ESG issues seem to be a hot issue this week, with two groups publishing reports meant to help companies understand what a good ESG function should be able to do — including how to police against ESG fraud.
Let’s start with the report on ESG reporting, published by Workiva. Workvia polled more than 1,300 corporate executives to ask them about the scope and maturity of the ESG functions at their companies. The big message: a solid majority of businesses are trying to develop ESG functions, but a solid majority also feel unprepared to meet regulatory demands for ESG reporting.
We first should note that Workiva has a commercial interest in this issue since it sells audit and risk management software that could assist companies with their ESG programs. That doesn’t mean the findings in this report are invalid. On the contrary, considering that many companies are giving an earful to the Securities and Exchange Commission right now that its proposed rule for climate change disclosures is unworkable, the findings in the Workiva report seem right on track with corporate thinking.
Speaking of those findings…
- 68 percent of organizations globally have established specific roles to oversee ESG reporting and initiatives;
- 75 percent have started formally reporting on their ESG, climate and sustainability, or corporate social responsibility data over the last three years;
- 63 percent of decision-makers see formal stakeholder engagement informing ESG materiality to a significant extent.
So lots of businesses are establishing roles, reporting ESG data, and engaging with stakeholders to consider what’s truly important to them. That tells me ESG is here to stay as a management concern.
The question then becomes whether you can develop an effective ESG function. Which brings us to…
- 63 percent of decision-makers currently feel unprepared to meet their ESG goals and government and regulatory reporting mandates;
- 76 percent of decision-makers believe technology is important to compiling and collaborating on ESG data; but
- Only 35 percent believe they can use technology and data very well to make decisions on advancing ESG strategy.
Perhaps the dichotomy here is a snapshot in time. For example, 55 percent of respondents said they started formally reporting ESG data only within the last two years; and another 14 percent said they haven’t begun formal reporting at all. In total, that’s nearly 70 percent of respondents who are still newbies at ESG reporting, and one might expect them still to struggle with finding the right technology and processes for data-driven decisions about ESG.
Let’s also note this chart from the Workiva report, showing how many respondents have already seen ESG reporting bring positive business benefits.
That might be the point worth pondering for compliance officers either picking up ESG responsibilities already or considering whether you want to move into that role. Everybody says ESG is important, and wants better information about ESG issues within your enterprise; but most companies are still struggling to figure out the right technology or processes to extract that data from operations (and especially when you need to extract it from third parties working within your extended enterprise). So the more you can figure out how to overcome those obstacles, the better off both your company and your career will be.
Fighting ESG Fraud
Our second report comes from the Association of Certified Fraud Examiners (holding its annual conference this week) and audit firm Grant Thornton, which published a white paper this week about potential fraud risks in ESG reporting.
The interesting item here is that the ACFE and Grant Thornton created a new category of fraud specific to ESG: non-financial reporting fraud.
Anti-fraud professionals have already long recognized three types of fraud: corruption, such as fixing a contract; asset misappropriation, such as using corporate goods for personal use; and good ol’ financial statement fraud. Those three frauds can manifest in all sorts of ways, including in ESG programs; but because ESG reporting is non-financial in nature, abuses within ESG reporting deserve their own category within the world of fraud theory.
Figure 2, below, shows several examples of non-financial reporting fraud.
The examples above raise several points about fraud risk assessment worth considering.
First, you might need to consider the potential for fraud by not disclosing some fact related to ESG, such as that example of not reporting that your board has no diverse director. This one is especially interesting because at least right now, we don’t have many specific requirements for ESG disclosure. For example, the SEC’s current requirements for disclosing “human capital factors” allow a company to decide for itself what’s material and what needs to be disclosed.
OK, but in that case, an auditor would need to ask whether not disclosing something so subjective is tantamount to fraud. “We say we’ve decided that diversity statistics aren’t material to our investors, but is that true? How do we know that? Or are we turning a blind eye to the question, and does that mislead investors in any way?”
Second, since ESG reporting is still such a work in progress (see Workiva report, above, finding that use of tech is still immature), your fraud risk assessment would need to examine whether ESG reporting processes are misleading and whether the underlying data is subject to manipulation. That could be especially tricky when working with ESG data provided by outside sources, including your third parties.
That’s not a new concept in fraud risk; financial auditors routinely examine the controls for reporting processes and the controls that protect the integrity of the underlying data those processes use. But anti-fraud specialists will need to graft those audit procedures onto the world of ESG reporting. How hard will that be? I’m not sure, although fraud specialists are welcome to email me at [email protected] if you want to share your thoughts.