Environmental, Social and Governance (ESG) considerations are now firmly embedded in investment decision-making, with 73% of global asset owners incorporating sustainable investment approaches, according to FTSE Russell’s 2025 Global Asset Owner Survey.
The stakes are rising. The World Bank requires funded projects to actively manage and report environmental and social risks, while the International Finance Corporation (IFC) underscores the growing importance of reliable ESG data. As ESG becomes increasingly linked to access to capital, organisations face a critical test: can they prove their ESG data is accurate, reliable and verifiable?
“ESG is no longer just a reporting exercise,” says Muhammad Ali, managing director of World Wide Industrial & Engineering Systems (WWISE). “Investors, lenders and funders want clear evidence that organisations are actively managing ESG risks.” However, he believes the bigger challenge is data integrity.
This challenge is growing as organisations are increasingly expected to align with multiple ESG frameworks and disclosure requirements, including the Corporate Sustainability Reporting Directive (CSRD), IFRS S1 and S2, JSE Sustainability Disclosure Guidance, and emerging regulations.
Yet, fragmented data and inconsistent reporting continue to weaken the credibility of many ESG disclosures.
According to Ali, this creates risks that extend well beyond compliance.
“Organisations that cannot verify their ESG claims risk losing trust, opportunities and credibility,” he says.
Development finance institutions are also raising the bar. Under the World Bank’s Environmental and Social Framework, weak environmental and social risk management can result in increased oversight, corrective measures and potential funding risks.
However, building credible ESG governance comes at a cost with gap assessments ranging from around R100,000 for smaller organisations to several million rand for large multinationals, while full implementation programmes can run into tens of millions depending on scale, complexity and reporting obligations.
According to Ali, implementation costs are shaped by factors such as organisational scale, complexity, footprint and compliance requirements. But the cost of poor ESG governance, he argues, is often far higher.
“The question organisations should be asking is not whether they can afford to improve ESG governance, but whether they can afford not to,” he says. “Trust has become a critical business asset.”
The shift is already evident globally. Rio Tinto plans to invest approximately R82-billion to R98-billion (US$5-billion to US$6-billion) in decarbonisation by 2030, while Mercedes-Benz has committed more than approximately R750-billion (€40-billion) to electrification, sustainability and supply-chain transformation. BMW, meanwhile, has embedded sustainability requirements across a network of more than 12,000 suppliers. Together, these investments highlight how ESG governance and assurance are rapidly becoming core business requirements.
Recent enforcement actions highlight the cost of getting ESG wrong. Asset manager DWS was fined R412.5-million (US$25-million) by the U.S. SEC in 2023 over ESG-related misstatements, while further penalties in Germany pushed total sanctions close to approximately R 823-million (US$50-million). The case also triggered significant reputational damage, regulatory scrutiny and leadership changes.
One solution lies in adopting internationally recognised management systems that provide structured, auditable approaches to governance, measurement and continuous improvement.
A range of ISO standards provides practical frameworks that support ESG objectives. ISO 14001, ISO 14064 and ISO 50001 support environmental performance and emissions management; ISO 45001 and ISO 26000 strengthen social responsibility and workplace practices; while ISO 37001, ISO 27001, ISO 42001 and IWA48 reinforce governance, ethics, information security and AI governance.
As ESG reporting becomes more data-intensive and technology-driven, strong governance and independent assurance are essential. Together, these standards help strengthen data integrity, improve verification and build confidence in ESG disclosures.
“ISO standards help turn ESG commitments into verifiable performance,” says Ali. “They provide the governance, controls and assurance needed to build trust in ESG disclosures.” Beyond compliance, they ensure sustainability claims are evidence-based, not intent-based.
Ali notes the benefits go beyond compliance. Strong governance improves investor confidence, access to funding, procurement competitiveness and resilience. In cybersecurity, frameworks such as ISO 27001 are also increasingly used by insurers and underwriters to assess risk maturity.
As investor expectations, funding requirements and regulatory oversight continue to intensify, Ali believes the conversation is shifting fundamentally.
“For years the focus was ESG reporting,” he concludes. “Today it is ESG proof. Organisations that can demonstrate credible, verifiable data will be better positioned to attract investment, funding and trust.”