The past several years have seen growing pressure on companies to demonstrate their progress on environmental, social and governance (ESG) goals. What role should internal and third-party auditors play in reviewing and providing assurance for organizations' ESG programs? What happens when auditors are legally required to provide assurance on those ESG programs?
At Modern Governance Summit 2022, Helle Bank Jorgensen, CEO of Competent Boards and a former auditor herself, and Kristen Sullivan, Partner, US Sustainability and ESG Services Leader at Deloitte & Touche LLP, shared their insights on the trends, issues and challenges facing audit teams as stakeholders and regulators continue to demand greater ESG transparency and assurance.
What Evolving Global ESG Trends Mean for Audit Teams
Investors are not the only stakeholders who expect more from organizations today — consumers, employees and suppliers seek company practices that are in closer alignment with their own environmental and social priorities.
Recent regulations in both the US and Europe (including the SEC’s climate disclosure proposal and the EU’s CSRD, respectively) reflect this growing focus on ESG.
What does this mean for auditors? Sullivan explained the significance.
“Look at what’s happening internationally,” she said. “The EU is moving fast and furious and comprehensively [on ESG]. The SEC is focused on climate. Many of the organizations [auditors] work for and engage with are going to be required to audit [ESG data].”
This means the time for auditors to act is now; they must establish a clear governance structure for ESG audits and align their strategic objectives to areas of impact. But in order to withstand market scrutiny, auditors and accountants must be able to trust the data they collect.
As Sullivan noted, there’s an immense diversity in ESG practice among organizations. Even many of the most sophisticated organizations don’t have an enterprise resource planning (ERP) system reporting ESG data. Additionally, how auditors access ESG data (if they currently access it at all), apply methodologies and handle that data is different from how they audit traditional financial data. Consequently, auditors frequently need to build from the ground up the processes that allow them to provide assurance over ESG initiatives.
How Is the Role of the Auditor Becoming More Critical?
As increased disclosure becomes the norm, the way companies provide ESG information also becomes more important. Climate-related impacts are showing up in more financial reports today, and auditors are already evaluating how those impacts are generated, how they’re captured and the risks they create.
In doing so, auditors can help drive trust and build the board’s confidence in data, which helps boards make better choices and build value. However, as Jorgensen explained, auditors must first know which questions to ask, because decisions based on incomplete data are fuel for inefficiency and risk.
“We don’t have the debit/credit for this data,” said Jorgensen. “How do we ensure we have the info we need? I don’t want to be accused of greenwashing. What are the questions I need to ask? How do I know if I can sign off on this data?”
Indeed, ensuring the accuracy and relevancy of data is key to avoiding accusations of greenwashing, and it’s important to remember that what is voluntary today will likely become a requirement very soon.
"The role of the auditor in driving trust and confidence is to enhance confidence in the data, and to improve the board’s confidence that they’re being stewards of responsibility and they’re making the right choices," explained Sullivan. "If they’re making decisions on incomplete data, that’s fuel for inefficiency and risk. That's the critical role that assurance plays, even in a voluntary landscape."
Sullivan also pointed out that 2022 has seen a major focus on accountability. In order to set a coordinated and accelerated pace of change, auditors must be able to evaluate whether the ESG data being provided is in accordance with established standards, and they must put in place clear governance structures for auditing the data.
According to Jorgensen, CFOs are also taking an increasingly proactive approach, asking auditors, “How do we ensure we have the [right] systems in place? How do we apply the same rigor to all this [non-financial] data?”
“No one wants the sudden message that 'We need to do a restatement,'” said Jorgensen.
Aligning Your ESG Strategy to Established Frameworks
Both Sullivan and Jorgensen highlighted the importance of aligning audit strategies to specific ESG frameworks, such as the Task Force on Climate-related Financial Disclosures (TCFD).
The International Sustainability Standards Board (ISSB) takes the TCFD a step further by providing more specific criteria for what needs to be disclosed. The ISSB serves as a foundation and helps to create a global baseline in standards. This is important for all businesses, because even those that don’t have a global presence still engage with global suppliers and other key stakeholders.
"The TCFD is a framework, a guide," said Sullivan. "It doesn't provide the criteria to follow from a data perspective. The ISSB takes the TCFD framework and puts meats on the bones about what needs to be disclosed."
How Audit Teams Can Provide Assurance for ESG Programs: 4 Steps
Sullivan and Jorgensen shared several practical tips for organizations to create a successful audit strategy when it comes to reporting on ESG efforts:
1. Start with a materiality assessment: Materiality is the foundation for understanding how to prioritize your approach and tie it to your business strategy. At this point, companies should identify who their stakeholders are, and distill down a set of data considerations that they can test with their stakeholders.
"It's a false narrative that ESG is 'non-financial info' because it is financial and it will eventually manifest itself financially," said Sullivan. “ESG may not be quantifiable in the short term, but it will become financially material."
The SEC’s climate disclosure proposal features key concepts around materiality. It introduces the idea of a 1% threshold requiring companies to assess risk on operations and expenditures. This offers a line of sight into commitments and how companies are delivering on those commitments.
2. Put a governance structure in place: Once priorities have been identified through a materiality assessment, auditors can put the right data governance structure in place to conduct effective audits.
Start by identifying which data you need to assemble, determine rights and responsibilities, then prepare to begin reporting.
Be careful not to overlook data sources. Jorgensen advised, "Look at your company's communication and marketing materials. Do you have the underlying documentation you need for that? Even in marketing materials, companies are saying something you as an auditor may not be comfortable with."
3. Bring the board on board: As auditors begin the reporting process, Jorgensen recommends involving the board. "Directors care about the hidden trends that will impact performance," she said. "Identify for the board what's material now, and what's going to be material three, four or five years from now. Identify what's at stake. It's a lot of risk — not just financial risk, but reputational risk. ESG is a risk for the board of directors."
4. Begin preparing for where the organization wants to go: Focusing only on auditing current ESG programs without looking ahead can leave organizations unprepared for what's coming. "What does your organization's transition plan look like?" Jorgensen asked. "Are you trying to get to Net Zero? Do you have the right competencies on the board and in the C-suite to get there? Do you have the right auditors who feel they can sign off on these things?"
Sullivan added, “As organizations get more proactive and intentional [about ESG], it’s about, ‘How do we intentionally take these market indicators and regulations to make the pivot and capture value, to tap into a new market, to tap into new research and development?’”
How the Right Audit Solution Can Help
Today’s audit teams face increased responsibility when it comes to an organization’s ESG-related data and reporting, but the right technology can make their jobs easier and less prone to errors.
Solutions like Diligent’s Audit Management software offer automated workflows that allow teams to derive the most value from their audits in the least amount of time, while delivering assurance with ongoing, automated testing. With dashboards that offer real-time insights and reports, audit teams can build executive confidence and ensure they have data that is defensible to regulators and external auditors.
Additionally, the Diligent ESG Leadership Certificate Program, created in partnership with Competent Boards, helps organizational or team leaders at every level prepare for ESG requirements and challenges.
"It’s very clear the direction of travel," Sullivan said. "Establish the governance structure you will need. Align your strategic objectives to these areas of impact. Institute policies and controls to withstand market scrutiny. The time to act is now."