Why Your ISS Governance Scores Just Went Down
In late January, many companies saw their ISS ESG Governance Quality Score change overnight, without any changes to their actual ESG governance practices. The culprit? Some pretty substantial updates to two new subcategories that fall under the audit category: Information Security Risk Management and Information Security Risk Oversight.
The ISS ESG Governance Quality Score (GQS) is data driven scoring methodology that incorporates hundreds of data points to enable its subscribers to screen companies and make informed decisions on their portfolio companies. The general classifications of the data points are Board Structure, Compensation, Shareholder Rights, and Audit & Risk Oversight.
Highlights on the new factors include:
Audit (Information Security Risk Oversight)
- Percentage of the committee responsible for information security risk that is independent
- How often senior leadership briefs the board on information security matters
- Number of directors with information security experience
Audit (Information Security Risk Management)
- Company’s disclosure on identifying and mitigating information security risks
- Net expenses incurred from information security breaches over the last three years relative to total revenue
- Security breaches in past three years – including costs and settlements in relation to revenue
- Existence and annual training on information security
- How long ago did the most recent information security breach occur (in months)? (Q412)
Data Security and Privacy has been historically evaluated by ISS through the E&S Score, mainly looking at management’s approach and quantitative figures:
- Management’s approach (not the board)
- Number of data security breaches
- Percentage of security breaches involving customers’ personally identifiable information (PII)
- Number of customers affected
ISS also is now assessing ethnic and racial diversity on the board, within its Diversity and Inclusion subcategory, and would like to see evidence of employee diversity goals tied to executive compensation KPI’s. ISS also promises to scrutinize closely any special grants to executives in light of Covid-19. Finally, they are closely monitoring executive directors, and specifically Board chairs serving on an excessive number of outside Boards.
If you would like to learn more about how Riveron can help you better understand these changes, or would like to improve your governance score, contact us.
Source: ISS Governance QualityScore Methodology Guide (January 29th, 2021).