As noted in the G&A report discussed above, a significant number of large-cap companies obtain some level of third-party assurance for their sustainability reporting. The Center for Audit Quality (CAQ) addresses that aspect of sustainability or ESG (environmental, social, and governance) disclosure in The Role of Auditors in Company-Prepared ESG Information: Present and Future. In the CAQ’s view, independent assurance provided by the auditor “can enhance the reliability of information that companies disclose.”
Consistent with the G&A report and many other studies (see Sustainability Reporting Continues to Grow – Both Inside and Outside SEC Filings, November-December 2019 Update), the CAQ states that ESG information is “gaining prominence” in the capital markets,” and “how a company tells its ESG story is becoming more important to both companies and investors.” The CAQ report provides an overview of ESG reporting, how investors use ESG information, and how public company auditors can enhance the reliability of ESG disclosures. The CAQ report consist of four sections, summarized below.
The Basics on Today’s ESG Reporting.
This section describes ESG reporting, discusses ESG disclosure standards and frameworks, and provides information about how investors use ESG information in their decision-making.
What is ESG Reporting? “ESG reporting encompasses both qualitative discussions of topics as well as quantitative metrics used to measure a company’s performance against ESG risks, opportunities, and related strategies.” According to the CAQ:
The E, or environmental, component of ESG information encompasses how a company is exposed to and manages risks and opportunities related to climate, natural resource scarcity, pollution, waste, and other environmental factors.
The S, or social, component of ESG includes information about the company’s values and business relationships. For example, social topics include labor and supply-chain standards, employee health and safety, product quality and safety, privacy and data security, and diversity and inclusion policies and efforts.
The G, or governance, component of ESG incorporates information about a company’s corporate governance. This could include information on the structure and diversity of the board of directors; executive compensation; critical event responsiveness; corporate resiliency; and policies on lobbying, political contributions, and bribery and corruption.
How is ESG Information Presented? The report discusses where and how companies make ESG disclosure. “Disclosure mechanisms include sustainability reports, CSR reports, a dedicated sustainability company website, integrated reports, or SEC filings (e.g., 10-K, 8-K, Proxy, annual report).” It also describes and compares sustainability disclosure frameworks (such as the recommendations of the Task Force on Climate-related Financial) and standards (such as those promulgated by the Sustainability Accounting Standards Board and by the Global Reporting Initiative). As the CAQ notes, “It is important for users of ESG information to understand whether the information has been presented in accordance with a framework or standard and whether there have been adjustments to make a metric bespoke to the company.”
What are Management’s Responsibilities for ESG Disclosures? ESG information that is disclosed on a company website or in a sustainability report is subject to SEC Rule 10b-5, which prohibits, among other things, making any untrue statements of material fact that is necessary in order to make the statements, in the light of the circumstances under which they were made, not misleading. ESG information that appears in an SEC filing is required to comply with SEC disclosure controls and procedures and any other applicable SEC rules for that filing and is also subject to Rule 10b-5.
How Do Investors Use This Information? “Investors are increasingly focused on ESG information because they find such information helpful in understanding a company’s long-term value creation story, and the information enables them to manage their investments based on ESG risks.” Credit-rating agencies also frequently incorporate ESG factors into their ratings determinations.
The Auditor’s Role in ESG: Present and Future.
The financial statement auditor is required to read and consider information, such as ESG disclosure, that is included in the same document as the audited financial statements. (Essentially, the auditor’s responsibility is to inform management if such same-document disclosures are inconsistent with the financial statements.) Absent a separate engagement, the auditor has no responsibility for ESG information that is disclosed outside of the document that contains the financial statements, such as in a sustainability report.
In the CAQ’s view, auditors are well-positioned to provide assurance on ESG disclosures. By obtaining third-party assurance, a public company can enhance the reliability of ESG information presented to investors and other stakeholders. The CAQ lays out reasons why a company’s financial statement auditor is the logical choice to provide such assurance, including independence, experience in understanding business processes and risk, and access to subject matter experts.
Management has flexibility in selecting the level of auditor assurance over ESG disclosures. Conceptually, there are two choices -- companies can engage the auditor to provide reasonable assurance (e.g., an affirmative opinion) based on examination procedures or limited assurance (e.g., negative assurance) based on review procedures. The report discusses three recent examples (Vornado, Esty, and GUESS?).
ESG Considerations and Questions for Boards.
This section of the report includes broad questions that board members may want to consider to understand key ESG risks and opportunities, governance and oversight of those topics, and metrics to measure progress. These questions fall under two headings:
Consider Where the Company is Today Regarding ESG Reporting. For example, “Does the company have the appropriate internal controls, policies, and personnel in place to accurately track and disclose ESG information?” and “Who in management is preparing and providing the ESG information, and what is the finance function’s role in the preparation of this information?”
Consider Where the Company Wants to Go with ESG Reporting. For example, “What are the expectations of investors, stakeholders, and the landscape around the ESG raters and analysts?” and “Is the company ready for an attestation of this information?
ESG Considerations and Questions for Investors.
The final section suggests a series of questions that investors may want to consider in using ESG disclosures in investment decision-making. The questions fall into three categories: how the ESG information was developed, whether the information is standardized, and the reliability of the data.
Comment: As noted above, the CAQ report includes broad, overview questions that board members can use to explore ESG reporting with management and auditors. Oversight of the auditor is of course an audit committee responsibility, and in most cases, oversight of ESG disclosures is also likely to be assigned to the audit committee. Accordingly, audit committees may want to consider using these questions as a starting point for dialogue on these issues. More generally, as discussed above in the comments on the G&A report, ESG disclosure is becoming an important topic for most public companies, and audit committees will need to devote their attention to the reliability of this information. Auditor (or other third-party) assurance with respect to ESG disclosure is an important tool in promoting reliability and is likely to become more common.