- The webcast provided insights into how the role of the finance function is evolving with regard to environmental, social and governance (ESG) matters.
- Professionals with a breadth of experience in corporate reporting explained how companies can implement the proper ESG data processes and controls, how they can utilize effective technology and tools, and what type of assurance over ESG data may be needed.
The following summarizes key takeaways and insights shared by our panelists from their recent work with clients:
- It is important for finance and the ESG teams to communicate as a cohesive, cross-functional organization with leadership and the board. That can be achieved by understanding the overall ESG journey and documenting related processes and controls to facilitate clarity and consistency of communications as it evolves.
- Now is the perfect time for a company to assess its current approach around the ESG reporting process and technology and to assess whether it meets the strategic objectives of finance and other relevant functions. It is important to align on strategy internally and understand available market solutions to prepare now for the future.
- ESG reporting should be a cross-functional undertaking since data is housed in different places and will be leveraged in different ways for different reports (and assumptions are made across the reporting process).
- The ESG disclosure landscape is evolving rapidly, so it is key for companies to have an inventory of what metrics are being disclosed, where they are disclosed, the relevant criteria and basis of preparation, whether applicable controls and policies are in place, and when external assurance is most appropriate.
Data processes and controls
The right data processes and controls can help teams work cross-functionally.
Can you describe some of your conversations with finance personnel at your clients about their ESG journey? What are their main concerns?
We look at ESG reporting as a cross-functional goal and begin by understanding what metrics the company currently reports and what we expect to report in the future. Typically, there’s a sustainability team that works across various operations and locations, so it’s important to ask how the data collection processes differ across various regions and functions and ultimately how the organization is trying to drive consistency in data.
This is very similar to financial reporting. For example, for an accounting estimate, the steps would be obtaining an understanding of that information, identifying who is collecting and providing data and information, and considering opportunities to streamline wherever possible and automate to drive consistency and efficiency.
Have you seen internal audit, or an equivalent working group, involved in this process? How could they be additive?
Yes, absolutely. Many internal audit teams are supporting these initiatives by testing the accuracy of disclosures, tying out data to source documentation prior to reporting and supporting external assurance. Additionally, I’ve also seen internal audit teams take the lead on assessments to understand the maturity of the ESG reporting function. This can involve activities such as peer benchmarking, identification of gaps in the current process and in some instances, control testing. This is quite similar to what internal audit does from a financial reporting perspective.
Does an ESG controls program typically involve only the finance function? Are you noticing any shifts in who owns this process?
A successful ESG controls program should be cross-functional. Whether this is a new endeavor for your company or you’re just working to mature in this area, all parties need to come to the table with their relevant skill set to achieve the organization’s goals and objectives. Subject-matter experts can lead and provide guidance; however, they can’t do it alone. The controllership function can serve as a second line of defense, bringing reporting expertise and experiences in working with internal audit, legal and investor relations to drive ESG reporting and related policies, controls and procedures.
What is important is that there is a consistent strategy across all of the different communication channels and that all parties are working to drive, enable and execute on that strategy. To do so, a strong governance structure should be in place so that the organization is aligned on reporting to meet stakeholder expectations. For this reason, the finance function often leads those initiatives.
How the right systems can streamline tracking ESG-related information.
Are there off-the-shelf IT systems or modules that handle ESG data collection and enable integration with the financial reporting software?
There are certain solutions that are fit for purpose for data collection and consolidation for specific areas of ESG reporting. However, once you go beyond some of those basic reporting frameworks to specializations, such as those related to operationalizing decarbonization and carbon offset management, they fall short. So, there is a need to think beyond the current reporting requirements and plan how to consolidate all aspects of ESG reporting. That is not something that you are going to be able to buy off the shelf.
Who typically owns ESG IT solutions? Is it one particular function or is it disbursed throughout various operations and divisions of the company?
At its core, ESG is fundamentally multidisciplinary. So, while there needs to be someone that “owns” the ESG IT solution for the company, it really depends on what’s fit for purpose for that company. What we often see is that companies with more complex, carbon-intensive operations typically have a sustainability or an Environmental, Health, Safety (EHS) technical function that owns the core ESG IT solution because so much of that work is very technical in nature. For companies with less complex carbon reporting, there is greater variation.
Regardless of who owns the IT solution, EHS, sustainability operations, supply chain, finance and IT should all be involved and collaboratively identify how to improve and enhance their existing systems. While having one team own IT is important, collaborative input across all areas of the company will likely lead to greater success and ultimately drive value to the entire company.
What are some considerations for a company as to whether it should build its own solution or purchase an existing software system?
Commercial off-the-shelf solutions are typically preferable for quickly evolving spaces like ESG reporting because the risk of that evolution is on the software provider. An individual company developing custom software would have to respond to every single reporting change, whereas a software company can respond once and leverage that response across its customers. Having a reputable commercial software provider that has a reputation for staying up to date with these changes (i.e., the consolidation of reporting frameworks, potential regulatory reporting requirements mandated by the SEC and EU) is likely to provide a lot more value and efficiency than trying to develop internally.
However, I would caveat that developing custom digital solutions does make sense for a lot of our clients, such as ones that have unique operations or novel data collection methods. There is often an opportunity to develop solutions collectively as part of an industry-wide consortium as well.
Could you differentiate between enterprise operational solutions as compared to those more focused on sustainability and environmental health and safety (EHS&S)? What are you seeing clients using today?
Many enterprise software companies are announcing their latest sustainability or ESG offerings, backed by significant investment. We are working with those companies as they’re evolving their offerings, but it’s important to remember that most are new and will require time to mature and be fit for purpose.
Legacy EHS&S vendors already have fit-for-purpose reporting solutions because sustainability reporting has been core to their offering for decades. Many companies are leveraging EHS&S solutions for their reporting today, but continue to keep an eye on some of those larger enterprise software companies to see whether that could work as a future long-term solution, since scaling could help strategically imbed ESG and sustainability throughout a company’s operations.
Considering external assurance of ESG-related information.
What is the scope of external assurance that companies typically request, especially given lack of a current mandate?
In the US, we typically see companies request external assurance over select metrics that they are disclosing in their sustainability or ESG reports. We also see some organizations that request external assurance on some of the metrics used to measure progress against specific sustainable goals or commitments. When possible, they’ll align those metrics with the frameworks, such as the Global Reporting Initiative (GRI) or Sustainability Accounting Standards Board (SASB). This can often be complex, and, in some cases, organizations might have to develop custom-made criteria for metrics that are specific to them.
There are a few reasons that companies request voluntary external assurance. One is industry or sector initiatives that require it or strongly recommend it. Some ESG questionnaires used by rating firms will also allocate additional points if assurance is provided. Additionally, companies that include ESG metrics in their reports may be asked by investors for external assurance like what you would see from a financial perspective. Because external assurance is still voluntary in the US, most ESG information is not filed with, or furnished to, the SEC.
Can you identify the different types of external assurance and offer some considerations as companies approach obtaining assurance?
There are two main levels of external assurance conducted in accordance with the AICPA’s “Attest Engagements” (AT-101) that organizations are receiving on their ESG-related data. One is limited assurance (also called review). The other is reasonable assurance (examination level). Most organizations are obtaining limited assurance over their ESG information.
In a review, auditors perform fewer procedures than if they were to provide a reasonable level of assurance. A limited assurance engagement mainly includes analytics and some limited substantive testing and provides negative assurance (i.e., nothing came to our attention that…), whereas ,in an examination, the auditor performs auditing procedures that may include walk-throughs, test of controls and much more extensive testing.
As companies are starting to get ready for external assurance, one consideration we discuss with our clients is setting boundaries (e.g., defining the scope and assessing what metrics should be disclosed). We also suggest taking an assessment of the documentation around the data aggregation, consolidation and reporting processes. Oftentimes, the documentation is disaggregated, and the organization might not be aware of what the full process completely looks like.
Are you seeing finance professionals become more involved in preparing for assurance of ESG information?
Finance can help document those processes, definitions, assumptions and estimations. Additionally, finance professionals can perform a second-level review of the control documentation and data. Finance teams can help the sustainability/ESG teams provide an overview of where the information will be shared, the purpose of aggregating the information and the importance of documentation. For example, obtaining greenhouse gas emissions or water or safety metrics often requires many employees across the organization to be involved in the process, and the process or data owners may not necessarily be aware of how or where the information will be used.
We see that involving the finance team, the risk team and controllers’ groups in the process of external assurance process is important since they can not only help the external audit team with getting the relevant information, but they can also be that bridge between the sustainability team and the external audit teams.
The ESG reporting process is a collaborative effort that brings together various individuals and their unique skill sets to support the organization in achieving its collective ESG goals and objectives. There is a heightened sense of urgency for companies to build out these processes, including the finance function. The integration of ESG-related commitments or goals into overall business strategy will likely require time and capital investment, but is expected to better prepare companies to further their ESG strategy and underpin it with an appropriate framework that is ready to address current and future needs of both regulatory and market expectations.
(Courtesy EY. By Marc Siegel, EY Americas Corporate and ESG Reporting Thought Leader, Financial Accounting Advisory Services)