Martin Luther King Jr stated:

Whatever affects one directly, affects all indirectly. I can never be what I ought to be until you are what you ought to be. This is the interrelated structure of reality.

This statement is valid on a personal level, but it is also true at an organizational level. The actions and behavior of organizations impact and shape the world we live in today and into the future.

Organizations need to address environmental, social, and governance (ESG) practices and reporting. Stakeholders, customers, employees, and investors want to ensure that the companies they interact with and invest in share the same values and commitments that they do. Regulators are keenly interested in ESG practices as governments enforce sustainability, social justice, and corporate governance standards. 

The heart of ESG is about the integrity of the organization. ESG covers a broad spectrum of a company’s conduct:

  • E = Environmental: Measures and reports on the organization’s values and commitments regarding stewardship of the natural world and environment. It includes reporting and monitoring the organization’s environmental initiatives for climate change, waste management, pollution, resource use and depletion, greenhouse gasses, etc.
  • S = Social: Measures and reports on the organization’s values and commitments regarding how it treats people. This includes employee and customer/partner relations, human rights (e.g., anti-slavery), diversity and inclusion, anti-harassment and discrimination, the privacy of individuals (both employees and others), working conditions and labor standards (e.g., child labor, forced labor, health and safety), and how the company participates and gives back to society and the communities it operates within.
  • G = Governance: Measures and reports on the culture and behaviors of the organization in context and alignment to its values and commitment. This includes finance and tax strategies, whistleblower and reporting of issues, resiliency, anti-bribery and corruption, security, board/executive diversity and structure, and overall transparency and accountability.

In order for an organization to do ESG reporting, they have to have something to report against. This requires that an ESG program be built on the policies of the organization. 

The very foundation of an ESG strategy is an organization’s policies starting with a code of conduct and filtering down into the breadth of policies that support the many dimensions of the E, S, and G in ESG. It is in the policies that what is acceptable and not acceptable is defined. Policies define the behavior of individuals/roles, transactions, processes, and relationships of the organization.

You cannot have an ESG program without policies. Policies define the organization’s conduct, values, ethics, and controls to address risk and ensure that it reliably achieves objectives, including ESG related objectives. 

Any organization developing an ESG program should have the following in place:

  • Policy framework and index. An organization should have an overall policy management framework and an index of all of the organization’s policies. Unauthorized policies (rogue policies) can put a significant legal liability and duty of care on the organization. This index should tag the range of policies that apply to the ESG strategy and reporting of the organization, starting with the code of conduct and mapping across department policies.
  • Consistent template and style guide for policies. ESG related policies are to be consistently written conforming to the organization’s ‘policy on writing policies’ and style guide. Policies need to be published in an approved template to ensure they are easily recognizable as an official policy of the organization. 
  • Singular portal for policies. All policies should be easily accessible through a singular portal by employees and other stakeholders. When policies are scattered on different department portals, they tend to be managed inconsistently and confuse employees. A strong ESG culture means good policy engagement and easy accessibility to policies. 
  • Training and education. For ESG policies to be effective, it requires that the individual roles in the organization are properly trained on the policies in their particular context of the organization.
  • Processes for monitoring and enforcement. Well-written ESG policies are not enough; they have to be enforced. This means regular audits/assurance activities to measure that policies are adhered to that then feed into ESG reporting.
  • Issue reporting. The organization also needs clearly defined pathways to report ESG policy non-compliance issues, complaints, and incidents. This can be through hotlines, management reports, and other vehicles such as surveys and feedback. 

Guidance on how to implement these elements can be found in the open-source (free) Policy Management Capability Model at

When the organization does ESG reporting, these reports are built off of the organization’s policies and measure the adherence/conformance to these policies. Without clearly defined, communicated, and enforced ESG related policies, the organization has nothing to measure and report from. Policies are the foundation of an ESG program. 

Leave a Reply

Your email address will not be published. Required fields are marked *