Ep. 225: Unraveling ESG: Understanding Environmental, Social, and Governance Factors in Business – Part 2

Get ready for part two of our insightful ESG (Environmental, Social, and Governance) discussion on the Count Me In podcast. Our expert panel, Douglas, Dan, and Catie, unpack the pressures and fraud risks inherent in ESG reporting, offering invaluable insights gleaned from real-world scenarios. But it's not just about identifying risks; they also provide practical guidance for those embarking on their ESG journey. Learn how to start with what you have, concentrate on materiality, and establish a robust, cross-functional ESG team. Tune in for an essential roadmap to navigate the complexities of ESG reporting in today's business landscape. This is one episode you won't want to miss!

Connect with our speakers:
Catie: https://www.linkedin.com/in/ctserex/
Dan: https://www.linkedin.com/in/dan-mosher-8552519/
Doug: https://www.linkedin.com/in/douglas-hileman-fsa-crma-cpea-p-e-6abbb71/

Download the reports mentioned into today's podcast:
Achieving Effective Internal Control Over Sustainability Reporting
Managing Fraud Risks in an Evolving ESG Environment

Full Episode Transcript:
            Welcome back to Count Me In. Today we have part two of Unraveling ESG. We're joined, again, by Catie Selex, Douglas Hileman, and Dan Mosher for the completion of their conversation. Now, if you didn't hear part one, I encourage you to pause right now and listen to that first. In today's episode, we explore the challenges and risks of ESG reporting, including the potential for fraud.
Our experts delve into the pressures companies face and discuss real-world examples of how well-intentioned sustainability efforts can sometimes lead to misreporting and potential fraud. But it's not all about the pitfalls, they also offer essential guidance to those new to ESG. Emphasizing the importance of starting with existing resources, focusing on materiality, and setting up the dedicated cross-functional ESG team.
Don't miss this invaluable conversation, so let's get started.
[00:00:55]       < Music >
Dan:                Doug, I mentioned the ACFE's Fraud Triangle earlier, and I'm eager to hear some of your perspectives on applying that Fraud Triangle to ESG. 
Doug:              Thank you, Dan, it can be done too. It's a familiar construct, and I was fortunate to be an in-house at a Big Four when Sarbanes-Oxley hit. And at the very beginning of designing internal controls and testing internal controls, we had to consider the possibility of fraud.
We had to design controls to prevent fraud, in audits we had to detect fraud. 
Being an environmental specialist, and then with the IIA coming out with changing their IPPF, their framework, to require testing for fraud. I've been testing for fraud and considering fraud for 20 years, in the environmental space since 2002.
It looks a little different for ESG, but not as different as you might think. There is pressure, pressure can be, "We've got to get this report out."
"The customer wants this answer."
"We have to say, for example, that our products didn't come from Bangladesh, so what the heck? How will they find out?" There's so much pressure. I see that people are involved in ESG, in this non-financial reporting, as an add-on to their jobs. It might be 20% of their job, and it's the 20% between 120 and 140% of what they're supposed to do. People are under, and companies, are under tremendous pressure to put the right answer out there. 
They have the opportunity to do so because the controls are not designed, and have not been implemented with the potential for fraud in mind. So where there are weak controls or no controls, the opportunities are there. I see this comes into play, also, when data and information comes from outside the organization. 
There's this tricky thing where so much of what we do, in ESG, is not only what the organization controls but what the organization can influence. There are some challenges there, how do you control what you don't control? 
So the opportunity is there because the controls can be weak or nonexistent. And the rationalization can be, "Well, everybody does it." 
Or "It's not about money, it's about prestige."
"It's not really this, we want the award." We've seen, for example, there's a magazine, an organization, that rates colleges, the 10 best colleges in each thing. And we've started to see, in recent years, where the colleges are even fudging the information to get the prestige of being in that award. That may have secondary effects for how many people go to that college or what they're willing to pay for tuition, but that's fraud. 
In my book, if you submit data and information that is incorrect, or inaccurate, or misleading, with the intent to deceive at the expense of others. Especially if that turns into actual or potential financial gain, I call that fraud. So that applies on all three sides of the triangle. It's just a matter of thinking about this ESG and non-financial world and how that can happen.
Dan:                Excellent, Doug. Yes, maybe, just to add a couple of extra points around those pressures and incentives. Today we are seeing that there is incentive compensation for certain executives that is linked to various ESG measures. If you think about that and the opportunity for management override of certain controls that are out there, that's a great incentive. 
If you're going to get paid a bigger bonus because of greater ESG metrics, and your ESG, for example, your emissions information is held in Excel spreadsheet, which in many cases that is the case. I saw a survey, not so long ago, of more than a thousand executives saying that, I think, it was 86% of them had their emissions data just sitting in a spreadsheet.
And if you could change that with a few keystrokes, at the executive level, to boost your bonus, someone might do that. Other things I think of are from an incentive or pressure standpoint. Things around ESG-linked bonds or credits where there are a key performance indicators and you're required to maintain those metrics, to maintain certain interest rates or payment on your bond. Those things are out there and they're going to influence some portion of those that are held to them. Catie, maybe, you have some other thoughts around this as well?
Catie:              Yes, Dan, so one of the things that we're seeing in ESG, especially because people are so compelled to make great strides on their data and to make progress towards their targets, in a very quick manner, is there's an emerging market of solutions that some are absolutely legitimate and there's good actors, but they're also bad actors.
So one real-life example of this happening is the Vatican used a third party to preserve a forest area, as part of its carbon offset effort and to help move towards its emissions reductions targets. So, in this instance, the Vatican thought that it had protected an area of Hungarian Forest as part of that reductions plan, but that actually never happened.
So while there were good intentions to reduce the Vatican's emissions footprint, ultimately, that desire left them to susceptible to fraud by this third party. So that's something else to think about is as you're incorporating other entities, that are outside of your organizational boundaries to help you reach these targets, are they genuine good actors? 
Have you conducted the due diligence to ensure that they're going to support you in getting to those targets, as opposed to hinder or even mislead you, which could lead to misreporting on your part? And, Dan, I wanted to get back to that pressure element. A lot of the clients that we're working with are in those early stages of ESG reporting, and are just getting their program started.
So, Dan, Doug, and I am happy to contribute, as well, but what are some guidance that we can give to listeners? In terms of for those who are at ground zero and need to start reporting, and disclosing, and to ease some of the pressure that they're experiencing from stakeholders and regulators.
What are some ways that they can approach this? What are some tools that they can use to mitigate associated risks? 
Dan:                I'll go ahead and start. So I refer back to some of those frameworks, that you have mentioned, Catie, as a starting point. In terms of the kinds of disclosures that an organization might make in a certain business sector. I think that they should be taking stock of the various channels in which they might be reporting that information, and looking at the various kinds of scenarios, in which the information might be incomplete or inaccurate. So even just thinking about those processes will get them on a good path forward. 
I think that you probably want to think about starting fairly small, with the kinds of disclosures, and build upon those as your maturity from an ESG perspective grows. Doug, what are your thoughts?
Doug:              For companies just starting out, or in the early stages, what I would say to them is, first, just recognize this is not a hobby. This is not a nice to do, this is a business imperative and it is not going away. Put the right people on it and devote resources to it, who can really get things moving.
Another thing I would say is, one of my phrases, is begin with what you've got because you really can't begin with anything else. A gap assessment is a really good idea. What are the requirements that are expected from the general capital markets? 
What are the questions you're getting from impact investors and customers, where you're getting that pull and you're expected to provide something?
Well, what is it you have?
Companies may have a little more information than they think they have. Because much of this information is already being collected to achieve regulatory compliance obligations, with let's say the EPA, or with OSHA, or the Department of Labor. Is that data and information fit for purpose or can it be modified a little bit, to meet the expectations of the stakeholders who want this kind of reporting and disclosures?
Another point I would say, we've touched upon the cross-functional team. This cannot be the responsibility of any one person. This is a team effort because this non-financial information touches every part of your business internally, and it touches many parts of your business externally. With your providers of capital, your banks, your insurance companies, your customers. So all the people who engage in external relations with folks outside the company, it has to include those. 
One tip I would say is climate change is the single biggest issue of our time and climate change and climate change reporting, greenhouse gas emissions reporting, is expected of everybody. So climate change has got to be on your agenda. There is some specialized expertise that comes with that. 
I would suggest that climate change has even its own team and its own work streams. I think supporting that when the ISSB put out their two exposure drafts. They had one for all sustainability reporting disclosures and one for climate change risk and exposures. So you've got to address climate change.
And, finally, I would say I put in a shameless plug for using the COSO Framework, that if the data is going to be complete. If it's going to be accurate, if it's going to be verifiable if you're going to have the right people with access to it and only the right people with access to this data. There's nowhere better to start than that COSO Internal Controls Framework. And even backing up that COSO Enterprise Risk Management Framework to lead into materiality. And to lead into what are the issues where we should be reporting on and focus our efforts. 
To use an extreme example, if you're a Chevron you're not going to bet the company on recycling paper. So what are the issues that matter to you as a company? Where you invest your time, your resources, your people, and your initiatives on improving performance. 
Catie:              And, Doug, you brought up a great point when it comes to materiality, and I want to make sure that for our listeners, they know that when it comes to ESG and sustainability, materiality is separate and distinct from the concept of materiality under federal state securities law, as well as GAAP. And that's because items that are material to ESG they're not, necessarily, the same as those that are material under securities law or GAAP. 
So one of the ways that we help clients and, especially, our year zero clients who are trying to uncover what is material to their company. We always recommend starting with a materiality assessment, and ESG strategy and policy development.
This is going to help you set your own guardrails so that you don't overextend or overcommit on ESG. Doug mentioned that climate change is becoming one of those topics, that companies absolutely need to have resources and teams dedicated to. And I'm seeing that with most of my clients, climate, even if it's not on the horizon immediately, it's coming. 
And, so, it's something that you will need to consider and continue to refresh what's material to you. So having those assessments, we recommend every two to three years because material topics for ESG are not stagnant. You don't select them, and then that's what you have for the entirety of your company's lifespan.
They change because society changes, the political environment changes, and the actual environment changes. So you want to make sure that you're staying on top of and looking ahead to what those risks are. 
So that you've got the data, mechanisms, and the internal control processes in place, to be able to have that data, have those baselines that you need. And then as you're planning out your ESG programming, set realistic goals and targets. So that you're not overextending yourself and that you are setting commitments that you know that you can achieve, and you're not falling victim to the fraud triangle in an attempt to achieve those commitments that you set for yourself.
Dan:                Doug, I know you talked a bit about the great importance of climate change and emissions reporting. I did want to give our listeners some food for thought around emissions reporting. If you think about how some of that emissions reporting takes place, it's a calculation. So, for example, I've been in touch with a large organization. They calculate some of their emissions, taking their rented square footage of office space and applying the relevant coefficient to it, to come up with an estimate of their emissions. 
I asked the question, well, "You have a number of offices across the country. What would happen if you, accidentally, forgot the Dallas office? Would someone catch it?"
And the answer was, "Not necessarily." And, so, the care and the completeness, and the extra effort to make sure you have that completeness, it can be challenging, but I think it's completely necessary. Because if something could be forgotten accidentally, it could be forgotten on purpose, and if it's forgotten on purpose that's contributing to fraud. 
Catie:              And to add to that point, Dan, some of the frameworks, specific to climate, already have built-in mechanisms to help you guard against that fraud. So, for instance, The Greenhouse Gas Protocols Corporate Standard sets guidelines for when to recalculate your corporate base year emissions. Because companies are setting their targets and their reduction strategies based upon that base year calculation.
And, so, there are some particularities in terms of, for instance, if your company goes through an acquisition and your footprint goes by X percent, that is what triggers a base year recalculation for your emissions metrics specifically. And, so, that's a policy example. That's an example of a policy that you would want to have in place for some of these metrics. 
So that as your company continues to grow, and circumstances change, and your footprint either shrinks or increases, based upon your operational size. You'll want to have policies in place so that you know when to recalculate your base year, so that you're continuing to report complete and accurate data. 
Doug:              I think carbon emissions reporting, encapsulates everything we've discussed on this podcast and everything that's in both of our reports, the COSO Report and ACFE Report. And I think we could probably do a separate podcast on that. I'd encourage our listeners, many of whom are accountants, to read the Greenhouse Gas Protocol and become familiar with it. 
There are operational and technical people doing it, but at its heart it really is an accounting protocol. We've discussed how you put together data and information to meet different purposes. 
I've worked with clients who get called upon to publish a greenhouse gas report, greenhouse gas emissions, using an operational control basis. Using the equity share basis, using the financial… So there's the same data that needs to be sliced and diced three different ways and for different reporting periods.
Catie brings up the good point that there are protocols to restate or to correct errors when identified, or to account for forgotten facilities. There are uncertainties documented in it because many of these emissions that are reported involve estimates. What if you get better estimates?
Do you apply that to this reporting period or do you retroactively do that and report it?
Much of this involves judgment. What is a material change? So maybe you apply materiality in ways that you would apply it elsewhere or differently. All this has to be documented and the possibility of fraud starts to creep in, when there is the pressure to say, "We are on target for getting carbon neutral by 2030, in accordance with senior management's directives." So they can get their compensation bonus, and we can stay in that ESG-preferred trading fund, and we can get our low-interest rate from the bank or decline from that.
If you understand, if accountants, and business folks, and operations, and environmental people take a good look at the Greenhouse Gas Protocol and you overlay that with the COSO Internal Control Framework, and you overlay that with that terrific publication on ESG fraud, from the ACFE. A lot of what we're saying will start to make sense and you will understand where you can contribute to more effective and more efficient reporting, and prevention, and detection, of fraud. 
Catie:              So we know that, especially, because ESG is still an emerging discipline and there's different interpretations of data, and some of the data points themselves are evolving. So what do you say to those who are concerned about, unintentionally, misreporting data. And realizing two to three years down the road, "Oops, we made a mistake." How should they approach that in the future? 
Doug:              Well, that's a great question, Catie, and we see that all the time. And I predict we will see it a lot more as this field matures, and as companies mature their processes and controls, and as more people take a look at it, both, assurance providers, investors, and the like, we're going to see more of that. And it's understandable that everybody will be handwringing and so afraid of making a mistake. And I go back to what we said 20 years ago, at the beginning of Sarbanes-Oxley. 
I was on many financial audit teams supporting them as ESG specialist for asset retirement obligations, environmental liabilities. And, well, we don't know the right number. We don't know if it's going to happen, and my advice, at the time, as a non-CPA, just an engineer and auditor is to say, "Well, in good faith, read, interpret what is required, develop a process, document the process, and then follow the process and document that you followed the process and the output from that process." That's what goes on the line item in your financial reporting. 
If somebody determines that that was not correct or it can be improved. Maybe it's an internal suggestion, maybe it's from an auditor, maybe it's from an enforcement authority. It doesn't really matter how you discover something that needs to be changed. 
At least you can produce what it was you did and show that you were consistent with the design. The operation was consistent with the design. If you need to change it later, then change it later.
Then comes the question, do we change it from this point going forward or do we have to do an adjustment for prior reporting periods? So that can be part of your process and your criteria. Set a threshold, a materiality threshold for that. Develop a process for how teams consider that and who decides yes or no. It's really using processes that you already have, and apply those for non-financial reporting. 
Catie:              And just to jump in there from the ESG perspective, Doug, I think, not every year will be one marked by progress towards your targets. There's a million different circumstances that can affect progression on your commitments. And, so, again, going back to being transparent and communicating challenges and setbacks to your stakeholders, goes a long way in the ESG space. In terms of them continuing to have faith that you are reporting these disclosures, as they go along, and highlighting where you are experiencing those challenges and setbacks.
Doug:              That's right. 
Dan:                One part of the ACFE's Fraud Triangle is rationalization, and I think that this longer time horizon that Catie was just pointing to, actually, causes some rationalization to happen. Because there's a longer time horizon, someone might say to themselves, "Well, I can catch up next year.
Let me fudge the number a little bit this year, and show some progress, and I will make it all better next year."
And, so, there is something particular to ESG with that longer time horizon for those commitments being made around, "I'm going to be net zero by such and such a date. Well, that's a long time from now, let me just show that I have progression every year and hope that I can catch up in reality."
Dan:                I maintain that non-financial reporting has a couple of attributes that are a little different from financial reporting, or at least they occur in greater proportion. Two of those attributes are much more narrative in non-financial disclosures, descriptions of processes, and also some forward-looking statements. Companies are encouraged to announce goals and targets, which sets the stage for reporting in future reporting periods on their progress to the goals and targets. 
One of the things that is starting to look a little different, companies will say, "We are committed to meeting our climate goals for 2040." Where they make some grand, forward-looking narrative statements, and talking to some folks who are reviewing that, and even some of the external auditors, they're comparing those forward-looking narrative statements to where the companies are spending their money. 
So if you're making statements and disclosures that are these grand, forward-looking projections, and the auditors see you're spending $7, a year, towards meeting that goal. Well, is that statement itself?
Is that disclosure?
Is that negligent? 
Is that sloppy, or is that in order to get into an ESG fund, or to attract Helen, in ways?
Is that tiptoeing into fraud? 
I think the dust is yet to settle on that, but the topic is coming up.
Dan:                I think it's a great point, Doug, and I'm sure that there are a host of attorneys out there who will, gladly, be spending time to figure out when the line has crossed into fraud.
Catie:              And I will add to that, we're seeing a lot of companies set 2040 goals. And just for context, that comes out of the Paris Agreement, saying that the global target for net zero needs to be… Hang on, Adam, let me pause and make sure that I don't misstate this. So part of that Paris Agreement was this global recognition that net zero needs to happen by 2040. 
And, so, that's why you're seeing that number come up in a lot of different corporate targets, when it comes to their net zero goals. That said, there is still a lot of work that needs to be done, at the company level, in order to achieve that. And there are things that are beyond your control. 
So the different breakthrough technologies that are needed in order to accelerate transitioning to a decarbonized economy. There's still a lot of research being done in terms of the electrical grid and the different green technologies that can generate energy, to help reduce that carbon footprint.
So I urge caution in terms of setting your goals because it needs to be, again, coming back to the point, it needs to be realistic and something that you think you can achieve. So one thing that we encourage our companies to do is it's great to have a moonshot goal, and if 2040 is your moonshot goal, then that's awesome. But setting those intermediary milestones to hold yourself accountable, to that moonshot goal, is something we really encourage our clients to do. 
So that could be as simple as setting your baseline year for Scope 1 and 2 emissions. So that you have a complete understanding of your carbon footprint. And then from there you can understand what are those emission sources that we have? 
What can we do, that's in our power, to reduce those emissions?
Are there simple process changes that can reduce our footprint? 
So it's important, again, just go back to what you have already, what you know, and work from there. And there's no shame in having a really great moonshot goal if it's 2040 or if it's not 2040. But I think that setting those intermediary goals is going to be what really helps you to not fall susceptible to the fraud triangle. 
Dan:                I think, we've had a really good conversation here and we've covered a lot of ground. Everything from visibility into your supply chain and the challenges raised by that. All of the complexities around data quality for emissions reporting and other sorts of reporting. I really have enjoyed this conversation immensely. 
Doug:              As have I, it was a privilege. I hope our listeners enjoyed it as much as we enjoyed having the conversation.
Catie:              Yes, thank you to Dan and Doug for this discussion. I really enjoyed chatting with you and, hopefully, the listeners will get some useful information out of this that they can take back to their organizations, and start to implement some of those tools and mechanisms to help them guard against fraud.
[00:29:20]       < Outro >
Announcer:    This has been Count Me In, IMA's podcast. Providing you with the latest perspectives of thought leaders from the accounting and finance profession. If you like what you heard and you'd like to be counted in, for more relevant accounting and finance education, visit IMA's website at www.imanet.org.
©Copyright 2019-2024 Institute of Management Accountants. All rights reserved.