Download PDF

Investors and other stakeholders are calling on companies to disclose more about their sustainability and environmental, social, and governance (ESG) strategies. This call for transparency is not new, but there is a heightened focus on this reporting in response to investors’ growing interests in and incorporation of sustainability considerations into their investment strategies.


The basics on today’s ESG reporting

What is ESG reporting?

ESG reporting encompasses both qualitative discussions of topics as well as quantitative metrics used to measure a company’s performance against ESG risks, opportunities, and related strategies. Companies report ESG information for many reasons. The terms ESG, sustainability, and corporate social responsibility (CSR) often are used interchangeably to describe nonfinancial reporting. For purposes of this paper, when we describe ESG information we also are referring to these other forms of reporting.

ESG reporting enables companies to do the following:

  • Communicate key ESG risks and opportunities and how these issues are managed.
  • Organize business dependencies and impacts on the environment and society.
  • Communicate their resiliency to shifts in the environment and society.
  • Credibly demonstrate how they execute on their purpose to drive value for all stakeholders.

What are the components of ESG?

The E, or environmental, component of ESG information encompasses how a company is exposed to and manages risks and opportunities related to climate, natural resource scarcity, pollution, waste, and other environmental factors.

The S, or social, component of ESG includes information about the company’s values and business relationships. For example, social topics include labor and supply-chain standards, employee health and safety, product quality and safety, privacy and data security, and diversity and inclusion policies and efforts.

The G, or governance, component of ESG incorporates information about a company’s corporate governance. This could include information on the structure and diversity of the board of directors; executive compensation; critical event responsiveness; corporate resiliency; and policies on lobbying, political contributions, and bribery and corruption.

Many narrowly associate ESG solely with climate change or the company’s carbon footprint. Although climate change is encompassed within the environmental component of ESG information—and has received a lot of market attention and has interdependencies with other ESG elements—it is only one element under the broader ESG umbrella. Through ESG reporting, companies that effectively integrate ESG considerations into their business strategy and risk management practices can communicate how such considerations impact their business and are relevant to their stakeholders.

How is ESG information presented?

With the exception of certain governance information, companies typically are not required to prepare and present ESG information in US Securities and Exchange Commission (SEC) filings unless it is a disclosure that is deemed to be material. Outside of SEC filings, some industry regulators require companies to report certain ESG metrics. For example, the Environmental Protection Agency requires major fuel and industrial gas suppliers to report greenhouse gas emissions. In these instances, these disclosures are very industry specific and usually limited to a few metrics. However, more and more companies are voluntarily preparing and presenting ESG information beyond industry and SEC requirements, to describe their long-term value creation strategies and to meet the demands of investors and other stakeholders. The location of the information varies. Disclosure mechanisms include sustainability reports, CSR reports, a dedicated sustainability company website, integrated reports, or SEC filings (e.g., 10-K, 8-K, Proxy, annual report). The growing proliferation of voluntary disclosures of ESG information by companies reflects a fundamental shift in how such ESG data are increasingly used by investors and other stakeholders to make decisions.

The building blocks of reliable, comparable, and relevant ESG information begin with a foundation of quality reporting by company management. In a landscape of multiple frameworks and standards, the challenge for companies to determine how to communicate relevant information and what specific ESG information to report to stakeholders is real. There are various frameworks and standards that management can use to determine which ESG information to disclose.

  • Frameworks provide principles-based guidance that helps companies identify ESG topics to cover and determine how to structure and prepare the ESG information they disclose.
  • Standards provide specific and detailed requirements that assist companies in determining what specific metrics to disclose for each topic.

The Task Force on Climate-related Financial Disclosures (TCFD) is a well-known framework that provides principles-based recommendations for managing and reporting on climate risks globally.

Common standards used by companies today in their ESG disclosures include those issued by the European-based Global Reporting Initiative (GRI) and the US-based Sustainability Accounting Standards Board (SASB). GRI standards focus on the presentation of socially material information to various stakeholders that can be tailored to local geographic needs. SASB standards focus on industry-specific, financially material sustainability information for global investors. As a result, the disclosures under these standards may be complementary and can be used in an efficient manner to meet the information needs of a company’s critical stakeholders.

Even when companies prepare ESG disclosures in accordance with standards and frameworks, investors should be aware that there are different considerations for metrics and disclosures across different standards and frameworks. Metrics prepared and presented in accordance with the same standards may be more comparable. Some companies may use a standard for certain metrics, but the standard may not be fully adopted and therefore may not include all disclosures necessary to provide a balanced picture based on those standards. Companies may present a metric that is bespoke to them because they do not have the information necessary to present the metric in accordance with a specific standard. Although this approach is allowed under certain standards, the leading practice remains to report in accordance with recognized standards as they relate to the business.

It is important for users of ESG information to understand whether the information has been presented in accordance with a framework or standard and whether there have been adjustments to make a metric bespoke to the company. Transparent disclosure in the ESG information can help users consider whether the information is comparable to that of other companies and consistent with information the company has previously disclosed. Those charged with governance play an important role in instilling discipline related to transparent reporting in accordance with recognized frameworks and standards.

SEC Chairman Jay Clayton spoke about management’s responsibilities related to ESG in the context of SEC filing requirements. He said in his January 30, 2020, public statement, “This commitment has been, and in my view should remain, disclosure-based and rooted in materiality, including providing investors with insight regarding the issuer’s assessment of, and plans for addressing, material risks to its business and operations.”

If a public company elects to disclose ESG information in addition to what is required by the SEC, that firm’s responsibilities depend on where the information is disclosed. ESG information included outside an SEC filing (e.g., on a company sustainability website, in a sustainability report) is subject to SEC Rule 10b-5, which prohibits companies from making any untrue statements of material fact that is necessary in order to make the statements, in the light of the circumstances under which they were made, not misleading. When ESG information is presented in SEC filings, management is required to comply with SEC disclosure controls and procedures and any other applicable SEC rules for that filing (including SEC Rule 10b-5). In January 2020, the SEC released guidance on the disclosure of key performance indicators and metrics in the Management’s Discussion and Analysis, which includes guidance on environmental metrics.

Investors are increasingly focused on ESG information because they find such information helpful in understanding a company’s long-term value creation story, and the information enables them to manage their investments based on ESG risks. For example, a company in the consumer product industry may expect increased costs to account for future tariff costs or supply-chain impacts due to natural disasters. Additionally, investors are incorporating ESG into their investment strategies. According to a global survey of 220 institutional investors conducted by EY in 2018, 97 percent of institutional investors said they conduct an evaluation of a target company’s nonfinancial disclosures, and the evaluation frequently impacts investment decisions. The potential for or history of the following ESG-related risks could trigger investors to rule out an investment immediately:

  • Poor governance practices (63%)
  • Supply-chain risks tied to ESG (52%)
  • Poor human rights practices (49%)
  • Risk from climate change (48%)

Further, leading asset managers have released statements expressing the importance of company-prepared ESG information and high-quality ESG disclosure. For example, BlackRock’s CEO recently issued a statement directed at CEOs in which he stated, “Important progress improving disclosure has already been made—and many companies already do an exemplary job of integrating and reporting on sustainability—but we need to achieve more widespread and standardized adoption.” State Street Global Advisors distributed a similar statement to board members, saying, “We believe that addressing material ESG issues is good business practice and essential to a company’s long-term financial performance.”

Many credit-rating agencies incorporate ESG factors into their calculations. For example, Fitch recently developed an ESG relevance scoring system to determine the impact of ESG factors on individual credit ratings. Additionally, many proxy advisors, such as ISS and Glass Lewis, incorporate ESG information into ratings and voting recommendations. The wide range of users of ESG information demonstrates the growing importance of the availability and reliability of such data.


of investors surveyed said that sustainability disclosures should be audited in some way, according to a 2019 McKinsey and Company study.

The auditor’s role in ESG: Present and future

The professional standards set forth requirements and guidance for auditor involvement when other information is included in a document with audited financial statements. Sustainability reports and ESG information often are included in company reports that do not include the audited financial statements. In these instances, the auditor has no responsibility for the ESG information as part of the financial statement or internal control over financial reporting (ICFR) audit.

Information reported by a company needs to be credible and well supported for investors and other stakeholders to rely on for their decisions. In their public interest role, US public company auditors play a role in the flow of reliable information for decision making. Like the audits of financial statements and ICFR, third-party assurance from a public company audit firm can enhance the reliability of ESG information presented by companies to investors and other stakeholders.

The accounting profession has made considerable progress on the role and value of assurance on ESG information—and the systems and processes used to generate it. Notably, the American Institute of CPAs (AICPA) has convened the Sustainability Assurance and Advisory Task Force. In July 2017, the task force published Attestation Engagements on Sustainability Information, a guide to assist practitioners engaged to perform an examination or a review of an entity’s sustainability information.

SEC rules and the Public Company Accounting Oversight Board auditing standards do not require an auditor to attest to ESG information. That said, although assurance over ESG information is not required, leading ESG raters, rankers, and data providers assign a greater value to ESG information that has been assured. Trust and confidence in the information companies disclose are essential to a healthy economy; an independent assessment of that information can contribute to its reliability.

Assurance over ESG reporting, specifically when performed by a public company auditor, can enhance its reliability because auditors:

  • Are independent of their audit clients, in accordance with the applicable independence standards.
  • Are required to maintain a system of quality control.
  • Have extensive experience in gaining an understanding of business processes and assessing and responding to risk.
  • Are experienced in reporting on compliance with various established standards and frameworks.
  • Routinely incorporate qualified specialists with deep subject matter experience into audit procedures when needed.
  • Adhere to continuing professional education ethics and experience requirements, including attending specialized training.
  • Have expertise in evaluating internal systems and processes for collecting, analyzing, and reporting information.
  • Have a long history and experience of independently evaluating information that is then used in making capital allocation decisions.

Examples of auditor assurance-related services for ESG Information

An accountant’s report is designed to enhance the reliability of that information for the intended users of that attestation report by providing an objective and impartial assessment of the assertions, data, and other disclosures made by management. Obtaining any level of assurance by public company auditors involves the evaluation of processes, systems, and data, as appropriate, and then assessing the findings in order to support an opinion based on an examination or conclusion based on a review. Below we discuss examples of company prepared ESG information where there has been assurance provided by an independent auditor.

Vornado Realty Trust has presented its ESG information in a stand-alone Environmental, Social, & Governance report, which includes both an independent accountants’ examination report and an independent accountants’ review report. The independent accountants’ examination report states that the accounting firm performed an examination over the SASB disclosures in accordance with the SASB Real Estate standard following the attestation standards of the AICPA and that in the independent accountants’ opinion the SASB framework disclosures are fairly presented in all material respects. The independent accountants’ review report states that the accountants performed review procedures over whether the GRI disclosures are in accordance with the GRI Core level standards and based on these review procedures they are not aware of any material modifications that should be made by management. In Vornado’s case, the independent accounting firm performed examination procedures over the metrics in one framework (SASB) and review procedures over the metrics of another frameworks (GRI), which is clearly communicated in the accountants’ reports.

Etsy, Inc. included ESG information within the Risk Factors section of its Form 10-K annual filing for 2019. Etsy Inc.’s Form 10-K indicated the ESG metrics over which an external third party performed attest procedures. There is a separate report of independent accountants outside of the Form 10-K which states the specific sustainability metrics on which the independent accounting firm performed review procedures on, as well as the definition of the metric and assessment criteria in determining the metric. That separate report states that review procedures were performed and based on those review procedures, the independent accounting firm is not aware of any material modifications that should be made.

Lastly, GUESS?, Inc. presents its ESG information in a stand-alone sustainability report for 2019. The independent accountants’ review report is included in the sustainability report and states that the independent accounting firm reviewed the management of GUESS?, Inc.’s assertion that the sustainability report includes the required elements in accordance with the GRI standards. The review report also states that the firm reviewed the metrics included in the Key Metrics and Reporting Criteria table which are key performance indicators bespoke to Guess?, Inc. The report concludes that based on the review procedures performed over the inclusion of the required GRI disclosures and the Key Metrics and Reporting criteria table, the independent accounting firm is not aware of any material modifications that should be made.

These three examples demonstrate the flexibility management may have in where ESG information is presented and the level of assurance that can be obtained over the information to foster trust and confidence in the information by investors. As shown in the examples, there are different levels of assurance accountants can obtain with respect to ESG information. Companies can elect to have public company auditors obtain reasonable assurance based on examination procedures or limited assurance based on review procedures.

Examination procedures are more extensive than review procedures and result in a conclusion that states “In our opinion, A is presented in accordance with or based on B , in all material respects.” In contrast, review procedures are less extensive than examination procedures, and result in a conclusion which states “We are not aware of any material modifications that should be made to A in order for it to be in accordance with based on B .” The level of assurance obtained, examination or review, is specified in the auditor’s report on the ESG information.

ESG considerations and questions for investors

As they make their investment decisions, investors may want to consider the following aspects of ESG information.

Understanding how this information was developed is important in determining which additional factors should be considered before relying on the information. For example, if investors are using the information to compare carbon emissions across an industry, it will be important to understand the differences in calculation of the metric from one company to another to understand if the amounts are comparable. Investors should understand that ESG information is typically collected, analyzed, and presented differently from financial information. ESG information can be measured and presented in many different units of measures and collected and analyzed through systems and controls that are typically outside those that generate financial reporting. It is important for investors to consider whether the company has robust policies and procedures in place to promote consistency and quality of ESG information.

Standardized information can help investors understand the calculation and comparability of metrics across companies. If the information is not standardized, investors may want to consider whether this calls into question the relevance and reliability of the information.

When evaluating the reliability of the data, investors may want to ask the following questions:

  • From where am I getting the data? From the company directly? From a data aggregator? From a ratings agency? What is the governance structure around the data from the provider?
  • Does management disclose its processes for preparing and presenting this information?
  • Was the metric prepared and presented in accordance with a standard and/or a framework?
  • Has the metric been disclosed consistently year over year? If so, was the calculation the same each year?
  • Has third-party assurance been provided on the information? If so, by whom (e.g., engineering firm, independent accounting firm, environmental firm)?
  • What was the level of assurance (e.g., reasonable vs. limited)?
  • What are the qualifications of the assurance provider, and what does the assurance incorporate (e.g., some non-CPA firms qualify the assurance and say they are not opining on the accuracy of the data)?


With ESG information gaining prominence in the capital markets, how a company tells its ESG story is becoming more important to both companies and investors. Independent assurance can enhance the reliability of information that companies disclose. This publication serves to foster an understanding of the existing ESG landscape, including the implications of the current reporting environment, and of how auditors can help boards and investors promote the use of high-quality comparable, reliable, and relevant ESG disclosure.

Download PDF

Related Resources

The latest news and
resources from the CAQ.

Stay Connected.

Stay connected to the CAQ