• Got ESG? Show me your policies!
Home» Blog»

Got ESG? Show Me Your Policies! [Webinar Recap]

Got ESG? Show Me Your Policies! [Webinar Recap]

Whether you’ve got an official ESG program in place or not, one thing’s for certain: You’ve got ESG. And in this webinar, we take a deep dive into why, as policies are the very foundation of ESG, you simply can’t address ESG without effective policy management.

We start with our guest speaker Michael Rasmussen taking us through a quick recap of why policies are so important in an ESG context, before taking a deeper dive into how to audit and inventorise your existing policies. 

Along the way, we learn more about the need for policy engagement across all levels of the organization – and the wider, extended enterprise – and finish by looking at the need and benefits of using policy management technology. 

Whether you missed the live session, or just want a reminder of some of the main themes discussed, this recap has you covered, along with the key takeaways.


michael rasmussen Featured Speaker: Michael Rasmussen

Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management.

With 30+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.

How ESG “gets done”…

ESG is delivered by GRC. But there are lots of nuances and complexities across industries. 

The very foundation of an ESG program is established and built on the policies of the organization. You cannot do ESG without having an effective policy management and engagement program. 

Policies codify ESG into the organization and not only need to be well written and accurate, but also be communicated and engaged with by employees who need understanding and training on ESG policies.

Tale of Two Futures: Blade Runner or Star Trek?

The Tale of Two Futures: Blade Runner or Star Trek, presents two very different futures:

  • The Blade Runner future is a dark, environmental and social dystopia
  • The Star Trek future is a green, environmentally-friendly, socially- intergalactic corporation of alien species

This serves to illustrate that the decisions organizations make today collectively set us on a path for one of these futures. All this unfolds in ESG.

The importance of getting ESG right

An earlier version of ESG was CSR (Corporate, Social Responsibility), but this often ended up being passed to marketing and became a pseudo branding exercise that ended up with organizations using ‘green’ in their logo.  

But climate change is just one small piece of ESG.

  • The “E” (Environmental) is broad and complex, covering everything from water and air quality to the use of so-called “forever chemicals” (PFAS)
  • The “S” (Social) is human rights, inclusivity, human rights, modern slavery, working hours, health & safety, privacy, etc. 
  • The “G” (Governance) is anti-bribery & corruption, fraud, financial reporting, etc.

And there are a lot of regulations that impact the S & G, too – the EU corporate sustainability reporting detective – CSRD (which is different from SCC in the US), for example.

But ESG is much deeper than this; both employees and customers are already doing business based on ESG, as recent high-profile examples such as Bud Light and Target demonstrate.

In fact, you cannot address ESG unless you look at the extended enterprise. Their issues are your issues.

Germany’s due diligence act (LkSG) is a sign of where things are going when it comes to responsible Supply Chains, and is soon to extend across the whole of the EU.

So, how do you get started with ESG? You start by looking at your existing policies…

ESG, done right, codified in policies, delivers integrity

Getting started with ESG Policy Management

Many policies map into the ESG context. So ESG starts with doing a good inventory of all your existing policies that cover ESG, to help you to understand whether they are still the right policies for today – or if they need to be modified. 

A policy discovery process helps to uncover the policies you have and identify any overlaps, redundancies, out-of-date policies, etc. Every policy should be reviewed annually, and your ESG commitments should reflect what your policies state.

What are your current policies? What do they state? Is it being followed, or is it just smoke & mirrors?

Most policies in your organization relate to ESG in some way. It can be a challenge to start mapping it out and language and cultural differences make it even more tricky. 

But it needs doing, and it needs doing properly – ignoring it opens the doors to legal liability. Lots of policies extend across the enterprise, so you need to consider what policies (should) extend across 3rd party relationships too.

Clearly define what is acceptable globally and regionally, and how it will roll up in reporting, brand, commitments, and integrity of the organization itself. 

How to discover and index ESG-Related Policies

From the Code of Conduct down into the breadth of environmental, social/HR, and governance policies, it is policies that establish and define ESG objectives and commitments. 

ESG is codified in the Code of Conduct (CoC), so this is the most important policy of all and should be reviewed first.

Some organizations will have separate Code of Conducts for employees and suppliers. Others may need different CoCs for each operating division if there are different conduct risks in different industries. For example, Sony has different CoCs for its Music, Entertainment, and Electronics groups.

From there, inventory your Environmental policies, and your Social Accountability policies.

Social is the most difficult and also impacts brand, as what is accepted in some geographies may not be accepted in others. Social accountabilities are extremely risky and need validating and proper legal review.

Finally, it’s the turn of Governance policies. You may have 100s of these in your organization (such as corporate structure, financial reporting, ABC-related, hospitality, political contributions etc. IT security, tax transparency) – sometimes in many different languages.

In culturally diverse organizations, it is extremely challenging and needs to be approached with extreme caution. 

Change is the greatest challenge impacting ESG policy management

Why you can’t address ESG without effective policy management…

Keeping policies current requires monitoring of the external environment and the internal context. You must clearly understand voluntary (values & ethics), regulatory (mandatory reporting obligations) and contractual obligations with third parties that impose ESG-related requirements.

Policies codify ESG into the organization, providing a foundation of culture (at an ethics, risk, governance, and workforce-level) and not only need to be well written and accurate, but also engaged to employees who need understanding and training on ESG policies.

When it comes to ESG, there’s so much at stake that trying to manage policies using spreadsheets and SharePoint just won’t cut it – effective policy management technology is a must.

“You need tech to manage ESG policies. Not just from a policy lifecycle perspective, but also training and engagement of policies.” 

There is an inevitability of failure in trying to effectively manage so many documents and manual approaches. Plus, you quickly lose the defensible evidence trail of “[this person] accessed [this policy] and was trained on [this policy] at [this date and time]”.

How technology enables ESG policy management

Policy management software can be leveraged to streamline policy development, alignment, change management, communication and performance monitoring. Policy training and awareness, acceptance, metrics gathering and archiving can all be automated to ensure the effectiveness of the policy program is understood in context.

Good policy management delivers huge value through being efficient, effective and agile – not least when it comes to providing 360-degree contextual intelligence by effortlessly managing policy information architecture and providing an audit trail and system of record of all ESG policy interactions. 

Bringing policies and training together while managing the integrity of the organization is crucial, and fundamental to any successful ESG program is that policies are engaged. A unified company policy portal that is accessible on any device ensures that employees, contractors and third-parties can access necessary policies and training at the point of need. 

ESG policy information architecture provides 360-degree contextual intelligence

Delivering policy & compliance management in the flow of work

Many organizations realize that tech can help them make things a reality. They just don’t understand how. 

There are many solutions out there, but most struggle to communicate the policies part of the operational culture, and being able to reach people at the point of need when they need to access the policies. This is where the Ekko policy and training management platform excels.

With Ekko, policy and compliance management sits in the flow of work. Policies are available to the workforce, third-party partners, etc, any time, anywhere – connecting policies and procedures, learning & training, collaboration, and performance and skills development, all in one place.

All of these features can all be used separately, but the magic happens when they are all used together.

A fully-automated policy management tool allows you to manage who/where/when policies are relevant, so any updates are communicated to relevant audiences in real time. Language and location are not an issue either,  making it ideal for deskless workforces where employees, contractors and supply chains may be global.

A robust mobile app means location-specific policies are delivered via push notifications, and QR codes can be used to gain quick access to policy, procedure or training materials at the point of need, and policies are linked directly to training and certification to ensure people can do tests/quizzes to demonstrate their understanding without having to leave the app.

Ekko also uses AI to provide a smart chatbot that provides quick access to policy & procedure information – just ask Ekko (via chat or text) and you’ll be presented with an excerpt from the policy, along with options to access the full policy and/or any related training materials.

All of this is automatically tracked in the app which provides a defensible audit trail and reports on completion rates, certification rates across the org, down to specific detailed user information – where they are at, whether they consent to the policy etc, along with general learning and performance data. 

Once you take the concept of policy management and embed it in the flow of your workforce, the engagement rate is much higher, and completion and attestation rates are much higher.

3 key takeaways and actions

  • The foundations of ESG are codified in your Code of Conduct(s) – is one policy enough, or do you have different risks in different geographies or industries/operating divisions that need their own?
  • ESG policy management starts with an index and review of your existing policies – what do you need to keep, revise, remove?
  • You cannot manage ESG policies manually; it’s too difficult, and the risks are too high – instead, invest in robust policy management software 

Interested in finding out more about Ekko? Book a 1-2-1 demo to learn how to integrate your organization’s policy and training management. 

Andie Coupland

© LearningZone, 2022 Privacy Policy Cookies Policy