Why ESG Software Fails Without an Operating Model And How to Design One

Whilst organizations around the globe are increasingly adopting a common ESG system that is functionally appropriate, the desired outcomes are often found to be hard to achieve. This is not because of the technology itself but because of the absence of an underlying operating model and adequate governance mechanisms. Assurance agencies and regulators around the world have a clear view that east performance in terms of climate, social, and governance information must be clearly traceable, controlled, accountable, and governed with the same robustness as financial information. In fact, recent assessments by the UK Financial Reporting Council [FRC] and guidance released by the European Securities and Markets Authority [ESMA] clearly show that high-quality software is now available in the market, but an inadequate governance structure is found to be the root cause behind a lack of insurance-grade reliability.

In the next few sections, we will explore why ESG software by itself is unable to drive value and how appropriate operating model levers need to be deployed for an organization to achieve ESG goals.

The core problem: software without an operating model

ESG software works by automating the fundamental areas of data generation, injection workflows, calculation logic, and final reporting. However, organizations investing in these tools often encounter implementation complexities and data quality challenges. Eventually, the ESG software operates in a silo with an underlying repository of unmanaged data and reports that often fail to stand the test of scrutiny. The key reason for these ESG software failures is that technology is treated as a driver rather than an enabler. As such, investing and rolling out a robust operating model, which is supplemented with well-thought-out governance, processes, and Data mechanisms help an organization to achieve its ESG goals.

The layers of an ESG operating model

An efficient and effective operating model for ESG must have underlying pillars – governance, process, data, and technology. Together, they form the foundation of a reliable and reproducible sustainability information framework that has embedded operational discipline and controls.

Governance layer: The foundation of controlled ESG outcomes

In the context of ESG reporting, it is important to understand who makes the decisions and why, who is accountable for the outcomes, which is the authority to enforce process controls, and who will provide the management oversight to drive overall compliance. In essence, governance is not a management-level vision but a systemic authority and accountability framework that ensures that appropriate rigour and discipline are embedded into how sustainability information and reporting are managed.

The UK Financial Reporting Council’s assessment on climate-related metrics and targets 2023 revealed that most organizations lack clearly articulated executive accountability for sustainability information, despite having advanced ESG software. This was reinforced by the European Securities and Markets Authority’s guidelines for non-financial reporting, which set out the need for clear governance in place of implicit assumptions and estimations. When governance is weak, we often see:

• Fundamental assumptions evolving without an appropriate management rationale or documentation
• Controls are being loosely exercised and are informal in their setting.
• Accountability is being fragmented without clear ownership.

These are areas no ESG software can address. As such, it is important for an organization to first build a robust governance foundation before setting out on its ESG journey.

Anti-pattern: Governance theatre

It is often seen that some organizations end up creating what is called a governance theatre. This anti-pattern comprises a sustainability committee or even a chief ESG officer, but often does not have adequate accountability embedded into budgeting or planning processes. Moreover, the control decisions are often outside the ambit of formal approval workflows and review mechanisms. This anti-pattern usually comes to light during assurance reviews as evidence of governance existing but not being operational. It is important to understand how governance can actually be enforced in practice. A strong operating governance model covers the following:

• Formal and clear ownership of sustainability information, for example, who owns emissions, supply chain, workforce related information
• Clear delineation of control planning, common design, my execution, and test phases
• Management level oversight in key materiality decisions such as emission threshold, risk appetite, and exception handling response.

Process: To make discipline and execution meet

An operating process as a sequence of activities which works on the principle of data injection validation, business logic, and finally controlled outputs. While policies determine what should work, processes actually set out how things will work. They are important in the ESG context because data is often collected across multiple domains, transformed through complex calculation logic, and aggregated and reviewed for final reporting. Without having structured and quality-controlled processes, software workflows cannot work in the manner they have been designed. Key process failures that the management should be aware of are:

• Manual overrides where the ESG software does not function directly with source information but falls back on manual data Entry or upload. This is a key area for error injection and often failed assurance assessments.
• Wherever processors require back-and-forth exchange of email-based information through ungoverned spreadsheets, data traceability is found to be broken and constitutes a key assessment risk.
• Often, undocumented challenges are also considered areas of weakness by assurance providers. For example, lack of a sign of process is a key weakness area that assurance agencies may flag during the exercise.

Multiple CSRD pilot assessments have reported that whilst organizations have been able to automate data collection and aggregation, there is low maturity in terms of exception handling processes. As such, data anomalies that were detected by the ESG software were never subjected to root cause analysis and eventual correction.

Data: The true asset that must be governed

It is important for an organization to define its data architecture, keeping in mind assurance grade maturity. As such, the data model must be consistent across the organization, governed for quality and traceability, and be associated with evidence that is readily auditable. In addition, whenever the data changes or evolves, the changes must be tracked with appropriate roll and time stamps.

Regulators have been found to emphasise that data governance is the cornerstone of credible ESG information. The UK SFRC has laid out guidelines for defining data boundaries, explaining how supplier information has been collected, and demonstrating how methodologies are consistently applied over time.

A key anti-pattern that often emerges during assessments is that of siloed data definitions. It is often found that metrics defined by finance risk and sustainability teams are not consistent, or taxonomies do not match across different systems within the same organization. This directly results in inconsistencies in final disclosures and unreliable responses that fail the assurance scrutiny. As such, it is important that an organization has a strong data governance model that includes a canonical data architecture for important ESG metrics, has approved metadata definitions, and can be directionally traced from source to final disclosure.

Technology: Platform is an enabler, not a driver

Technology covers a set of tools which enable the capture of required information automated its transformation, approval in my workflow, and final reporting. However, technology by itself is not a guarantee of governance control. A recurrent theme found during assurance activities is that organizations may have invested in and implemented ESG software, but appropriate ownership has not been defined. Reliance on tools without adequate enforcement control will lead to outputs that are unreliable and will not make it past the assurance agencies. In fact, automation applied to inadequately designed processes often multiplies the underlying structural problems instead of being able to fix them.

The anti-pattern for platform as a driver looks like purchasing an expensive best-in-class ESG tool and hoping that it will replace governance decisions. However, without an appropriately designed operating model, the rules are not codified, and reviews do not have a proper structure. As such, the legacy practices are subjected to a lift and shift through technology, which magnifies the underlying systemic weaknesses.

In order to correctly leverage technology management mass, define and appropriate operating model covering the following:

• Setting out appropriate workflows that are built on the foundation of role-based governance
• Embedding validation mechanisms that function against the background of management-led definitions.
• Capturing evidence automatically and integrating with log-based lineage and version control mechanisms

How to design an ESG operating model

The following approach helps to define a robust and assurance-grade ESP operating model:

• Expressly defining and controlling even before 10 to the evaluated. This must cover areas such as board oversight, responsibilities to be assumed by the risk committee, and defined roles, control owners, and named reviewers.
• Consistently mapping processors to control points is an area that every manager must look at. This includes identification of where the data originates, how it is transformed, where key decisions are made, and what outputs are reviewed. This step helps to ensure reduced reliance on manual workarounds and breakdown points for controls, which can be addressed well in the next advanced point. A canonical data model must be universally agreed and accepted so that each metric is defined only once across the organization and has appropriate boundaries, units, and attribution logic, helping to deliver number is that are consistent across departments.
• Aligning appropriate technology to the operating model happens when managements think of which roles trigger which workflow, what evidence requires to be collected, and how exceptions are resolved. This helps to inform better technology decisions as opposed to first choosing the technology and then thinking of control structures.
• Testing and iterating to ensure that the operating model and technology are appropriately and operatively integrated. This helps deliver a tried and tested working model which is assurance-ready and can be challenged by independent reviewers.

Certain key anti patterns to look out for are as follows:

• Technology first implementations: these are typically instances where organizations first invest in the technology tool before paying adequate attention to governance and control structures, processes, workflows, and manual break points. The result is often disclosures that cannot be defended during assurance.
• Another anti-pattern is sustainability information existing in different silos, such as finance, risk, and audit. The silos can often be integrated at the time of enterprise-wide assurance, and often fail as management tries to reconstruct the final numbers at the time of assurance.
• Spreadsheets that exist in parallel with control structures and systems often represent ungoverned processes and are key red flags during assurance activities, as they must never be a parallel information repository.

To conclude, technology is an enabler, but never the actual solution itself. The ESG software can help an organization achieve its ESG goals, but it cannot automatically deliver controlled and defensible assurance outcomes. For that, the organization must deploy governance structures that deliver accountability processes that enforce controls, validation mechanisms that help to track evidence, and eventually be supported by technology that enables this model, not replacing it.

Learn more about our : Carbon Footprint Platform

Learn more about – Scope 1, 2 and 3 here..