I spent last week attending the annual user conference for Workiva, maker of software for audit and compliance reporting. Challenges around ESG reporting were all over the agenda, which lets us review some of the more nettlesome issues involved — and just in time, too, since both Europe and the United States are stepping up their demands for ESG reporting.
We can begin with the role of the “ESG controller,” a phenomenon I’ve been tracking since the start of this year. Conceptually, the role of the ESG controller is clear: it’s the person in charge of assuring that the sustainability data your company collects and reports is complete and accurate. An ESG controller does for non-financial data what the corporate controller does for financial data you disclose in the 10-K or the 10-Q.
In practice, however, companies are faced with a question more complicated than it looks. To whom does the ESG controller report?
You could have the ESG controller answer to the corporate controller. After all, if the goal here is “integrated reporting” — where the company publishes one report with financial and ESG data included, all data audited to the same level of assurance, to satisfy all regulatory requirements — then why wouldn’t the ESG controller be subordinate to the corporate controller, responsible for the validity of all disclosures the company makes?
Except, at almost all companies, the corporate controller then reports into the CFO. Which means your ESG disclosures are, ultimately, at the mercy of the CFO. Is that wise?
First, I’m not sure CFOs even want that additional responsibility. They already have plenty to do, and for publicly traded companies, the Sarbanes-Oxley Act tacks on personal liability for erroneous or misleading disclosures.
Second, your company might also have a chief sustainability officer lurking in the wings. So if the ESG controller reports into the corporate controller, does that leave this sustainability executive lost in org chart space? On the other hand, if the ESG controller does report into the chief sustainability officer, doesn’t that set up a parallel reporting structure, contradictory to our original goal of integrated reporting?
Fitting ESG Into the Enterprise
These questions might seem esoteric, but they point to some deeper issues corporations will need to resolve if we’re going to get ESG reporting (and corporate sustainability overall) right.
Let’s go back to the Workiva conference. In one of the sessions about ESG reporting I asked this question about where the ESG controller should sit. One answer was that if the ESG controller reports into the corporate controller, that might not be so bad. The chief sustainability officer could then focus on larger policy issues, such as setting carbon emissions reduction targets or talking with institutional investors about the company’s sustainability strategy.
Those are fair points. If the sustainability officer is responsible for the ESG controller, then ultimately the sustainability officer is responsible for assuring the strength of data collection processes, internal controls for sustainability reporting, and other nuts-and-bolts issues that I bet most sustainability officers would rather avoid.
On the other hand, if the ESG controller does report into the corporate controller and ultimately the CFO, while the chief sustainability officer merely draws from ESG data to write policy recommendations — that’s a convenient way to marginalize the sustainability officer, and to turn those policy reports into fodder for the bottom desk drawer. Sure, the policy proposals and carbon reduction targets will be based on accurate numbers, but if the CEO just smiles politely and then mothballs the recommendations, who cares?
So anyone who might be pondering a move into corporate sustainability — like, say, ethics and compliance officers, whom I believe are quite well-qualified for such a role — you’d need to assess that executive support for sustainability closely.
Another good point about ESG controllers came from Grant Ostler, an industry principal at Workiva. He stressed that so long as all parties involved in reporting — financial team and sustainability team alike — draw from the same, single source of data, the reporting relationship of the ESG controller isn’t so crucial. Both the chief sustainability officer and the chief financial officer will be able to compile accurate reports, and then they can duke it out in front of the board about what sustainability targets the company should or should not set. That’s how governance is supposed to work.
Yes, Workiva sells single-source-of-truth software, and has a commercial interest here — but Ostler’s point is still a good one, no matter what vendor you choose. The quality of your external reporting depends on the quality and reliability of the data you collect.
So as we move into an era of more integrated reporting, companies will need a technology strategy that can keep pace with those demands. Those prosaic questions about databases, software, and version control will be just as important to successful ESG reporting as those sweeping questions about governance and who reports to whom.
Why Should We Care About This?
We should care about this because ESG reporting seems to be at an inflection point. Companies everywhere now understand that such reporting is about to become a regulatory requirement, and many companies are already moving ahead with at least some ESG disclosures. (Workiva cited one study of its users where 95 percent said their company plans to integrate ESG and financial reporting.)
So this is precisely the moment when organizations need to pause and consider their strategies for such reporting. Who will set the grand plans for sustainability? Who will do the work of collecting and verifying ESG data? What technologies can you use to handle those tasks, especially at scale?
ESG programs have the potential to be lucrative career paths for compliance officers and internal auditors alike, if you work at a company that thinks smartly about what its ESG goals are and how to structure its personnel and technologies to achieve those goals — and we all know that for lots of companies, thinking smartly can be a big ask. So the more compliance officers and internal auditors can bring thoughtful, perceptive arguments to your C-suite and boardroom overlords about how to get this done, the better off you’ll be.