Tech Pros Gain Environmental, Social and Governance Good Practices in New ISACA Primer

Schaumburg, Ill. (Feb. 10, 2022) - Today's technology professionals know that in addition to strengthening their tech knowledge and skills, they need a solid understanding of their enterprises' business. This includes the environmental, social and governance (ESG) practices embedded in the daily operations of an organization, which can also overlap with technology, as ISACA explains in its new free white paper, Governance Roundup: What Are You Doing About Environmental, Social and Governance Practices in Your Enterprise?


Much in the same way that cybersecurity is everyone's responsibility, this paper stresses that ESG is also in everyone's interest and responsibility, involving a range of stakeholders from investors, governments and boards of directors to activists, employees and external auditors. Many may have long associated sustainability with solely environmental responsibility. However, the paper emphasizes that sustainability should also incorporate social and governance components, and outlines examples of the business considerations that can apply to each, including:


  • Natural resources (environment): Employ effective sourcing and usage of raw materials.
  • Human rights (social): Comply with supply chain labor standards.
  • Corporate behavior (governance): Enforce antibribery and anticorruption measures.


Governance Roundup: What Are You Doing About Environmental, Social and Governance Practices in Your Enterprise? also discusses the entities that should be included in ESG collaboration and ESG roles and responsibilities, and provides a practical approach to managing an ESG-focused program. It also includes the United Nations Sustainable Development Goals and their key targets and focus areas as a reference.


The paper also illuminates how enterprises can leverage the COBIT framework in their enterprise ESG efforts, including by adopting the COBIT goal cascade to transform stakeholder needs into actionable strategy that includes ESG practices as well as using the phases of COBIT implementation to provide a solid baseline to address ESG issues sustainably.


Technology professionals can also gain insights into how technologies can be responsibly leveraged to achieve ESG objectives, including through:


  • Green data centers that incorporate energy efficient components to reduce CO2 emissions
  • A moral relationship between technology and its users to ensure ethical technology
  • Diversity, equity and inclusion (DEI) on technology teams, and the use of data to collect and track DEI information for ESG reporting
  • Effective data governance architecture to facilitate responsiveness to ESG standards and reporting frameworks
  • Telemedicine that expands access to healthcare
  • Addressing privacy and information security within governance structures and as a cornerstone of trust between the enterprise and its internal and external stakeholders


"More and more, enterprises are realizing that engaging in environmental, social and governance practices is not only the right thing to do, but it also puts them at an advantage in driving growth and reducing costs and risk," says Mark Thomas, president, Escoute Consulting, and co-lead developer of the paper.


Adds Caren Shiozaki, CIO and executive vice president at TMST, Inc., and co-lead developer of the paper, "ESG goes beyond compliance and can help enterprises spur innovation and enhance reputation with internal and external stakeholders while also making an impact. Everyone plays a role in the long-term work of advancing ESG practices, and technology professionals are no exception."


A complimentary copy of Governance Roundup: What Are You Doing About Environmental, Social and Governance Practices in Your Enterprise? can be accessed at Shiozaki and Thomas also recently discussed the topic in an ISACA Podcast and ISACA TV video interview, which can be viewed here: Additional ISACA resources can be found at



For more than 50 years, ISACA® ( has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.