readily available.

The reality is, organisations have got to think quite hard about what are the key components and metrics that they want, what are the measures that they want, and then to think quite hard about tools and technology. But a lot of what you actually find is, ESG tools are layers being applied, modules being applied, modules being added to very much traditional reporting tools. I’m not seeing fundamentally new things in each different area, and the challenge with ESG is, it’s such a broad topic. There’s such a large number of topics included within it, and each of those different areas may well have, and do have, tools that can help you as you navigate through it. But to say there is a single tool out there that’s specific, that is an ESG tool, that is going to solve an organisation’s problem, is unrealistic.

This is much more about thinking, first of all, back to the stakeholders — about what matters to them, thinking about what we want to report and what we’d like to be able to report, and then thinking about how we will start to collate that information. And then, only at that point can you start thinking about tools and technology to help it. You can try and run, lead, with technology and get excited about the technology. It will take you down a wrong track, and the right place to start with all of this is being very clear about what you want to achieve.

The other big challenge with many organisations when it comes to this, which does impact reporting quite a lot, is, yes, it’s challenging to identify the information to report. But then it’s also often a challenge that organisations don’t like the information that comes back, or the answer that comes back.

We’ve seen this on diversity and inclusion metrics over the years. We’ve seen this on gender differentials on pay. Organisations, when they have standard metrics, don’t like the answer that comes back, and the challenge, therefore, is not specifically the reporting. It’s all the change that needs to happen, and to lead ahead of that, and organisations need to focus on that: getting to the point that they’re comfortable with the answer that’s coming back, anticipating the questions that are going to be asked and then drawing on tools where they need help with collating the information where it might not be easy to have. But there is no generic simple answer that would apply to a wide diverse set of organisations.


Kevin Donahue:

Jonathan, Chris, this has been a great conversation. I have one more question I want to toss out, but first, I want remind you, our listeners, that you can subscribe to our Board Perspectives podcast series wherever you get your podcast content, and hear more interesting conversations and insights like this. And visit for a wealth of information and content we’ve produced specifically for board members.

Chris, related to the technology and tools available, are you seeing ecosystem partners for organisations being aligned and utilised to enable baseline or perhaps better ESG reporting for organisations?


Chris Wright:

Yes, Kevin, and we’re seeing that evolve as well. The big ERP players, of course, are also seeking to enable that through the systems that companies may already have native for all of their other reporting. But when you think about what you might be reporting from an operational-data perspective about how you’ve procured goods and services, employee metrics — particularly, diversity, equity and inclusion — there are a number of partners with whom companies work to help provide the information they need for ESG reporting.

Think about those who do process mapping, or perhaps those who do process mining, to help show how goods flow and understand where they’re coming from and to ensure that the diversity or the sustainability that they expect from vendors and customers is happening. A number of companies use human resources consultants to help them not only report employee metrics but also try to improve them.

Where we’re seeing this elevate more is not in as much in the reporting as in the fact that once companies start to voluntarily report or are required to report, they’ll want to report better numbers the next time. Where the ecosystem partners are really coming into play is not only on the baseline reporting but also on working with companies to figure out how to operationalise the kind of activities that will allow them to report the data, but also to report and reflect on improvements that they’ve made so that they’re not just reporting against the goal, but also showing progress toward the goal.

Board members obviously have a role in that anywhere along the spectrum from inquiring to setting standards to setting and approving the objectives to also, at times, approving the funding. That funding can quite often come in the form of a request from an FP&A, from an accounting function. It could come from investor relations, and Jonathan touched on this in talking through the tools: It could be very much an IT request, as a lot of these ecosystem partners are those that relate to the company’s information systems.


Kevin Donahue:

Jonathan, I want to give you the last word here — your closing thoughts or comments on this topic today and areas you think, in the big picture, organisations should be focusing on with regard to ESG reporting.


Jonathan Wyatt:

An organisation should, in general, worry less about which framework, which standard, along with the topics we’ve talked about, and focus much more on what is important and why. Where is the pressure coming from? What do those individuals care about? What needs to change? Ultimately, what do we need to improve? The hard thing for many organisations is taking action, not talking and reporting about it. Reporting on progress will be uncomfortable for many, but I don’t think that’s the hard thing. The hard thing is driving the change through the organisation, effecting change and getting to a point where we are comfortable reporting the data that we have.

If you focus on stakeholders and their expectations first, that will guide you. If you’re genuine and authentic, which I think is an important part when it comes to this, and apply the principles — I touched on the TCFD, which we talked about being quite widely used, particularly in the U.K. where I am based — you will be in a good place. If you’re unclear how to report, the standards set by organisations like SASB and GRI and others will give you very specific formulae and guidance on the specifics of how to report. But for me, the big challenge for most senior leaders and board directors is getting to the point where you’re comfortable reporting the data that you collect, and that’s where most people need to focus their mind on: strategy.


Kevin Donahue:

Those are great closing thoughts from Jonathan, and they underscore some of the key points that he and Chris made throughout the podcast. It’s important to be genuine and authentic in your reporting on ESG and to focus on stakeholders and their expectations first before diving into the details.

Thank you for tuning in today. I hope these insights from Jonathan and Chris were of interest to you as a board member and help guide you in working with your management. To learn more, please visit, and I hope you’ll subscribe to our Board Perspectives podcast series and review us where you get your podcast content.