8 ways to prepare your data for ESG reporting requirements

Christopher McClure, Rich Perilloux
8 ways to prepare your data for ESG reporting requirements

Does your organization have the data and processes it needs to face changing ESG reporting requirements and prepare for future regulations, too?

Increasing demands from regulators and other key stakeholders for data-driven and verifiable disclosures make this the right time to review your data inventory and infrastructure related to environmental, social, and governance (ESG) reporting.

Following are eight ways organizations can break down silos, aggregate information, and mitigate process issues now so that they can be better prepared for future regulations and ESG reporting requirements.

Sign up to receive our monthly newsletter, RE: ESG, and other ESG insights.

Understand the flow of data for each ESG business process

ESG touches almost every area of an organization, from greenhouse gas emissions to human resources to information security and data privacy. That means a lot of data has to be considered – maybe more than you think. Once each ESG-related business process (both manual and automated) has been identified, organizations should start thinking about the entire life cycle of the data involved, from input through the various systems following through to vendors. Where does the data come from – human resources, a utility provider, or a building landlord? Where does it go? And who is charged with collecting, validating, and reporting?

Identify and inventory relevant data needed for your ESG reporting requirements 

As regulations are fully introduced and implemented, identifying relevant data is critical. Working across organizations might be required to identify the necessary data. Organizations also need to determine whether they own and store the data or if the data is provided by and stored at a third party. In all cases, it’s important to document the specific location of data (such as applications or spreadsheets) with the expectation of evaluating the completeness and accuracy of that data.

Perform a gap analysis between inventoried data and ESG reporting requirements

Depending on the regulations that organizations are subject to, large or small gaps might exist in the data that’s available versus the data that’s required. It’s critical to identify these gaps as soon as possible, since many organizations assume they have what they need to report but then run into a wall when they realize they are missing required data. So how can organizations get this information, and how can they confirm its accuracy, especially if it’s coming from a third party?

Develop a plan to obtain, store, and secure new data to address any identified gaps

Data comes from many different parts of (or even outside of) organizations, and each data set needs a reliable process for collection and verification. Because the data will continue to evolve, this process shouldn’t be built as a one-and-done option but rather as a repeatable approach to obtaining data from multiple sources and at multiple intervals.

Identify risks regarding the completeness and accuracy of your data reporting

A variety of risk areas should be considered. They can include access to add, modify, or delete data stored in an application or spreadsheet; access to modify software application functionality (including data reporting applications); or access to modify automated data processing for data movement between internal applications and third-party vendors.

Identify controls within ESG business processes to address identified risks

Validating the completeness and accuracy of the data is vital. Controls can be enforced in several ways, either through software applications or manual business processes. Given the potential for reporting large and highly technical data sets, building controls into applications and automated data processing is recommended. The maturity of the IT environment will dictate the level of manual controls required. If vendors are involved in ESG business processes, those controls might be performed and owned by those vendors, so organizations might need to consider their ability to gain assurance over that data.

Perform a gap analysis to determine if your existing controls address all identified risks 

Organizations should evaluate if they have the appropriate controls around data and whether they should implement new controls or modify existing controls.

If you identify gaps in your control environment, implement relevant additional controls 

Organizations should consider the completeness and accuracy of their specific data reporting needs when deciding on the most appropriate and effective controls. This step might have a significant impact on business operations. Given this potential impact, it is important to implement relevant and effective controls that meet specific needs – not simply take a one-size-fits-all approach.

As new regulatory requirements, industries, and technologies emerge, moving from manual data collection processes to more automated software solutions can help organizations stay ahead of the curve. And building relevant and effective controls into the process can help them prepare for what’s to come.

Whether your organization needs to identify and implement controls for ESG reporting or to validate the effectiveness of existing controls, Crowe specialists can help you achieve your goals.

Contact our integrated ESG team

If you’re wondering how to take the next step in your ESG program, our ESG team can help. Contact us today to find out how we can help you elevate your ESG strategy.
Chris McClure - social
Christopher McClure
Partner, ESG Services Leader
Rich Perilloux
Rich Perilloux