Your ESG guide to IIRC

ESG reporting framework

ESG (Environmental, Social, and Governance) can feel like an overwhelming and confusing topic, from understanding which data should be tracked to figuring out which framework to use. Are ESG frameworks mandatory, or even necessary, for ESG? Which framework is right for your industry and type of organisation? What’s the benefit of aligning to a framework? ESG reporting and ratings drive a huge and growing amount of investment, and ESG is fast becoming the standard for businesses to manage and report on their risks.

Deciding to start ESG scoring can seem like a daunting task. But in actual fact, compliance dovetails into ESG reporting in a very meaningful way. Using a particular ESG framework can help to guide your reporting processes, showing you where to look, what to measure, and how to communicate it.

There are many reporting frameworks for ESG, and it can feel like an overwhelming task to figure out which one could be right for you. VinciWorks has created a series of guides to the various frameworks available in order to help you understand the different frameworks: what they mean, how to align with them, and which one might be right for your business if any.

Some of the most popular ESG frameworks are the World Economic Forum (WEF), the Global Reporting Initiative, the Sustainability Accounting Standards Board (SASB), the International Integrated Reporting Council (IIRC), the Carbon Disclosure Project (CDP) and the Task Force on Climate-Related Disclosures (TCFD).

IIRC ESG framework

The IIRC framework, also known as the international framework, is a coalition of non-profits, NGOs, accounting experts, regulators and investors who study the international marketplace and publish new corporate reporting standards to support businesses in reporting. It is mainly financial-focused but also looks more broadly at material data involving a company’s governance performance, strategy, and social and environmental impact.

The IIRC framework is a good starting point for any business, including those who want to show ESG performance to financial stakeholders, and companies that have demonstrable value creation. However, it’s overly focused on financial reporting, doesn’t include much about larger social or environmental impacts or performance, and is not aimed at a multi-stakeholder audience.

IIRC ESG reporting framework advantages

These are the main strong points of the IIRC reporting framework:

  • Provides quality financial data
  • Strong focus on business model and governance
  • Can show resource allocation, particularly if making capital ESG investments
  • Works well together with the SASB reporting framework

IIRC implementation guidance

The act of preparing an IIRC report generates internal benefits on its own, such as improved risk management and decision making. IIRC reports are aimed at showing how organisations create, preserve, and improve value.

To get started with an IIRC, here are the steps your organisation should take:

  • Get organised: establish an implementation team and a repository of relevant resources
  • Establish a plan and review existing reports for possible gaps
  • Assess systems and controls
  • Prepare report content
  • Improve the process with a feedback system and continue to monitor progress

Want to find out if the IIRC might be the right framework for your business? Click the button below to download our quick start ESG guide to IIRC, free of charge.

Your ESG Guide to IIRC – International Integrated Reporting Council

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.