What are ESG Frameworks? Corporate Sustainability & ESG Risks

ESG frameworks are guidelines, metrics, and criteria that allow companies and investors to develop sustainability reporting standards and evaluate environmental, social, and governance risks. Common ESG frameworks include the Global Reporting Initiative (GRI), Carbon Disclosure Project (CDP), and Task Force on Climate-Related Financial Disclosures (TCFD).

Over the last decade, ESG performance has become an important metric to evaluate an organization’s operational sustainability. Organizations rely on ESG strategies to assess their internal procedures, supply chain grit, and the sustainability of their third-party vendor relationships.

Keep reading to learn more about ESG and why ESG reporting is vital for organizations looking to develop sustainable business practices across their first and third-party ecosystems.

Discover the #1 Vendor Risk Management solution for your organization >

What Does ESG Stand For?

ESG is an acronym that stands for environment, social, and governance. Each of these three pillars includes criteria to evaluate distinct ESG risks:

• Environment: Assesses an organization’s overall environmental impact and contribution to environmental issues, such as climate change, carbon emissions, and greenhouse gas emissions
• Social: Evaluates an organization’s social impact on the communities they operate in and ESG issues, such as human rights, modern slavery, and fair labor practices
• Governance: Corporate governance appraises an organization’s level of corporate leadership and evaluates how visible stakeholders contribute to an organization’s reputation and brand

Origins of ESG

By looking through an ESG lens, individuals can evaluate investments and businesses based on their ability to withstand risks that emerge during dramatic shifts in environmental, social, and economic systems.

ESG values, viewpoints, and methodology have their origins in several other historical movements focused on sustainability from the 1980s to the present day, including:

• Environment, Health, and Safety (EHS): A 1980s movement in the United States that focused on reducing pollution and improving labor conditions
• Corporate Sustainability: A subsequent evolution of EHS in the 1990s that focused on reducing environmental impacts (misuse and greenwashing became common)
• Corporate Social Responsibility (CSR): A corporate movement in the early 2000s that promoted corporate philanthropy and employee volunteerism

The UN first used the term “ESG” in a 2004 report. Standardization organizations constructed the first ESG frameworks over the next several years and implemented them in the early 2010s. However, early ESG standards and frameworks are now primarily criticized for their reliance on reactive policies rather than preventative solutions. Today, ESG factors focus on preventative sustainability across the discipline’s three pillars.

Why is ESG Reporting Important?

ESG reporting is vital for various reasons, none more paramount than this: it aligns businesses with societal expectations and modern ethical standards while simultaneously improving their long-term sustainability, financial performance, competitiveness, and operational resilience.

There are many benefits to ESG reporting. By installing a reporting cadence into your operational plans, your organization can start:

• Enhancing stakeholder and investor confidence,
• Elevating performance of Vendor Risk Management and awareness programs,
• Gain a competitive advantage,
• Improve brand reputation and
• Install sustainable development goals for the future

Common ESG Reporting Frameworks

There are several different ESG frameworks an organization can follow to improve its ESG risk awareness and meet internal ESG metrics. All frameworks fall into one of three categories:

• Benchmark Frameworks: Requires responses to all questions and typically includes a scoring element or key
• Voluntary Frameworks: Allows organizations to choose which questions they will answer and do not typically include a scoring element or key
• Regulatory Frameworks: Similar to a benchmark framework, but are not scored and required by government bodies

While all ESG frameworks use their own questions and criteria to assess an organization, the following KPIs (key performance indicators) are commonly used by frameworks to evaluate ESG performance:

• Environmental KPIs: Greenhouse gas emissions, carbon footprint, water usage 
• Social KPIs: Average hours worked, injury frequency, employee diversity
• Governance KPIs: Community outreach, funds donated, compliance certifications

List of Benchmark ESG Frameworks

These are the most common benchmark ESG frameworks:

• Carbon Disclosure Project (CDP): The CDP helps companies provide environmental ESG data to stakeholders, investors, employees, and customers by offering three questionnaires on climate change, water, and forests. Each questionnaire is scored separately by an accredited agency.
• Global Real Estate Sustainability Benchmark (GRESB): Used primarily by investors, the GRESB evaluates the sustainability of global real estate portfolios and related investment decisions. The framework’s methodology aligns with several industry-specific reporting standards, such as the Principles for Responsible Investment (PRI), the International Financial Reporting Standards (IFRS), and the International Sustainability Standards Board (ISSB).

List of Voluntary ESG Frameworks

These are the most common voluntary ESG frameworks:

• Global Reporting Initiative (GRI): Applicable to organizations worldwide, the GRI offers guidance over various sustainability issues. Organizations often use GRI standards to guide the creation, execution, and development of an organization’s internal sustainability reports.
• Task Force on Climate-Related Financial Disclosures (TCFD): Designed with environmental concerns in mind, the Financial Stability Board (FSB) created the  TCFD and broke it into four pillars that assess the connection between climate issues and the financial sector: governance, strategy, risk management, and metrics and targets.
• Climate Disclosure Standards Board (CDSB): The CDSB aids organizations in developing annual environmental impact reports. One of the framework’s main objectives is to translate sustainability information into long-term value.
• Sustainability Accounting Standards Board (SASB): SASB standards aid organizations in communicating ESG risks and communicate the importance of ESG investing to stakeholders and investors. The SASB tracks ESG issues across more than 70 industry standards.
• United Nations Sustainable Development Goals (UN SDGs): A set of 17 goals that provide comprehensive ESG guidance, the UN SDGs tackle issues such as poverty, clean energy, healthcare, clean water, gender equality, and sustainable infrastructure.
• ISO 26000: A voluntary standard released by the International Standardization Organization, ISO 26000 guides social responsibility reporting and improvement.

List of Regulatory ESG Frameworks

These are the most common regulatory frameworks:

• Corporate Sustainability Reporting Directive (CSRD): Developed by the European Union, the CSRD provides rules for sustainability reporting. The CSRD applies to EU organizations and subsidiaries that meet several income and operating thresholds.
• National Greenhouse and Energy Reporting (NGER): An Australian-based framework, the NGER develops standards for reporting GHG emissions. The Clean Energy Regulator manages the NGER Act.
• Streamline Energy and Carbon Reporting (SECR): The UK government developed the SECR to guide energy-use reporting. Over 11,000 UK-based companies must complete annual reports disclosing their energy use under the SECR.

Selecting an ESG Framework for Your Organization

When selecting an ESG framework for your organization, it’s essential to consider several criteria:

• Impact and Influence: What are your organization’s ESG goals? What ESG issues is your organization concerned with? How will a particular framework help you achieve these goals and mitigate identified ESG risks?
• Expectations: What are the expectations of your organization’s senior stakeholders? What are the expectations of your organization’s primary investors? How will stakeholders use the ESG information that your organization reports?
• Geography: What ESG frameworks are mandatory for your organization? What ESG frameworks are relevant in your organization’s region of operation?
• Industry Preference: What ESG frameworks align well with your industry? Does your sector recognize any ESG frameworks in particular? Does your industry impose any ESG reporting requirements?
• Coverage: What areas of ESG does a particular framework cover? What ESG disclosures match the type of ESG risks your organization is concerned with?

ESG Ratings & Rating Agencies

ESG ratings provide an objective measure of an organization’s ESG performance. Accredited rating agencies calculate ESG ratings by utilizing their own methodology and scoring matrix to assess and evaluate an organization’s performance in at least one of the three categories of ESG.

The most popular ESG rating agencies include:

• Bloomberg: Provides ESG ratings for over 10,000 companies annually using publicly sourced sustainability data and related information
• Energy Star: A voluntary program developed by the U.S. Environmental Protection Agency (EPA) used to assess the energy efficiency of commercial buildings
• S&P Global: Scores focus on performance-driven metrics to evaluate organizations across more than 50 metrics
• Dow Jones Sustainability Index (DJSI): Utilizes the annual Corporate Sustainability Assessment (CSA) questionnaire to compare the ESG performance of organizations across 61 industries

How Does UpGuard Help Organizations With ESG?

To develop complete ESG awareness across their first and third-party ecosystems, organizations need to construct Third-Party Risk Management (TPRM) programs that incorporate ESG factors into their due diligence, Cyber Vendor Risk Management, and risk tolerance procedures.

UpGuard’s all-in-one cybersecurity solutions include solutions organizations can utilize to improve their ESG risk hygiene and elevate their overall TPRM programs.UpGuard Vendor Risk is a comprehensive Vendor Risk Management solution that helps users prevent cyber attacks, track vendor performance, evaluate vendor security posture, and identify, monitor, and mitigate risks across their supply chain.

Notable features and use cases of UpGuard Vendor Risk include:

• Vendor Security Ratings: Instantly understand your vendor’s security posture
• Vendor Risk Assessments: Reduce the time it takes to assess new and existing vendors‍
• Vendor Tiering: Classify vendors based on their level of inherent cyber risk and your organization’s unique risk tolerance‍
• Compliance Reporting: Map vendor details against common compliance frameworks (NIST, ISO 27001, PCI, etc.) and initiatives ‍
• Vendor Data Leak Detection: Prevent data leakage due to third-party breaches, phishing attempts, ransomware, endpoint vulnerabilities, and other cyber threats‍
• 24/7 Continuous Monitoring: Receive real-time updates when your vendor’s security ratings change‍
• Third-party integrations: Configure UpGuard within your existing security tools and web applications