Encyclopedia
Please note this is a comparison between Version 1 by Marcia Cristina Machado and Version 3 by Nora Tang.
In this study, we investigate the relationship between the sustainability indicators proposed by the Global Reporting Initiative (GRI) and the goals defined by the Sustainable Development Goals (SDGs) with the COBIT maturity model. As a result, we obtained a set of 50 indicators covering four dimensions of sustainability. In the Environmental dimension 11 indicators were observed, in Economic 06 indicators were listed, in Social 14 indicators were listed, and in the Governance dimension there were 19 indicators converging between COBIT and GRI. These 50 indicators were validated through content analysis of sustainability reports from 9 IT companies worldwide. In this analysis, it was observed that the SDGs are incorporated in the strategic goals of 7 of the 9 companies analyzed.
- governance indicators
- information technology
- maturity models
- software
- sustainability indicators
1. Introduction
In a competitive and highly connected world, technology companies play a key role as providers of solutions and services [1]. As a result of the restrictions imposed by the pandemic, these companies have seen their economic value increase, almost in proportion to the pressure from stakeholders and society for greater transparency in data management, ethics, and socioenvironmental responsibility [2].
To face these pressures, the adoption of strategic and operational management models aligned with sustainability, and the establishment of measurable goals through indicators that show the materiality of the operations, have become indispensable tools [3].
Indicators are generally implemented as a measure to assess a company in relation to the quality of its services and/or products, operational or financial performance, customer, employee, or stakeholder satisfaction, and are also used to assess the level of sustainability of a company, city, or country [4]. In the field of sustainability, several indicators have been proposed, but, according to [5], the set of variables used to compose these indicators, such as the Environmental Sustainability Index (ESI), Environmental Performance Index (EPI), Adjusted Net Economy (ANS), and the Ecological Footprint, present conflicting or contradictory results.
In view of this scenario, Agenda 21 was proposed, which reinforced the need to establish indicators that allow the sustainable development of the millennium to be assessed, giving rise to the Sustainable Development Goals (SDGs) which are presented as relevant, measurable, easily communicated, accessible indicators, and with a focus on results [6]. However, the metrics proposed in Agenda 21 do not always meet corporate objectives, generating the need for a new set of indicators that assess sustainability in companies.
In the software engineering environment, the steps to determine the metrics can be oriented towards product evaluation—product inspection and quality control; process—evolution of the life cycle and management of activities at the operational level and system management—guarantee of product quality and technical information [7][8][9][7,8,9]. Another mechanism adopted is the maturity model that supports the development and control of processes, the optimization of established procedures, and also an improvement in product quality and the management of related activities, promoting the best use of available resources [10].
The optimization of resources can also be measured through annual or biennial sustainability and/or social responsibility reports, in which companies inform the results of their performance indicators and describe voluntary or mandatory actions to improve environmental, economic, and social performance operations [11]. This information, which started with the Corporate Social Responsibility (CSR) approach, has gained new outlines and has recently come to be known as Environmental Social and Governance (ESG) criteria, making social and environmental issues an indispensable part of companies’ strategy [2][12][2,12].
One of the most adopted models to develop the Sustainability Report in companies is the Global Reporting Initiative (GRI), which uses inventory processes as a basis for data collection. This standardized model provides an overview of an organization’s sustainable practices for investors, customers, employees, and stakeholders [11][13][11,13].
In software and information and communication technology (ICT) companies, the preparation and dissemination of sustainability reports has become a practice adopted by large companies or global organizations; however, among Brazilian micro and small software companies, which represent 95.5% of a total of 5924 companies in the sector, the dissemination of sustainable actions and practices has not yet occurred due to difficulties in implementing and measuring sustainability indicators [14][15][14,15].
Thus, this study has a main objective to develop a set of sustainable indicators that can be adopted by micro and small software companies, based on the connection between the sustainability indicators proposed by SGD and GRI, and the requirements of the COBIT maturity model. This set of indicators can help micro and small companies to assess their level of adherence to sustainability and identify points that need improvement.
2. Findings
The use of indicators to manage the sustainability goals established by companies and to establish sustainable standards of device production in the development of applications/software, suggested by Sage (1997) and Debreceny and Gray (2013), were identified in the analyzed reports. Considering the SDGs and GRI reporting items, an analysis was carried out to identify their relationship with the requirements of the COBIT model, with the aim of generating a set of indicators that aggregate the three lines of corporate sustainability: environmental, economic, and social.The result of these analyses is that the environmental and social indicators (GRI and ODS) are more adherent to the COBIT model, reinforcing the current trend of social and environmental indicators [16][17][27,28]. It was also observed that the economic indicators were less mentioned in the sustainability reports prepared and made available by the companies.
On the other hand, IT corporate governance, which permeates the sustainability aspects considered in this study, presented 19 converging items, reinforcing compliance with international rules linked to Sarbanes–Oxley’s transparency and compliance practices, as well as the definitions of the management and strategic alignment established by the GTI and adoption of the COBIT model itself, which is an efficient tool for managing activities carried out in software and information and communication technology companies. Regarding the set of 50 proposed indicators, it was observed that they are unevenly distributed between environmental, economic, and social aspects, as described below.-
Environmental aspect → this dimension linked to the GRI items related to energy presented four items for energy, one item for manager environmental, and three items for products and services, adding up to eight COBIT requirements.
-
Economic aspect → this dimension has seven items related to the economic and product aspects. One item of policies, two items of corporate environment management, one item of financial management, two items of contract management, and one of data management were verified, totaling seven COBIT requirements.
-
Social aspect → Five items of the GRI social—labor relations and one item of social—society are strongly similar to eight requirements of COBIT, as shown in Table 1 of this study.
Table 1. Convergence among GRI and SDG and COBIT2019 indicators.
| Dimension Indicator |
Global Reporting Initiative (GSSB) |
Sustainable Development Goals (Targets Associated) |
COBIT 2019 (Governance and Management Objectives) |
|---|---|---|---|
| GVN1 | 102-11 => Precautionary Principle or approach | EDM02.01 Establish the target investment mix; MEA02.02 Review effectiveness of business process controls. |
|
| GVN2 | 102-15 => Key impacts, risks, and opportunities | EDM03.01 Evaluate risk management; EDM03.02 Direct risk management. |
|
| GVN3 | 102-16 => Values, principles, standards, and norms of behavior | 16.3 Promote the rule of law at the national and international levels and ensure equal access to justice for all. | MEA04.01 Ensure that assurance providers are independent and qualified. |
| GVN4 | 102-17 => Mechanisms for advice and concerns about ethics | 16.3 | MEA04.01 Ensure that assurance providers are independent and qualified. |
| GVN5 | 102-18 => Governance structure | APO01.01 Design the management system for enterprise I&T; APO01.04 Define and implement the organizational structures; EDM01.02 Direct the governance system. |
|
| GVN6 | 102-19 => Delegating authority | APO01.01 Design the management system for enterprise I&T; APO01.05 Establish roles and responsibilities; EDM01.01 Evaluate the governance system. |
|
| GVN7 | 102-21 => Consulting stakeholders on economic, environmental, and social topics | 16.7 Ensure responsive, inclusive, participatory, and representative decision-making at all levels | APO02.05 Define the strategic plan and road map; APO02.06 Communicate the I&T strategy and direction; BAI01.03 Manage stakeholder engagement; EDM01.01 Evaluate the governance system. |
| GVN8 | 102-26 => Role of highest governance body in setting purpose, values, and strategy | APO01.09 Define and communicate policies and procedures. | |
| GVN9 | 102-28 => Evaluating the highest governance body’s performance | EDM01.03 Monitor the governance system. | |
| GVN10 | 102-29 => Identifying and managing economic, environmental, and social impacts | 16.7 | EDM02.01 Establish the target investment mix. |
| GVN11 | 102-30 => Effectiveness of risk management processes | APO01.11 Manage continual improvement of the I&T management system; APO12.02 Analyze risk; EDM01.03 Monitor the governance system; EDM03.02 Direct risk management. |
|
| GVN12 | 102-31 => Review of economic, environmental, and social topics | EDM02.03 Direct value optimization; EDM03.03 Monitor risk management; MEA03.01 Identify external compliance requirements. |
|
| GVN13 | 102-40 => List of stakeholder groups | MEA01.01 Establish a monitoring approach. | |
| GVN14 | 102-42 => Identifying and selecting stakeholders | MEA01.01 Establish a monitoring approach. | |
| GVN15 | 102-43 => Approach to stakeholder engagement | BAI11.03 Manage stakeholder engagement; MEA01.02 Set performance and conformance targets; MEA03.01 Identify external compliance requirements; EDM05.01 Evaluate stakeholder engagement and reporting requirements. |
|
| GVN16 | 102-44 => Key topics and concerns raised | EDM05.03 Monitor stakeholder engagement. | |
| GVN17 | 103-1 => Explanation of the material topic and its Boundary | APO01.02 Communicate management objectives, direction and decisions made; EDM04.02 Direct resource management. |
|
| GVN18 | 103-2 => The management approach and its components | EDM04.03 Monitor resource management. | |
| GVN19 | 103-3 => Evaluation of the management approach | APO01.03 Implement management processes (to support the achievement of governance and management objectives); EDM02.02 Evaluate value optimization; EDM04.01 Evaluate resource management. |
|
| ECN1 | 201-1 => Direct economic value generated and distributed | 1.2 By 2030, reduce at least by half the proportion of men, women, and children of all ages living in poverty in all its dimensions according to national definitions. 8.1 Sustain per capita economic growth in accordance with national circumstances and, in particular, at least 7 per cent gross domestic product growth per annum in the least-developed countries. 8.2 Achieve higher levels of economic productivity through diversification, technological upgrading, and innovation, including through a focus on high-value added and labor-intensive sectors. 9.1 Develop quality, reliable, sustainable, and resilient infrastructure, including regional and transborder infrastructure, to support economic development and human well-being, with a focus on affordable and equitable access for all. 9.4 By 2030, upgrade infrastructure and retrofit industries to make them sustainable, with increased resource-use efficiency and greater adoption of clean and environmentally sound technologies and industrial processes, with all countries taking action in accordance with their respective capabilities. 9.5 Enhance scientific research, upgrade the technological capabilities of industrial sectors in all countries, in particular developing countries, including, by 2030, encouraging innovation and substantially increasing the number of research and development workers per 1 million people and public and private research and development spending. |
APO06.01 Manage finance and accounting. |
| ECN2 | 201-2 => Financial implications and other risks and opportunities due to climate change | 13.1 Strengthen resilience and adaptive capacity to climate-related hazards and natural disasters in all countries. | DSS01.04 Manage the environment; EDM03.01 Evaluate risk management. |
| ECN3 | 203-1 => Infrastructure investments and services supported | 5.4 Recognize and value unpaid care and domestic work through the provision of public services, infrastructure. and social protection policies and the promotion of shared responsibility within the household and the family as nationally appropriate. 9.1; 9.4; 11.2 By 2030, provide access to safe, affordable, accessible, and sustainable transport systems for all, improving road safety, notably by expanding public transport, with special attention paid to the needs of those in vulnerable situations, women, children, persons with disabilities, and older persons. | APO04.02 Maintain an understanding of the enterprise environment. EDM02.02 Evaluate value optimization. EDM02.04 Monitor value optimization. |
| ECN4 | 203-2 => Significant indirect economic impacts | 1.2; 1.4 By 2030, ensure that all men and women, in particular the poor and the vulnerable, have equal rights to economic resources, as well as access to basic services, ownership, and control over land and other forms of property, inheritance, natural resources, appropriate new technology, and financial services, including microfinance. 3.8 Achieve universal health coverage, including financial risk protection, access to quality essential health-care services and access to safe, effective, quality, and affordable essential medicines and vaccines for all. 8.2; 8.3 Promote development-oriented policies that support productive activities, decent job creation, entrepreneurship, creativity, and innovation, and encourage the formalization and growth of micro-, small-, and medium-sized enterprises, including through access to financial services. 8.5 By 2030, achieve full and productive employment and decent work for all women and men, including for young people and persons with disabilities, and equal pay for work of equal value. |
APO04.03 Monitor and scan the technology environment; APO04.06 Monitor the implementation and use of innovation; APO12.05 Define a risk management action portfolio; DSS04.02 Maintain business resilience. |
| ECN5 | 204-1 => Proportion of spending on local suppliers | 8.3 | APO05.02 Evaluate and select programs to fund; APO07.06 Manage contract staff. |
| ECN6 | 207-3 => Stakeholder engagement and management of concerns related to tax | 1.1 By 2030, eradicate extreme poverty for all people everywhere, currently measured as people living on less than USD 1.25 a day. 1.3 Implement nationally appropriate social protection systems and measures for all, including floors, and by 2030 achieve substantial coverage of the poor and the vulnerable. 10.4 Adopt policies, especially fiscal, wage, and social protection policies, and progressively achieve greater equality. 17.1 Strengthen domestic resource mobilization, including through international support to developing countries, to improve domestic capacity for tax and other revenue collection. 17.3 Mobilize additional financial resources for developing countries from multiple sources. |
EDM05.02 Direct stakeholder engagement, communication and reporting. |
| EVR1 | 301-3 => Reclaimed products and their packaging materials | 8.4 Improve, progressively, through 2030, global resource efficiency in consumption and production and endeavor to decouple economic growth from environmental degradation, in accordance with the 10-year framework of programs on sustainable consumption and production, with developed countries taking the lead. 12.2 By 2030, achieve the sustainable management and efficient use of natural resources. 12.5 By 2030, substantially reduce waste generation through prevention, reduction, recycling, and reuse. |
BAI09.03 Manage the asset life cycle. |
| EVR2 | 302-1 => Energy consumption within the organization | 7.2 By 2030, increase substantially the share of renewable energy in the global energy mix. 7.3 By 2030, double the global rate of improvement in energy efficiency. 8.4; 12.2; 12.5; 13.1 |
BAI04.01 Assess current availability, performance and capacity and create a baseline. |
| EVR3 | 302-3 => Energy intensity | 7.3; 8.4; 12.2; 13.1 | BAI04.02 Assess business impact; DSS01.05 Manage facilities. |
| EVR4 | 302-4 => Reduction of energy consumption | 7.3; 8.4; 12.2; 13.1 | BAI04.04 Monitor and review availability and capacity. |
| EVR5 | 302-5 => Reductions in energy requirements of products and services | 7.3; 8.4; 12.2; 13.1 | BAI04.05 Investigate and address availability, performance and capacity issues. |
| EVR6 | 303-1 => Water withdrawal by source | 6.3 By 2030, improve water quality by reducing pollution, eliminating dumping, and minimizing release of hazardous chemicals and materials, halving the proportion of untreated wastewater and substantially increasing recycling and safe reuse globally. 6.4 By 2030, substantially increase water-use efficiency across all sectors and ensure sustainable withdrawals and supply of freshwater to address water scarcity and substantially reduce the number of people suffering from water scarcity. 6.A By 2030, expand international cooperation and capacity-building support to developing countries in water- and sanitation-related activities and programs, including water harvesting, desalination, water efficiency, wastewater treatment, recycling, and reuse technologies. 6.B Support and strengthen the participation of local communities in improving water and sanitation management. 12.4 By 2020, achieve the environmentally sound management of chemicals and all wastes throughout their life cycle, in accordance with agreed international frameworks, and significantly reduce their release to air, water, and soil in order to minimize their adverse impacts on human health and the environment. |
BAI04.04 Monitor and review availability and capacity. |
| EVR7 | 305-2 => Energy indirect (Scope 2) GHG emissions | 3.9 By 2030, substantially reduce the number of deaths and illnesses from hazardous chemicals and air, water, and soil pollution and contamination. 12.4; 13.1 14.3 Minimize and address the impacts of ocean acidification, including through enhanced scientific cooperation at all levels. 15.2 By 2020, promote the implementation of sustainable management of all types of forests, halt deforestation, restore degraded forests, and substantially increase afforestation and reforestation globally. |
DSS01.05 Manage facilities. |
| EVR8 | 305-5 => Reduction of GHG emissions | 13.1; 14.3; 15.2 | DSS01.05 Manage facilities. |
| EVR9 | 306-1 => Waste generation and significant waste-related impacts | 3.9; 6.3; 6.4; 6.6 By 2020, protect and restore water-related ecosystems, including mountains, forests, wetlands, rivers, aquifers, and lakes; 12.4; 14.1; | BAI09.03 Manage the asset life cycle. |
| EVR10 | 306-5 => Waste directed to disposal | 6.6; 14.2 By 2020, sustainably manage and protect marine and coastal ecosystems to avoid significant adverse impacts, including by strengthening their resilience, and take action for their restoration in order to achieve healthy and productive oceans. 15.1 By 2020, ensure the conservation, restoration, and sustainable use of terrestrial and inland freshwater ecosystems and their services, in particular forests, wetlands, mountains, and drylands, in line with obligations under international agreements. 15.5 Take urgent and significant action to reduce the degradation of natural habitats, halt the loss of biodiversity, and, by 2020, protect and prevent the extinction of threatened species. |
BAI09.03 Manage the asset life cycle. |
| EVR11 | 308-1 => New suppliers that were screened using environmental criteria | APO10.03 Manage vendor relationships and contracts. | |
| SCL1 | 401-1 => New employee hires and employee turnover | 5.1 End all forms of discrimination against all women and girls everywhere. 8.5; 10.3 Ensure equal opportunity and reduce inequalities of outcome, including by eliminating discriminatory laws, policies, and practices and promoting appropriate legislation, policies, and action in this regard. |
APO07.01 Acquire and maintain adequate and appropriate staffing. |
| SCL2 | 402-1 => Minimum notice periods regarding operational changes | 8.8 Protect labor rights and promote safe and secure working environments for all workers, including migrant workers, in particular women migrants, and those in precarious employment. | APO07.02 Identify key IT personnel; BAI05.06 Embed new approaches; BAI06.01 Evaluate, prioritize and authorize change requests. |
| SCL3 | 403-5 => Worker training on occupational health and safety | 8.8 | DSS01.05 Manage facilities. |
| SCL4 | 404-1 => Average hours of training per year per employee | 4.3 By 2030, ensure equal access for all women and men to affordable and quality technical, vocational, and tertiary education, including university. 4.4 By 2030, substantially increase the number of youth and adults who have relevant skills, including technical and vocational skills, for employment, decent jobs, and entrepreneurship. 4.5 By 2030, eliminate gender disparities in education and ensure equal access to all levels of education and vocational training for the vulnerable, including persons with disabilities, indigenous peoples, and children in vulnerable situations. 5.1; 8.2 Achieve higher levels of economic productivity through diversification, technological upgrading, and innovation, including through a focus on high-value added and labor-intensive sectors. 8.5 By 2030, achieve full and productive employment and decent work for all women and men, including for young people and persons with disabilities, and equal pay for work of equal value. 10.3 |
APO01.08 Define target skills and competencies; APO07.03 Maintain the skills and competencies of personnel; DSS04.06 Conduct continuity plan training. |
| SCL5 | 404-2 => Programs for upgrading employee skills and transition assistance programs | 8.2; 8.5 | APO07.03 Maintain the skills and competencies of personnel. |
| SCL6 | 404-3 => Percentage of employees receiving regular performance and career development reviews | 5.1; 8.5; 10.3 | APO07.04 Assess and recognize/reward employee job performance. |
| SCL7 | 408-1 => Operations and suppliers at significant risk for incidents of child labor | 8.7 Take immediate and effective measures to eradicate forced labor, end modern slavery and human trafficking, and secure the prohibition and elimination of the worst forms of child labor, including recruitment and use of child soldiers, and by 2025, end child labor in all its forms. 16.2 End abuse, exploitation, trafficking, and all forms of violence against and torture of children. |
APO10.04 Manage vendor risk. |
| SCL8 | 409-1 => Operations and suppliers at significant risk for incidents of forced or compulsory labor | 8.7 | APO10.04 Manage vendor risk. |
| SCL9 | 414-1 => New suppliers that were screened using social criteria | 5.2 Eliminate all forms of violence against all women and girls in the public and private spheres, including trafficking and sexual and other types of exploitation. 8.8; 16.1 Significantly reduce all forms of violence and related death rates everywhere. | APO10.03 Manage vendor relationships and contracts. |
| SCL10 | 416-2 => Incidents of noncompliance concerning the health and safety impacts of products and services | 16.3 | APO13.03 Monitor and review the information security management system (ISMS). |
| SCL11 | 417-1 => Requirements for product and service information and labeling | 12.8 | APO14.02 Define and maintain a consistent business glossary. |
| DSS01.02 Manage outsourced I&T services. | |||
| SCL12 | 417-2 => Incidents of noncompliance concerning product and service information and labeling | 16.3 | DSS01.01 Perform operational procedures. |
| SCL13 | 418-1 => Substantiated complaints concerning breaches of customer privacy and losses of customer data | 16.3; 16.10 | APO13.01 Establish and maintain an information security management system (ISMS). |
| SCL14 | 419-1 => Noncompliance with laws and regulations in the social and economic area | 16.3 | MEA03.03 Confirm external compliance. |
Legend: ECN: economic; EVR: environmental; GVN: governance; SCL: social.
It was also observed that 29 items of governance, strategy, and engagement of stakeholders established in the GRI are following 16 requirements of the EDM dimension of COBIT, and that these comprise the analysis of the ESG indicators of the rating companies. In view of the results, it was confirmed that the proposed indicators include the three aspects of sustainability—environmental, economic, and social.
Regarding the feasibility of using the proposed set of indicators, although limited, given the number of sustainability reports analyzed, these were adequate to the current concerns of technology companies with the use of renewable energy, and sustainable productive means, considering the entire product and/or service life cycle and greenhouse gas emissions from its operations and suppliers.
At the same time, it is observed that investors have been looking for companies that have their strategy focused on the sustainability of their operations, especially those that aim to preserve and optimize the use of natural resources, control greenhouse gas emissions, and manage waste generated, as well as adopting inclusive policies in the hiring of its employees, engaging partners, suppliers, and local communities in business, and within its area of operation, generating value for society.
In this new scenario of opportunities, micro and small companies can and should take ownership of sustainable practices aiming to improve their operational performance, due to the satisfaction and engagement of their employees and partners, at the same time obtaining investments to expand their business and expand the portfolio of customers, generating value for partners, employees, and the parties involved.
