Ep. 225: Unraveling ESG: Understanding Environmental, Social, and Governance Factors in Business – Part 2
< Intro >
– Welcome back to Count Me In.
Today we have part two of Unraveling ESG.
We're joined, again, by
Catie Selex, Douglas Hileman,
and Dan Mosher for the
completion of their conversation.
Now, if you didn't hear part one,
I encourage you to pause
right now and listen to that first.
In today's episode, we explore the challenges
and risks of ESG reporting,
including the potential for fraud.
Our experts delve into the
pressures companies face
and discuss real-world examples
of how well-intentioned sustainability efforts
can sometimes lead to
misreporting and potential fraud.
But it's not all about the pitfalls,
they also offer essential
guidance to those new to ESG.
Emphasizing the importance of
starting with existing resources,
focusing on materiality, and setting up
the dedicated cross-functional ESG team.
Don't miss this invaluable
conversation, so let's get started.
< Music >
– Doug, I mentioned the ACFE's
Fraud Triangle earlier,
and I'm eager to hear some of your perspectives
on applying that Fraud Triangle to ESG.
– Thank you, Dan, it can be done too.
It's a familiar construct, and I
was fortunate to be an in-house
at a Big Four when Sarbanes-Oxley hit.
And at the very beginning of
designing internal controls
and testing internal controls, we had
to consider the possibility of fraud.
We had to design controls to prevent
fraud, in audits we had to detect fraud.
Being an environmental
specialist, and then with the IIA
coming out with changing
their IPPF, their framework,
to require testing for fraud.
I've been testing for fraud and
considering fraud for 20 years,
in the environmental space since 2002.
It looks a little different for ESG,
but not as different as you might think.
There is pressure, pressure can be,
"We've got to get this report out."
"The customer wants this answer."
"We have to say, for example, that our products
didn't come from Bangladesh, so what the heck?
How will they find out?"
There's so much pressure.
I see that people are involved in ESG,
in this non-financial reporting,
as an add-on to their jobs.
It might be 20% of their job, and
it's the 20% between 120 and 140%
of what they're supposed to do.
People are under, and companies,
are under tremendous pressure
to put the right answer out there.
They have the opportunity to do so
because the controls are not designed,
and have not been implemented
with the potential for fraud in mind.
So where there are weak controls or no controls,
the opportunities are there.
I see this comes into play, also,
when data and information
comes from outside the organization.
There's this tricky thing where
so much of what we do, in ESG,
is not only what the organization controls
but what the organization can influence.
There are some challenges there,
how do you control what you don't control?
So the opportunity is there because the controls
can be weak or non-existent.
And the rationalization can
be, "Well, everybody does it."
Or "It's not about money, it's about prestige."
"It's not really this, we want the award."
We've seen, for example, there's a
magazine, an organization,
that rates colleges, the 10 best colleges in each thing.
And we've started to see, in recent years,
where the colleges are even
fudging the information
to get the prestige of being in that award.
That may have secondary
effects for how many people
go to that college or what they're
willing to pay for tuition, but that's fraud.
In my book, if you submit data and information
that is incorrect, or inaccurate,
or misleading, with the intent to
deceive at the expense of others.
Especially if that turns into actual
or potential financial gain, I call that fraud.
So that applies on all three sides of the triangle.
It's just a matter of thinking about this ESG
and non-financial world and how that can happen.
– Excellent, Doug, yes, maybe, just
to add a couple of extra points
around those pressures and incentives.
Today we are seeing that there is
incentive compensation
for certain executives that is
linked to various ESG measures.
If you think about that and the
opportunityfor management override
of certain controls that are out
there, that's a great incentive.
If you're going to get paid a bigger bonus
because of greater ESG metrics,
and your ESG, for example, your emissions
information is held in Excel spreadsheet,
which in many cases that is the case.
I saw a survey, not so long ago, of more
than a thousand executives saying that,
I think, it was 86% of them
had their emissions data
just sitting in a spreadsheet.
And if you could change
that with a few keystrokes,
at the executive level, to boost
your bonus, someone might do that.
Other things I think of are from an
incentive or pressure standpoint.
Things around ESG-linked bonds or credits
where there are a key performance indicators
and you're required to maintain those metrics,
to maintain certain interest
rates or payment on your bond.
Those things are out there
and they're going to influence
some portion of those that are held to them.
Catie, maybe, you have some other
thoughts around this as well?
– Yes, Dan, so one of the things
that we're seeing in ESG,
especially because people are so compelled
to make great strides on their data
and to make progress towards their targets,
in a very quick manner, is there's
an emerging market of solutions
that some are absolutely legitimate
and there are good actors,
but they're also bad actors.
So one real-life example of this happening
is the Vatican used a third
party to preserve a forest area,
as part of its carbon offset effort
and to help move towards its
emissions reductions targets.
So, in this instance, the Vatican
thought that it had protected
an area of Hungarian Forest
as part of that reductions plan,
but that actually never happened.
So while there was good intentions to reduce
the Vatican's emissions footprint,
ultimately, that desire left them to susceptible
to fraud by this third party.
So that's something else to think about is
as you're incorporating other entities,
that are outside of your organizational boundaries
to help you reach these targets,
are they genuine good actors?
Have you conducted the due diligence
to ensure that they're going to support
you in getting to those targets,
as opposed to hinder or even mislead you,
which could lead to misreporting on your part?
And, Dan, I wanted to get
back to that pressure element.
A lot of the clients that we're working with
are in those early stages of ESG reporting,
and are just getting their program started.
So, Dan, Doug, and I am happy
to contribute, as well,
but what are some guidance
that we can give to listeners?
In terms of for those who are at ground zero
and need to start reporting, and disclosing,
and to ease some of the pressure
that they're experiencing
from stakeholders and regulators.
What are some ways that
they can approach this?
What are some tools that they can use
to mitigate associated risks?
– I'll go ahead and start.
So I refer back to some of those frameworks,
that you have mentioned,
Catie, as a starting point.
In terms of the kinds of
disclosures that an organization
might make in a certain business sector.
I think that they should be taking
stock of the various channels
in which they might be reporting
that information, and looking
at the various kinds of scenarios,
in which the information might be
incomplete or inaccurate.
So even just thinking about those processes
will get them on a good path forward.
I think that you probably want to
think about starting fairly small,
with the kinds of disclosures,
and build upon those as your maturity
from an ESG perspective grows.
Doug, what are your thoughts?
– For companies just starting
out, or in the early stages,
what I would say to them is, first,
just recognize this is not a hobby.
This is not a nice to do,
this is a business imperative
and it is not going away.
Put the right people on it
and devote resources to it,
who can really get things moving.
Another thing I would say is,
one of my phrases,
is begin with what you've got
because you really can't begin
with anything else.
A gap assessment is a really good idea.
What are the requirements that are expected
from the general capital markets?
What are the questions you're getting
from impact investors and customers,
where you're getting that pull and
you're expected to provide something?
Well, what is it you have?
Companies may have a little more
information than they think they have.
Because much of this information
is already being collected
to achieve regulatory compliance obligations,
with let's say the EPA, or
with OSHA, or Department of Labor.
Is that data and information fit for purpose
or can it be modified a little bit,
to meet the expectations of the stakeholders
who want this kind of reporting and disclosures?
Another point I would say, we've
touched upon the cross-functional team.
This cannot be the responsibility
of any one person.
This is a team effort because
this non-financial information
touches every part of your business internally,
and it touches many parts
of your business externally.
With your providers of capital, your banks,
your insurance companies, your customers.
So all the people who engage in external relations
with folks outside the company,
it has to include those.
One tip I would say is
climate change is the single
biggest issue of our time and climate change
and climate change reporting,
greenhouse gas emissions
reporting, is expected of everybody.
So climate change has got
to be on your agenda.
There is some specialized
expertise that comes with that.
I would suggest that climate change
has even its own team
and its own work streams.
I think supporting that when the ISSB
put out their two exposure drafts.
They had one for all sustainability
reporting disclosures
and one for climate change risk and exposures.
So you've got to address climate change.
And, finally, I would say I put
in a shameless plug for using
the COSO Framework, that if the
data is going to be complete.
If it's going to be accurate,
if it's going to be verifiable,
if you're going to have the
right people with access to it
and only the right people
with access to this data.
There's nowhere better to start than
that COSO Internal Controls Framework.
And even backing up that COSO
Enterprise Risk Management Framework
to lead into materiality.
And to lead into what are the issues
where we should be reporting
on and focus our efforts.
To use an extreme example, if you're a Chevron
you're not going to bet the
company on recycling paper.
So what are the issues that
matter to you as a company?
Where you invest your time, your resources,
your people, and your initiatives
on improving performance.
– And, Doug, you brought up a great
point when it comes to materiality,
and I want to make sure that for our listeners,
they know that when it comes
to ESG and sustainability,
materiality is separate and distinct
from the concept of materiality
under federal state securities
law, as well as GAAP.
And that's because items
that are material to ESG
they're not, necessarily, the same as those
that are material under securities law or GAAP.
So one of the ways that we help clients
and, especially, our year zero clients
who are trying to uncover what
is material to their company.
We always recommend starting
with a materiality assessment,
and ESG strategy and policy development.
This is going to help you set your own guardrails
so that you don't overextend or overcommit on ESG.
Doug mentioned that climate change
is becoming one of those topics,
that companies absolutely need to
have resources and teams dedicated to.
And I'm seeing that with
most of my clients, climate,
even if it's not on the horizon
immediately, it's coming.
And, so, it's something that
you will need to consider
and continue to refresh what's material to you.
So having those assessments, we
recommend every two to three years
because material topics for ESG are not stagnant.
You don't select them, and
then that's what you have
for the entirety of your company's lifespan.
They change because society changes,
the political environment changes,
and the actual environment changes.
So you want to make sure
that you're staying on top of
and looking ahead to what those risks are.
So that you've got the data, mechanisms,
and the internal control processes in place,
to be able to have that data, have
those baselines that you need.
And then as you're planning
out your ESG programming,
set realistic goals and targets.
So that you're not overextending yourself
and that you are setting commitments
that you know that you can achieve,
and you're not falling victim to the fraud triangle
in an attempt to achieve those
commitments that you set for yourself.
– Doug, I know you talked a
bit about the great importance
of climate change and emissions reporting.
I did want to give our listeners some food
for thought around emissions reporting.
If you think about how some of that emissions
reporting takes place, it's a calculation.
So, for example, I've been in
touch with a large organization.
They calculate some of their emissions,
taking their rented square footage of office space
and applying the relevant coefficient to it,
to come up with an estimate of their emissions.
I asked the question, "Well, you have
a number of offices across the country.
What would happen if you,
accidentally, forgot the Dallas office?
Would someone catch it?"
And the answer was, "Not necessarily."
And, so, the care and the completeness,
and the extra effort to make
sure you have that completeness,
it can be challenging, but I
think it's completely necessary.
Because if something could
be forgotten, accidentally,
it could be forgotten on purpose,
and if it's forgotten on purpose
that's contributing to fraud.
– And to add to that point,
Dan, some of the frameworks,
specific to climate, already
have built-in mechanisms
to help you guard against that fraud.
So, for instance, The Greenhouse Gas Protocols
Corporate Standard sets guidelines
for when to recalculate
your corporate base year emissions.
Because companies are setting their targets
and their reduction strategies based
upon that base year calculation.
And, so, there are some particularities
in terms of, for instance,
if your company goes through an acquisition
and your footprint goes by X percent,
that is what triggers a base year recalculation
for your emissions metrics specifically.
And, so, that's a policy example.
That's an example of a policy
that you would want
to have in place for some of these metrics.
So that as your company continues to grow,
and circumstances change, and
your footprint either shrinks
or increases, based upon your operational size.
You'll want to have policies
in place so that you know
when to recalculate your base year,
so that you're continuing to report
complete and accurate data.
– I think carbon emissions
reporting, encapsulates everything
we've discussed on this podcast and everything
that's in both of our reports,
the COSO Report and ACFE Report.
And I think we could probably
do a separate podcast on that.
I'd encourage our listeners,
many of whom are accountants,
to read the Greenhouse Gas Protocol
and become familiar with it.
There are operational and
technical people doing it,
but at its heart it really
is an accounting protocol.
We've discussed how you put
together data and information
to meet different purposes.
I've worked with clients who
get called upon to publish
a greenhouse gas report,
greenhouse gas emissions,
using an operational control basis.
Using the equity share basis,
using the financial...
So there's the same data that
needs to be sliced and diced
three different ways and
for different reporting periods.
Catie brings up the good
point that there are protocols
to restate or to correct errors when identified,
or to account for forgotten facilities.
There are uncertainties documented in it
because many of these emissions
that are reported involve estimates.
What if you get better estimates?
Do you apply that to this reporting period
or do you retroactively do that and report it?
Much of this involves judgment.
What is a material change?
So maybe you apply materiality
in ways that you would apply
it elsewhere or differently.
All this has to be documented
and the possibility of fraud
starts to creep in, when there is the pressure
to say, "We are on target for
getting carbon neutral by 2030,
in accordance with senior
management's directives."
So they can get their compensation bonus,
and we can stay in that
ESG-preferred trading fund,
and we can get our low-interest rate
from the bank or decline from that.
If you understand, if
accountants, and business folks,
and operations, and environmental
people take a good look
at the Greenhouse Gas Protocol
and you overlay that with the
COSO Internal Control Framework,
and you overlay that with
that terrific publication
on ESG fraud, from the ACFE.
A lot of what we're saying
will start to make sense
and you will understand where
you can contribute to more effective
and more efficient reporting,
and prevention, and detection, of fraud.
– So we know that, especially, because
ESG is still an emerging discipline
and there are different interpretations of data,
and some of the data points
themselves are evolving.
So what do you say to those who are concerned
about, unintentionally, misreporting data.
And realizing two to three
years down the road,
"Oops, we made a mistake."
How should they approach that in the future?
– Well, that's a great question,
Catie, and we see that all the time.
And I predict we will see it a
lot more as this field matures,
and as companies mature
their processes and controls,
and as more people take a look at it,
both, assurance providers,
investors, and the like,
we're going to see more of that.
And it's understandable that
everybody will be handwringing
and so afraid of making a mistake.
And I go back to what we said 20 years ago,
at the beginning of Sarbanes-Oxley.
I was on many financial audit teams
supporting them as ESG specialist
for asset retirement obligations,
environmental liabilities.
And, well, we don't know the right number.
We don't know if it's going to happen,
and my advice, at the time, as a non-CPA,
just an engineer and auditor is
to say, "Well, in good faith,
read, interpret what is
required, develop a process,
document the process, and then
follow the process
and document that you followed the process
and the output from that process."
That's what goes on the line item
in your financial reporting.
If somebody determines that that was
not correct or it can be improved.
Maybe it's an internal suggestion,
maybe it's from an auditor,
maybe it's from an enforcement authority.
It doesn't really matter how you discover
something that needs to be changed.
At least you can produce
what it was you did
and show that you were
consistent with the design.
The operation was consistent with the design.
If you need to change it
later, then change it later.
Then comes the question,
do we change it from this point going forward
or do we have to do an adjustment
for prior reporting periods?
So that can be part of your
process and your criteria.
Set a threshold, a materiality threshold for that.
Develop a process for how teams consider that
and who decides yes or no.
It's really using processes that you already have,
and apply those for non-financial reporting.
– And just to jump in there from
the ESG perspective, Doug,
I think, not every year will be one
marked by progress towards your targets.
There are a million different circumstances
that can affect progression on your commitments.
And, so, again, going back to being transparent
and communicating challenges
and setbacks to your stakeholders,
goes a long way in the ESG space.
In terms of them continuing to have faith
that you are reporting these disclosures,
as they go along, and highlighting
where you are experiencing
those challenges and setbacks.
– That's right.
– One part of the ACFE's
Fraud Triangle is rationalization,
and I think that this longer time horizon
that Catie was just pointing to,
actually, causes some rationalization to happen.
Because there's a longer time horizon,
someone might say to themselves,
"Well, I can catch up next year.
Let me fudge the number a little bit this year,
show some progress, and I will
make it all better next year."
And, so, there is something particular to ESG
with that longer time horizon
for those commitments
being made around, "I'm going to be
net zero by such and such a date.
Well, that's a long time from now,
let me just show that I
have progression every year
and hope that I can catch up in reality."
– I maintain that non-financial
reporting has a couple of attributes
that are a little different
from financial reporting,
or at least they occur in greater proportion.
Two of those attributes are much more narrative
in non-financial disclosures,
descriptions of processes,
and also some forward-looking statements.
Companies are encouraged to
announce goals and targets,
which sets the stage for reporting
in future reporting periods
on their progress to the goals and targets.
One of the things that is starting
to look a little different,
companies will say, "We are committed
to meeting our climate goals for 2040."
Where they make some grand,
forward-looking narrative statements,
and talking to some folks
who are reviewing that,
and even some of the external auditors,
they're comparing those
forward-looking narrative statements
to where the companies are spending their money.
So if you're making statements and disclosures
that are these grand, forward-looking
projections, and the auditors
see you're spending $7, a year,
towards meeting that goal.
Well, is that statement itself?
Is that disclosure?
Is that negligent?
Is that sloppy, or is that in order to get
into an ESG fund, or to attract Helen, in ways?
Is that tiptoeing into fraud?
I think the dust is yet to settle
on that, but the topic is coming up.
– I think it's a great point, Doug,
and I'm sure that there are
a host of attorneys out there
who will, gladly, be spending time to figure out
when the line has crossed into fraud.
– And I will add to that, we're seeing
a lot of companies set 2040 goals.
And just for context, that comes
out of the Paris Agreement,
saying that the global target
for net zero needs to be…
hang on, Adam, let me pause and
make sure that I don't misstate this.
So part of that Paris Agreement
was this global recognition
that net zero needs to happen by 2040.
And, so, that's why you're
seeing that number come up
in a lot of different corporate targets,
when it comes to their net zero goals.
That said, there is still a lot
of work that needs to be done,
at the company level, in order to achieve that.
And there are things that are beyond your control.
So the different breakthrough technologies
that are needed in order to accelerate
transitioning to a decarbonized economy.
There's still a lot of research being done
in terms of the electrical grid
and the different green technologies
that can generate energy,
to help reduce that carbon footprint.
So I urge caution in terms of setting your goals
because it needs to be, again,
coming back to the point,
it needs to be realistic and something
that you think you can achieve.
So one thing that we encourage
our companies to do is
it's great to have a moonshot goal,
and if 2040 is your moonshot
goal, then that's awesome.
But setting those intermediary milestones
to hold yourself accountable,
to that moonshot goal,
is something we really
encourage our clients to do.
So that could be as simple
as setting your baseline year
for Scope 1 and 2 emissions.
So that you have a complete
understanding of your carbon footprint.
And then from there you can understand
what are those emission sources that we have?
What can we do, that's in our power,
to reduce those emissions?
Are there simple process changes
that can reduce our footprint?
So it's important, again, just go back
to what you have already,
what you know, and work from there.
And there's no shame in having
a really great moonshot goal
if it's 2040 or if it's not 2040.
But I think that setting those intermediary goals
is going to be what really helps you
to not fall susceptible to the fraud triangle.
– I think, we've had a
really good conversation here
and we've covered a lot of ground.
Everything from visibility into your supply chain
and the challenges raised by that.
All of the complexities around data quality
for emissions reporting and
other sorts of reporting.
I really have enjoyed this conversation immensely.
– As have I, it was a privilege.
I hope our listeners enjoyed it as much
as we enjoyed having the conversation.
– Yes, thank you to Dan and
Doug for this discussion.
I really enjoyed chatting with you and, hopefully,
the listeners will get some useful information
out of this that they can take
back to their organizations,
and start to implement some of
those tools and mechanisms
to help them guard against fraud.
< Music >
– This has been Count Me In, IMA's podcast.
Providing you with the latest
perspectives of thought leaders
from the accounting and finance
profession.
If you like what you heard and
you'd like to be counted in,
for more relevant accounting
and finance education,
visit IMA's website at www.imanet.org.
