Keeping Score: Understanding ISS ESG Rating Systems and What They Say About Your Company

As environmental, social, and governance (ESG) ratings become more mainstream, we’re seeing more ratings firms getting into the picture, each with their own system and methodology. Not surprisingly, companies often struggle to understand and meet the diverse requirements from this growing list of players. In this space, the proxy advisory firm Institutional Shareholder Services (ISS) has a long-time presence. The firm offers four different ESG ratings products, each with its own focus and nuances, to help paint a comprehensive picture of where a company stands on ESG. It is worth familiarizing yourself with each of them if you are a publicly traded company, or are considering conducting an IPO, as most of the ISS ratings are prominently featured on ISS Proxy Research Reports and may also provide insight into how ISS proxy voting policies may guide related proxy voting recommendations.

Here’s a closer look at everything you need to know about ISS’ different ESG rating systems and how to start improving your company’s ESG scores.

ISS Governance QualityScore (GQS)

What it is: Thousands of companies worldwide are evaluated under the ISS Governance QualityScore (GQS), ISS’ current governance rating product. GQS made its debut in 2013, focusing on traditional corporate governance topics, such as Board structure and executive compensation. Last fall, ISS announced its most extensive methodology enhancement to date to GQS, adding 23 new factors to the rating system. While not all of these factors will be scored right away, they do expand scrutiny to publicly available information in areas that are top of mind for investors and the SEC, such as a factor on cyber-expertise in the board room.

How it works: The GQS methodology focuses on the qualitative aspects of corporate governance across four key areas: board structure, compensation, shareholder rights, and audit and risk oversight relative to a company’s industry peers.

Why it matters: The GQS assessment and scoring methodology is designed to align with ISS’ voting policy. If your company is assessed by GQS as having a poor score, this may be an indication that there could be potential issues regarding ISS vote recommendations on those related proxy ballot items. Company GQS scores are included on all ISS Proxy Research Reports.

Environmental & Social Disclosure QualityScore (E&SQS)

What it is: In 2018, ISS created the Environmental & Social Disclosure QualityScore (E&SQS), similar to GQS’ methodology, but focused on topics such as carbon and climate, human rights, and employee health and safety.

How it works: As with GQS, the E&SQS screens companies’ public disclosures and compares companies against their peers to help identify the environmental and social policy leaders and laggards in any given industry.

Why it matters: As with GQS, Some E&SQS factors may influence the outcome of a vote recommendation for a shareholder proposal.  For example, if a company has an environmental or social shareholder proposal on its ballot and the company scored poorly on these pillars, the ISS recommendation is likely to be influenced by the E&SQS score. ISS may leverage other E&SQS factors—such as those that align with the TCFD framework for reporting climate data, climate risks, and related management practices—when considering a vote against a board member at a high polluting company for a company’s lack of climate-risk related oversight. Company E&SQS scores are included on all ISS Proxy Research Reports.

ISS Corporate Rating

What it is: The Corporate Rating solution came to ISS through the 2018 acquisition of Oekom Research, a Munich, Germany-based corporate sustainability research and rating company established in 1993. The Corporate Rating differs from E&SQS in several important ways. Most notably, the Corporate Rating focuses on actual sustainability performance, and not just disclosure.

How it works: The Corporate Rating assesses a core set of ESG topics for each covered company along with factors drawn from a much larger pool of sector-specific set of key indicators. To assess sustainability performance, the rating system uses several methods, the most significant of which are the eco-efficiency metrics. In this approach, several ESG topics addressing a company’s resource use or environmental impacts are normalized using another metric, such as revenue or square footage. This provides the ability to meaningfully compare company performance on these metrics across sector companies of different sizes. The Corporate Rating uses both a relative scoring model that assesses company performance compared to its peers as well as an absolute performance rating model that measures company performance against a standard.

Why it matters: Currently, ISS does not include the Corporate Rating in ISS Proxy Research Reports as it does with GQS and E&SQS, but this could change in the future. For now, the ratings provide companies with insight into the effectiveness and results of sustainability practices, which can be useful as investors and regulators begin to look beyond disclosure and start to give more credence to actual impact.

ISS Cyber Risk Score

What it is: In January 2023, ISS ESG announced the launch of a new Cyber Risk Score. The Cyber Risk Score is a forward-looking score that attempts to predict how vulnerable a company’s security systems are to cybersecurity attacks. It will initially be available for companies in the S&P 500, S&P 400, and S&P 600 and will be added to ISS’ Proxy Research Reports. The full Russell 3000 will be covered by the end of Q1 2023.

How it works: The Cyber Risk Score leverages publicly available information, some of which ISS already collects as part of its GQS rating system. It also uses machine learning from empirical data collected from companies that have suffered cyber incidents and those that have not. ISS scans the IP address space of a company against its database and machine learning to predict a risk score.

Why it matters: As cybersecurity breaches continue to make headlines and investors and companies alike wait for the new SEC cyber rules, cybersecurity is becoming the priority topic of concern in corporate boardrooms. Having the proper protocols and processes in place to safeguard from reputational and financial risks is not only best practice; it may soon be a requirement. Companies that wish to receive the highest Cyber Risk Scores out of the gate can take their cue from the SEC’s proposed rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure and begin publicly disclosing the details of their cybersecurity risk management strategy and related governance policies and procedures.

Know More about Your Four

With four separate scores to consider, understanding the full scope of the ISS ESG ratings systems can take some time and effort. We can help with expert guidance into which ISS ESG ratings are most relevant to you, clarifying your key evaluation criteria, and making a plan for improving your scores. Give us a call to start the conversation and ensure you get the ISS scores you deserve.