EBOOK

Three Steps Towards

Your ESG Strategy
A Practical Guide for
Risk Management Teams
ESG and Risk Management Today
Being investor and climate driven, Environmental Social disaster recovery, and third-party risk management.
Governance (ESG) is fundamentally a forward-looking We also present a five-phase plan to guide you in
Integrated Risk Management (IRM) approach to discerning assessing your internal factors so you can begin to build
which companies are likely to thrive and which most likely Operational Resilience.
will decline in a world growing in environmental and social
For risk management teams, ESG is a major opportunity to
uncertainty. It is more concerned about the ability to sense
elevate the strategic focus of the risk management function
and anticipate what is needed to prosper without doing harm
from “avoid trouble” (defensive posture) to “increase
to people and planet than it is about backwards looking
corporate value” (opportunity posture). Risk management
control frameworks.
leaders can directly influence the ESG strategy, lending
In this eBook, we examine the pillars of Operational Resilience expertise towards this major business imperative. To get
and why it’s essential to align the silos of internal teams started, it is important to put in motion actions that lay a
responsible for risk management, business recovery, IT solid foundation for your strategy.

Understand the Plan for the Effect Navigate the

Context on Corporate Standards
Reporting

• Research the evolution of ESG • Familiarize yourself with the • Research the emerging standards
and related standards boards. existing ESG reporting. related to ESG.

• Connect with internal stakeholders • Map out your key stakeholders • Outline the basic industry
to understand the current state and what information is most and geographical requirements
of ESG efforts. relevant for each group. for your company.

Three Steps Towards Your ESG Strategy: A Practical Guide for Risk Management Teams | 2
ESG fundamentally a
forward-looking Integrated
Risk Management (IRM)

1
approach to discerning
which companies are likely
to thrive and which most
likely will decline in a world
Materiality Mapping
growing in environmental
and social uncertainty.

With knowledge of the

2
business operations and
the potential risks to
strategic objectives, risk
management functions Tracking and Tracing
can provide insight into
critical issues but more
importantly, can provide
the experience in executing
broad programs.

Therefore, it is helpful
to understand three
fundamental components
of an ESG Strategy.
3 Reporting and
Automation

Three
ThreeSteps
Steps
Towards
towardsYour
yourESG
ESGStrategy:
Strategy:AAPractical
practicalGuide
guidefor
forRisk
risk Management
management Teams
teams | 3
 1
Materiality Mapping
Materiality Mapping starts with the identification of stakeholders and what matters most to them.
Management then assesses topics affecting stakeholders relative to organizational imperatives,
influenced by good governance principals, and the long-term viability of the business model. Once
formally established, a Materiality Map influences the selection of ESG frameworks, topics, and
industry initiatives.

The Materiality Mapping exercise is an enterprise-wide assessment that lays the foundation for
the organization’s environmental, social, and governance programs. This work should deliver
to business leaders a complete and aggregated view of the organization’s value chain’s ability,
including its supply chain, to meet its environmental, social and governance responsibilities. As
the organization evolves, this process must become routine as part of an ongoing view into the
key ESG topics for the organization.

Stakeholders

Data Privacy Climate Change

Emissions Reduction
Environmental

Sustainability
Supply Chain

Governance Employee Relations

Compensation Social Programs

Social Materiality Map

Three
ThreeSteps
StepsTowards
towardsYour
yourESG
ESGStrategy:
Strategy:AAPractical
practicalGuide
guidefor
forRisk
risk Management
management Teams
teams | 4
 2
Tracking and Tracing
Once you have worked out ‘What ESG Topics Matter Most’ and set target metrics across E, S
and G topics, the organization must gather data about how the business is performing on these
metrics. This tracking and tracing of metrics from business objectives to operations can be a
complex task but necessary to monitor progress towards ESG objectives.

By centralizing ESG data, you can help the company prepare for annual reporting. More
importantly, executives and Board members need graphical, real-time reporting and dashboards
to view and evaluate compliance, environmental impact, and supply chain risk with quantifiable
data and metrics. This actionable data helps inform better decision-making and achievement of
corporate goals while mitigating risk and ensuring the business takes steps to ensure its success.

Data Privacy Climate Change

Emissions Reduction
Metric 1
Metric 2
Sustainability
Supply Chain Metric 3
Employee Relations
Metric 4
...
Compensation Social Programs

Materiality Map
Business Operations

Three
ThreeSteps Towards
Steps towardsYour
yourESG
ESGStrategy:
Strategy:AAPractical
practicalGuide
guidefor
forRisk
risk Management
management Teams
teams | 5
3
Reporting and Automation
Reporting across the various ESG frameworks and standards follows a common pattern of telling
the story of the application of internationally proven and accepted risk methods and practices to
business. The pressure to deliver ESG reports is high now. Shareholders and investors are calling
for this information and it could affect your ability to raise capital and continue growth. Therefore,
there is an imperative to get started as the stakes will only get even higher.

Automation will be a key element of dealing with the ongoing change inherent in managing ESG
efforts. Manual processes, which may meet tactical needs, will simply not be able to keep up -
especially with the flux expected as ESG requirements evolve. You should be targeting efforts now
to remove complexity and deliver solutions which meet your business requirements.

Key elements of an automation strategy:

• Plan for generating, collecting, monitoring and reporting ESG metrics & standards.

• Strategy to centralize tracking, tracing and managing of data including objectives, stakeholders (internal & external),
materiality assessments and metrics.

• Support for ongoing materiality mapping assessments.

• The ability to easily gather ESG metrics from systems and stakeholders, and identify compliance/noncompliance
of thresholds for ESG metrics.

• The ability to manage issues and gaps identified during metrics collection.

• Scenario analysis capabilities to identify potential routes to reduce risk and manage action plans.

• Quantification methods to calculate risk exposures including the ability to measure costs of mitigation vs.
costs of exposure.

Three
ThreeSteps Towards
Steps towardsYour
yourESG
ESGStrategy:
Strategy:AAPractical
practicalGuide
guidefor
forRisk
risk Management
management Teams
teams | 6
Environmental
By implementing responsible social and sustainability policies and programs that help lessen
corporate environmental impact, organizations can better deal with global crises such as
rising energy prices, access to resources, and enact better operational resilience programs.
Organizations that embrace and implement robust and effective ESG programs benefit society,
investors, stakeholders and ultimately assure the organization’s ability to thrive and survive long
into the future.

Social
Archer enables ESG data to be gathered in a centralized Integrated Risk Management (IRM)
platform alongside other risk and compliance data. By implementing Archer within their broader
risk management program, business leaders and executives have access to quantifiable risk data
providing the insight and tools needed to protect the business while adhering to their ESG policies.

Governance
In addition, Archer allows your ESG and risk teams to look at their data in a new way. You can use
modeling and risk quantification to dig into the data, run scenarios and identify the impact of risks
and the necessary investments to reduce or mitigate business disruptions and meet ESG objectives.

Three
ThreeSteps
StepsTowards
towardsYour
yourESG
ESGStrategy:
Strategy:AAPractical
practicalGuide
guidefor
forRisk
risk Management
management Teams
teams | 7
About Archer
Archer is a leader in providing integrated risk management solutions that enable customers to improve
strategic decision making and operational resiliency. As true pioneers in GRC software, Archer remains solely
dedicated to helping customers understand risk holistically by engaging stakeholders, leveraging a modern
platform that spans key domains of risk and supports analysis driven by both business and IT impacts. The
Archer customer base represents one of the largest pure risk management communities globally, with over
1,500 deployments including more than 90 of the Fortune 100.

@ArcherIRM Archer Integrated Risk Management

©2022 RSA Security LLC or its affiliates. All rights reserved. RSA and the RSA logo are registered trademarks or trademarks of RSA Security
LLC or its affiliates in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes
the information in this document is accurate. The information is subject to change without notice. 02/22 eBook.