As investor demands and regulatory requirements lead towards more disclosure of environmental, social, and governance (ESG) data, company leaders are faced with difficult decisions.
It’s not easy to figure out exactly which metrics to share, where to disclose them, or even which framework to use for reporting the information.
“You need to define your metrics, goals, and targets, conclude on which standards to follow, and/or if you'll create your own KPIs,” Maura Hodge, CPA, an audit partner at KPMG US who leads the firm’s ESG and sustainability assurance practice, said in a recent webcast.
The current ESG reporting landscape lacks agreed-upon standards, resulting in reports that are inconsistent, unreliable, and incomparable with other organisations. But that’s not stopping companies from disclosing on sustainability matters, whether it’s labelled as ESG, corporate social responsibility (CSR), or something else. A report by the Governance & Accountability Institute last year found that 90% of companies in the S&P 500 publish sustainability or corporate responsibility reports.
One driver for the rise of ESG reporting is demand from investors. Another is increasing regulation, such as the EU’s Sustainable Finance Disclosure Regulation. In the US, the Securities and Exchange Commission is expected to unveil its proposal for disclosures on climate change and human capital by the end of this year. Companies that don’t want to be caught unprepared when mandatory ESG reporting becomes widespread have begun disclosing issues that are material to their businesses.
Michael Bueker, senior vice-president of finance for the Middle East at Siemens Energy, shared in an FM podcast episode recently that the ESG reporting journey takes several years and the company is still on a journey to improve its process.
“It’s a transformation. … We are spending a lot of time and effort to train people, to give them a clear perspective … so that they understand that this is a positive journey for all of us,” he said.
So, what are the specific steps involved in this journey?
Hodge outlined five stages — establish, assess, design and implementation, sustain, and assure — in an ESG reporting journey.
A company’s support for ESG issues doesn’t come from a report, but from its strategy. However, the reporting of the strategy is crucial to communicating how that strategy will be implemented. To get started, companies typically start with a stakeholder materiality assessment, Hodge said.
In the assessment, a company engages with all its stakeholders to understand what is most important to them and how those priorities align to its business, she added. Following that, the company will need to define its metrics, goals, and targets, and a reporting standard to follow.
“A lot of times companies are creating their own key performance indicators because they feel like the commitments that they have set don’t necessarily align with the [reporting] standards out there,” she said. “I think of those almost like non-GAAP measures, similar to what we do with financial statements.”
She explained that the sustainability or ESG standards and frameworks are helpful to provide comparability across companies but that measuring a different set of indicators internally to track performance is completely appropriate.
Another consideration during this phase is how and where this information will be reported.
“Will it all only go in SEC filings, will you have a stand-alone corporate responsibility or sustainability report, or will you have a separate [Sustainability Accounting Standards Board] or [Task Force on Climate-Related Financial Disclosures] report?” Hodge said. “I think companies are grappling with all these, and it’s really [about] assessing the cost and benefit of each one of them.”
In this second phase, companies should look at current processes and procedures to determine if there are controls in place and where control gaps may be present. The end destination for the information may drive the process.
If the data is for a corporate filing such as the AR01 in the UK or the 10-K filing in the US, companies may need a more rigorous process to meet internal control limitations. This differs from information that will be going to the corporate website, which is connected to brand and reputation, and requires a lower level of rigour as long as there is evidence to support the claims made, Hodge said.
“During this phase, it’s also really important to be thinking about technology,” she added. “How you can utilise technology to create efficiencies and effectiveness, and create quality data throughout your process.”
3. Design and implementation
This phase is about deciding how to implement controls and who will act on those controls. Hodge said it’s also about figuring out how to connect ESG issues with financial reporting. Here, companies should find out where they might need different policies and procedures.
For example, if a company decides that one of its ESG goals is to achieve gender pay parity and has decided on the metrics, it will need to make sure that the data collection process has no gap.
“What often happens is the person collecting the data sends an email to someone and says, ‘Hey, send me a report with all the salaries of everybody in the company’, and sometimes that data is incomplete because of confidentiality reasons,” Hodge explained.
In designing the process, companies may also realise that there can be efficiency gains from adjusting HR systems to collect additional data that is needed.
Once a company begins collecting ESG data, it needs to ensure continuous monitoring. This may include having controls tested throughout the year and making sure there is evidence to support audit trails or certifications.
“We’re talking a lot with our clients about adding a certification process where the data owners and data collectors are certifying up to a steering committee or to a governance data lead in order to evidence that they’ve followed the procedures,” Hodge said.
“Ultimately, when you have all of your data in order and you know that you have that audit trail, you can begin to seek assurance,” she said.
Her work with companies involves assurance over their data, from greenhouse gas emissions to full sustainability or corporate responsibility reports.
“We believe that assurance will be inevitable. The European Union has it included in their proposed rules, [and] we’re waiting to see how the SEC will view it,” Hodge said. “But either way, you need to be prepared and ensure that you have that supporting documentation, whether it’s for internal audit purposes or for external audit purposes.”
Besides increasing regulations, she said that companies are assuring their ESG data for two other reasons: to lower borrowing costs and to spotlight ESG achievements to investors and the market.
Lastly, Hodge added that companies should expect their ESG journeys to take a minimum of two to three years, in view of future changes in government regulations and investors’ expectations.
“This [ESG reporting] process is extremely iterative … but you cannot wait,” she said. “It’s better to have a process in place today that can be tweaked rather than just starting from zero once we have full clarity of how this is going to play out.”
— Alexis See Tho (Alexis.SeeTho@aicpa-cima.com) is an FM magazine associate editor.