The Role of Auditors in Company Prepared ESG Information: Present and Future
The basics on today’s ESG reporting
What is ESG reporting?
ESG reporting encompasses both qualitative discussions of topics as well as quantitative metrics used to measure a company’s performance against ESG risks, opportunities, and related strategies. Companies report ESG information for many reasons. The terms ESG, sustainability, and corporate social responsibility (CSR) often are used interchangeably to describe nonfinancial reporting. For purposes of this paper, when we describe ESG information we also are referring to these other forms of reporting.
ESG reporting enables companies to do the following:
- Communicate key ESG risks and opportunities and how these issues are managed.
- Organize business dependencies and impacts on the environment and society.
- Communicate their resiliency to shifts in the environment and society.
- Credibly demonstrate how they execute on their purpose to drive value for all stakeholders.
What are the components of ESG?
Many narrowly associate ESG solely with climate change or the company’s carbon footprint. Although climate change is encompassed within the environmental component of ESG information—and has received a lot of market attention and has interdependencies with other ESG elements—it is only one element under the broader ESG umbrella. Through ESG reporting, companies that effectively integrate ESG considerations into their business strategy and risk management practices can communicate how such considerations impact their business and are relevant to their stakeholders.
What role can auditors play in ESG assurance?
What is the risk to an inconsistent approach to reporting ESG metrics?
How is ESG information presented?
With the exception of certain governance information, companies typically are not required to prepare and present ESG information in US Securities and Exchange Commission (SEC) filings unless it is a disclosure that is deemed to be material. Outside of SEC filings, some industry regulators require companies to report certain ESG metrics. For example, the Environmental Protection Agency requires major fuel and industrial gas suppliers to report greenhouse gas emissions. In these instances, these disclosures are very industry specific and usually limited to a few metrics. However, more and more companies are voluntarily preparing and presenting ESG information beyond industry and SEC requirements, to describe their long-term value creation strategies and to meet the demands of investors and other stakeholders. The location of the information varies. Disclosure mechanisms include sustainability reports, CSR reports, a dedicated sustainability company website, integrated reports, or SEC filings (e.g., 10-K, 8-K, Proxy, annual report). The growing proliferation of voluntary disclosures of ESG information by companies reflects a fundamental shift in how such ESG data are increasingly used by investors and other stakeholders to make decisions.
The building blocks of reliable, comparable, and relevant ESG information begin with a foundation of quality reporting by company management. In a landscape of multiple frameworks and standards, the challenge for companies to determine how to communicate relevant information and what specific ESG information to report to stakeholders is real. There are various frameworks and standards that management can use to determine which ESG information to disclose.
- Frameworks provide principles-based guidance that helps companies identify ESG topics to cover and determine how to structure and prepare the ESG information they disclose.
- Standards provide specific and detailed requirements that assist companies in determining what specific metrics to disclose for each topic.
The Task Force on Climate-related Financial Disclosures (TCFD) is a well-known framework that provides principles-based recommendations for managing and reporting on climate risks globally.
Can we combine existing sustainability frameworks and standards?
Common standards used by companies today in their ESG disclosures include those issued by the European-based Global Reporting Initiative (GRI) and the US-based Sustainability Accounting Standards Board (SASB). GRI standards focus on the presentation of socially material information to various stakeholders that can be tailored to local geographic needs. SASB standards focus on industry-specific, financially material sustainability information for global investors. As a result, the disclosures under these standards may be complementary and can be used in an efficient manner to meet the information needs of a company’s critical stakeholders.
Even when companies prepare ESG disclosures in accordance with standards and frameworks, investors should be aware that there are different considerations for metrics and disclosures across different standards and frameworks. Metrics prepared and presented in accordance with the same standards may be more comparable. Some companies may use a standard for certain metrics, but the standard may not be fully adopted and therefore may not include all disclosures necessary to provide a balanced picture based on those standards. Companies may present a metric that is bespoke to them because they do not have the information necessary to present the metric in accordance with a specific standard. Although this approach is allowed under certain standards, the leading practice remains to report in accordance with recognized standards as they relate to the business.
What is integrated reporting?
It is important for users of ESG information to understand whether the information has been presented in accordance with a framework or standard and whether there have been adjustments to make a metric bespoke to the company. Transparent disclosure in the ESG information can help users consider whether the information is comparable to that of other companies and consistent with information the company has previously disclosed. Those charged with governance play an important role in instilling discipline related to transparent reporting in accordance with recognized frameworks and standards.
What are management’s responsibilities for ESG disclosures?
SEC Chairman Jay Clayton spoke about management’s responsibilities related to ESG in the context of SEC filing requirements. He said in his January 30, 2020, public statement, “This commitment [the SEC’s commitment] has been, and in my view should remain, disclosure-based and rooted in materiality, including providing investors with insight regarding the issuer’s assessment of, and plans for addressing, material risks to its business and operations.”
If a public company elects to disclose ESG information in addition to what is required by the SEC, that firm’s responsibilities depend on where the information is disclosed. ESG information included outside an SEC filing (e.g., on a company sustainability website, in a sustainability report) is subject to SEC Rule 10b-5, which prohibits companies from making any untrue statements of material fact that is necessary in order to make the statements, in the light of the circumstances under which they were made, not misleading. When ESG information is presented in SEC filings, management is required to comply with SEC disclosure controls and procedures and any other applicable SEC rules for that filing (including SEC Rule 10b-5). In January 2020, the SEC released guidance on the disclosure of key performance indicators and metrics in the Management’s Discussion and Analysis, which includes guidance on environmental metrics.
How do investors use this information?
Investors are increasingly focused on ESG information because they find such information helpful in understanding a company’s long-term value creation story, and the information enables them to manage their investments based on ESG risks. For example, a company in the consumer product industry may expect increased costs to account for future tariff costs or supply-chain impacts due to natural disasters. Additionally, investors are incorporating ESG into their investment strategies. According to a global survey of 220 institutional investors conducted by EY in 2018, 97 percent of institutional investors said they conduct an evaluation of a target company’s nonfinancial disclosures, and the evaluation frequently impacts investment decisions. The potential for or history of the following ESG-related risks could trigger investors to rule out an investment immediately:
- Poor governance practices (63%)
- Supply-chain risks tied to ESG (52%)
- Poor human rights practices (49%)
- Risk from climate change (48%)
Further, leading asset managers have released statements expressing the importance of company-prepared ESG information and high-quality ESG disclosure. For example, BlackRock’s CEO recently issued a statement directed at CEOs in which he stated, “Important progress improving disclosure has already been made—and many companies already do an exemplary job of integrating and reporting on sustainability—but we need to achieve more widespread and standardized adoption.” State Street Global Advisors distributed a similar statement to board members, saying, “We believe that addressing material ESG issues is good business practice and essential to a company’s long-term financial performance.”
Many credit-rating agencies incorporate ESG factors into their calculations. For example, Fitch recently developed an ESG relevance scoring system to determine the impact of ESG factors on individual credit ratings. Additionally, many proxy advisors, such as ISS and Glass Lewis, incorporate ESG information into ratings and voting recommendations. The wide range of users of ESG information demonstrates the growing importance of the availability and reliability of such data.
The auditor’s role in ESG: Present and future
What are the auditor’s current responsibilities related to ESG information?
The professional standards set forth requirements and guidance for auditor involvement when other information is included in a document with audited financial statements. Sustainability reports and ESG information often are included in company reports that do not include the audited financial statements. In these instances, the auditor has no responsibility for the ESG information as part of the financial statement or internal control over financial reporting (ICFR) audit.
Why are auditors well positioned to provide assurance on this information?
Information reported by a company needs to be credible and well supported for investors and other stakeholders to rely on for their decisions. In their public interest role, US public company auditors play a role in the flow of reliable information for decision making. Like the audits of financial statements and ICFR, third-party assurance from a public company audit firm can enhance the reliability of ESG information presented by companies to investors and other stakeholders.
The accounting profession has made considerable progress on the role and value of assurance on ESG information—and the systems and processes used to generate it. Notably, the American Institute of CPAs (AICPA) has convened the Sustainability Assurance and Advisory Task Force. In July 2017, the task force published Attestation Engagements on Sustainability Information, a guide to assist practitioners engaged to perform an examination or a review of an entity’s sustainability information.
SEC rules and the Public Company Accounting Oversight Board auditing standards do not require an auditor to attest to ESG information. That said, although assurance over ESG information is not required, leading ESG raters, rankers, and data providers assign a greater value to ESG information that has been assured. Trust and confidence in the information companies disclose are essential to a healthy economy; an independent assessment of that information can contribute to its reliability.
How can auditors enhance reliability over ESG reporting?
Assurance over ESG reporting, specifically when performed by a public company auditor, can enhance its reliability because auditors:
- Are independent of their audit clients, in accordance with the applicable independence standards.
- Are required to maintain a system of quality control.
- Have extensive experience in gaining an understanding of business processes and assessing and responding to risk.
- Are experienced in reporting on compliance with various established standards and frameworks.
- Routinely incorporate qualified specialists with deep subject matter experience into audit procedures when needed.
- Adhere to continuing professional education ethics and experience requirements, including attending specialized training.
- Have expertise in evaluating internal systems and processes for collecting, analyzing, and reporting information.
- Have a long history and experience of independently evaluating information that is then used in making capital allocation decisions.
Examples of auditor assurance-related services for ESG Information
An accountant’s report is designed to enhance the reliability of that information for the intended users of that attestation report by providing an objective and impartial assessment of the assertions, data, and other disclosures made by management. Obtaining any level of assurance by public company auditors involves the evaluation of processes, systems, and data, as appropriate, and then assessing the findings in order to support an opinion based on an examination or conclusion based on a review. Below we discuss examples of company prepared ESG information where there has been assurance provided by an independent auditor.
Vornado Realty Trust
These three examples demonstrate the flexibility management may have in where ESG information is presented and the level of assurance that can be obtained over the information to foster trust and confidence in the information by investors. As shown in the examples, there are different levels of assurance accountants can obtain with respect to ESG information. Companies can elect to have public company auditors obtain reasonable assurance based on examination procedures or limited assurance based on review procedures.
Examination procedures are more extensive than review procedures and result in a conclusion that states “In our opinion, A [where A is the information that is being opined on such as the ESG disclosures] is presented in accordance with or based on B [where B is the framework or standard that the information is being evaluated as being in accordance with such as SASB or GRI standards], in all material respects.” In contrast, review procedures are less extensive than examination procedures, and result in a conclusion which states “We are not aware of any material modifications that should be made to A [the information being evaluated such as, the ESG disclosures] in order for it to be in accordance with based on B [the framework or standard the information is being evaluated as being in accordance with such as SASB or GRI standards].” The level of assurance obtained, examination or review, is specified in the auditor’s report on the ESG information.
ESG considerations and questions for boards
With investors and other stakeholders placing increased emphasis on ESG information, it is important for board members to understand key ESG risks and opportunities specific to their business purpose and core operations. These board members should also be involved in the governance and oversight of those topics and the metrics used to gauge progress.
Consider where the company is today regarding ESG reporting
Board members must consider where their company is today with respect to its ESG information. They may want to consider the following:
- Has the company identified all relevant or material risks associated with ESG reporting?
- Does management have the necessary information needed to assess ESG-related risks, and on what cadence should ESG information be provided to the board?
- Does the company have the appropriate internal controls, policies, and personnel in place to accurately track and disclose ESG information?
- Who in management is preparing and providing the ESG information, and what is the finance function’s role in the preparation of this information?
- Do one or more board committees have explicit oversight responsibility for ESG, and what role do other committees and the full board play in ESG oversight (e.g., governance committee involvement in overseeing related factors, audit committee involvement in assessing the appropriateness of management’s risk assessment of this information)?
- Where and how is the information currently being reported? Is this in line with where investors expect to see it?
- Is the company currently following a framework or a standard for disclosing this information? If so, is it the appropriate framework or standard for the company?
- How does the company compare to its peers? If evaluating its own progress, what quantitative and qualitative performance improvements have been made? Which key performance indicators will the board use?
Consider where the company wants to go with ESG reporting
ESG information is becoming more important to boards given increased investor attention on this topic. BlackRock CEO Larry Fink emphasized the important role of the board in ESG information by stating in his letter to CEOs, “Where we feel companies and boards are not producing effective sustainability disclosures or implementing frameworks for managing these issues, we will hold board members accountable.” Once the board has an understanding of the company’s current ESG reporting status, the next step is then to understand the strategic objectives of management’s ESG reporting and how to get there.
In determining this position, the board may want to consider the following:
- What information might be relevant to investors and other stakeholders?
- How has management incorporated ESG into the company’s long-term strategy?
- What are the expectations of investors, stakeholders, and the landscape around the ESG raters and analysts? Is the information needed by investors disclosed?
- Is the company ready for an attestation of this information? As part of attest services, auditors are required to obtain an understanding of management’s relevant processes and internal controls. Has the company identified the key processes and controls related to ESG disclosures? If no, what steps are needed to enhance the reliability of this information?
- What legal risks and requirements regarding disclosure of ESG information should be considered?
ESG considerations and questions for investors
As they make their investment decisions, investors may want to consider the following aspects of ESG information.
Consider how the ESG information was developed
Understanding how this information was developed is important in determining which additional factors should be considered before relying on the information. For example, if investors are using the information to compare carbon emissions across an industry, it will be important to understand the differences in calculation of the metric from one company to another to understand if the amounts are comparable. Investors should understand that ESG information is typically collected, analyzed, and presented differently from financial information. ESG information can be measured and presented in many different units of measures and collected and analyzed through systems and controls that are typically outside those that generate financial reporting. It is important for investors to consider whether the company has robust policies and procedures in place to promote consistency and quality of ESG information.
Consider whether the information is standardized
Standardized information can help investors understand the calculation and comparability of metrics across companies. If the information is not standardized, investors may want to consider whether this calls into question the relevance and reliability of the information.
Consider the reliability of the data
When evaluating the reliability of the data, investors may want to ask the following questions:
- From where am I getting the data? From the company directly? From a data aggregator? From a ratings agency? What is the governance structure around the data from the provider?
- Does management disclose its processes for preparing and presenting this information?
- Was the metric prepared and presented in accordance with a standard and/or a framework?
- Has the metric been disclosed consistently year over year? If so, was the calculation the same each year?
- Has third-party assurance been provided on the information? If so, by whom (e.g., engineering firm, independent accounting firm, environmental firm)?
- What was the level of assurance (e.g., reasonable vs. limited)?
What are the qualifications of the assurance provider, and what does the assurance incorporate (e.g., some non-CPA firms qualify the assurance and say they are not opining on the accuracy of the data)?
Why are auditors well-positioned to provide assurance on ESG information?
Where do audit committees and investors start?
With ESG information gaining prominence in the capital markets, how a company tells its ESG story is becoming more important to both companies and investors. Independent assurance can enhance the reliability of information that companies disclose. This publication serves to foster an understanding of the existing ESG landscape, including the implications of the current reporting environment, and of how auditors can help boards and investors promote the use of high-quality comparable, reliable, and relevant ESG disclosure.