ESG survey – Reputation and risk key drivers for 60% of companies

What are people doing on ESG?

Many businesses are starting to figure out their ESG strategies. It’s not always easy to start, or know what the business is ready to do. Taking on an ESG programme can seem like a big challenge, but actually many businesses are already doing a lot on ESG already, and a big part of getting started is pulling together existing data.

On our recent webinar on How to Implement an ESG programme, we surveyed over a hundred leading businesses and law firms on what they are doing around ESG.

What we learnt from our ESG survey

What is ESG?

The acronym stands for Environmental, Social and Corporate Governance, and refers to three central factors in measuring the sustainability and societal impact of a company or business. 

Global businesses are no longer working on environmental, social and governance issues in a silo. They are bringing them together under the banner of ESG to demonstrate the positive impact their existence is having on the world.

The webinar

VinciWorks recently held an on-demand webinar covering everything ESG: a new, more holistic approach to corporate accountability.

In this webinar, our experts explored the future of corporate accountability rules, and how to stay on top in the changing world of corporate compliance.

The webinar covered:

  • New ESG regulations in the UK, US and EU
  • How to undertake an internal ESG audit
  • Preparing for ESG reporting and regulatory disclosures
  • What VinciWorks can do to help with ESG compliance
  • Your questions on ESG reporting and compliance

The survey and key takeaways

During the webinar, we took an ESG risk-assessment survey amongst participants to get a sense of where various organisations stand with regard to ESG: what they know about it and what they are doing to educate themselves and move forward. We then took a look at the responses, from which we can see, on a micro level, where businesses are standing with regard to ESG. Let’s take a look at some of the questions and responses.

The questions:

  • Have you heard of ESG before this webinar?
  • Does your business undertake ESG reporting?
  • Which factors are likely to be most relevant to your business? (You can select more than one) — Environmental, Social, Governance?
  • Overall, do you think your business is ready for ESG reporting?
  • Most ESG ratings are out of 100. If you were to rate how well your business is mitigating Environmental, Social and Governance risks out of 100, what rating would you give?
  • Select if your business has any of the following. (You can select more than one)
    • An ESG committee with board-level involvement
    • A sustainability committee
    • A comprehensive environmental policy
    • An energy conservation programme
    • Employee diversity reference groups
    • Anti-bribery training
  • Do you expect to be spending more time on ESG in the future?

The responses:

Let’s take a look at the dashboard and break down the data.

The responses showed the following:

  • A strong majority of survey participants had heard of ESG before the webinar
  • Slightly more than half of the people that answered are at least somewhat familiar with ESG 
  • A few responded that they were very familiar with ESG 
  • Only a small number of people responded that they had started actively taking steps to move forward with ESG reporting 

Among those few, some companies said that they had started working on ESG compliance measures quite recently, which shows that the relatively new concept is beginning to gain a stronger foothold in the business world, and a good number of survey participants responded that they are planning to take steps to begin ESG reporting in the near future. All in all, the survey shows that the vast majority of people are expecting to spend more time on ESG reporting. 

Indeed, this is likely to increase with more and more ESG regulations on the horizon and large global companies begin to focus more on ESG. In the EU, proposed ESG regulations are likely to be implemented soon, the UK is also taking steps to implement expanded environmental regulations, and the US Securities and Exchange Commission investment committee is moving forward to recreate a framework for ESG disclosure. Samsung announced in late February 2021 that it was redoubling its efforts toward environmental, social, and governance (ESG) initiatives, Nasdaq is considering requiring their listed companies to make diversity disclosures, and the PwC recently noted that 77% of institutional investors planned to stop purchasing non-ESG products. 

Though the thought of undertaking ESG reporting and becoming compliant might seem overwhelming at first, many companies will find that they are already doing many aspects of ESG reporting. For example, many companies probably already have systems in place for environmental reports, social questionnaires, and governance compliance training, so it might be less of an issue of undertaking an entirely new and overwhelming project and more of a case of doing a bit of reorganisation and pulling already-existing reporting together under one unified ESG umbrella.

What’s next?

As mentioned above, countries such as the UK and the US are taking steps to implement ESG regulations and the EU is drawing up legislation for a new directive aimed at harmonising ESG reporting. 

The proposed regulations are likely to go up and down the value chain, which means customers as well as suppliers. Businesses will likely be required to carry out due diligence on their supply chains and publish how they are sourcing key commodities responsibly. 

ESG is also having a strong impact on the investing world, as it helps investors understand the resilience of firms to ESG risks, whether they be climate change and environmental disasters, accusations of racism or harassment, or governance failures such as fines for bribery. 

Though we won’t know the exact details until the new directives and regulations are approved, with some probably to be in place already by the end of this year, it’s worth thinking now about how to apply due diligence to your supply chain and integrate sustainability risks into your internal processes and policies. 

What is driving your ESG initiatives?

As the key driver of ESG, respondents were evenly split between their key driver for implementing an ESG initiative. Improving brand image and reputation was the key driver for 30% of companies, as was managing risk and reputation.

Pressure from customers, achieving cost effectiveness and attracting and retaining employees was the key driver of 10% of other companies respectively, while pressure from investors was the key driver for only 2% of companies.

Which element of ESG are you most concerned about?

Half of companies were most concerned about the environmental side of ESG, with the others evenly divided between social and governance. This is consistent with what we are hearing from companies, particularly professional services firms, who haven’t perhaps considered environmental tracking before. 

Use of ESG reporting frameworks

Only 20% of companies had so far signed up to a particular ESG framework. Around a quarter were using the UN’s Sustainable Development Goals framework, another quarter were using the Carbon Disclosure Project. TCFD, GRI and SASB were used by around 15% each.

Business commitments to ESG

Key to getting an ESG programme moving is board and senior management buy in. Over 65% of companies have senior management responsibilities for ESG, while 60% have assigned a designated reference person for day-to-day ESG matters.

Our first recommended step when it comes to implementing an ESG programme is establishing a committee. Exactly half of respondents have done so, and half have not.

Use of ESG software

ESG software solutions can help to track different strands of ESG and bring them into one place. One of the hardest parts of an ESG software solution having it able to track carbon data alongside diversity information and bribery training. Systems might be able to get very detailed on tracking environmental aspects, but ESG is of course broader than only that. Unsurprisingly, 90% of companies we spoke with are not using an ESG software solution.

When it comes to measuring carbon within the business, nearly half of companies we asked were doing manual calculations, while 30% had outsourced this to an external consultant.

Carbon neutral commitments

This is where a company says it wants to achieve net zero emissions by a certain date, often by 2030. To get there, a company must be able to measure, and track, its emissions. We were surprised to see that 30% of companies we asked had already made a net zero commitment, given so few were using any kind of software to track their overall ESG commitments.

This could mean some companies have made a net zero commitment and aren’t yet sure how they are going to achieve it. 60% of companies had not made such a commitment yet.

Over half of companies are not tracking the carbon emissions of travel, while the same 30% who had made the net zero commitment were. This is another critical element of getting to net zero, tracking carbon from travel.

Implementing an ESG programme

For more on getting started with ESG, download our guide to implementing an ESG programme.

VinciWorks’ supplier compliance solution with Omnitrack


VinciWorks has evaluated the way businesses send out and collect supplier questionnaires and developed software that makes it easy to create and send out intelligent automated supplier questionnaires. The forms are fully customisable and include conditional logic so that suppliers are only presented with questions relevant to their services and products. Suppliers who don’t respond are sent email reminders and red flags are automatically escalated. The graphical dashboard aggregates the data and delivers instant analysis. Omnitrack‘s supplier tracker offers administrators new insights and breakthrough levels of ease and efficiency.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.