A yellow butterfly poised on a robot finger
getty
We propose a simple AI tool to truly integrate sustainability factors into line items of financial statements
“Is sustainability dead?” I have heard this question repeatedly in conferences and panels over the last six months. I respond that sustainability need not die if were to stay laser-focused on how sustainability aids assessment of a firm’s future earnings, the riskiness of such earnings and the valuation of the firm.
The conversation then shifts to “how?” People often complain about the patchwork of regulatory frameworks, myriad ratings and death by a thousand KPIs (key performance indicators). CSOs (chief sustainability officers) often fret that their influence in the C-suite is on the wane and boards are reeling from ESG fatigue.
In response, Bob Eccles, my partner in crime, and I have developed a tool to tightly link sustainability considerations with specific line items in a firm’s financial statements. The approach, distilled to its core, is very simple.
The method
Start with the SASB listed areas of material concern for the industry that the firm belongs to.Intersect these areas with the risk factors listed in the firm’s 10-K. Recall that the risk factors are written by defensive lawyers who think of every possible reason the firm could get sued. But more importantly, for our purpose, these are written by securities lawyers concerned about a fall in the firm’s stock price. These risk factors are not written to appease any sustainability framework or to signal to ESG ratings agencies. And no one can legitimately complain that these issues are not relevant to shareholders. Sustainability issues often get dismissed by skeptics as gratuitous attempts by management to save the world without any real mooring in shareholder value creation.Link such intersected set of factors to sustainability KPIs (key performance indicators) that management and outsiders can track. Then, estimate how such KPIs would translate to either current or future earnings or to risk of loss in future earnings and occasionally an upside to future earnings.Triangulate such mapping with other data such as lawsuits, penalties and track record with regulators, alternate data sources such as workers’ perception of firm management, and negative and positive chatter in the public domain about the firm that relates to these issues.
All this can be a huge amount of work. Human analysis of several firms we have worked on used to take hundreds of hours. This is where our AI tool comes in.
We have written and tested numerous ChatGPT5 prompts to translate the above vision to concrete data points. For simplicity, we enumerate seven key prompts here to give the reader a flavor for what these might look like. Gathering granular data via GPT5 on the issues raised saves hours of time with little sacrifice of quality, so long as the prompts are detailed enough. Of course, we always need a smart human in the loop to keep an eye on what the AI is doing.
Consider Microsoft as a case study. Here are the prompts we used:
Does Microsoft state its corporate purpose? How will an investor assess whether Microsoft has lived up to its corporate purpose?Enumerate the SASB factors relevant to the primary industry in which Microsoft operates. Intersect those SASB factors with the risk factors stated in Microsoft’s 10-KWhat are the possible missing risks or disclosures that investors should watch when we compare Microsoft’s SASB factors with the risk factors in their 10-K?Identify which line item on the income statement or the balance sheet is affected by the intersection of the SASB factors relevant to Microsoft and the risk factors listed in Microsoft’s 10-K. Also highlight key KPIs that an investor should track to assess progress on the intersection of SASB factors relevant to Microsoft and the risk factors listed in Microsoft’s 10-K.Great. Now please pull-out data for the last three years for the KPIs you have listed.Can you compare the KPIs you listed for Microsoft with those for its three of its closest competitors.How do I translate all the KPIs you gave me into financial estimates affecting the line items in the income statement and balance sheet that you identified?
The answers from GPT5 for prompts 1-4 follow. I stopped at prompt 4 to avoid cluttering this piece. The work related to Microsoft is reproduced below.
The bigger point of the exercise is to create a common language around which both supporters and opponents of sustainability can communicate with CFOs and stock analysts. Sustainability need not be a political conversation.
In fact, our goal is to make sustainability boring and get everyone to consider concrete risks, income statement and balance sheet (or even off-balance sheet) impacts and estimates.
The full Microsoft analysis I produced with ChatGPT was around 95 pages. Bob and I have some irons in the works for putting our methodology and sample results in the public domain, starting with a book. But to give you a tangible sense of the kind of output we’re getting, here are the responses to prompts #1 and #4.
Except for my prompts, the rest of the text that follows is from ChatGPT5
Corporate Purpose
GPT 5 prompt: Does Microsoft state its corporate purpose? How will an investor assess whether Microsoft has lived up to its corporate purpose?
Yes — Microsoft explicitly states its corporate purpose.
Corporate Purpose
Microsoft’s official purpose is “to empower every person and every organization on the planet to achieve more.” This is highlighted in its annual reports, corporate website, and sustainability reports. It frames the company’s mission around broad empowerment through technology, not just financial performance.
How an Investor Might Assess It
An investor would look at both financial and non-financial metrics to determine whether Microsoft is living up to that purpose. For example:
Financial Performance & Market ReachContinued revenue and earnings growth across cloud (Azure), productivity (Office, Teams), and personal computing.Market share in enterprise software, cloud services, and AI adoption.Customer base expansion across industries and geographies.Innovation & AccessibilityInvestment in AI, cloud, and developer tools that broaden access to advanced technology.Efforts to make products more inclusive (e.g., accessibility features in Windows, AI for Good initiatives).Sustainability & ResponsibilityProgress toward being carbon negative by 2030.Social impact programs, digital skills training, and partnerships to expand global access.Governance practices ensuring accountability.Employee & Ecosystem EmpowermentEmployee engagement, diversity & inclusion metrics.Support for developers and partner ecosystems.Investment in training programs to upskill workforces globally.
In practice, an investor might track:
KPIs disclosed in annual reports (financial metrics, customer growth, innovation pipeline).Sustainability and ESG reporting (climate, workforce, governance progress).Third-party benchmarks (e.g., ESG ratings, brand value rankings).Long-term shareholder value creation (share price performance vs. tech peers).
So, while the purpose is broad and aspirational, an investor would assess alignment by looking at how Microsoft’s products, policies, and financials concretely contribute to empowering individuals and organizations while sustaining long-term growth.
******************************************************************************
SASB Risk Factors
GPT5 prompt: Enumerate the SASB factors relevant to the primary industry in which Microsoft operates. Intersect those SASB factors with the risk factors stated in Microsoft’s 10-KMicrosoft’s disclosed risk factors in the 10-K (recent).
From Microsoft’s latest 10-K (e.g. FY2024) and related filings: (SEC)
Some of the key risk factors Microsoft discloses include (not exhaustive but salient ones relevant to sustainability / technology) —
Cybersecurity, data breaches, and security risks — risks stemming from unauthorized access, data loss, or system vulnerabilities.Legal, regulatory, and compliance risk — regarding privacy laws, data protection regulation, antitrust and competition laws, export controls, etc.Competition, technological change, and innovation risk — that Microsoft’s products or services may become obsolete or less competitive if it fails to innovate.Dependence on data centers, infrastructure and cloud operations — disruptions, outages, or infrastructure deficiencies can impact service.Supply chain risks — e.g. shortages of materials, disruptions in hardware supply chains, component costs.Climate / environmental / extreme weather risks — e.g. physical risks to datacenters or facilities due to storms, temperature, water scarcity (though these are more implicit in Microsoft’s reporting).Reputation, trust, customer relationships — if Microsoft is perceived as less secure, less trustworthy, or noncompliant, that can hurt business.Intellectual property / litigation riskGeopolitical and macro risks — regulatory bans, trade restrictions, foreign operations, etc.Operational scale and execution risks
(Microsoft enumerates many detailed risk factors; these are some of the principal ones tied closely to technology / sustainability aspects.)
2. Intersection: mapping SASB topics to Microsoft’s risk disclosures
We can map each relevant SASB topic to how Microsoft’s risk factors reflect exposure or disclosure. Below is a crosswalk:
SASB / Sustainability Topic
Microsoft Risk Factor(s) in 10-K (or implied)
Notes & Observations
Cybersecurity / Data Privacy & Security
Microsoft explicitly cites risks of cyberattacks, data breaches, security vulnerabilities.
This is a very clear area of alignment: SASB regards data security as financially material for tech firms, and Microsoft acknowledges this as a key risk.
Technology & Business Model Innovation / Obsolescence Risk
Risk of failing to innovate, technologies becoming outdated, competitors gaining advantage.
That matches the SASB concern about maintaining relevance and adapting to rapidly evolving tech.
Regulation / Legal & Policy Risk
Risks related to antitrust/competition, privacy laws, export control, software regulation.
SASB topic of “systemic regulation risk” in tech is mirrored here.
Supply Chain / Vendor / Material Issues
Supply chain disruptions, component shortages, reliance on suppliers.
For hardware components or infrastructure, this is relevant.
Energy / Emissions / Environmental Impact
Microsoft discloses environmental goals, notes risks from extreme weather / physical climate disruptions.
While not always mapped as a standalone “risk factor,” these risks are implicit and sometimes stated (e.g. facility risks).
Physical Climate Risk / Resilience
Risks to facilities from climate events (storms, flooding, heat).
The risk that extreme weather or climate shifts could disrupt operations matches SASB’s “physical impacts of climate change” topic.
Reputation, Trust & Governance
Risks associated with loss of customer trust, brand damage, failure to follow ethical practices.
SASB sees governance, business ethics, and stakeholder trust as relevant.
Employee, Talent, Diversity & Inclusion
While Microsoft discusses workforce and talent in other sections, risk factors may include inability to attract/retain talent or regulatory challenges in workforce practices.
SASB under “Human Capital” would flag employee metrics as material.
Product Quality / Reliability
Risks of software bugs, system outages, product defects impacting customers.
This aligns with SASB’s “product reliability / safety / quality” in tech.
Thus, many of the SASB topics for technology / software / hardware are mirrored (directly or indirectly) in Microsoft’s risk disclosures in the 10-K.
*************************************************************
GPT5 prompt: What are the possible missing risks or disclosures that investors should watch when we compare Microsoft’s SASB factors with the risk factors in their 10-K?
Great question — this is exactly the kind of gap analysis investors often do.
When you compare Microsoft’s 10-K risk factors with the SASB factors for Software & IT Services / Technology & Communications, there are a few possible missing or under-emphasized risks/disclosures that investors may want to watch for:
1. Climate Transition Risks
SASB expects disclosure of how software/data center companies are exposed to carbon pricing, renewable energy costs, energy efficiency, and regulation.Microsoft’s 10-K mentions environmental and weather risks, but it does not provide much on transition risks (e.g., higher costs if governments impose stricter climate rules, carbon border taxes, or renewable energy shortages).Missing risk: Potential exposure of Azure’s massive data centers to rising energy costs, regulatory mandates, and carbon offsets.
2. Electronic Waste & Product Lifecycle
SASB highlights product end-of-life issues, recyclability, and electronic waste in hardware.Microsoft’s 10-K discusses supply chain and component sourcing, but it is lighter on downstream risks — e.g., regulatory, reputational, or compliance costs related to e-waste from Surface devices, Xbox consoles, or other hardware.Missing risk: Growing scrutiny around circular economy regulations in the EU and globally.
3. Human Capital Management
SASB includes diversity, equity & inclusion (DEI), turnover, workforce well-being, and talent attraction as material.Microsoft’s 10-K covers talent retention in broad terms but does not quantify workforce composition or risks around DEI litigation, unionization, or remote-work challenges.Missing risk: Reputational, operational, or compliance costs tied to workforce culture, DEI transparency, or labor regulation.
4. Systemic Social Risks of AI & Emerging Tech
SASB’s “Systemic Risks” lens: unintended consequences of tech (bias, misuse, disinformation).Microsoft’s 10-K talks about competitive and regulatory AI risks, but it underplays ethical AI misuse, societal backlash, or liability if AI products (like Copilot/OpenAI integrations) cause harm.Missing risk: Reputational and regulatory risk from bias, misinformation, or safety failures in AI deployments.
5. Access & Affordability
SASB points to digital inclusion and access issues.Microsoft’s 10-K frames competition and pricing risks but does not highlight risks if governments or NGOs pressure big tech on pricing for education, healthcare, or underserved markets.Missing risk: Political or reputational risk of being seen as limiting access to essential digital tools.
6. Supply Chain Social Risks
SASB emphasizes fair labor, human rights, and responsible sourcing.Microsoft’s 10-K focuses more narrowly on availability and cost of components.Missing risk: Scrutiny of forced labor, conflict minerals, or supplier working conditions — especially given global geopolitical tensions.
7. Governance / Ethical Conduct Beyond Legal Compliance
SASB includes anti-corruption and ethical business conduct.Microsoft’s 10-K mentions compliance with laws and litigation risk but may not fully cover softer governance risks — such as lobbying, political influence, or opaque partnerships (e.g., with OpenAI or government agencies).Missing risk: Stakeholder pushback on governance practices beyond legal frameworks.
✅ In short:
Microsoft’s 10-K covers the core financial and operational risks (cybersecurity, IP, competition, regulation), but compared with SASB’s materiality guidance, under-disclosed or less emphasized risks include:
Climate transition risks (not just physical).E-waste/product lifecycle accountability.Human capital/DEI risks.AI systemic/ethical risks.Digital inclusion / affordability pressures.Supply chain human rights.Governance beyond compliance.
***********************************************************************
GPT5 prompt: Identify which line item on the income statement or the balance sheet is affected by the intersection of the SASB factors relevant to Microsoft and the risk factors listed in Microsoft’s 10-K. Also highlight key KPIs that an investor should track to assess progress on the intersection of SASB factors relevant to Microsoft and the risk factors listed in Microsoft’s 10-K
Got it — let’s break this down in two layers:
Map the SASB ↔ Microsoft 10-K intersection onto financial statement line itemsExtract KPIs investors can track — both for Microsoft (tech sector) and for Unilever (consumer goods, since you mentioned them separately).
1. Income Statement & Balance Sheet Line Items Impacted (Microsoft)
SASB Factor ↔ Microsoft Risk Factor
Income Statement Line Item(s)
Balance Sheet Line Item(s)
Mechanism of Impact
Data Privacy & Cybersecurity ↔ Cyberattack, breaches, regulatory fines
Operating expenses (higher SG&A for security compliance, litigation costs); Revenue (loss of customers due to trust erosion)
Deferred revenue (loss if contracts cancelled), Contingent liabilities (legal)
Security incidents drive costs, fines, customer churn.
Innovation & Product Reliability ↔ Competition, obsolescence
Revenue (slower growth if adoption falls); R&D expense (higher to stay competitive)
Intangible assets (IP impairment if product lines fail)
Lagging innovation depresses growth and IP value.
Climate/Energy (Data Centers) ↔ Energy costs, climate regulation
COGS (higher data center energy costs); Operating expenses (sustainability programs)
PP&E (data centers, impairment if obsolete); Asset retirement obligations
Energy pricing, capex for renewables, carbon pricing.
Supply Chain (hardware, devices) ↔ Component shortages, geopolitical risk
COGS (higher component costs); Revenue (lost sales if shortages hit Xbox/Surface)
Inventory; Accounts payable
Supplier disruption raises costs, reduces volumes.
Human Capital (talent, DEI) ↔ Retention, labor regulation
Operating expenses (higher payroll, retention costs, litigation)
Accrued compensation & benefits
Workforce risks increase costs, affect productivity.
AI Ethics / Systemic Risk ↔ Regulatory, reputational
Revenue (customer backlash, loss of contracts); Legal expenses
Contingent liabilities (lawsuits, regulation)
Misuse of AI products could trigger losses, fines.
Governance / Ethical Conduct ↔ Compliance, litigation
Operating expenses (legal & compliance)
Accrued liabilities (fines/penalties)
Breach of ethics → fines, settlements.
2. Key KPIs Investors Should Track
For Microsoft (Software & IT Services)
SASB / Risk Factor Intersection
Key KPIs
Cybersecurity & Privacy
Number of security incidents disclosed; Average downtime; % of revenue spent on security compliance; Regulatory fines paid.
Innovation & Reliability
R&D % of revenue; Azure/Office revenue growth; Product uptime (SLA %); Churn rate.
Climate / Energy
Data center PUE (Power Usage Effectiveness); % renewable energy used; Carbon intensity per $ revenue; Progress vs. 2030 carbon-negative target.
Supply Chain
Days of inventory; % of suppliers audited for ESG; Concentration of suppliers by geography; Cost of goods sold % of revenue for hardware.
Human Capital
Employee attrition rate; Diversity metrics (women/minorities in leadership); Employee engagement scores.
AI Ethics / Systemic Risk
% of products subject to Responsible AI review; Number of AI-related regulatory inquiries; Public trust/sentiment indices.
Governance
Fines/settlements; ESG ratings (MSCI/Sustainalytics); Board diversity metrics.
✅ Bottom line:
For Microsoft, investors should watch cybersecurity, innovation/R&D, climate-energy costs, supply chain resilience, workforce metrics, AI ethics, and governance — all of which flow through revenue, COGS, SG&A, R&D, and balance sheet items like intangibles, PP&E, and contingent liabilities.
************************************************************
Conclusion
What I’ve shown here is just the tip of the iceberg. Other AI agents can be used and Bob and are I experimenting with different approaches, including a more “black box” one using Claude. We will be writing a great deal more about this. What I’ve wanted to do in this piece is to point out the obvious. The best way to make the value case for sustainability is to rigorously link it to risk factors and the financial statements in the 10-K. This seems pretty obvious, but few companies and even fewer analysts are doing this. What I’ve shown here is that it can be done and with a high return for a modest amount of time. Even more value can be obtained by spending more human time with the machine. It’s not one or the other. It’s how to leverage the best of both.
Constructive comments welcome.