5 ESG Myths Demystified: Why ESG Controls Are Key to ESG Reporting

5 ESG Myths Demystified: Why ESG Controls Are Key to ESG Reporting

Environmental, Social, and Governance (ESG) disclosures in public company financial reports have been a constant topic of conversation for over a year. In the US, the Securities and Exchange Commission (SEC) has proposed requirements to standardize reporting metrics so investors and other stakeholders can compare companies and reduce the likelihood of fraudulent claims by corporations that exaggerate their ESG performance, a practice known as greenwashing.

As with any new topic, people are speculating about this requirement, and several misconceptions have arisen. In this article, we will dispel a few of the most common myths related to ESG reporting and provide guidance on the ESG best practices you should consider instead.

ESG Myth 1: The Published Report Is Your Finish Line

Many companies think of ESG as a reporting exercise. In reality, the metrics included in the financial reports represent a snapshot of a robust ESG program. Each year, corporations should consider the data reported as the coming year’s baseline. Management has an opportunity to set new targets, make improvements, and continuously work to meet their stakeholder’s expectations. Without considering ways to make improvements, ESG reporting will require time and resources from the organization without much benefit. 

ESG Myth 2: Our Existing Sustainability Reports Are Just Fine

If your company is already publishing ESG results, you may assume that the proposed SEC rule is just business as usual. Some companies are already listed on an ESG index or may have published an annual sustainability report for many years, so they assume the company will not need to make changes. In reality, they may have been ahead of the market, but now it’s time to revisit what information the new reporting rules are targeting. This could also be a good time to review the current SASB and other ESG frameworks, ESG risk factors, and the regulators’ positions on specific risks. Finally, consider the format of your current reporting – the report should be dynamic and designed for all audiences.  

ESG Myth 3: Collecting Data Is the Most Important Step

Accurate, reliable data is extremely important in ESG reporting. Data tells you the current status, progress made, and areas for improvement, and the data must be scrutinized even when your data collection controls are in place. ESG information comes from various sources, and no individual is an expert in everything related to ESG. Having accurate, reliable data for ESG reporting requires governance programs around collecting, verifying, and aggregating the data. Ideally, the data is managed in the same system of record as your ESG control framework. Using a consistent approach in the controls process allows you to tie the ESG goals, data points, metrics, and controls together for an integrated risk management approach.  

ESG Myth 4: A Past ESG Materiality Assessment Is Relevant

Materiality assessments performed more than a year ago are probably out of date. The company, metrics, and thresholds all change. Similar to the myth we discussed in prior experience with sustainability reporting, now is a good time to revisit and refresh your company’s approach to establishing materiality. Some companies take on the assessment as a single, large-scale project, some outsource, and others spread the work into smaller initiatives. A good approach should balance the desired result with expectations from stakeholders, cost, and effort.

ESG Myth 5: ESG Reporting Is the Same Process for Every Company

ESG reporting is driven by many factors: the business your organization conducts, geographic footprint, number of employees, facilities, distribution channels, and too many more to list. Data from all these processes are at the heart of the reporting, and the data is protected through a system of controls. In the US, most public companies underwent a similar exercise when Sarbanes-Oxley (SOX) went into effect. Like with SOX, ESG controls must be designed, operated, and tested. Despite the similarities across companies, even in common business cycles, controls always differ from one company to another. 

2023 ESG Maturity Benchmarking Report

ESG Reporting Requires Action

The most common ESG myths have one theme: ESG reporting will be quick and easy. The truth is ESG reporting requires companies to take action by establishing a formal ESG program to set targets, choose a framework, establish metrics, identify risks, design and implement controls, aggregate data, and then test to verify the accuracy of the data in the report. Even those companies ahead of the game with sustainability reporting will quickly fall behind if they think they can continue without updating their current approach. Management will need to fully support the data they present in an audit-ready format that will pass inspection from regulators, rating agencies, and external auditors. Take advantage of your time while the reporting rules are still in a proposed state to build a plan and explore the solutions to streamline your ESG program


Claire Feeney is a Senior Product Marketing Manager at AuditBoard focused on ESG and RiskOversight. In her role, she helps support organizations in transforming their enterprise risk management and sustainability programs. Prior to joining AuditBoard, Claire worked in product marketing at OneTrust, VMware, and Infor. Connect with Claire on LinkedIn.


Dylan Krieger, CISA, is a Business Value Architect at AuditBoard. Prior to joining AuditBoard, Dylan spent 3 years with EY in Philadelphia and 5 years with American Tower Corporation in Boston specializing in IT audit, SOX, and IT risk management across the real estate, advanced manufacturing, chemical products, and biotech industries. Connect with Dylan on LinkedIn.