GPRC for Sustainability & ESG

In nearly every organization I speak with, sustainability and ESG are now part of the conversation. Not just in annual reports or investor decks, but in strategy sessions, risk workshops, board discussions, and even operational resilience planning. The reasons vary — regulations, investor expectations, customer demands, talent attraction, reputational pressure — but the direction is unmistakable. ESG has moved from “nice to have” into the territory of “must govern.”

And yet, despite the attention, there is still a persistent disconnect. Many organizations are doing ESG, reporting ESG, and talking ESG, but they struggle to manage ESG as a unified capability that truly influences decisions, shapes performance, and stands up to scrutiny. Too often, ESG remains a collection of initiatives rather than an operating model. It becomes a patchwork of programs and metrics, rather than a command framework that can guide the enterprise through uncertainty.

This is why I often use an analogy in presentations that seems to resonate with executives and practitioners alike: a tale of two futures.

• One future looks like Star Trek — a world where innovation is harnessed for human progress, where society becomes more cooperative, where science and technology support sustainability rather than accelerate depletion, and where the future is defined by possibility instead of collapse.
• The other future looks like Blade Runner — a world of extraordinary technology layered over environmental decay, social fracture, inequality, and instability. A world where the lights are bright, but the air is toxic. Where progress exists, but the human cost is unbearable. Where the system doesn’t fall apart all at once but erodes until dystopia feels normal.

The purpose of this analogy is not to be dramatic for effect. It is to remind leaders of a reality we often avoid: ESG is not a marketing theme. It is a decision framework about the future we are building. And organizations are not just observers of that future — they are architects of it.

There was a time when sustainability was largely driven by internal values or external goodwill, often positioned as corporate social responsibility or community engagement. Many of those efforts were well intentioned, and some were genuinely impactful, but they were frequently disconnected from the core operating model of the organization. ESG sat alongside the business rather than inside it.

That world no longer exists.

Today, ESG is increasingly being pulled into governance by forces that are structural, not symbolic. The regulatory environment continues to expand across climate disclosures, due diligence expectations, supply chain accountability, and human rights oversight. Investors are demanding consistent, decision-grade transparency into environmental and social exposure. Customers and partners are asking sharper questions about sourcing, labor practices, emissions, ethics, and community impact. Employees expect purpose, equity, and accountability, and they will vote with their feet when those expectations are ignored. Even insurers and lenders are shaping the market by pricing climate and conduct risks into financial terms.

But the most important force isn’t policy or pressure; it is the physical and social reality unfolding around us. Climate volatility is now operational volatility. Water stress becomes supply chain disruption. Biodiversity loss becomes food system strain. Social fracture becomes geopolitical risk. ESG issues no longer sit outside the enterprise as abstract concerns. They are emerging inside the enterprise as strategic uncertainty, operational disruption, reputational shocks, and long-term viability questions.

In other words, ESG has become a mission risk.

And mission risk requires orchestration.

In this GPRC series, the foundation is clear and consistent:

GRC is the capability to reliably achieve objectives (governance), address uncertainty (risk management), and act with integrity (compliance).

When we apply that definition to sustainability and ESG, it becomes obvious why ESG cannot be managed as a standalone program.

ESG begins with objectives — not just financial goals, but the enterprise commitments that define long-term direction: decarbonization targets, responsible sourcing, ethical technology use, workforce health and equity, community impact, transparency, and long-term resilience. These are governance decisions, because governance defines what the organization is trying to accomplish and why it matters.

But ESG also exists in the realm of uncertainty, because the environmental and social landscape is not stable. Risks emerge over long horizons and then accelerate suddenly. They cascade through supply chains, infrastructure, communities, and markets. The organization must navigate unpredictable external forces while still delivering reliable performance.

Finally, ESG is inseparable from integrity, because sustainability claims are only valuable if they are true. Trust is not built by publishing commitments. Trust is built by doing what was promised, proving it, and sustaining it under scrutiny.

This is why ESG is not merely governance, risk, and compliance. It is governance, performance, risk, and compliance — GPRC — because ESG must be measured in performance outcomes, not just policy statements. Governance must define the mission. Performance must prove progress. Risk must quantify uncertainty. Compliance must preserve integrity.

Most ESG programs today suffer from fragmentation. Sustainability teams track emissions. HR teams manage diversity and workforce initiatives. Procurement handles supplier expectations. Compliance watches emerging disclosure and due diligence rules. Risk teams may run climate assessments. Investor relations compiles reporting. Internal audit may eventually test controls.

And then, once a year, those threads are stitched together into a report that tries to tell a cohesive story.

But ESG is not a story problem. ESG is a systems problem.

Organizations cannot govern what they cannot connect. They cannot optimize what they cannot see end-to-end. They cannot claim integrity if data lineage and accountability are unclear. And they cannot navigate uncertainty if ESG risk intelligence lives in isolated repositories.

This is what many organizations experience as “ESG fatigue” — not because ESG is unimportant, but because the program becomes complex without becoming coherent.

That is why the next evolution of ESG is not more activity. It is orchestration.

In my earlier blogs in this series, I framed the shift clearly: modern governance cannot rely on fragmented systems and siloed metrics. It requires orchestration through a living model of the enterprise.

That is the essence of GRC 7.0 – GRC Orchestrate, built on:

• Digital twins as living representations of objectives, processes, risks, controls, and dependencies
• Agentic AI as intelligent interpretation and recommendation across complex signals
• Business-integrated GRC so governance and integrity are embedded in execution

This same architecture is what ESG has been waiting for, because ESG cannot be governed through periodic reporting alone. It must be governed through continuous alignment between objectives, operations, and outcomes.

A digital twin gives the organization an ESG model that goes beyond spreadsheets. It connects sustainability objectives to operational reality: where emissions originate, how supply chains contribute, what dependencies matter, and where performance is drifting. It transforms ESG from “metrics collected after the fact” into “conditions monitored as the business runs.”

Agentic AI then becomes the ESG watch officer on the bridge. It monitors signals that humans cannot interpret quickly enough at scale: regulatory change, supply chain intelligence, climate risk indicators, reputational trends, workforce sentiment, and operational anomalies. It correlates risk and performance across ESG dimensions and helps leadership see the weak signals early — before they become crises.

And when ESG is truly business-integrated, it stops being something leaders remember at reporting time and becomes something the enterprise navigates every day. ESG considerations shape sourcing decisions, investment priorities, product strategies, facility planning, and third-party relationships. ESG becomes a dimension of decision-making, not an after-the-fact justification.

The Star Trek future does not arrive by accident. It requires intentional design: aligning innovation with sustainability, performance with responsibility, and ambition with integrity.

The Blade Runner future also does not arrive all at once. It emerges gradually through fragmentation, short-termism, and performative governance: where the organization publishes commitments it cannot operationalize, reports metrics it cannot defend, and treats ESG as a communications layer rather than a mission-critical capability.

This is why ESG is ultimately a governance choice.

Not just “do we care?” but do we orchestrate?

Because without orchestration, ESG becomes reactive. And reactive ESG — in a world of accelerating environmental and social disruption — is simply another path toward instability.

In Star Trek, Starfleet’s Prime Directive wasn’t a slogan. It was a discipline: a commitment to act with integrity even when choices were complex and consequences uncertain.

In modern business, sustainability and ESG are becoming something similar. Not because regulators demand it, but because reality demands it.

Organizations that build ESG as a GPRC capability — grounded in objectives, measured in performance, navigated through risk intelligence, and sustained through integrity — will not only be more compliant. They will be more resilient, more trusted, and more future-ready.

Because in the expanding galaxy of uncertainty, we are not simply managing ESG.

We are choosing the future we want to inhabit.

And the question remains as urgent as ever:

Are we building the Star Trek future . . . or drifting toward Blade Runner?

2025 RMIS Panorama by EY and AMRAE

Download Report