A supervising ESG Committee has to resolve several basic questions in order to build out its ESG program.

• What are the company’s ESG risks?
• How is the company’s ESG program tailored to its ESG risk profile?
• What kind of information are investors, shareholders and stakeholders demanding as part of a disclosure framework?
• How will the company collect, assess, and monitor relevant data, and the disclose key metrics to relevant stakeholders and regulators?

If these questions sound somewhat familiar to the ethics and compliance program function, welcome to the world of ESG – a new world that shares many operational principles with ethics and compliance programs.  Both ESG and E&C programs involve risk assessments, policies, procedures and controls to mitigate risks, leveraging ESG and E&C requirements across the business, and monitoring, measurement and reporting on performance.  What a surprise.

This does not mean that Chief Ethics and Compliance Officers should add ESG to their responsibilities.  It only means that CECOs should have an important seat at the ESG table at which they can contribute to overall design and implantation of an ESG program.

CECOs also know how to leverage technology, data analytics and other functions that will play an important role in any ESG program.  In this area, CECOs can advise ESG officers on how to embrace technology, build data analytics and then ultimately monitor their program through data sampling, monitoring and oversight.  Internal Audit has much to offer here as well given its responsibilities over SOX reporting and other data collection, monitoring and performance metrics.

ESG programs have to be designed around basic operational issues, including (1) information collection; (2) accuracy and reliability of information; (3) data collection procedures; (4) coordination with disclosure procedures; and (5) testing, audits and monitoring of process to ensure accuracy and effective operations.

ESG goals and commitments have to be set at the board and senior executive levels.  Obviously, they will have a direct and immediate impact on company operations – investments, resources and business operational planning will all be implicated.  The ESG function will be charged with implementation of ESG policies and procedures, data management and program evaluation, monitoring and performance metrics.

ESG will impact not only the bottom line financial performance, investments and strategic planning but many other aspects of corporate operations – talent management, resource allocation, information technology, ethics and compliance objectives and operations, and security.

ESG planning has to include program evaluation and independent auditing procedures. Similar to external financial auditors, and risk and compliance program assessments, a new “cottage industry” will be born surrounding the evaluation of ESG programs.  Such assessments will extend way beyond information or disclosure reliability but to program design, risk evaluation, program operations, coordinating with disclosure functions and overall accuracy in reporting.

As the SEC digs into the ESG issue, the SEC is likely to adopt a mandatory reporting framework akin to other issues of importance – cybersecurity is just one example.  Whatever mandatory requirements are imposed, third-party assessments and audits are going to be necessary.