As companies fulfill these demands, they need to select the ESG metrics that are material value drivers for the business. They must also ensure the ESG data they disclose is accurate and reliable. This requires developing policies, processes, internal controls and governance similar to those they have for collecting and disclosing financial information. Because the audit committee has the most experience overseeing these kinds of matters, it is best positioned to oversee ESG disclosures, controls, processes, and assurance.
The audit committee’s expertise in financial reporting enables it to understand and assess the soundness of the methodologies and policies management is using to develop its metrics and other ESG disclosures. They can also help determine whether a company’s internal controls are sufficient for ensuring the accuracy, reliability, and consistency of the data over time.
Weighing Double Materiality
Most people think of materiality as it relates to a company’s financial statements. However, companies should balance financial materiality against the interest of all stakeholders not just shareholders. This “double materiality” covers:
- Financial materiality: how ESG issues will impact a company’s financial performance and ability to create long-term value.
- Social materiality: how a company’s actions impact people and the planet.
When deciding what ESG information to disclose outside the financial statements, companies should consider the kind of materiality their stakeholders value most. For example, financial investors are typically interested in financially material information, while stakeholders such as ESG investors want material information about environmental and social impacts. If stakeholders are calling for a particular kind of ESG information, it can damage a company’s reputation and long-term value to withhold it.
The Audit Committee’s Framework to Overseeing ESG
- Disclosures: Are the ESG disclosures (both qualitative and quantitative) investor grade? Which ESG frameworks or standards is the company using?
- Processes and controls: Are there processes and controls in place to ensure ESG disclosures are accurate, comparable, and consistent?
- Assurance: Should independent assurance be obtained to ensure ESG disclosures are reliable?
Overseeing ESG Disclosures
As investors and other stakeholders push for more ESG information, companies have already increased their disclosures voluntarily. US companies often provide this information in standalone sustainability reports, on their websites, in regulatory filings, and stakeholder presentations. Although 90% of S&P 500 companies publish annual sustainability reports, stakeholders continue to apply pressure. They want higher quality, more consistent ESG disclosures that comply with recognized standards and frameworks.
To address the disparate reporting among companies, some of the world’s largest institutional investors have publicly expressed support for moving to a single global standard. Several have encouraged companies to report their ESG information using the recommendations of the Task Force on Climate related Financial Disclosures (TCFD) and the Sustainability Accounting Standards Board (SASB). But without rules based reporting requirements, companies have many options. (For information on other standards and frameworks, see ESG oversight: The corporate director’s guide.)
When approaching ESG disclosures, management must first determine which ESG information is financially and socially material to their company’s operations and performance. Then, they should choose the most appropriate places to make the disclosures. This could be a sustainability report, a regulatory filing, or on their corporate website. Finally, because companies often disclose ESG information in several places, management needs to ensure the information is consistent across platforms.
Audit committees overseeing management’s process for determining ESG disclosures may want to ask the following questions:
- What has management identified as the company’s ESG risks and opportunities?
- Which ESG frameworks or standards are they using? Why have they chosen a particular framework?
- What types of ESG information are key stakeholders asking for, and how is management planning to address them?
- How is management preparing for increased regulatory disclosure requirements?
Overseeing ESG Processes and Controls
Some companies are realizing they don’t have the technology systems and information gathering processes in place to comply with the demands for greater ESG disclosure. They often track this data in spreadsheets with little uniformity around the types of information they gather. The lack of standardization makes it challenging to produce reliable data that can be consistently replicated. For companies to go from limited to leading, they will need real time reporting and analytics, as well as effective policies and compliance monitoring.
That’s why the ESG information a company discloses should be collected, consolidated, and disclosed with the same rigor as financial information. This means setting standards and policies to establish and maintain robust governance. The SEC has also emphasized the need for disclosure controls and procedures for ESG metrics included in SEC filings. These cannot be developed overnight. They need to be designed, documented, and tested to ensure they operate as intended . Information technology options to gather ESG data are limited today, but evolving quickly.
Throughout this process, management can call on internal audit for guidance. Using their knowledge of the company’s operations, internal audit can make recommendations about processes, control design, and data governance. It can also help with compliance and monitoring consistency and comparability by benchmarking the company’s efforts against its peers.
To oversee ESG processes and controls, the audit committee may want to ask the following questions:
- How is the company collecting ESG information?
- What are the data collection policies?
- What controls are in place to ensure that ESG information is reliable and complete?
- What additional resources may be necessary to implement new ESG processes and controls?
- How is the disclosure committee involved in the process?
- What is internal audit’s involvement? What are their findings and recommendations?
On the Horizon: Financial Statement Impacts
As companies invest in technology, research, and development to meet their ESG objectives, it will impact their cash flow and financial statements. For example, as car companies make net zero commitments, they may need to develop new or transform existing manufacturing plants to build electric vehicles.
Initiatives of that size would require approval from the full board. But once the board has signed off, it’s the audit committee that needs to pay close attention to the details of these investments and how they might get reflected in the financial statements.
How will these projects be financed? Is management taking advantage of the tax credits and incentives provided by federal, state and local governments to encourage companies to integrate ESG into their strategy? Those are just a few of the questions the audit committee should be asking.
Another issue the audit committee will need to monitor is how management is accounting for new types of assets, like carbon offsets, that aren’t covered by US GAAP rules.
The audit committee can also ask:
- How will the company’s ESG commitments impact its financial statements?
- Has management communicated its forecasted projections and necessary investments in financial statements?
- How is management keeping up with regulatory changes in these areas?
- What is the plan for evaluating the return on sustainability investments?
- Has management considered the impact of strategy changes on the valuations of existing assets and their useful lives?
Overseeing ESG Assurance
Obtaining some level of independent assurance (either reasonable or limited assurance) builds confidence that the information disclosed is accurate and reliable. Yet in 2019, only 29% of S&P 500 companies had some or all of their sustainability information subject to some sort of third party assurance. More recently, the European Commission adopted a proposal that requires companies subject to its Corporate Sustainability Responsibility Reporting Directive to have the ESG data they disclose subject to an independent limited assurance engagement.
Because the EU has generally been ahead of the US in its ESG reporting requirements, it could signal what’s on the horizon for other jurisdictions. So although nearly 70% of US directors think the current system of voluntary ESG reporting and disclosure is preferable, it might be prudent to prepare for mandatory reporting. With the increasing global focus on climate change and investor pressure for better ESG reporting, we anticipate a shift to mandatory reporting that may require assurance.
Don’t Forget the Charter
When an audit committee begins to oversee ESG processes, controls, disclosures, and assurance, it should update its charter to reflect the new responsibility.
To better oversee ESG assurance, the audit committee may want to ask the following questions:
- Have investors or other stakeholders requested assurance over the ESG reporting? If so, have they indicated what level of assurance they prefer?
- If the company includes ESG information in its SEC filings, has management considered whether some level of assurance would increase confidence in the disclosures?
- How is management keeping abreast of new and emerging regulatory assurance requirements?
As companies continue to integrate ESG into their strategies, they will need input from the full board. Boards that leverage the audit committee’s financial disclosure oversight expertise by assigning them the responsibility to oversee ESG disclosures can get ahead of the growing demand for this information. Enhanced ESG disclosure is a trend that’s only going to intensify in the coming years as regulators respond to rising concerns about the impact of environmental and social issues on business operations and performance.