CIOs rise to the ESG reporting challenge

Corporate ESG reporting is getting real for companies around the globe. Enacted and proposed regulations in the EU, US, and beyond are deepening reporting requirements in an effort to change business behavior. What were once theoretical goals around environmental, social, and governance issues are rapidly evolving into mandatory efforts.

The foundation for ESG reporting, of course, is data. And that puts CIOs at the center of these increasingly important initiatives.

“Always the gatekeepers of much of the data necessary for ESG reporting, CIOs are finding that companies are even more dependent on them,” says Nancy Mentesana, ESG executive director at Labrador US, a global communications firm focused on corporate disclosure documents. 

The EU’s Corporate Sustainability Reporting Directive (CSRD), which took effect in January 2023, is top of mind for companies doing business there, but a host of other requirements are taking shape from the US Securities and Exchange Commission, the International Sustainability Standards Board (ISSB), and the State of California, as well as the EU’s Corporate Sustainability Due Diligence Directive (CSDDD).

“CSDDD is expected to make the reporting of ESG-related information a full-time job and fundamentally change how companies are structured around this reporting,” says Mentesana.

While choosing the right tools from the expanding ESG software marketplace is important, the real work takes place on the back end. What companies need more than anything is good data for ESG reporting. That means ensuring ESG data is available, transparent, and actionable, says Ivneet Kaur, EVP and chief information technology officer at identity services provider Sterling. “CIOs are in a unique position to drive data availability at scale for ESG reporting as they understand what is needed and why, and how it can be done.”

“The CIO will play an important role, particularly in these early days of sourcing and aggregating data,” agrees Amy Cravens, research manager for GRC and ESG management and reporting at IDC. “As regulation emerges, the needs for auditable, data-backed reporting is raising the stakes and elevating the role of data in ESG — and hence the [role of the] CIO.”

CIOs — who sign nearly half of all net-zero services deals with top providers, according to Everest Group analyst Meenakshi Narayanan — are uniquely positioned to spearhead data-enabled transformation for ESG reporting given their data-driven track records. But ESG data is more complex than any other type of data organizations have had to wrangle, spurring leading CIOs to educate themselves quickly on the nuanced challenges of delivering reliable, actionable ESG reporting.

ESG reporting: IT’s latest data challenge

For Allianz Technology, ESG reporting is no small task. As the internal technology provider for parent company Allianz SE with 15,000 employees, the entity employs more than 100 ESG experts who spend several weeks each year heads down collecting and reporting ESG data manually.

Birgit Fridrich, who joined Allianz as sustainability manager responsible for ESG reporting in late 2022, spends many hours validating data in the company’s Microsoft Sustainability Manager tool. “Data quality is key, but if we’re doing it manually there’s the potential for mistakes. That’s our biggest challenge,” says Fridrich, who is eager for greater digitization and automation to free her up to apply her talents to driving ESG improvements.

Help is on the way, but it takes time. Rainer Karcher, Allianz Technology’s chief sustainability officer, knows what the effort to streamline ESG reporting will take. Karcher spent 26 years in IT roles and understands the need for reliable, readily available ESG data. Having previously headed up IT sustainability at Siemens, he also knows the challenge of delivering it. Siemens had 365,000 products in its portfolio, from switches to trains (which themselves comprise millions of parts), and more than 65,000 tier-one suppliers.

“To accurately report on the environmental footprint for a train, we need to ensure that every single supplier provides accurate data in a reliable way,” says Karcher. “The complexity is at a much higher level.”

Even for more straightforward ESG information, such as kilowatt-hours of energy consumed, ESG reporting requirements call for not just the data, but the metadata, including “the dates over which the data was collected and the data quality,” says Fridrich. “There are several things you need to report attached to that number.”

The job is so large that Allianz Technology CTO Gülay Stelzmüllner, then CIO, hired Karcher in October 2022 to develop the company’s ESG reporting strategy because she didn’t have enough time to strategize for it herself, given her ongoing CIO duties. Karcher has since built a team of 18 and completed an inventory of existing ESG data structures and legal requirements.

“Whatever we do, we need transparency into all the data structures, processes, and governance in order to have that single source of truth,” Karcher says. “And we need it to be reliable and audit-proof for compliance purposes.”

Releasing the company’s ESG experts from manual reporting is Karcher’s top priority, and IT is essential to digitizing and automating the process.

Most companies find themselves in a similar situation.

“Only a few enterprises have adopted fully automated ESG data collection and monitoring tools; the majority still depend on unreliable manual practices,” Everest’s Narayanan says. “They face a resource shortfall as ESG reporting, coupled with financial reporting, becomes a substantial task.”

Build alliances — and begin with IT

To achieve success, CIOs must first understand how ESG reporting fits within the company’s business strategy, Sterling’s Kaur says. Then they need to engage and align with the right people in the organization.

The CFO and CSO top that list, but CIOs should branch out further, as “upstream processes is where the vast majority of sustainability and ESG story really happens,” says Marsha Reppy, GRC technology leader for EY Global and EY Americas. “You will not be successful without procurement, R&D, supply chain, manufacturing, sales, human resources, legal, and tax at the table.”

Because ESG data is broadly dispersed throughout the organization, CIOs will need broad consensus on an ESG reporting strategy, but the triumvirate of CIO, CFO, and CHRO should be driving ESG reporting forward, Kaur says.

“Business goals matter, financials matter, and employee engagement matters,” she says. “Creating this partnership has the benefit of bringing a cohesive view forward with the right goals.”

CIOs must also educate themselves on the nitty gritty of ESG reporting to fully understand the complexity and breadth of the problem they’re trying to solve, EY’s Reppy says.

One of the best ways to do this is to begin reporting on IT’s ESG impact, says Allianz’s Karcher. He advises CIOs to seek out those in IT who have a passion for the topic to help start the process, which includes becoming fluent in ESG terminology. “Scope 1, 2, and 3 emissions are big question marks for [most CIOs],” says Karcher. “They need to have an understanding of all the specific terms and reporting.”

SustainableIT.org, on whose board both Kaur and Karcher sit, offers CIOs no-cost frameworks, data, and reporting standards, as well as case studies and practical advice from IT peers. Going through the process for IT will give CIOs a better understanding of what needs to be done for the larger enterprise, says Karcher, who took this approach at Siemens.

“You start learning the terms and how to identify the right data sources,” he says. “Then you’re in a better position to work with the CSO or the CFO on ESG reporting.”

Digging into ESG data structures

Turning attention to data, CIOs should conduct a materiality assessment to narrow their focus on the most important ESG information for the short- and long-term.

“It is important to demonstrate that the company is addressing and integrating the risks and opportunities that may impact company operations and the impact the company may have externally,” says Labrador’s Mentesana.

From there, CIOs can determine the most relevant pieces of data and how to source and automate the gathering of that data, IDC’s Cravens says.

CIOs should also document any current data collection and reporting processes that involve relevant ESG data, including which departments are or should be involved in data collection, what data is being collected, and how the data is being verified. They should also “evaluate data and reporting against the various ESG external reporting frameworks to help determine the most relevant for the company’s industry and those that best enhance the information most important to the company and its stakeholders,” Mentesana says.

In assessing existing processes, CIOs should note challenges such as manual reporting, poor data quality, and siloed systems, advises Allianz’s Karcher.

Because the goal, where possible, should be to extract the necessary data at the source for greater transparency and accuracy, IT leaders should also review existing tools to determine where additional help or technology may be needed to address fundamental issues such as data management, analysis, and audit trail development, says Mentesana.

And ESG roadmaps should be built to leverage existing and planned investments aligned to broader IT strategy, EY’s Reppy advises. “Develop a long-term roadmap identifying synergies with other initiatives, but allowing for short-term needs to be addressed,” she says.

Karcher, who learned a lot about exploring organizational data structures at Siemens, put his new Allianz Technology team to work right away identifying all data sources used for manual ESG reporting. Over the past year, the team has created a catalog of ESG standards and rules that define what sustainability means in detail for various aspects of technology and operations. This year, the team will connect all ESG data sources to the Allianz data lake, which also contains the parent company’s commercial, financial, and HR data. That way Karcher’s team can create an ESG data service offering for the other 64 entities within Allianz SE.

“Digitalization and automation is key to having the data quality we need for CSRD,” says Fridrich. “We have to be able to rely on the data, otherwise it’s just a good guess.”

As the data architecture is developed, it will be designed to deliver output not only to the ESG reporting tool but to other systems that will be designed for sustainability improvement.

A journey more than a destination

While the task is significant, CIOs emphasize achieving incremental progress over time.

“Don’t spend so long developing a plan that it becomes outdated and not worth executing on,” says Daragh Mahon, CIO of Werner Enterprises, who recently rolled out an ESG reporting platform for the truckload transportation and logistics services provider.

Mahon approaches ESG reporting like a product that requires continuous maintenance and development to serve its purpose.

“Approach strategy development in small increments. Pay more attention to steps that are coming up next in your strategy and get more into the details,” Mahon says. “For phases of the strategy that are further away, keep things at a high-level because the path along the way is likely going to make things change.”

With that in mind, Mahon moved quickly with his ESG reporting platform to get early user feedback as one would with a minimum viable product. “By forcing yourself to work through pain points to create a better, viable solution, you’ll find yourself with an improved product when all is said and done,” he says.

For Sterling’s Kaur, the question at the start of the ESG reporting effort is an ongoing one: What do I need to do to make the right data and analytics available for driving next steps at many different levels? At the same time, CIOs will need to continually assess how to increase the efficiency and reduce the costs of ESG reporting efforts, Narayanan says.

At Allianz, ongoing communication to clarify the role of Karcher’s sustainability group (and the IT organization) in ongoing ESG reporting and strategy work has proved important. Too many companies view those creating the foundation for ESG reporting as responsible for it. So Karcher has built a community of 350 people within the company working toward sustainability in specific areas as part of their day-to-day roles to ingrain ESG efforts within the business. “That’s been a fundamental change to ensure that we are seen as guidance and support for ESG not the team doing ESG,” Karcher says.

Ultimately, developing ESG reporting infrastructure and capabilities “is a journey, with increasing maturity over time,” says Cravens of IDC. That’s in part because ESG reporting isn’t just about the data. It requires data-driven transformation. And that’s even more reason for CIOs to be at the center of the effort.

“Data is at the core of the issue, but data requirements not integrated into the business process, and without appropriate organizational change management enabling it, will not get you far,” says EY’s Reppy. “CIOs have an opportunity to bring their organizations’ sustainability and ESG goals to life by not only enabling this with data and technology, but by lending the significant experience they have in tech-enabled business transformations to an area in dire need of one.”