March 24, 2021
How Boards Can Ensure the Accuracy and Quality of ESG Data
March 24, 2021
Investors are increasingly demanding that companies provide both quantitative and qualitative environmental, social, and governance (ESG) risk and opportunity disclosures. Customers, employees, and other stakeholders have also added their voices to the call. Yet even as organizations make progress in offering this information, real challenges remain.
Investors and others rely on ESG information in their decision-making; ESG reporting thus requires the same level of oversight and management that financial disclosures receive. This includes processes and internal controls applied with a rigor that ensures the completeness, accuracy, and consistency of disclosures. Only then are the disclosures “investor-grade.”
However, nonfinancial information does not typically receive the same level of attention as financial data and most organizations do not have a formal reporting process in place to collect, accumulate, and disclose it. Too often, companies disclose nonfinancial metrics that are not fully substantiated with supporting information, or they cannot confirm that the metrics contain no material errors.
As boards and management evaluate their organizations’ ESG reporting, the overarching question is, How can the board ensure that the ESG data disclosed are accurate and high-quality, so that investors and others can rely on them?
Below are eight further questions for boards to ask.
- How can the board leverage sustainability standards or frameworks when considering the metrics to disclose? Frameworks and standards can help companies understand what information investors and other stakeholders are looking for and make disclosures meaningful to a broader audience in lieu of highly customized metrics that may lack comparability to peer companies.
- What are the sources of the data? Information may come from various functions in the organization, including some—such as human capital, engineering, or manufacturing departments—that are not used to disclosing investor-grade data. Some of the data might be manually developed or tracked, making it harder to verify.
- What policies, processes, and internal controls are in place to ensure data quality? Companies should take a hard look at the control environment in which the data are produced. Too often, there are minimal controls in place. Effective underlying processes and internal controls around where information originates and how it is reported gives management comfort on its accuracy, completeness, and consistency.
- How is the data consolidated and will we need to implement information technology (IT) system changes? To compile certain metrics, companies may need to consolidate data at a global level or from across various departments, but some organizations may not have IT systems in place to consolidate nonfinancial data. Consider, for example, having to collect data on global worker headcount, greenhouse gas emissions, or safety issues. Manually consolidating this data in spreadsheets increases risk. Some businesses may choose to improve the efficiency and accuracy of the consolidation process by modifying their IT systems to support the effort—but that comes with an investment of money, time, and resources. Another challenge might be local laws and regulations; specific countries restrict what types of employee data can be collected.
- Is greater assurance needed over the data disclosed? As boards discuss ESG disclosures, they may want to consider assurance over the metrics and information reported. Nonfinancial data are not typically included in financial statements, so they may not belong under the scope of external audit’s assessment. Additional assurance that ESG processes and policies are followed and effective can be requested and performed by internal audit, external auditors, or another controls-focused function.
- What governance structure exists to review and oversee this data? As companies look at the control environment, it is important to establish a governance structure for ESG metric disclosures. Boards should understand who at the organization is responsible for reviewing ESG information and how frequently reviews are conducted. A common pitfall with ESG disclosures is that reviews typically occur only annually. If a company finds that it is missing ESG information from interim periods, it may be too late to retrieve the necessary data.
- Is a management-level disclosure committee involved? Many companies have a management-level disclosure committee in charge of financial reporting. This cross-functional team—usually including individuals from operations, legal, internal audit, finance, and other business groups—helps the company determine whether disclosures are accurate and complete. This broad group of individuals understands the importance of reporting to investors and can also be utilized to review nonfinancial ESG data disclosures. The disclosure committee will want to make sure the information and metrics accurately convey the company’s messaging and are truly investor-grade.
- What is the role of the board? Some boards may have a separate sustainability or risk committee, while others may designate responsibility for overseeing ESG reporting to the full board. As this reporting makes its way into earnings calls, annual reports, Form 10-K filings, or proxy disclosures, it should be viewed similarly to financial reporting. Consider the role of the audit committee, as well, which has the most experience in this type of reporting and an understanding of the importance of policies, procedures, and internal controls.
Companies are refining their messaging and expanding their disclosures to meet stakeholder expectations. As stakeholder expectations relating to not only the type of disclosures, but also to the quality of the information within and supporting them, continue to grow, a board-level understanding of how the company can produce investor-grade ESG disclosures is critical.
Maria C. Moats is the leader of the Governance Insights Center at PwC US.