During the past year, many public companies have focused on the opportunities and challenges that environmental, social, and governance (ESG) factors present in shaping corporate value creation strategy and public disclosures. This focus has been driven in part by changing views of the relationship between companies and their stakeholders. See, e.g., the Business Roundtable’s 2019 Statement on the Purpose of a Corporation. Another key factor is the increasingly vocal demands of institutional investors for disclosure of information on the company’s ESG performance and strategy. See, e.g., Blackrock Chairman and CEO Larry Fink’s 2020 Letter to CEOs and the Investment Company Institute’s December 7 announcement that its board has unanimously called on all U.S. public companies to provide enhanced ESG reporting, including by implementing the Sustainability Accounting Standards Board’s (SASB) disclosures.
These watershed developments raise questions about how boards of directors should structure their oversight of ESG strategy and disclosure and about the role of the audit committee. Two major accounting firms have recently presented their perspectives on the relationship between the audit committee’s work and ESG disclosure and oversight.
Deloitte
The November, 2020 edition of the Deloitte Center for Board Effectiveness’s publication, On the board’s agenda, includes Defining the role of the audit committee in overseeing ESG which provides background on how boards are addressing ESG oversight and suggests questions for audit committees to consider in defining their role.
Deloitte analyzed the 2020 proxy statements of the S&P 500 to determine whether the full board or a specific committee was primarily responsible for oversight of ESG initiatives. Deloitte found that considerable variability in the allocation of ESG oversight. The committees to which this responsibility was assigned were:
Nominating and Governance committee (41 percent)
ESG/Sustainability committee (10 percent)
Other committees (8 percent)
Full board (7 percent)
Health and Safety committee (5 percent)
Audit committee (1 percent)
Not disclosed (28 percent)
Deloitte’s research also highlighted industry variability in board-level in ESG oversight, although no industry sector relied heavily on the audit committee. (At three percent, the Consumer sector had the highest percentage of companies that assigned ESG oversight to the audit committee.) Although audit committees rarely have substantive responsibility for ESG oversight, Deloitte notes that ESG issues have a nexus to several core audit committee functions.
Risk. The audit committee typically has responsibility for financial risk and for oversight of the company’s overall risk management efforts, although specific risk areas may be allocated to other committees. Deloitte suggests that the same may be true for board ESG oversight. “An important consideration with regard to ESG oversight is the intersection of risk oversight responsibilities and the need for alignment of key risks that may fall under the environmental or societal categories of ESG” within the purview of other committees.
Disclosure substance. Disclosure oversight is an audit committee responsibility, and, as ESG disclosures become more critical, audit committees will need to focus on them. For example, the SEC’s recent Regulation S-K amendments require enhanced human capital disclosure in financial filings. See SASB Provides Guidance on How its Standards Can Help Companies Comply with the SEC’s New Human Capital Disclosure Requirement in this Update. While other committees may also be involved, the audit committees should have a role in these disclosures. “Human capital management initiatives, including diversity and inclusion initiatives, may fall under the “S” category and be allocated to the compensation, management development committee, or its equivalent. However, the audit committee should be involved in understanding whether there are appropriate disclosure and internal control procedures associated with any metrics being disclosed.”
Disclosure practice. With respect to ESG disclosure generally, audit committee members “should understand how ESG risks are identified, prioritized, and serve to inform disclosure objectives and practices. They should also understand how materiality is defined when identifying ESG metrics for disclosure, the framework being used to tell the ESG story, the internal controls in place around associated metrics, and how those metrics are included on the company’s website and/or disclosed (i.e., in a separate sustainability report or integrated in an SEC filing).”
Auditor oversight. The audit committee’s external auditor oversight may expand to encompass oversight of assurance of ESG disclosures. The audit committee will have a “larger role to play in setting the tone with regard to the importance of assurance on ESG information.” Also, as suggested in a recent speech by PCAOB Board Member Brown, auditor discussion of ESG risks with the audit committee may result in ESG issues becoming critical audit matter disclosures.
As board-level ESG oversight evolves, Deloitte suggests that audit committees consider five questions:
Has the board defined its governance structure to facilitate effective oversight of the company’s ESG matters? Has the board defined the “primary” governance owner and further allocated key E&S factors to other relevant committees or the full board?
How has management determined priority ESG impacts and dependencies and identified material ESG measures?
What ESG standards or frameworks are being used to prepare ESG disclosures?
Are ESG disclosures subject to disclosure controls and procedures?
Has management considered obtaining assurance on its ESG disclosures? What level of engagement has management had with the independent auditor on ESG reporting?
PWC
In Defining the Audit Committee’s Role in ESG Oversight, a November 18 post on NACD BoardTalk, the blog of the National Association of Corporate Directors, Wes Bricker, a PwC chair and assurance leader, and Paula Loop, a PwC partner who leads PwC’s Governance Insights Center, offer thoughts on the role of the audit committee in ESG oversight. In several respects, PwC’s views parallel those of Deloitte.
Like Deloitte, Mr. Bricker and Ms. Loop note the potential for audit committee risk oversight to include ESG risks. They observe that most public companies delegate significant risk oversight to the audit committee, and that the scope of these risks has expanded over time to include cyber risk, data privacy, and other reputational risks. “PwC believes ESG is an area that warrants the committee’s attention, as well." In addition, Bricker and Loop see the audit committee as “a natural candidate to take on ESG reporting quality”:
Disclosures. Two key issues with respect to ESG disclosures are where disclosures will appear and whether the company will report based on one of the ESG frameworks, like SASB. “Determining where the company will be disclosing its ESG messaging—such as in corporate responsibility reports, proxy statements, the company website, * * * annual and quarterly reports, or earnings calls—is an important decision to make. * * * Companies also need to think about the use of standards and frameworks. Reporting a metric that is aligned to a standard or framework can provide additional integrity to the disclosure.”
Policies, procedures, and internal controls. “Companies will need to focus on the policies and procedures that feed the development of ESG metrics as well as the internal controls that ensure the metrics are accurate and consistently prepared.”
Independent assurance. The audit committee may want to consider whether ESG disclosures should be subject to independent review “to provide confidence and trust in the quality and transparency of information reported” since “undefined or misaligned information” may jeopardize the company’s reputation and credibility.
As a board determines how ESG oversight responsibility should be allocated, Mr. Bricker and Ms. Loop suggest consideration of several questions:
Will the full board take on the responsibility of broader categories of ESG oversight? Or is there a specific committee with the capacity, interest, and skills to take the lead on overseeing the company’s overall ESG efforts?
Have we considered how ESG oversight responsibilities should be operationalized and embedded in the current committee structure? Have committee charters and proxy statements been updated to transparently disclose to shareholders and other stakeholders the board’s allocation of ESG oversight responsibility?
Comment: Given the increasing focus on corporate ESG performance and disclosure, it seems inevitable that these issues will become an important aspect of the audit committee’s work. As the Deloitte and PwC papers indicate, audit committee ESG oversight responsibilities fall into four areas:
(1) risks arising from ESG issues, particularly those not within the remit of another board committee;
(2) the substance and format of ESG disclosures, including both those made voluntarily and those pursuant to regulatory requirements;
(3) controls and procedures to ensure the accuracy and completeness of ESG disclosures; and
(4) external auditor or other third-party assurance with respect to ESG disclosures.
Audit committees that are not already doing so should focus on these responsibilities and how they will be overseen. As indicated in prior Updates, controls and procedures are an especially important area because ESG disclosures are often made outside of the controls that govern other company disclosures but are increasingly viewed by investors as material and relied on in decision-making.