Demonstrate Your ESG Commitment With Confidence
Hyperproof ESG can help your organization manage your environmental, social and governance impacts. Assess and track ESG risks, including risks arising from your suppliers and vendors. Manage ESG performance. Provide assurance and disclosures to stakeholder groups without straining your compliance and audit teams.
Hyperproof ESG at a Glance
Conduct risk assessments, including risk assessments on your third-parties and suppliers. Track ESG risks in a register and prioritize risks for treatment
Implement an ESG program and maintain it effectively by fostering accountability among stakeholders, org-wide
Conduct internal audits to understand opportunities for improvement and to ensure the accuracy of ESG disclosures
Create disclosures and shared reports that align with common ESG frameworks. Build custom reports to monitor ESG risks and performance
What Hyperproof ESG Can Do
Conduct ESG Risk Assessments, Analyze Results, and Prioritize Risks
Public companies are expected to disclose all risks that have a material impact on their financial performance in their annual reports. To determine what ESG disclosures you need to make and what initiatives you’d like to prioritize, you need to understand your risks first. Hyperproof allows you to identify, manage, and monitor risk on a continuous basis.
- Risk owners within your organization can document risks in their respective functions and risk treatment plans in Hyperproof
- Maintain all vendor information in a central vendor registry
- Conduct vendor risk assessments, analyze results, and prioritize vendor due diligence based on risk assessment results
- Automatically calculate risk scores based on risk questionnaire results or manually assign them
- Monitor ESG risks continuously through dashboards and customizable reports.
Implement an ESG program and Maintain It Effectively
In Hyperproof, you can implement an environmental, social, and governance (ESG) program that meets investors’ expectations and regulatory requirements and is aligned to the key priorities of your organization. To ensure your ESG program isn’t just on paper only, you’ll need to get leaders and teams across the business involved and foster accountability.
- Map your ESG activities to organizational priorities, regulatory requirements, and risks
- Assign ESG risks and ESG activities to owners to manage
- Automate requests asking ESG activity owners to verify that key activities are performed
- Measure progress on ESG initiatives with customizable dashboards and reports
- Reference ESG frameworks (SASB, TCFD, WEF) to determine what disclosures you’d like to make in annual reports and sustainability reports
Conduct internal audits
Hyperproof allows you to easily audit your controls and ESG data -- so your execs can make disclosures with confidence.
- Conduct internal audits in Hyperproof’s Audit Module
- Assign requests to collect data on your ESG initiatives to stakeholders; Hyperproof automatically pulls in the data while letting stakeholders work in the tools they love
- Automate follow-up reminders and escalation paths
- Hyperproof plans to integrate with systems that host ESG data (Salesforce Sustainability Cloud, Microsoft Sustainability Cloud) so data can be pulled into Hyperproof automatically for testing
- Store testing plans, test results, evidence all in one place
- Track remediation items and their status easily
Create Disclosures that Align With Common ESG Frameworks
Different investors may want to see different ESG information. Hyperproof allows you to meet those expectations utilizing a variety of ESG reporting/disclosure frameworks out-of-the-box. It’s easy for anyone to upload additional custom frameworks into Hyperproof and manage them in the platform. Hyperproof-supported ESG disclosure frameworks include:
- SASB standards from the Value Reporting Foundation
- Task Force on Climate Financial Disclosures (TCFD)
- World Economic Forum UBC Metrics
- The Global Reporting Initiative
Create and Share Reports On Your ESG Risks and Performance
With Hyperproof you can monitor ESG risks, progress on ESG initiatives, pending audits, and more via dashboards and customizable reports.
- See the overall health of your ESG program, progress made, and gaps that still need to be addressed
- Visualize the work that needs to be done for upcoming audits
- Generate ad-hoc reports (PDFs or CSVs) of customizable dashboards and share them with stakeholders outside of your organization
Automate a Certification Process For ESG Information Disclosed In Annual Reports
There are some similarities between maintaining a SOX compliance program and maintaining an ESG Program. One commonality is that both require stakeholders across an organization to review and attest to the accuracy of certain information before that information gets published. Managing this workflow can be incredibly time-consuming if done manually, and organizations can reap significant benefits by applying automation to the process.
SOX Section 302 requires an organization’s CEO or CFO to personally attest to the integrity of the key controls that influence their financial statement reporting on a quarterly basis. Prior to the officers signing, certification requests are sent to process or control owners in various departments within the organization. This approach helps to assure signing officers that key internal controls over financial reporting are operating effectively across all departments and provides them with the confidence required to sign the 302 quarterly certifications.
There are software products you can use to automate a SOX certification process by distributing sub-certifications with control owners. Here at Hyperproof, we recognize the value in applying automation to this process and will consider creating this type of certification workflow automation for controls that influence an organization’s ESG reporting. Please contact us if you have thoughts or feedback on this area.
ESG stands for Environment, Social, and Governance. ESG includes three central factors in measuring an organization’s commitment to ecological sustainability, to its community, and to corporate governance.
Environmental factors involve the preservation of our natural world, including issues like climate change, carbon emission reduction, water conservation, water and air pollution, and deforestation.
Social factors are concerned with how human beings are treated and recognize human rights and our interdependencies. It includes issues like gender and racial diversity, inclusion, community relations, and the labor practices of us and our suppliers. Organization’s data collection, handling and protection practices also fall under the Social umbrella.
Governance factors involve the logistics and defined processes for running an organization. It covers topics including the Board of Directors and its makeup, how the board and company executives factor key issues (e.g., climate change, executive compensation, political contribution, etc.) into the formation of business plans, risk management policies, and annual budgets.
Why Focus on ESG Now?
Regulatory bodies, investors, and other stakeholders are expecting organizations to be held accountable to ESG standards and report on their progress. To survive and thrive in the long-term, organizations need to understand their impact on the environment and the communities they reach and ensure they have sound governance practices in place.
Many companies operating in the EU and the UK are already required to disclose their ESG strategy, risks, metrics, and targets under certain frameworks, such as theTask Force on Climate-Related Financial Disclosures (TCFD) framework. To date, ESG disclosures have been voluntary for public companies in the United States. Historically, the Security Exchange Commission (SEC), charged with regulating companies to protect the interest of investors, has only mandated disclosures on “material” issues that impact a company’s financial performance. ESG risks have historically fallen outside of the SEC's definition of material issues. But the status quo is about to change.
Industry insiders are expecting the SEC to issue new climate disclosure rules by the end of 2021 that are likely to be mandatory. Here is the current consensus from legal and corporate governance experts and leading academics:
- Current SEC Chairman Gary Gensler stated his belief that only mandatory, as opposed to voluntary, disclosures can result in companies’ climate disclosures being “consistent and comparable” both between companies and over time.
- Companies may be required to file climate disclosures in Form 10-K.
- Companies may be required to make qualitative disclosures, such as a written narrative of how climate-related risk feeds into the company’s strategy.
- Companies may need to make quantitative disclosures, such as metrics related to greenhouse gas emissions and the financial impacts of climate change.
- Companies may be required to back up their advertised environmental claims, such as “net zero” commitments.
- The rules may be inspired by the TCFD framework, which focuses on governance, strategy, risk management, and metrics/targets.
With the SEC about to issue new rules likely mandating climate change disclosures, now is the time to start preparing by building greater rigor into your ESG program.
Are there similarities between SOX compliance programs and ESG programs?
If your organization complies with SOX, you know that company directors (CEO, CFO) are legally required to certify key controls around financial disclosure on a quarterly basis. In order to give company directors confidence in the controls they sign off on, it is considered best practice for internal auditors to test key controls and verify their design and operational effectiveness before company directors sign off on the controls.
Some organizations have implemented a process where prior to officers signing, certification requests are sent to process or control owners in various departments within the organization. This approach, known as “sub-certification”, helps to assure signing officers that key internal controls over financial reporting are operating effectively across all departments, and provides them with the confidence they require to sign the 302 quarterly certifications. In fact, many organizations have taken advantage of software that helps them automate workflows around SOX 302.
Although ESG disclosures generally aren’t mandated yet by the SEC, industry insiders expect the SEC to issue requirements on climate-related disclosure by the end of 2021 or spring of 2022 at the latest. When the SEC publishes its new ruling, companies will need to create a mechanism to ensure the accuracy of climate-related metrics and information they plan to publish in reports distributed to investors. Internal auditors will need to develop processes to audit key ESG activities (or “controls” in the GRC world) and metrics just as they audit financial controls for SOX.
If you already have a process for testing controls and a process for sub-certification for SOX, you can use the same processes to efficiently manage ESG compliance. If you do not already have a process in place, you can use Hyperproof to implement a process and automate workflows around testing ESG “controls” and reviewing ESG disclosures.
Sign Up for a Personalized Demo
We got through product training in two hours. The moment our instance was set up, we started using the platform to prepare for our upcoming SOC 2 and SSPA audits.