ESG Data Management and Reporting Are the CFO’s Responsibility — Period

This blog post was authored by Jim DeLoach - Managing Director and Host, The Protiviti View on The Protiviti View.

In a global survey of CFOs and finance leaders conducted by Protiviti, ESG metrics and measurement stand out as the highest priority for the finance organisation to address over the next 12 months.

Make no mistake: The new era of ESG data management and reporting is ultimately about risk management. Mitigating myriad risks that can arise from unsubstantiated or otherwise deficient ESG data and report narratives requires CFOs to assert more discipline and control over ESG programs.

Who is responsible: Finance leaders need to address the challenge of ensuring trusted, consistent, and repeatable ESG data and reporting capability.

Start sooner rather than later: Companies need to start building an ESG reporting capability now to meet auditability standards and prepare for upcoming climate disclosure requirements.

As new climate, human capital, and other sustainability disclosure and reporting requirements multiply across the globe, regulators, customers, insurers and bankers are clamoring for ESG data, metrics and related documentation. These mounting demands raise an important question: Who is responsible for responding to these requests?

More than 900 global CFOs and finance leaders recently delivered an unequivocal answer: We are.

In a global survey of CFOs and finance leaders conducted by Protiviti, ESG metrics and measurement stand out as the highest priority for the finance organisation to address over the next 12 months. Nearly 70% of finance organisations indicated a substantial increase in the focus and frequency of their reporting related to ESG issues. These findings also show a notable jump in the number of finance groups (in both public and private companies) that consider measuring and reporting on ESG risks and issues to be part of their roles. Commentary at conferences and in webinars and articles — from CFOs, controllers and other finance leaders across all industries and company sizes — supports these findings. With that matter settled, it’s time for finance leaders to answer a thornier ESG data management question: How can we ensure that our ESG data and reporting capability is trusted, consistent and repeatable?

Addressing that question — quickly, for companies subject to the EU’s Corporate Sustainability Reporting Directive (CSRD) compliance requirements — requires finance teams to exert their internal controls, data management, risk management and reporting expertise while orchestrating the cross-functional collaboration needed to build and advance an ESG reporting capability. While this task may be a mouthful to articulate, it is nonetheless easier said than done.

This work is crucial as the “Wild West” phase of ESG reporting yields to the more settled, increasingly standardised, compared and comparable, and higher-stakes era of compulsory ESG reporting. Myriad reporting frameworks, aggressive activists, lack of rigorous disclosure processes and controls, and the issuance of ESG reports by parties across the organisation who are unfamiliar with relevant regulatory and public reporting standards have resulted in disjointed, uncoordinated ESG reporting efforts. This must change. Regulators expect ESG reporting, whether voluntary at present or required in the future, to meet an auditable standard. Lenders, insurers and investors need to trust the data behind reports and narratives concerning ethical supply chain risks, operations in flood and wildfire zones, and access to raw materials.

Make no mistake: The new era of ESG data management and reporting is ultimately about risk management. Consider the rising tide of greenwashing claims. A recent report analysed 12 brands and 4,000 products and discovered that brands routinely deceive consumers with false claims. While 39% of the products studied had some kind of green claim attached to them, 59% of these claims flouted the guidelines set by the UK Competition and Markets Authority. Another study indicated that eight of 10 EU citizens do not trust the environmental claims listed on clothing products. This won’t cut it with regulators.

And one other point is clear: The prevalence of greenwashing — real or perceived — in the marketplace negatively impacts customer loyalty and satisfaction.

Mitigating the regulatory, revenue and strategic risks that can arise from unsubstantiated or otherwise deficient ESG data and report narratives requires CFOs to assert more discipline and control over organisational ESG programs. They can accomplish this by undertaking the following actions.

  • Shift the ESG data collection mindset from scattered to trustworthy: In many instances, ESG data collection and validation involve unreliable data scavenged from a large variety of disparate sources across the company. The process is diametrically opposed to similar activities supporting financial reporting, which involves reliable, cleansed data sourced from a small set of trusted sources. Just as financial reporting is supported with a general ledger, so must ESG reporting rely on a central repository of ESG-related data and metrics — an “ESG ledger,” if you will — under the auspices of the CFO organisation. For example, a data lake is a centralised hub for housing ESG data collected from multiple sources. It stores necessary types of raw and unstructured data that is used for a variety of ESG-related reports issued to the specifications of different users. Because it establishes corporate-wide discipline by designating those responsible for robust data collection processes and those who approve the data collected, setting automatic reminders and notifications, and enabling the finance team to track progress, the CFO can monitor the pulse of data currency quickly. The result: a collaborative tool, accountability with teeth, a single version of the truth and increased confidence at the top.
  • Leverage existing disciplines and collaborations: Financial reporting requires the application of varied in-house capabilities, including data management and governance, data security and privacy, primary and secondary validations, legal and compliance reviews, and more. ESG data collection and reporting require the application of similar disciplines as well as input from third-party risk management teams, legal and compliance groups, and information technology and security teams, the last of which ensure the efficacy, efficiency and security of ESG data transmissions to and from external sources. CFOs recognise that it takes a village to satisfy ESG disclosure requirements, along with sound data governance, strong reporting capabilities and high levels of accountability.
  • Integrate ESG reporting into ERM: Leading CFOs view ESG as an assemblage of risks to the organisation (e.g., climate change, talent retention, succession, supply chain, DEI, workforce planning, cyber, and board composition and culture, among others) that tie back to the “E,” the “S” and the “G” in ESG. Finance leaders should assert that these risks be added to the scope of enterprise risk assessments and integrate them into strategy-setting, performance management and, as needed, periodic reporting to the executive team and board.
  • Look for operational improvement opportunities: As finance teams elevate the efficacy and sophistication of ESG data collection and reporting activities, they can begin identifying potential operational improvements based on the ESG data and metrics they monitor. For example, if the organisation’s supply chain emissions exceed those of industry peers, there may be opportunities to wring out inefficiencies while strengthening overall supply chain resilience.

Building an ESG reporting capability that satisfies an auditability standard takes time. That said, there is no time to waste when it comes to initiating and advancing on this journey. Tens of thousands of global companies already are subject to CSRD, and the SEC is expected to introduce its long-awaited climate disclosure requirements this year, meaning preparations to lay the foundation discussed above should begin now. If not now, when?

CFOs can expect to contend with plenty of gray areas and ambiguity, as is usually the case when sweeping regulations (e.g., the Sarbanes-Oxley Act) take effect and are initially enforced. The good news is that most, if not all, of the disciplines the CFO needs to develop effective and compliant ESG reporting already reside in the organisation. They just need to be orchestrated and, in some cases, subjected to much greater corporate-wide financial-reporting-style rigor — and we all know the executive who is best equipped for doing so. If not the CFO, who?

This article originally appeared on Forbes CFO Network.


Sam Bassett
Sam is the country leader for Singapore. With over 25 years' experience, he's primarily worked in financial services with consulting firms or directly in the banking industry to deliver change and support strategic, tactical, and operation goals across Asia, Europe and ...