As companies become tasked with collecting and reporting on environmental, social, and governance (ESG) metrics, a market opportunity has emerged for software solutions that support the rapidly evolving requirements of ESG risk management.
According to a recent forecast from International Data Corporation (IDC), worldwide ESG risk and reporting software revenues will more than double over the 2020 to 2025 forecast period, growing to more than $720-million in 2025.
The past several years have seen a tectonic shift in the market prioritization of ESG risks. Whereas corporate social responsibility (CSR) has been a tenant of corporate governance, risk, and compliance (GRC) for some time, ESG has quickly become a foundational decision factor for consumers, investors, and enterprises.
And, while traditional CSR approaches have focused on philanthropic efforts without necessarily being directly linked to the need to generate positive business outcomes, ESG is performance driven and focused on the materiality/business impact of ESG activities.
Another distinction between ESG and CSR is the association with existing frameworks and emerging legislation. CSR is largely a governance issue with policies being dictated by internal mandates. In contrast, ESG tracking and reporting is typically based on one of several frameworks (Global Reporting Initiative [GRI], International Integrated Reporting Council, Carbon Disclosure Project [CDP], Climate Disclosure Standards Board, Sustainability Accounting Standards Board [SASB; now the Value Reporting Foundation]) and while adapted to each company’s specific needs is more formulaic in application.
The plethora of frameworks that currently guide ESG tracking and reporting make it impractical for companies to effectively monitor ESG risk and even more difficult to leverage data to make positive tangible shifts. While these frameworks provide a general guideline for what companies need to be tracking for ESG, the use of different methodologies and scoring systems creates inconsistency in comparing companies’ ESG performance.
The lack of standardization also makes it easy for companies to design their ESG reporting to capture only the good data, ignoring the bad, and portray an overly optimistic view of ESG activity. Without standardisation in framework and reporting, these metrics are unreliable and have resulted in concerns over greenwashing.
Against this background, a wave of ESG risk management solutions is coming to market as a rapidly evolving segment of risk management software. These solutions were initially designed to track and report ESG metrics but are increasingly being integrated with other risk management areas, including third-party risk, operational risk, compliance risk, privacy risk, and business resiliency.
The ESG risk software landscape can be further subdivided into those solutions that allow companies to manage risk and those solutions that allow companies to report on their ability to manage risk.
“On one end of the ESG risk management spectrum are solutions that take a modular approach and primarily function as data management tools, where ESG metrics are consolidated, organized based on applied frameworks, and tracked over time. These solutions are retrospective, tracking and reporting on what has already occurred,” says Amy Cravens, research manager: Governance, Risk, and Compliance at IDC.
“On the other end of the spectrum are solutions that apply an ESG lens across the risk landscape of a company, are deeply integrated and embedded in existing processes, and are leveraged as a strategic business tool. These tools are predictive, gathering intelligence to monitor indicators and react to redirect risk vectors.”
ESG is quickly becoming a central component of most companies’ overall governance, risk, and compliance (GRC) strategy with IDC expecting that penetration of ESG risk management solutions among GRC users will grow from 50% in 2021 to over 90% by 2026.