Ep. 224: Unraveling ESG: Understanding Environmental, Social, and Governance Factors in Business – Part 1
< Intro >
– Hello, and welcome back
to another enlightening
episode of Count Me In.
I'm your host, Adam Larson,
and today we're diving deep into the complexities
of Environmental, Social,
and Governance, ESG,
with a distinguished panel of experts.
We're joined by Douglas Hileman, an
experienced sustainability consultant,
with over three decades of experience
in environmental management
systems, and internal controls.
Alongside him, we have Dan Mosher,
a seasoned professional who excels
in helping businesses navigate
the complexities of sustainability
and environmental risks.
Last but not least, we welcome Catie Serex.
A leader in environmental,
health, and safety, auditing
and management who assists businesses
in integrating sustainable and
socially responsible practices.
Today's discussion will delve
into the importance of ESG,
the challenges businesses face
in managing ESG data,
and the potential risk of fraud in ESG reporting.
Here we go, let's listen in together.
< Music >
– And one of the things that
we might kick-off
is with a very basic question of what is ESG?
Dan, when people ask you this,
how do you answer?
– Well, it really is a big umbrella,
and I'll ask for some help
from Catie in this regard.
But ESG stands for Environmental,
Social, and Governance.
And, so, lots of things under
that environmental area.
Everything from waste management
and air quality, climate change.
From a social perspective, it could be
your human capital management,
health and safety matters.
Governance, I think of anticorruption,
data risks, and the like.
So it really is a broad title
when we say ESG.
Catie, do you have some things
you'd like to add to that comment?
– Yes, Dan, you definitely covered the gamut
as far as some of the phrasings and the terminology,
and really the topics that fall
under that ESG umbrella.
What I would want to add is that ESG
is certainly one of the buzziest
words in business today.
But you might not know that ESG is, very simply,
the newest iteration of concepts
you've likely known for a long time.
It's been previously known
as corporate purpose,
sustainability, even philanthropy.
But what differentiates ESG
from these previous versions
is that it now represents the
closest alignment, to date,
of business operations, so think
about your tangible assets.
To those intangible elements of
business that drive value.
And, in this case, I'm referring
to things like customer loyalty,
labor environments, community engagement support.
And because of this connection,
ESG is moving from a nice-to-have
to a need-to-have for companies,
but also their investors, their customers,
and other key stakeholders like their employees.
– I also think of ESG as a convenient
taxonomy for all things non-financial.
Many people have published those pillars
or the word clouds that's in the ACFE
report, and what topic goes where.
For financial reporting, we know where sales goes
and we know where EBITDA goes.
We know where those are in
a format and how to put the data
and information together for clarity and reporting.
For all things non-financial, it's just
such a sprawling array of topics
that ESG serves for one reason,
in one way, as just simply a taxonomy.
And there are some issues,
such as climate change,
like Dan mentioned, that really transcend
more than one category, if you will.
But for purposes of just where do you
find it, and how do you manage it,
and it can just serve as a taxonomy.
Catie, to your point, on how to
organize some processes,
some controls, some recordings to understand
what the organization is doing.
– And I'd be interested in hearing
your thoughts on the various channels
in which this information is being
put out there in the public.
Catie, maybe you have some thoughts
around the wide scope of that.
– Yes, so in terms of the
reporting side of things
and getting to the nuts and bolts of what,
I'm sure our listeners are interested in,
in terms of, what am I on the hook for?
There are a lot of reporting frameworks
out there that are guiding folks.
And I know that that's been
a point of confusion for people
is understanding, there are all these
different acronyms out there.
That I can report to like SASB,
or the Global Reporting Initiative, GRI.
Task Force for Climate-Related
Financial Disclosures or TCFD.
There are a lot of frameworks out
there, but the field is narrowing.
So some of the communication
that we've been seeing
from these wider umbrella frameworks,
are that they are working together to consolidate.
To make things a little bit more straightforward,
and to make things a little bit more
uniform across the reporting landscape.
But that's currently in progress,
and this is just a result of this
being not in nascent stages,
but still in its growth period,
and really honing down
what are the things that
shareholders, regulators, and such
need to see when it comes to these ESG disclosures.
– And I know that Doug
has been on the front line
when things are misreported or omitted,
and I'd love to hear some of his worst stories.
– Thank you, Dan.
The question about reporting
channels is a very good one,
and Catie brought up several
things that are happening
in reporting to general capital markets.
I also observe that there are
other channels for reporting,
including impact investors who may be
interested in one particular topic.
The general purpose capital reporting
takes in one tranche, if you will,
of topics that need to come external
from an organization, a company.
There are other investors who
are interested, let's say, in human rights,
or in product conformity, or in diversity,
or in commitment to climate,
and they want more information
about those topics.
So you may get information from investor group
or analyst groups, and that's a type of report.
Another channel of reporting
that I see is B2B reporting.
The customers, and business partners,
and banks, joint venture participants,
are looking more into non-financial risk management.
Non-financial performance
and alignment, which is ESG.
So before entering business relationships,
and even during business relationships
up and down the value chain,
there's also ESG reporting that happens there.
It is starting to align in some ways
that they're asking questions
about the same topics, but the
questions themselves can be different.
And, in many cases, the reporting,
the demand for reporting
has outpaced companies' abilities
to report on the data and information.
So that pull has created a bit of a vacuum.
And many companies are scrambling
to come up with processes, systems,
and controls so they can generate
the data and information
that these stakeholders are
expecting in terms of reporting.
– Doug, just to jump in there,
from a client perspective,
we are seeing that a lot of
our clients are getting,
especially, those B2B requests
from either their suppliers
or their downstream supply chain vendors.
And the way that we're seeing that manifest
is a lot of these larger companies
are looking at their supply chain.
If you think about greenhouse gas emissions,
they're looking at their Scope 3
emissions, which is all value chain.
And, so, they're sending
requests to clients like ours
that are asking, "Well, what are your
Scope 1 and 2 emissions?
Because we need to report that."
We are seeing clients feeling
the pressure to respond to that,
to continue to be part of
those wider supply chains.
And, so, they're coming to us
asking for assistance in figuring out
what those ESG metrics are
and being able to respond
in complete and accurate ways.
So that they can continue
to have those key customers
that are asking for that information.
– Yes, and I'd like to pick up on that point, too,
and Catie was just touching on it.
I think some of the key challenges
are, for businesses today,
what is the providence of their ESG data?
What is the confidence they have over
the accuracy and completeness of it?
And what is the integrity and quality of
that data as it travels along its life cycle,
from where it started to where it was reported?
And has it maintained that integrity all along?
Because bringing this back
to our main topic of fraud,
there are many pressures and incentives
that might have someone misstate
or omit information in their ESG reporting.
– I'd like to pick up on a topic that
Catie discussed on climate change
and greenhouse gas emissions.
It does, inherently, involve a
complex web of data
from different sources, including suppliers.
And companies may be asked to produce
or report the greenhouse gas
emissions for themselves,
as a company, on Scope 1 and Scope 2,
I hope our listeners know what that means.
Or on a part of Scope 3, or their
carbon emissions as a company,
or their carbon emissions
in a particular country or state,
or their carbon emissions for the products
they manufacture for a certain customer.
So those are different ways to slice
and dice much of the same data.
And it all goes back, I'll put in a plug here
for the COSO report mapping the
internal control framework to ESG.
That can be applied to anything,
any topic, any company,
including, for example, greenhouse gas emissions.
In terms of fraud, there can be
a difference between just sloppy,
or just unavailability of data
and willful reporting
of incorrect or misleading data.
For example, to get preferred
treatment at a customer,
or to get preferred inclusion
in an ESG index fund,
or to get a reduction on interest
rate from a line of credit,
from a financial institution that's
looking for green investments.
So we're still seeing an increase
in awareness of the fact
where, "Well, we can just report
this because nobody cares."
Or, "Well, it's not regulatory,
so we'll just let it go."
And willful deceit in order to get a benefit
at the expense of other
competitors in these areas,
which goes into the fraud bucket.
That ACFE and Grant Thornton
touched upon in that report.
– Yes, thank you, Doug.
The report that Doug is referring
to is a joint publication
of the Association of Certified Fraud
examiners and Grant Thornton
called Managing Fraud Risks in
an Evolving ESG Environment.
You can get it from our website
and from the ACFE,
and within that, we did develop
an ESG fraud taxonomy.
It encompasses both some of
the traditional areas of fraud
that have always been there.
Corruption, asset misappropriation,
and financial statement fraud.
And there are certainly ways
in which ESG fraud
manifests itself under each of those headings.
To that traditional fraud tree
we have added an additional area
of non-financial reporting fraud,
which Doug was alluding to.
And the things that might happen under there,
there could be false labeling or advertising.
Think of things like declarations of saying
that it's "Dolphin-free tuna" that has certainly
been an area of litigation in the past.
I'm thinking about false
disclosures or representations,
and that might be along the B2B relationships.
Where you are omitting information
or misstating information
to a company that you are a supplier to.
Lots of ways that things can be
contorted, and misrepresented,
and misstated, omitted, and if
it is done intentionally,
then we're going to consider it fraud.
– Dan, I can't say enough good
things about the report
that came out and, certainly, my hat
is off to you, and Catie,
and everybody who contributed to that.
I know that was a massive effort.
What I think is so elegant about
that report is that
many of our listeners struggle with
how to get their arms around ESG,
this sprawling issue is so new, it's so different.
The report begins with a construct
that's familiar to everybody
who deals with fraud, that
famous ACFE fraud tree.
And the report adds a leaf, if you will,
if you look at that tree at the bottom row,
that provides an ESG example for
the fraud tree as everybody knows it.
And then it was very elegant how
you added that branch, if you will,
for the ESG, the non-financial
reporting with nine different twigs
to describe a taxonomy there,
and then the leaves with the examples,
it was really well done.
So anybody familiar with
fraud and the fraud tree.
Anybody who has been involved
in developing procedures
to prevent fraud or to detect
fraud on the audit side,
you can just use that reference document
and get pretty close to how
you think about ESG fraud
to prevent it and detect it.
Another thing I would observe
that the human rights,
no product was made with child labor.
Non-financial reporting and compliance
exists in a lot of places out there
and it can be possible, it can be easy
for stakeholders to compare information
that arises from different reporting channels for consistency.
For example, Dan mentioned
one of the claims could be,
"None of our products use forced labor".
In the U.S. there's a law called
The Uyghur Forced Labor Prevention Act.
That has the rebuttable presumption
that products made
from a certain area, in China, if you
cannot prove that those products
were made absent forced labor,
the assumption is that
they were made with forced labor.
And the Customs and Border Protection
is seizing products at the docks
before they come into the country,
and waiting on companies to provide evidence
that the products are forced-labor-free.
So if you have claims on
your website, or on products,
or in contract documents that
they're forced labor free,
and the Customs and Border Protection
is reporting that your goods are being held
and not allowed into the country.
There is an inconsistency there
that can be embarrassing,
at a minimum, to companies.
And it can cost the company sales, customers,
and reputational damage if it turns out
that those claims cannot be supported.
– Yes, so just picking up on
what Doug was talking with
The Uyghur Forced Labor Prevention Act,
this is a big stick for the government,
in they have a presumption
of guilt, so to say.
That if they suspect that a good has
any raw material or input within it,
because it is in whole or in part
of your good that's being imported,
is suspected of having forced labor in it,
and that means every tier of your supply chain
down to the raw material or seed,
if it's an agricultural product.
If there is a suspicion that it
is tainted by forced labor,
it will not be allowed into the country
unless you can prove otherwise.
And, I think, it's going to become, increasingly, challenging
for companies to know their
supply chain inside and out.
And from a fraud perspective,
whether any part of that supply chain
is deceiving the rest of the
supply chain on whether
or not it's tainted by forced labor.
I was just reading over the holidays,
there is a tremendous report
that came out from Sheffield
Hallam University, in the UK,
around the various risks in the auto industry
for being tainted by forced labor
in the production of raw materials.
it's really a very difficult area, and it
is something that our clients
are coming to us, asking for help around.
– Catie, do you have some other thoughts around
the regulatory environment in which
this is probably just one small piece?
– Yes, Dan and Doug, you both
brought up a great point
of there are current existing regulations
that apply to certain areas of ESG.
But what we're seeing is a global movement
towards more overarching regulations
across different jurisdictions.
So, for instance, last year,
the European Union
approved the Corporate Sustainability
Reporting Directive Regulation,
also called CSRD, and that
sets reporting standards
for entities that meet certain
EU reporting thresholds.
In the UK, there is BEIS, which is
focused on climate-related disclosures
for entities that operate in the UK.
And then, of course, for our U.S.
listeners, I'm sure you all have heard
about the coming SEC final rule when
it comes to climate disclosures.
We anticipate that being finalized
as early as April of this year.
But all that to say that the
regulatory environment, itself,
from an ESG perspective, there is
a growing recognition that
there needs to be standards
that companies adhere to.
So that there is comparability
across the landscape
when it comes to ESG data.
Because it is hard for whoever
is looking at this data
to discern what certain data points may mean
because they may be defined differently.
So these standards are helping
to create an environment
that is more accountable and more
comparable which, hopefully,
will help clarify some things and clarify
the way that you go about reporting.
That said, even though some of those regulations
are very early stage or
haven't been released, yet,
there are already consequences for misreporting.
So we saw last year, or in
the past couple of years,
that Goldman Sachs was fined $4 million
and BNY Mellon was fined $1.5 million
for what were considering material misstatements.
And in the future, we see that
more frequent consequences
could be around the corner.
But I can't speak to what
that looks like just, yet.
Dan, do you have any experience, or Doug,
in terms of any additional consequences
that you're seeing for
misreporting of ESG data?
– Yes, well, for me, as you said,
there are consequences from
misstating, publicly, the information.
There are just a ton of business consequences
of misstating the information.
So, for example, I myself was
involved in an investigation
in which there was a licensor of images
for the front of T-shirts and the like.
There was a requirement that
none of the production
would take place in Bangladesh
after the tragedy in 2013,
in which a building collapsed, killing
more than 1000 apparel workers.
And, so, there was a requirement
that no production take place
in Bangladesh, and there was wide-scale deception on that point.
Such that there was a lot of
production going on in Bangladesh,
but it was being misreported to
the licensor as being produced in India
or in other jurisdictions throughout Asia.
That finding, in the investigation
that we carried out,
was the subject of whether or not
a billion-dollar license
would go forward or not.
– I can see several potential risks
or consequences for misreporting
or misleading content and reporting,
and they vary according to the reporting channel.
For example, there is ESG
content in financial statements,
in income statements and balance sheets.
There are reserve estimates for
contingent environmental liabilities.
Something that's a little newer is asset values
for Emission Reduction Credits
or expected costs in the future
for Emission Reduction Credits,
if that's part of a company's strategy
for reducing greenhouse gas emissions.
Those have a vintage and the
value depends on the vintage.
If those are, knowingly, misstated,
you're subject to all the things
that come with that in financial reporting,
disclosure controls, and
procedures, and the like.
For misrepresentation and
misreporting in the Form 10-K
the analysts and the investors are using
this to make investment decisions.
There are shareholders who are
quite happy to file proxy filings
or to file suit by claiming to be
misled for the content in there.
Some of those are starting
to see the light of day
or to get quietly settled.
There was an instance of
a major European bank,
an employee blowing a whistle, publicly,
saying that their screening process for companies
to include in an ESG index fund was
just not very good or, maybe, a sham.
So there's the reputational damage
that can be a hit to a company
and the market cap for many companies,
the reputation, the intangible value,
exceeds the value of PP and E,
Plant Property and Equipment.
So intangible value and brand value
is something to watch out for, too,
and that can take a hit with misrepresentation
or loss of reputation in ESG
and non-financial matters.
– And, Doug, just to piggyback on that point,
there's the financial disclosure side of that,
but there's also, as we talked about,
the intangible side of that.
So customers are increasingly wanting
to purchase sustainably made goods,
and engage with companies that align
with their own, personal, moral values and
beliefs.
And, so, when they learn that whether it's
a good
that's claiming to be sustainably
made is actually unsustainable,
you could lose members of your customer base.
At times it inspires boycotts and protests
and, especially, in the age of digital media,
just imagine someone telling their
community about their experience,
and that going on Twitter, or TikTok,
or something of that nature.
Those are some of the risks that we're seeing
from not a regulatory penalty approach.
But also there are consequences
when it comes to your customer base,
the value of your brand, and your brand reputation.
– We've discussed a lot of different data,
a lot of different stakeholders,
a lot of different needs.
So how do companies manage
this kind of reporting.
When everybody wants something different.
There are different ways to slice and dice.
How does a company get their arms around this
and make sure that it's right?
– Yes, that's a great question, Doug.
So as I said before, there are a lot
of different frameworks out there.
But they are working to
consolidate the frameworks
and to consolidate the data
expectations of those frameworks.
From what I'm seeing, it appears
that SASB, GRI, and TCFD,
all of which I previously mentioned,
are emerging as the big three of
ESG data disclosure frameworks.
And it's important that our
listeners understand that
while these frameworks are
not required for disclosure,
they can help guide your reporting.
And, ultimately, they can help your company
be more aware of any potential fraud risks
and avoid being susceptible
to associated fraud
with those activities and reporting.
Of course, the frameworks, themselves,
are not mandatory for disclosure.
They are, as I said, guidelines
and we talked, previously,
about the different regulations that are emerging.
I think the thing that's important to know
here is that some of these frameworks
are being utilized to inform those regulations.
So we know that the SEC climate disclosure
draws heavily from TCFD reporting framework.
And, so, some of our clients are asking us
to conduct TCFD reporting gap analysis
to help them prepare for those
upcoming SEC-required disclosures.
We have clients who are asking us
to do assurance readiness services
because they know that they will fall
in that year one reporting group,
the large accelerated filers for the SEC.
And, so, having us test their existing processes,
internal controls, things of that nature,
and validate that their data is complete
and accurate is something
that they're doing to prepare
for the upcoming regulatory framework.
So the way to think about those frameworks
is that it's a helpful way for you
to organize your disclosures
in anticipation of future reporting requirements.
Dan, do you have any thoughts from
the fraud risk perspective of how
those frameworks can usually help you.
In terms of guarding against
any potential misreporting
or intentional or unintentional?
– Yes, so when I think about this,
I usually do go back to the
ACFE's Fraud Triangle,
thinking about incentives and pressures,
the opportunities for fraud, and the rationalizations
one might apply to committing those frauds.
So when I think about reporting
what is the role of that report?
Is it going to a regulator?
Is it going into a corporate social responsibility
or a marketing publication?
All of those bear different kinds of risks.
So in terms of, on this reporting topic,
that people and companies
should be thinking about
taking an inventory of all the ways in which
that ESG information is going out
to the public, across those different channels.
And ensuring that as they're
building up their capabilities
and infrastructure to maintain good data quality,
that it is also ensuring consistency
across all of those reporting channels.
What I anticipate, and I think
we're starting to see it,
is that there will be cases
where the same information
is reported in one channel, but is inconsistent
with how it was reported in another channel,
and that will be held against the company.
You should not be finding yourself
saying one thing to the government
and something else in a publication.
– Dan, I absolutely agree with that.
I would say to this question,
it comes back to a familiar trilogy
that we hear as the answer
to so many questions,
and that is people, process, and technology.
And I'll start at the end and work
my way back, there are many vendors
offering technology fixes
and even companies, in-house,
building technology fixes to
gather and report data.
But the data and the information
is only as good as the process
it took to come up with the data.
You can automate the wrong process
and just get the wrong answer faster.
So you back up to the process
and say, "Well, since this non-financial information
originates in so many parts of the company,
and even from other companies, suppliers,
customers, business partners, and the like.
What is the process to get them?"
There are also challenges
I see on reporting periods.
Governments, like EPA may have
an annual reporting process.
There are companies with
a non-calendar fiscal year,
who need to report some of this
on a fiscal year basis.
So where are the reporting periods?
What is the process to collect information
and report to a state agency,
to a stakeholder, to a customer?
So those processes need to be nailed down,
and that's where that wonderful COSO
internal controls framework comes in.
Just follow that and apply it as it's appropriate.
And because that data and information
comes from so many different sources,
I encourage people to have
the right people involved.
If companies establish
a cross-functional team
and get folks from all the places
who provide this information.
Real estate, operations, safety,
procurement, R&D,
if they understand their roles and responsibilities
in collecting this information
to enable the kind of reporting
that Catie has mentioned and others,
then that goes a long way to making the process
more effective and more efficient.
– Yes, and I would like to add on
to what Doug was saying
That in terms of the fact that this information
is coming from different parts of organizations,
that haven't necessarily undergone
third-party assurance procedures.
That this is a transition period here where,
I think, a broader spectrum of people,
within an organization, are going
to be changing their mindset
around the accuracy and
completeness of the data
because they know that they are
subject to that third-party assurance.
– And, Doug, you had mentioned,
I think, very rightly,
that having the right team in place is critical
to being able to have the right processes
and technology also in place,
to ensure that your reporting
is complete and accurate.
And we're seeing on the client side
that a lot of our clients don't, necessarily,
have the resources in place
to start to organize that.
So I wanted to ask, in your opinion,
and Dan, feel free to jump in.
How important is it to not
just assign one person
to do all of your ESG reporting.
But how important is it to have that
cross-functional team approach
to these non-financial disclosures?
– I think it is absolutely essential.
One structure that I see work a lot
is to have a steering committee.
To set strategy and to be plugged
into those reporting frameworks
that you've mentioned, Catie,
and some of the customer demands
and organizational strategy
and where things are going.
And a more tactical working
group that's closer to operations,
and the systems, and controls
to really modify those systems
and controls and talk to each other.
A couple of things I've seen work really well.
I've seen those committees be assembled,
and people show up, and they don't
know why they're in the room.
And it really helps to have a coach
or an external resource to
help facilitate all that.
To make sure that people
are talking the right language
and not talking past each other.
So you get everybody on the same page
to take actions in ways that are aligned
with the company objectives,
that helps a lot.
A couple of functions that
I don't see on those teams
but, I think, should be there a lot
more than they are IT, for sure.
And many of our listeners are from accounting,
I would say accounting.
I don't see on those cross-functional teams
as much as I think they should be.
Much of what is required for
the sustainability reporting,
it comes from accounting.
You get utility bills from accounting.
Get a list of assets from accounting.
Get a list of our ten largest
customers from accounting.
Accounting has the master
key to a lot of this information.
But the information that's in company systems,
in my experience, was not
designed for the way
the information needs to
be reclaimed and used now.
So there are some changes that
need to be made in accounting
to enable this reporting and to
enable the systems and controls.
To, then, ensure accurate
reporting, verifiable reporting,
and the fact that we tighten down the controls
so that we can prevent
the possibility of fraud.
– Yes, great points, Doug.
I really appreciate you bringing
up the steering committee.
Someone at the top of an organization
that is there to set strategy.
And I think that it is common, and
it will become more commonplace,
to have that steering committee require
that any fraud risk assessments,
that are being done within an organization,
include ESG fraud as part of
what they're doing.
And in conducting a fraud risk
assessment that is a stress test,
that's looking for ways in which
various kinds of scenarios.
Such as the scenarios we brought
up in our report with the ACFE,
of ways in which ESG fraud could be committed.
And then looking at whether
the controls in place,
within the organization,
are sufficient to prevent
and detect or detect those occurrences.
So, Doug, I know that you've been
contributing to an exciting report,
that's been recently released from the IMA.
Could you give us a few
highlights in that regard?
– Sure, I'd be happy to.
I was one of the primary authors of this document,
the only non-CPA on the team,
I provided the ESG specialist input
for this very important report.
It's a COSO report and IMA is,
of course, a member of COSO
and their leadership had a terrific
role in pulling this together
And it will resemble a lot kind of the report
you've had major involvement with
from the ACFE, on fraud, ESG fraud.
In that it begins with a
framework that everybody knows
and is very familiar with the COSO
Internal Controls Framework,
and there's something old and something new.
There is a summary of some of the key points
of the COSO Internal Controls Framework,
the components, and the points of focus.
And on each of the components
there's some information
demonstrating how the internal controls
framework can be applied to ESG.
So that in terms of non-financial
management of information,
and of reporting, and of communications,
and of control environment.
It can be applied and it points
you in the right direction
on how it can be adopted to improve
the effectiveness, and the efficiency
of company organization,
management, and reporting.
I encourage everyone to read it and use it.
< Outro >
– This has been Count Me In,
IMA's podcast.
Providing you with the latest
perspectives of thought leaders
from the accounting and finance profession.
If you like what you heard and
you'd like to be counted in
for more relevant accounting and finance education,
visit IMA's website at www.imanet.org.
