This article first appeared on CFA Blog.
Trust makes the economy go ’round.
There is a very good reason why financial statements must be audited by an external auditor: Because it builds trust.
Sustainability and environmental, social, and governance (ESG) reporting is also undergoing external assurance in order to nurture trust. Ninety-one percent of 1,400 companies across 22 jurisdictions report some level of sustainability information and 51% offer some level of assurance. That’s according to “The State of Play in Sustainability Assurance,” a recent report from the International Federation of Accountants (IFAC) and the Association of International Certified Professional Accountants.
The question is, How can ESG assurance build trust in ESG disclosures when the external audit, the most advanced form of assurance, is struggling with a trust deficit? Or will ESG assurance replicate the same mistakes and become old wine in a new bottle?
It wasn’t long ago that amid a spate of corporate scandals, The Financial Times made it official: “Regulators, investors and the wider public have lost confidence in the audit market.” It was hardly the first time such audit-related declarations had been made and it likely won’t be the last. But for ESG assurance, many are looking beyond traditional audit firms for the necessary verifications.
That said, while engaging nontraditional assurance providers is a good step, it may not be good enough. After all, external assurance features many of the same stakeholders as external auditing — the reporting companies and investors, for example — and sustainability and ESG investing already face fierce criticism for alleged greenwashing. Therefore, to avoid a replay of the confidence crisis in external audit, ESG assurance must chart a different path.
Unlike accounting and auditing matters, ESG issues are diverse. Disclosure and assurance are mostly voluntary and have lots of built-in flexibility. A company with assorted sustainability issues and multiple locations may pick and choose among the issues and geographies it reports on. Indeed, some firms may choose not to report on certain criteria or locations. Yet sustainability reporting is critical at a local level.
The 2020 Sustainability Governance Scorecard covers the sustainability leaders featured in one or more sustainability indexes across 10 sectors and seven countries. Its integrated report on Coca-Cola İçecek (CCI) is a useful example of sustainability reporting in practice. CCI produces, distributes and sells sparkling and still beverages o Coca-Cola products for Azerbaijan, Iraq, Jordan, Kazakhstan, Kyrgyzstan, Pakistan, Syria, Tajikistan, Turkmenistan, Uzbekistan, and Turkey, where it is based. It is listed on Borsa Istanbul and reports its sustainability results separately for each of the countries in which it operates. Between 2011 and 2020, CCI sought external assurance on its water and energy usage, among other issues.
The 2020 report and earlier CCI sustainability reports refer to different frameworks and standards, such as the Global Reporting Initiative, the United Nations Global Compact, and United Nations Women Empowerment Program, AA1000, ISAE 3000, and so on. Assurance provider reports tend to give “limited assurance” and state that nothing has arisen to suggest that the selected information is not presented, in all material aspects, “in accordance with CCI’s internally developed reporting criteria.”
External audit is different from sustainability assurance. There is nothing to pick and choose among: Reporting criteria is definitive and mandatory. CCI’s 2020 auditor’s report clearly states that the consolidated financial statements were prepared in adherence to the Turkish Capital Markets Board’s accounting standards. It attests that the audit was conducted in accordance with the applicable auditing standards and that the consolidated financial information is “fairly presented in all material respects.”
Robust global standards are required to make ESG and sustainability reports comparable within and across jurisdictions. Sadly, the development of such standards has lasted the better part of a generation with no end in sight. The first GRI Guidelines were published in 2000 and established the framework for sustainability reporting. In 2004, “The Future of Sustainability Assurance” report from the Association of Chartered Certified Accountants (ACCA) highlighted the need for “a complementary set of Generally Accepted Accounting Principles for Sustainability (GAAPS) and Generally Accepted Assurance Standards for Sustainability (GAASS).” Fast-forward to 2021 and we’ve seen the creation of the International Sustainability Standards Board (ISSB) with much more work still to be done.
The current moment for ESG assurance is a once-in-a-lifetime opportunity to set it on the right course. As it evolves and catches up with external audit, ESG assurance needs to accomplish, at the very least, the following four tasks, to avoid creating a trust deficit like the one that now plagues external audit.
1. ESG assurance must maintain its independence.
The consensus is clear: Independence is the cornerstone of external assurance. But the audit practice has created its own concept of independence that is not so intuitive. Can the auditor truly be independent of the entity that appoints it, pays it, refers business to it, and, potentially, fires it? The obvious answer: Not really. Of course, the auditor’s answer has long been, Why not?
2. ESG assurance must go beyond offering audit-like boilerplate opinions.
It took the audit practice the global financial crisis (GFC) and a very long time to come up with a discussion of key audit matters in the auditor’s report. ESG assurance providers would do well to offer commentary on key assurance matters right away.
3. ESG assurance must demand that management stand by its sustainability reports.
These reports need to be accompanied by a self-confirmation letter signed by the CEO as well as the relevant board committee members declaring that the report contains material truth, the whole truth, and nothing but the truth.
4. ESG assurance providers should be ready and willing to submit to regulatory oversight.
Unlike external audit, ESG assurance need not go through the prolonged and failed experiment of self-regulation. When stakeholders ask who audits the auditor, the answer from those who offer ESG assurance should be an independent regulator, which may be the same as the pre-existing audit regulator.
In short, to build sustainable trust — an ambitious task in any context — ESG assurance must replicate the knowledge and experience of external audit while avoiding its pitfalls.
About the Author(s)
Usman Hayat, CFA, writes about sustainable, responsible, and impact investing and Islamic finance. He is the lead author of “Environmental, Social, and Governance Issues in Investing: A Guide for Investment Professionals;” the literature review, “Islamic Finance: Ethics, Concepts, Practice;” and the research report “Sustainable, Responsible, and Impact Investing and Islamic Finance: Similarities and Differences.” He is interested in online learning and has directed three e-courses for CFA Institute: “ESG-100,” “Islamic Finance Quiz,” and “Residual Income Equity Valuation.” The other topics he writes about are macroeconomics and behavioral finance. He has experience working in securities regulation and as an independent consultant. His qualifications include the CFA charter, the FRM designation, an MBA, and an MA in development economics. He has served as a content director at CFA Institute. He is a former executive director at the Securities and Exchange Commission of Pakistan (SECP) and former CEO of the Audit Oversight Board (Pakistan). His personal interests include reading and hiking.
Kübra Koldemir is a sustainability business writer at SustainFinance as well as a sustainability researcher at Argüden Governance Academy. She has written numerous sustainability articles that have been published at various global publications. Koldemir started her financial career in 2006 working as an investment analyst in New York City, first at a long-only fund and later at a hedge fund with $1 billion in assets under management (AUM) that specialized in financial service companies. With a focus on international investments, she assessed strategy and results of numerous multinational corporations across several sectors. Koldemir holds a BA in international relations from Mount Holyoke College and an executive MBA degree from the University of Texas at Austin.