The move toward sustainability reporting has been taking hold across many companies, and recently released guidance can help accountants and auditors with establishing effective internal controls over such reporting.
In late March, the Committee of Sponsoring Organizations of the Treadway Commission, also known as COSO, released the
COSO was originally formed in 1985 and is jointly sponsored by the American Accounting Association, the American Institute of CPAs, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors. Its internal control framework has been in use since 1992 and was updated in 2013. Now with the growth of investment in environmental, social and governance funds and the related ESG reporting and assurance, COSO decided to provide guidance on how to apply the venerable framework to improving confidence in sustainability performance data.
That's especially important now with the Securities and Exchange Commission's expected move to finalize a climate-related disclosure rule for public companies in the next few months that it proposed in March of last year. The International Sustainability Standards Board also plans to finalize the climate and sustainability standards it proposed last year with an effective date of 2024 (
The ISSB standards leverage earlier standards built by the Sustainability Accounting Standards Board, which was merged into the ISSB last year as part of the consolidation of the Value Reporting Foundation into the ISSB. The COSO guidance too is based on the SASB standards.
"So far, the response to this report has been so exciting and positive," said Shari Littan, director of corporate reporting and research at the Institute of Management Accountants. "It lays out all the different aspects of the framework and gives the background in a way that helps people understand it in a clearer way. We're hearing that the timing is absolutely perfect because so many major regulations or authoritative standards are either in proposal or getting closer to actuality and release."
The upcoming rules and standards may be creating more demand for such guidance.
"There's so much need because those proposed mandates are extensive and novel in a lot of ways," said Littan. "Companies and all sorts of corporate and market professionals are considering how to address all of these new mandates, and these new methods of accounting and potentially auditing. A roadmap is helpful in understanding, prioritizing and implementing so much information, and help is needed on how to operationalize these new types of reporting practices."
COSO reached out to a number of accountants for their input on the report.
"As the folks from COSO, in particular from the IMA that were part of the committee, were putting this together, we were one of the parties that was interviewed by the team in the process," said Mark LaMonte, a partner in the advisory practice of WilliamsMarston, an accounting, tax and valuation advisory firm. "Helping companies with these types of issues is one of the things we do. ESG reporting — producing sustainability reports or corporate social responsibility reports — to date has largely been a public relations exercise. There are standards out there, but it was really about companies putting their best foot forward in a public relations type of way. Now, with the SEC on the eve of coming out with new rules, instead of becoming a corporate communication exercise, it's becoming an exercise where a company's financial reporting group is going to need to take a heightened level of control around what is being done for sustainability reporting."
The SEC is likely going to be looking for companies to put internal controls in place around their climate-related disclosures.
"There are increasing expectations, in particular when the SEC rules come out, that this will be done in a way that is subjected to the internal controls that are very much like the internal controls that companies apply today for their general purpose financial reporting, producing their financial statements, producing their management discussion and analysis that goes into 10-K filings," said LaMonte.
Public companies in particular will now need to take the reporting more seriously with the rigor required of setting up internal controls to avoid inflated sustainability claims.
"The advice we're giving companies is these rules are coming, and you need to get out ahead of them, because the SEC is going to give a very short timeframe for companies to get up to speed on this and be reporting in a much more controlled manner than they historically have when it was an exercise that was largely left up to corporate communications," said LaMonte. "Now it needs to be owned by the financial reporting groups."
An educational tool
The guidance can help accountants apply some internal controls to the thorny area of sustainability reporting and help companies avoid charges of greenwashing.
"This guidance from COSO is something that has been needed for for a while now," said Steve Wang, a managing director and U.S. ESG engagement leader at the consulting firm Protiviti. "I'm just happy that it's come out. When you break it down, there are many specific uses for the content, depending on the level of maturity of your overall ESG program."
He sees the guidance as a way of educating companies about the need to set up internal control processes.
"You can essentially use the guidance to educate, and essentially level set with a whole bunch of internal control and process and data owners in the organization on what is an internal control," said Wang. "There's actually a lot of stuff in there to just use for educational material. If you think about a business, there are probably more employees in a company that don't even know what an internal control is than those who do, and typically the ones that do are sitting in financial reporting."
The guidance explains some of the benefits of having an ESG program. "Some of this is better access to capital and lower cost of capital," said Wang. "There's greater overall market efficiency, enhanced understanding of risk, and how to go about mitigating that. There's a list of seven or eight different benefits in there that you can use to help those organizations that don't have much of an ESG program, or they don't necessarily have a sound internal control environment to equip them with going to leadership and saying this is exactly why we need this."
The guidance suggests companies do a mapping exercise to prove their internal control processes around ESG are sound, similar to what many organizations did in 2013 when COSO's updated internal controls framework came out
"Many companies now understand more and more the importance of ESG controls," said Wang. "But because this could be a very monumental task for a lot of companies, I tell most of them to start out with greenhouse gas emissions. Because of pending regulation, greenhouse gas emission is something that is going to be an area of focus. There's most likely going to be some level of limited and reasonable assurance requirements that come out. And then also start with your management review and consolidation disclosure controls. So as opposed to going through and tackling all of your material topics, at least hit those two areas first."
The COSO guidance includes many illustrative examples to spur ideas around what can be done within an organization to promote sustainability reporting controls. Technology can also play a role in sustainability reporting, and the guidance offers some advice on that as well.
"There are a lot of new applications that are starting to be developed around ESG," said Wang. "They've been around, but then they've had to mature quite a bit over the last couple of years. Just make sure that all of those are subject to your typical change management security operations controls."
The COSO guidance can help outside accountants and auditors provide assurance on a company's sustainability report.
"In order to have assurance on some type of corporate reporting, you need a system and you need a process," said Littan. "We learned in the world of financial accounting and reporting how important and critical it is to have governance structures and oversight systems. That's not inhibitive. If you look at the framework, it's actually holistic. It's actually about an integrated approach. You need enterprise-wide support, buy in and commitment to achieve those objectives, whether those are mainstream traditional objectives and sustainable businesses objectives. Enterprise-wide reporting is one of those objectives."
"But it's also a management consideration where we put resources," she continued. "Human resources are part of a control system, along with oversight by a board of directors, and their competence and understanding of purpose, and implementing and achieving objectives. All of that is part of the ecosystem. That's why this report is so exciting. Yes, it does support reporting and control, but it also does so in a way that stands on understanding what an organization is aiming to achieve."
