AWS: IT and Environmental, Social, and Corporate Governance (ESG)
Environmental and social governance, or ESG, is a growing concern for business leaders—and for government regulators, investors, and standards bodies. Recent events have only increased the business world’s focus on ESG: worker wellness has become a major concern during the COVID-19 pandemic; social justice protests have drawn attention to gaps in diversity, equity, and inclusion; and the impacts of climate change and the importance of environmental sustainability are becoming harder, if not impossible, to ignore. It’s time that IT organizations and digital technologists recognized the role they can and must play in supporting their companies’ ESG efforts.
The critical thing to understand about ESG is that it is a strategic concern of businesses, not just a nice-to-have activity that occasionally pops up on a C-suite agenda. A business’s long-term survivability depends on a broad range of stakeholders in addition to its shareholders, just as it depends on the business’s ability to master the digital economy. In fact, a company’s medium-term (and even short-term) success in our fast-paced environment depends on making good decisions around environmental and social considerations. For this reason, focus has shifted from just doing good—what we call corporate social responsibility (CSR)—to setting up governance processes to build these activities into the fabric of the corporation’s activities. ESG is CSR raised to a strategic priority, bringing transparency and accountability into the company’s environmental and social impacts.
Why ESG Is an Important Board Concern
According to a Fortune 500 company board member, “companies are recognizing that taking care of broader stakeholders in the business over the mid- to long-term is a good thing for the long-term sustainability of the business.”1 Forty-five percent of board directors now say that ESG is a regular part of the board’s agenda (up from 34% in 2019).2 Eighty-two percent rank being a fair employer and good corporate citizen as “extremely” or “very” important.3
Environmental and social governance directly affects business performance: companies on the S&P 500 ESG Index outperformed, suffered fewer losses, and recovered faster than the S&P 500 during the pandemic.4
When a company’s board members are focused on a topic, senior executives are as well: 56% of US-listed companies whose market capitalization is over $25 billion have put ESG measures into their incentive plans.5 No surprise, then, that 48% of CEOs are implementing sustainability into their operations.6 ESG initiatives get translated into concrete business objectives: Verizon, for example, aims to spend at least $5.2 billion of its supplier spending on minority- and women-owned businesses. Verizon also plans to reduce its carbon emission intensity by at least 10%.7
Investors rightly consider ESG in making investment decisions, acknowledging that the long-term returns from a business depend on it. And this, in turn, leads to new efforts to set standards and promote transparency. The Business Roundtable, of which Amazon is a member, has revised its governance principles to include corporate stewardship. The SEC now requires disclosure of material human capital metrics. Rating agencies such as S&P Global, MSCI, Institutional Shareholder Services (ISS), and Sustainalytics provide ESG data on companies. And the AWS Open Data Initiative and AWS Data Exchange make ESG data easily available to investors. A number of organizations are setting standards, including the Sustainability Accounting Standards Board (SASB), the Global Reporting Initiative (GRI), the Carbon Disclosure Project (CDP), and the Task Force on Climate-Related Financial Disclosures (TCFD). In 2019, 90% of the companies in the S&P 500 index published a sustainability report, up from only 20% in 2011.8
Boards must oversee ESG because of its importance for the long-term survivability of the company. The board’s audit committee must see to ESG disclosures and transparency and ensure that appropriate processes and controls are in place. The compensation committee must set incentives, ensure accountability, recruit and retain diverse talent, and look after the company’s ESG culture. The nominating and governance committee must address the composition of the board and ensure that it stays engaged and educated on ESG matters.
How IT can and must further the company’s ESG efforts
Governing for environmental, social, and ethical impacts, like many of the other goals we set ourselves in the digital age, starts with data. And it’s IT, of course, that makes data available to the rest of the enterprise. For data to serve ESG governance, it must be continuously available, rather than ad-hoc and patchy. IT needs to think through the best data model to support ESG planning and measurement, source the data, and make it available in dashboards, reports, and operational intelligence that drives immediate process adjustments. ESG data can then be used both in the company’s improvement efforts and in disclosures to the public, and should include critical measures of workforce diversity and environmental impacts.
Engineering for Sustainability
Working in the cloud has tremendous sustainability advantages: on average, Amazon Web Services (AWS) runs workloads with a carbon footprint that 88% lower than when a company datacenter runs workloads. We can do this because we achieve a higher capacity utilization of our servers; because we design our infrastructure for low energy consumption; because we work with our power vendors to use renewable energy; and because we generate our own renewable energy through wind and solar farms.
The environmental consequences of each piece of code depend on (1) the design of the code, (2) the number of times it is executed, and (3) the energy efficiency and carbon footprint of the datacenter. In other blog posts we’ve circled around the idea of treating the financial cost of running a piece of code as an engineering parameter to be optimized1 (this is the main idea of FinOps). Companies can likewise treat sustainability as an engineering parameter to be optimized. Simply put: they can design their code to be sustainable.
The role IT plays in sustainability goes much further. Companies use energy in many of their day-to-day operations. Some have fleets of vehicles to deliver goods. Some have manufacturing equipment. Most have climate control in their facilities. Digital technology can help reduce the resulting environmental impacts. For example, technology can optimize the routes of vehicles and use sensors and machine learning to ensure that equipment operates correctly and minimizes its energy needs.
As for the “governance” aspect of ESG, IT departments should measure and disclose the environmental impacts of running their infrastructure, incentivize teams to design sustainable code, and prioritize features that will help reduce the environmental impacts of day-to-day business operations.
Workforce Diversity, Equity, Inclusion (DEI), and Wellness
Let’s face it—technology organizations are not and have not been diverse and inclusive enough. And in technology organizations the stakes are especially high: I previously wrote about the importance of diversity and inclusion when it comes to making IT teams innovative and successful. In addition, since technology is so central to everything companies do today, and since the IT organization touches so many parts of the enterprise, diversity in IT can have a ripple effect through the rest of the enterprise. IT systems, for example, play a role in HR’s efforts to measure and manage diversity. IT can enable workforce diversity by making sure its systems are accessible for people with disabilities and by making it easier to work remotely (so that parents who need to care for children, people in remote and underdeveloped areas, and people with disabilities can work as equals within the company).
How, specifically, can IT govern itself to support DEI? Systems should be designed from the ground up with accessibility in mind—not just in compliance with a set of accessibility requirements, but based on a user experience design that incorporates a broad range of users. The culture of the IT department—historically set by a nondiverse IT workforce—must become more inclusive. IT and the rest of the company must do better at hiring candidates from historically underrepresented or unrepresented groups, particularly with new capabilities technology has given us. Specifically, we need to hire in underdeveloped locations, allow work-from-home options, and make accommodations for employees with disabilities. IT must look after its employees, developing their skills and coaching them in their long-range career planning.
I’ve just learned of an interesting option to increase diversity: although IT organizations often resist hiring for entry-level skills, doing so expands the potential labor market considerably. Entry-level skills are perfectly appropriate for some IT roles, and the company can then further develop these employee’s skills. As a more general point, IT organizations should review their job descriptions to make sure their prerequisites do not unnecessarily exclude groups of potential employees who could do the job (for example, is a college degree really necessary for some technical roles?). AWS re/Start is a program that trains unemployed or underemployed populations with entry-level cloud skills and then places them with companies that continue their training. Please consider becoming a re/Start employer.
The COVID-19 pandemic has focused attention on employee wellness, and IT plays an important role in this sphere as well. Beyond supporting a healthy work-life balance through remote working and collaboration tools, IT can ensure that its systems are high-quality, usable, and appropriate for the job to be done—important factors in increasing employee satisfaction and reducing stress.
Product Safety and Inclusiveness
Businesses are responsible for ensuring that their products are safe for customers to use. More than that, their products must be able to be used equally and inclusively by all users.
This is another reason that having diverse employee teams is critical: diverse teams are more likely to understand the needs of underserved customer segments and ensure that products are designed for inclusivity and equity. In his book Humans vs Computers, Gojko Adzic tells stories of IT systems that didn’t consider all the usage scenarios they would face. It becomes clear that some of what we typically think of as “edge cases” are actually matters of inclusivity, such as “name” fields in IT systems that can’t accept names from certain cultures. His examples include the following:
IT systems that can’t handle people with a single name, like U Thant, the Burmese Secretary-General of the UN, where “U” is not a name but an honorary title, and Sukarno, the first president of IndonesiaIT systems that impose arbitrary length limits on names; one system was unable to handle a 35-letter Hawaiian last nameIT systems that reject through “validation” single-letter names, like O Rissei, the Japanese go playerIT systems that refuse names with certain accent marks, including the Hawaiian ‘okina2
To these I’d add the challenge of names that don’t fit neatly into the first name–middle name–last name structure, like some Hispanic surnames and hyphenated last names.
The safety of a product often depends on the safety of the software embedded in it and in the digital interactions purchasers have with the company. During the pandemic we’ve seen many “unsafe” digital interactions—for example, vaccine appointment-scheduling software that makes it too difficult for vulnerable populations to get vaccinated. The Healthcare.gov rollout was plagued by scalability problems that made it difficult for people to get health insurance. This is as much a safety issue as defective software that controls medical devices, or—especially—critical systems that are vulnerable to security breaches, like the recent hack of a water supply system in an attempt to poison the local population. To act responsibly on behalf of customers, companies must keep their technology secure.
Software quality control, resilience, and design inclusivity are all ESG concerns.
Privacy and Data Security
Customers entrust businesses with their personal data; businesses then have an obligation to keep that data private and secure. This obligation goes beyond compliance with standards and formal frameworks. In an earlier article I talked about the importance of creating a culture of security in which everyone across the enterprise considers safeguarding customer data to be their personal responsibility. That’s so; but IT still plays a critical role in implementing privacy practices and advising the rest of the company on data protection.
Companies that successfully secure data don’t do it just by bolting on security to existing systems; they do it by designing for privacy and security. Just as DevOps teams need to design and build their code with operations in mind, they also need to address privacy and security concerns throughout their software development processes as well. Access to data should be carefully controlled and data should always be encrypted at rest and in transit. I can’t go too much deeper into good contemporary privacy practices in a short blog post—plenty of material is already available on that subject—so I’ll just say that security and privacy enforcement are obligations of any socially responsible business, and a key element of ESG.
Vendors and Partners
I mentioned before that environmental and social improvements in IT can have a ripple effect through the rest of the enterprise. They can also have a ripple effect throughout the entire supply chain. IT organizations should insist that the vendors they work with also have effective ESG measures in place (including, by the way, their cloud providers…more on that it an upcoming post). Companies throughout the supply chain need to be told by their customers that ESG is important, just as your company needs to be accountable to its customers for your own ESG performance. IT’s ability to meet its ESG goals depends on the performance of its vendors; it’s no use to say that you’ve reduced your carbon footprint within your company if you’ve started using a new vendor with a bloated carbon footprint.
This update has been authored by Mark Schwartz, AWS Enterprise Strategist. Read more about IT and Environmental, Social, and Corporate Governance (ESG) on the AWS Cloud Enterprise Strategy Blog.