cancel

Tech-driven ESG: Navigating risks with precision

Strategies, challenges and controls for seamless ESG implementation.

Man And Woman In Farm

In the dynamic realm of modern business, technology plays a crucial role in seamlessly integrating ESG considerations into strategic processes. This integration ensures reliable reporting, robust data governance and a transformative leap in ESG assurance. Simultaneously, existing financial reporting structures provide a solid foundation for expanding into non-financial measurement, reporting and risk management.

Companies everywhere are transitioning to more sustainable business models to lower their carbon footprint, reduce waste and pollution, use fewer precious resources and recycle products, parts and packaging. They're also embedding diversity, equity and inclusion into the workplace so that all workers are treated fairly and humanely.

Such practices should help sustain the environment, make organizations more resilient to climate change and geopolitical tensions, and more attractive to investors, customers, employees and job seekers. There is also increasing pressure to report on ESG performance to comply with regulations and satisfy investors, consumers and the media. Regulators and capital markets now expect non-financial reporting to meet the same high standards as financial reporting.

Technology plays a vital and increasing role in the ESG evolution, driving strategy, operations, reporting and controls, and governance. Some of the accompanying transformation projects are huge, as companies convert to renewable energy, re-design manufacturing to become more circular, and re-configure supply chains to become more sustainable and adaptable.

According to technology leaders surveyed in the KPMG Global Tech Report 2023, ESG is their companies' top technology innovation priority. ESG data is at the heart of this transformation, enabling companies to track their ESG progress, disclose accurately and on time, and, crucially, manage risks like data privacy, security and reliability and non-compliance. 

In the ESG evolution, technology isn't just a tool — it's the catalyst. It transforms strategy, operations and reporting, making sustainability an integral part of business DNA.

Phil Lageschulte

Global Risk Leader

KPMG International


You can't improve what you don’t measure


Measurement and reporting are crucial in implementing ESG into operations, and there is a vast and increasing number of metrics.

For ‘E’ (environmental), these include carbon emissions (internally and across the supply chain), energy consumption (renewable versus fossil fuel), usage of resources like water and minerals, waste, and recycling rates of materials, both in operations and in products. From an ‘S’ (social) perspective, organizations need to measure workforce diversity, salary equity, labor practices (again, including suppliers), and employee health and safety. Finally, for ‘g’ (governance), it’s all about governance structure and practices, encompassing board diversity, ethical business practices, executive compensation, and shareholder rights.

Half of the respondents to the KPMG Global Tech Report 2023 say expectations of ESG transparency are driving their transformation efforts.

Many key decisions will be based on ESG metrics, aided by real-time insights, including predictive analytics that might tell you whether you will likely meet a particular target. However, establishing processes for collecting, analyzing and verifying data is a considerable challenge, especially when it comes from outside the organization via third parties. For example, a robust report should show if your organization works with non-sustainable suppliers.

Companies should also be confident that data is complete and accurate enough for internal decision-making and external regulatory reporting.

Keeping on top of regulatory change and assessing its impact


ESG regulations are a major driver of corporate decision-making, affecting every part of the company. The first step in managing ESG risks is first to assess and quantify the prevalence of these risks. Which business processes are most exposed to ESG risks? The compliance and risk functions should hold a discovery exercise, with relevant business teams to determine how ESG regulatory change might affect the organization’s current technology and the kinds of metrics to be reported. While adhering to ESG regulations is critical, this is a minimum expectation and the control framework needs to be more robust and accommodate newer and emerging risks.

With a clearer understanding of data requirements, the company should be in a better position to enhance its existing risk and controls frameworks, invest in appropriate new technologies and redesign or improve processes.

Managing risk through processes and controls


ESG-related risks have the potential to affect multiple areas of an organization beyond the ESG realm. The ESG risk universe overlaps with that of operational risk, technological risk and even overall enterprise risk.

The risks of failing to track and report ESG performance are significant. Take HR, where companies need to have checks against bias in recruitment, promotion and pay. It’s a similar story with climate change, where reliable measurements of carbon emissions are required to compare against targets and benchmarks. Suppliers, meanwhile, need to be carefully vetted and regularly checked to confirm they aren’t using child labor or polluting their local environment.


Navigating ESG risks is a multifaceted journey. Beyond internal controls, a vigilant eye on third-party engagements is essential — helping to ensure a resilient, sustainable path forward.

Laurent Gobbi

Global Technology Risk & Trusted AI Leader


In addition to the scope of ESG itself, various external and internal stakeholders are involved, including governments, regulatory bodies, shareholders, customers, employees and the public. The impact of ESG risks is far-reaching and cuts across most business areas, functions and the three lines of defense. While the quantum effect may vary, it does necessitate immediate and urgent action by senior management to design a robust ESG controls framework to mitigate these risks.

Installing controls helps reduce the risk of getting metrics wrong and, crucially, provides a defense that the organization made adequate provisions to avoid such errors. These controls should test the systems that provide data and show that access protocols are sufficiently secure to protect against hacking and data theft.

The risks of non-compliance with regulatory requirements, in specific, are significant in terms of potential penalties and reputational harm. And, with third parties forming part of organizations’ ESG obligations and commitments, technology can help manage associated risks, using inbuilt checks for due diligence, onboarding and ongoing monitoring — and a safe exit once the relationship has terminated.

Another critical element of controls is auditability: the ability to trace data flow from end-to-end. When combined with internal and, ideally, external, independent assessment, the organization can demonstrate that it manages ESG risks effectively.  


With the internal audit function now being strategic advisors to the Board and senior management, they now see merit in aligning their audit plans and making necessary investments to further an organization’s ESG technology risk management efforts.

Anil KV

Global Leader for IT Internal Audit & Partner

KPMG in India

Anil

Don’t reinvent the wheel


Of course, companies have been refining their financial reporting for decades, and ultimately, non-financial reporting should become part of the same process, offering a 360-degree view of corporate performance. Existing financial systems have evolved to a high level of maturity and are subject to external audit and regulatory scrutiny.

Almost three-quarters of respondents to the KPMG Global Tech Report 2023 are confident they can progress their near-term ESG ambitions using their existing technology stacks. Financial and non-financial reporting systems need to be interoperable and ‘talk’ to each other. One example is using the same data and analytics tools to track performance, manage reporting and identify improvements. IT leaders should be thinking about how they can integrate ESG into business processes and adopt relevant new software tools.

Given the complexity of existing regulations and the constant introduction of new ones, there is a great opportunity to build technology solutions that can help meet multiple regulatory requirements and be used across different processes, systems and geographies.

However, it’s a mistake to think this is just a technology challenge. Building strong controls involves a joint effort from IT, ESG/ sustainability, finance, operations, compliance, legal, product development, HR and sales and marketing. The CIO should be involved from the start.

Setting good governance from the outset


ESG is a board-level issue that can determine a company’s competitiveness and reputation, so sponsorship — ideally from the CEO — adds appropriate weight and momentum to embedding sustainability and social goals into mainstream business strategy.

This calls for an understanding of both ESG and the underlying technology to drive a sustainable strategy and operations. An internal control team may be able to lead the framework design and help re-design processes to incorporate ESG metrics and reporting.

The four key steps towards a strong control system are:

  • Development of an ESG strategy.
  • Design and implementation of processes, systems and controls.
  • Measuring, reporting and monitoring of ESG assurance activities.
  • Enabling ongoing continuous improvement activities in your business.

A strong governance structure, enhanced by technology, is the foundation for efficient management of ESG risks and controls. This framework promotes transparency, accountability and sustainable decision-making in the continually changing business landscape.

Nehal Jilka

Partner, Tech Risk

KPMG in the UK

nehal

Navigating key ESG considerations


Organizations should systematically address pivotal ESG considerations to refine their sustainability approach. These inquiries encompass:

1.     What are the primary ESG risks and opportunities for your company?

2.     Which ESG standards and frameworks is your company using?

3.     What specific information are ESG stakeholders seeking, and how is the company addressing these requests?

4.     How does the company stay informed about new and emerging regulatory assurance requirements?

5.     What methods does the company employ for collecting ESG information?

6.     What policies govern the company’s data collection processes?

7.     What safeguards are in place to ensure the reliability and accuracy of ESG information?

8.     What additional resources are necessary to implement new ESG processes and controls?

Successfully navigating these aspects enhances understanding of the ESG landscape, reinforcing a commitment to transparency, sustainability and effective risk management. Obtaining thorough responses to these questions is imperative for shaping a strategic approach and ensuring compliance with evolving regulatory frameworks.

Explore our related insights

Risk consulting

Risk management should be embedded within the culture of the organization so that everyone is focused on managing and optimizing risk.

Technology Risk

Manage IT risks for business continuity and regulatory confidence.

Energy, Natural Resources & Chemicals

Find out how KPMG professionals collaborate with top companies in the energy, utility, renewable, mining, and chemicals industries to help uncover new and sustainable opportunities.

Global contributors

We would like to acknowledge the valuable analysis, insights and production contributions of colleagues around the world.

Nehal Jilka
Partner, Tech Risk
KPMG in the UK

 

Annapurna Alladi  
Partner, Digital Trust

KPMG India

Jeremy Fages
Director, Connected Tech
KPMG France

Mallika Chandra
Global Program Director
IT Internal Audit
KPMG India

William Dokko
Principal, Technology Risk
KPMG US

 

             

James Patten
Managing Director, GRC
KPMG US

Anupama Paniker
Senior Manager, GRCS
KPMG in the UK

Get in touch

Laurent Gobbi

Global Trusted AI & Tech Risk Leader

KPMG en France

Anil KV

Global IT Internal Audit Leader, KPMG International, and Partner

KPMG in India

Nadine Hönighaus

Global ESG Governance Lead, KPMG International and Partner

KPMG in Germany

Lisa Rawls

US Service Line Leader, GRC Technology

KPMG in the U.S.


Connect with us

KPMG combines our multi-disciplinary approach with deep, practical industry knowledge to help clients meet challenges and respond to opportunities. Connect with our team to start the conversation.

Two colleagues having a chat