What is ESG | The Complete Guide to Reporting | nFlo

What is ESG reporting? A complete guide for companies

Write to us

For decades, assessing the health and value of a company was based almost exclusively on hard financial data – revenues, profits, margins, cash flow. But the world in which we do business has fundamentally changed. Investors, customers, employees, and regulators themselves, have begun to understand that the long-term success of an organization depends on a much broader spectrum of factors than just quarterly results. It has been understood that a company that destroys the environment, ignores workers’ rights and is managed in a non-transparent manner poses a huge risk to its stakeholders and the economy as a whole in the long run.

In response to this growing awareness, a concept was born that is revolutionizing the world of finance and business strategy today. It is ESG. This three-letter acronym, standing for Environment, Social Responsibility and Governance, has become a new, non-financial measure of a company’s value. It’s a set of criteria to assess how an organization manages its impact on the planet and society, as well as how it is governed from within.

What just a few years ago was the domain of the largest global corporations and PR departments, is today becoming a legal and business obligation for thousands of Polish companies, thanks to stringent new EU regulations. Ignoring ESG is no longer an option. It is a strategic necessity that will determine access to capital, customer trust and the ability to compete in the market of the future. This guide is a comprehensive roadmap to help you understand what ESG is, what new obligations it imposes on your company, and how to strategically approach this challenge, turning it into a source of sustainable value.

What is ESG and what do its three pillars mean?

ESG is an acronym that represents the three key areas by which investors and stakeholders evaluate a company’s non-financial performance and sustainability. It’s a holistic view that goes beyond traditional balance sheet and income statement analysis. Understanding each of these pillars is key to implementing a successful strategy.

  • E – Environment (Environment): This pillar deals with all aspects of a company’s impact on the environment. It is currently the most media-savvy and most widely discussed part of ESG. Analysis in this area focuses on how a company manages its environmental footprint. This includes issues such as greenhouse gas emissions and its reduction strategy (decarbonization), energy and water consumption, and efforts to use renewable energy sources. It also addresses waste management and implementation of closed-loop economy principles, as well as biodiversity protection and pollution avoidance. In practice, a company is judged for whether its business model is sustainable and whether it actively minimizes its negative impact on the planet.
  • S – Social responsibility (Social): This pillar focuses on the company’s relationship with its stakeholders – employees, customers, suppliers and local communities. It answers the question of how the company treats people. In the context of employees, aspects such as attention to occupational health and safety (OHS), diversity and inclusiveness policies, fair wages, and investment in development and training are evaluated. In customer relations, sales ethics, product safety and data protection are key. The “S” pillar also covers responsibility in the supply chain, that is, verifying that business partners also respect human rights and labor standards. Finally, it addresses the company’s involvement in local communities, such as through volunteer programs or support for local initiatives.
  • G – Corporate Governance: This pillar is the foundation on which the other two are based. It deals with the “inside” of an organization – how it is managed, controlled and how decisions are made within it. It is the ethical and procedural backbone of the company. Key areas include the structure of the management and board of directors, their independence and competence, and the transparency of executive compensation. Business ethics, i.e. having effective mechanisms against corruption and bribery, is extremely important. This pillar also includes risk management, shareholder rights and, absolutely crucial in today’s world, cyber-security and data protection, which are regarded as fundamental to responsible and mature management.

Why are investors, customers and employees increasingly paying attention to ESG metrics?

The rise of ESG is not a fad. It is a profound, structural change in the way we view value and risk, driven by several powerful forces.

First, investors and financial institutions have understood that companies that ignore environmental, social and governance issues generate much higher investment risks in the long run. A company that does not have a decarbonization strategy may soon incur huge costs from new taxes on CO2 emissions. A company with bullying and labor rights violations faces an image crisis and the loss of top talent. A company with data leaks due to poor corporate governance faces multimillion-dollar fines. That’s why today the world’s largest investment and pension funds are including analysis of ESG indicators as a key part of their decision-making processes, moving capital away from companies with high non-financial risks.

Second, customers and consumers are becoming more conscious. New generations of consumers, especially Millenials and Generation Z, are increasingly guided not only by price and quality when making purchasing choices, but also by the values that a brand represents. They are more willing to choose products from companies that are perceived as socially and environmentally responsible, and boycott those that are associated with exploitation or environmental destruction. Transparency in the ESG area is thus becoming a powerful tool for building loyalty and a positive brand image.

Third, the labor market is changing. In the battle for top talent, salary alone is no longer enough. Employees, especially highly skilled ones, want to work for organizations whose values align with their own. They want to feel that their work is part of something bigger and has a positive impact on the world. A company that boasts high standards in the “S” (social responsibility) and “G” (corporate governance) areas becomes a much more attractive employer.

What ESG reporting obligations does the CSRD impose on Polish companies?

Until now, non-financial reporting obligations in Europe have been limited and mainly applied to the largest listed companies. This, however, has changed dramatically with a new, extremely important regulation – the Corporate Sustainability Reporting Directive (CSRD).

The CSRD, which has been gradually implemented in Polish law since 2024, represents a real revolution. It significantly expands the circle of entities required to report ESG and introduces very detailed, standardized standards for this reporting. The goal is to ensure that non-financial data is as reliable, comparable and useful as financial data.

Who will the new obligation cover? The CSRD will be implemented in several waves:

  • Starting in 2025 (for fiscal year 2024): Large public interest companies that already report under the old regulations.
  • As of 2026 (for fiscal year 2025): All other large companies that meet at least two of three criteria: 250 employees, €40 million turnover, €20 million balance sheet total. It is estimated that this change will cover several thousand of the largest companies in Poland.
  • As of 2027 (for fiscal year 2026): Small and medium-sized listed companies.

Most importantly, the CSRD makes it mandatory to report according to the new, uniform European Sustainability Reporting Standards (ESRS). This means the end of arbitrariness. Companies will have to report very specific indicators and information in all three ESG areas. In addition, all this information will have to be subject to mandatory independent verification (attestation) by a certified auditor or other accredited entity.

What role does technology and IT play in collecting and managing data for ESG reports?

Implementing CSRD- and ESRS-compliant reporting is a huge data management challenge. Collecting hundreds of disparate metrics from across an organization – from factory energy consumption to HR turnover data to safety audit results – is virtually impossible using traditional tools such as spreadsheets.

Therefore, technology and IT systems are becoming absolutely critical to enable effective ESG reporting. It becomes necessary to implement dedicated IT platforms and systems for collecting, aggregating and managing ESG data. Such systems allow the automatic collection of data from various sources (e.g., from IoT sensors on the production line, from the HR and payroll system, from the energy management system), ensure its consistency, and enable the creation of auditable reports that comply with the required standards. Investing in the right IT infrastructure to manage non-financial data is a prerequisite today to meet new legal obligations.

How do cyber security and data protection fit into the “G” (Governance) pillar?

When thinking about corporate governance, many companies focus on traditional aspects such as board structure and anti-corruption policies. However, in today’s digital world, one of the most important and critical elements of the “G” (Governance) pillar is cyber security and data protection.

From the perspective of investors and stakeholders, how a company manages digital risk is a direct indicator of the overall quality and maturity of its corporate governance. An organization that fails to effectively protect its most valuable assets, such as customer data and intellectual property, is seen as poorly managed and high-risk. A major security incident, such as a massive data leak or a crippling ransomware attack, can destroy value built up over years in a matter of hours and expose a company to multimillion-dollar fines and lawsuits.

Therefore, as part of ESG reporting, companies are increasingly required to disclose information about their cyber security strategy in the corporate governance section. This includes information on how the company identifies and assesses cyber risks, what technical and organizational measures it has implemented to protect itself, whether it has an incident response plan, and the role of management in overseeing this area. A strong, documented and regularly tested cyber security program is one of the most important evidences of sound corporate governance today.

What are the key steps in preparing a company for non-financial reporting?

Preparing an organization for CSRD-compliant reporting is a complex project that requires a methodical approach and the involvement of the entire company. It can be divided into several key stages:

  1. Understanding and education: The first step is to educate the board and key managers about the new responsibilities and the importance of ESG.
  2. Materiality Assessment: A company must conduct an analysis to identify those ESG topics that are most important both from the perspective of its impact on the environment and from the perspective of the environment’s impact on its business (so-called dual materiality).
  3. Gap Analysis: Evaluate the current status in each relevant area and compare it to the requirements of ESRS standards to identify gaps in data and processes.
  4. Defining strategy and goals: Based on the analysis, the company should define its sustainability strategy and set specific, measurable goals (KPIs) to achieve.
  5. Implement a data collection system: It is necessary to create or implement systems and processes to reliably and regularly collect the data necessary for reporting.
  6. Report preparation and verification: The final step is to prepare the report in accordance with ESRS standards, and then subject it to mandatory independent verification.

What are the most important ESG reporting standards and frameworks?

Over the years, a variety of non-financial reporting standards and frameworks have emerged around the world. Among the most important are the GRI (Global Reporting Initiative) standards, which is the most widely used sustainability reporting standard in the world. However, for companies operating in the EU, the aforementioned European Sustainability Reporting Standards (ESRS), which were developed specifically for the CSRD and which will become mandatory for all companies within its scope, are becoming crucial.

In addition to legal compliance, what benefits does transparent ESG reporting bring to a company?

While the driving force for many companies is legal obligation, implementing a strategy and transparent ESG reporting brings a number of additional strategic benefits. Among the most important are better access to capital and lower financing costs, enhanced brand reputation and customer loyalty, greater ability to attract and retain talent, improved operational efficiency through identification of savings (e.g., in energy consumption), and better long-term risk management.

What are the biggest challenges in collecting reliable and comparable data?

The biggest practical challenge in the entire ESG reporting process is ensuring the quality, reliability and comparability of the data. This data comes from many different departments and systems, and is often unstructured and collected in an inconsistent manner. Ensuring that data on CO2 emissions, employee turnover or water consumption is accurate, complete and auditable requires the implementation of robust internal control processes and is often an organization’s biggest challenge.

What to look for when selecting tools and partners to support the reporting process?

When choosing a partner to support ESG implementation, look for a company that offers a holistic approach. Competence in one narrow area is not enough. You need a partner that understands both the strategic and regulatory aspects, as well as the technological challenges of data collection and management, and can integrate environmental and social issues with sound corporate governance and cybersecurity.

How do you effectively communicate ESG activities and results to your stakeholders?

Above all, communication on ESG must be authentic, transparent and data-driven. Empty declarations and “greenwashing” are quickly exposed today and can do more harm than good. Effective communication relies on publishing regular, verified reports, but also on integrating ESG topics into daily marketing and corporate communications, showing real action and progress toward set goals.

How can nFlo’s IT Governance and Cybersecurity consulting help your company strengthen the corporate governance (G) pillar of its ESG strategy?

As we have already emphasized, solid corporate governance (the “G” pillar) is the foundation for the entire ESG strategy, and cyber security and mature IT governance are its most important element today. At nFlo, we specialize in building these very foundations. We are not an environmental or social policy consulting firm. We are experts in the technologies, processes and security that make a company’s entire governance system credible, resilient and trustworthy.

  • Implementing Information Security Management Systems (ISO 27001): We help implement and certify an ISMS, which is the most internationally recognized proof of having a mature security management system, a key element of the “G” pillar.
  • Cyber Security Audits and Penetration Tests: Our services allow objective verification of the effectiveness of your security measures and provide management with real data on the level of risk, which is the basis for responsible oversight.
  • Compliance Consulting (RODO, NIS2): We help ensure compliance with key regulations that are integral to corporate governance in Europe.
  • Designing a Secure IT Infrastructure: We are building a reliable and secure technological foundation, which is a prerequisite for the reliable collection and protection of data, including that used in ESG reporting.

ESG reporting is a new business reality. It’s a challenge, but also a tremendous opportunity to build a more resilient, effective and trustworthy organization. Contact nFlo experts to discuss how we can support you in building a solid pillar of corporate governance (Governance) that becomes the foundation for the success of your entire ESG strategy.

About the author:
Marcin Godula

Marcin is a seasoned IT professional with over 20 years of experience. He focuses on market trend analysis, strategic planning, and developing innovative technology solutions. His expertise is backed by numerous technical and sales certifications from leading IT vendors, providing him with a deep understanding of both technological and business aspects.

In his work, Marcin is guided by values such as partnership, honesty, and agility. His approach to technology development is based on practical experience and continuous process improvement. He is known for his enthusiastic application of the kaizen philosophy, resulting in constant improvements and delivering increasing value in IT projects.

Marcin is particularly interested in automation and the implementation of GenAI in business. Additionally, he delves into cybersecurity, focusing on innovative methods of protecting IT infrastructure from threats. In the infrastructure area, he explores opportunities to optimize data centers, increase energy efficiency, and implement advanced networking solutions.

He actively engages in the analysis of new technologies, sharing his knowledge through publications and industry presentations. He believes that the key to success in IT is combining technological innovation with practical business needs, while maintaining the highest standards of security and infrastructure performance.

Other articles by the author