How to conduct an ESG gap analysis

As companies look to develop and implement their ESG programmes, there are a number of issues that commonly come up. As we deliver our webinars and guides on ESG, VinciWorks receives many questions about the subject. Many are addressed in articles on our blog

In this post, we will explore how to do an ESG gap analysis. An ESG gap analysis from VinciWorks looks at an organisation’s achievements in ESG, as well as suggesting potential initiatives and metrics to track those.

What is an ESG gap analysis?

An ESG gap analysis is a tool that helps a company look at its current ESG efforts and compare them to ESG goals. Conducting an analysis like this on a regular basis can help identify what efforts are working well and where you should invest more time and resources.

You’re always doing more than you think when it comes to ESG. Half the battle is pulling together a decent picture of the various bits and pieces happening in the organisation across environment, social and governance issues. Once that’s done, it’s much easier to set metrics, consider new initiatives, and think about reporting. The ESG gap analysis is a powerful tool to help refine your planning and develop your blueprint for the future. 

For most organisations, the gap analysis serves as an initial draft of your first (or next) public ESG report, or ESG sections within an annual report.

Step 1: Prioritise ESG by importance

Before you begin, you need to determine which topics are the most important to your company. Should you focus on reducing greenhouse gas emissions first, or managing energy usage better? Are there health and safety issues that need to be addressed before you tackle supply chain management? Are compensation policies more or less urgent than other governance decisions? 

We call this a materiality assessment. ESG is a very large topic (actually many, many topics), and not everything is relevant, and not all at once.

List ESG topics in order of importance to guide your efforts. It may be helpful to also note the areas in which you have already made significant progress, and which require more attention. Our ESG gap analysis tool does that for you through automated assessments and one-to-one consulting.

Step 2: Identify relevant ESG reporting needs

Next, you should create a list of metrics you can report against. If you are interested in using and reporting against established ESG frameworks, you should list them side-by-side so you can compare the requirements of each one. Doing so will help you to understand the gaps and overlaps between each framework so you can understand how much effort will be required for each. 

As an example, if most reports require disclosure of energy consumption as a percentage of floor area, while only several seek to measure how much energy consumption has been reduced as a result of efficiency initiatives, you may want to focus your efforts on the more common one. Comparing these will help you invest your efforts on the areas that will yield the greatest benefit, and prioritise getting the right types of information first. 

Step 3: Transform metrics into actions

By now, you should have a picture of which projects will yield the greatest return on your efforts, and how to prioritise them. Now, you need to translate these into action. It can be helpful to rephrase your needs into action steps that will be needed to achieve each ESG goal. 

So, for example, if “Energy consumption as a percentage of floor area” was listed as a high-priority reporting need, you could write an action item like “collect data about energy consumption as a percentage of floor area.” 

After doing that for multiple items, you would have an actionable checklist to guide your efforts. Then, you could begin working on your action plan, making adjustments for the costs and efforts of each item. 

While managing an ESG programme can often seem daunting, conducting regular reports like the ESG gap analysis can make it more manageable and more successful for the long term. 

ESG is big, but it doesn’t have to be complex. Through VinciWorks decades of experience in compliance, risk management and best practice, we can help you turn your ESG ideas into action.

What to do next – VinciWorks’ ESG awareness training

VinciWorks’ ESG awareness training is designed to give your employees an overview of what ESG means, why it’s important, and what you can do to help your company achieve its ESG goals. While our micro-course gives an introduction to ESG, our in-depth course goes into further detail of each employee’s personal role and responsibilities in their company’s ESG initiatives.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.