Ep. 225: Unraveling ESG: Understanding Environmental, Social, and Governance Factors in Business – Part 2

< Intro >

– Welcome back to Count Me In.

Today we have part two of Unraveling ESG.

We're joined, again, by 
Catie Selex, Douglas Hileman,

and Dan Mosher for the 
completion of their conversation.

Now, if you didn't hear part one,

I encourage you to pause
right now and listen to that first.

In today's episode, we explore the challenges

and risks of ESG reporting,
including the potential for fraud.

Our experts delve into the 
pressures companies face

and discuss real-world examples

of how well-intentioned sustainability efforts

can sometimes lead to 
misreporting and potential fraud.

But it's not all about the pitfalls,

they also offer essential 
guidance to those new to ESG.

Emphasizing the importance of
starting with existing resources,

focusing on materiality, and setting up

the dedicated cross-functional ESG team.

Don't miss this invaluable 
conversation, so let's get started.

< Music >

– Doug, I mentioned the ACFE's
Fraud Triangle earlier,

and I'm eager to hear some of your perspectives

on applying that Fraud Triangle to ESG.

– Thank you, Dan, it can be done too.

It's a familiar construct, and I
was fortunate to be an in-house

at a Big Four when Sarbanes-Oxley hit.

And at the very beginning of 
designing internal controls

and testing internal controls, we had
to consider the possibility of fraud.

We had to design controls to prevent
fraud, in audits we had to detect fraud.

Being an environmental 
specialist, and then with the IIA

coming out with changing 
their IPPF, their framework,

to require testing for fraud.

I've been testing for fraud and
considering fraud for 20 years,

in the environmental space since 2002.

It looks a little different for ESG,

but not as different as you might think.

There is pressure, pressure can be, 
"We've got to get this report out."

"The customer wants this answer."

"We have to say, for example, that our products

didn't come from Bangladesh, so what the heck?

How will they find out?"

There's so much pressure.

I see that people are involved in ESG,
in this non-financial reporting,

as an add-on to their jobs.

It might be 20% of their job, and
it's the 20% between 120 and 140%

of what they're supposed to do.

People are under, and companies,
are under tremendous pressure

to put the right answer out there.

They have the opportunity to do so
because the controls are not designed,

and have not been implemented
with the potential for fraud in mind.

So where there are weak controls or no controls,

the opportunities are there.

I see this comes into play, also,
when data and information

comes from outside the organization.

There's this tricky thing where 
so much of what we do, in ESG,

is not only what the organization controls

but what the organization can influence.

There are some challenges there,

how do you control what you don't control?

So the opportunity is there because the controls

can be weak or non-existent.

And the rationalization can 
be, "Well, everybody does it."

Or "It's not about money, it's about prestige."

"It's not really this, we want the award."

We've seen, for example, there's a
magazine, an organization,

that rates colleges, the 10 best colleges in each thing.

And we've started to see, in recent years,

where the colleges are even 
fudging the information

to get the prestige of being in that award.

That may have secondary 
effects for how many people

go to that college or what they're
willing to pay for tuition, but that's fraud.

In my book, if you submit data and information

that is incorrect, or inaccurate,

or misleading, with the intent to
deceive at the expense of others.

Especially if that turns into actual

or potential financial gain, I call that fraud.

So that applies on all three sides of the triangle.

It's just a matter of thinking about this ESG

and non-financial world and how that can happen.

– Excellent, Doug, yes, maybe, just 
to add a couple of extra points

around those pressures and incentives.

Today we are seeing that there is
incentive compensation

for certain executives that is
linked to various ESG measures.

If you think about that and the
opportunityfor management override

of certain controls that are out
there, that's a great incentive.

If you're going to get paid a bigger bonus

because of greater ESG metrics,

and your ESG, for example, your emissions
information is held in Excel spreadsheet,

which in many cases that is the case.

I saw a survey, not so long ago, of more
than a thousand executives saying that,

I think, it was 86% of them 
had their emissions data

just sitting in a spreadsheet.

And if you could change 
that with a few keystrokes,

at the executive level, to boost
your bonus, someone might do that.

Other things I think of are from an
incentive or pressure standpoint.

Things around ESG-linked bonds or credits

where there are a key performance indicators

and you're required to maintain those metrics,

to maintain certain interest 
rates or payment on your bond.

Those things are out there 
and they're going to influence

some portion of those that are held to them.

Catie, maybe, you have some other
thoughts around this as well?

– Yes, Dan, so one of the things
that we're seeing in ESG,

especially because people are so compelled

to make great strides on their data

and to make progress towards their targets,

in a very quick manner, is there's 
an emerging market of solutions

that some are absolutely legitimate

and there are good actors, 
but they're also bad actors.

So one real-life example of this happening

is the Vatican used a third 
party to preserve a forest area,

as part of its carbon offset effort

and to help move towards its 
emissions reductions targets.

So, in this instance, the Vatican

thought that it had protected 
an area of Hungarian Forest

as part of that reductions plan,
but that actually never happened.

So while there was good intentions to reduce

the Vatican's emissions footprint,

ultimately, that desire left them to susceptible

to fraud by this third party.

So that's something else to think about is

as you're incorporating other entities,

that are outside of your organizational boundaries

to help you reach these targets,
are they genuine good actors?

Have you conducted the due diligence

to ensure that they're going to support
you in getting to those targets,

as opposed to hinder or even mislead you,

which could lead to misreporting on your part?

And, Dan, I wanted to get 
back to that pressure element.

A lot of the clients that we're working with

are in those early stages of ESG reporting,

and are just getting their program started.

So, Dan, Doug, and I am happy
to contribute, as well,

but what are some guidance
that we can give to listeners?

In terms of for those who are at ground zero

and need to start reporting, and disclosing,

and to ease some of the pressure 
that they're experiencing

from stakeholders and regulators.

What are some ways that
they can approach this?

What are some tools that they can use

to mitigate associated risks?

– I'll go ahead and start.

So I refer back to some of those frameworks,

that you have mentioned,
Catie, as a starting point.

In terms of the kinds of 
disclosures that an organization

might make in a certain business sector.

I think that they should be taking
stock of the various channels

in which they might be reporting
that information, and looking

at the various kinds of scenarios,

in which the information might be
incomplete or inaccurate.

So even just thinking about those processes

will get them on a good path forward.

I think that you probably want to
think about starting fairly small,

with the kinds of disclosures,

and build upon those as your maturity
from an ESG perspective grows.

Doug, what are your thoughts?

– For companies just starting 
out, or in the early stages,

what I would say to them is, first,
just recognize this is not a hobby.

This is not a nice to do, 
this is a business imperative

and it is not going away.

Put the right people on it 
and devote resources to it,

who can really get things moving.

Another thing I would say is,
one of my phrases,

is begin with what you've got

because you really can't begin
with anything else.

A gap assessment is a really good idea.

What are the requirements that are expected

from the general capital markets?

What are the questions you're getting
from impact investors and customers,

where you're getting that pull and 
you're expected to provide something? 

Well, what is it you have?

Companies may have a little more
information than they think they have.

Because much of this information 
is already being collected

to achieve regulatory compliance obligations,

with let's say the EPA, or 
with OSHA, or Department of Labor.

Is that data and information fit for purpose

or can it be modified a little bit,

to meet the expectations of the stakeholders

who want this kind of reporting and disclosures?

Another point I would say, we've
touched upon the cross-functional team.

This cannot be the responsibility
of any one person.

This is a team effort because 
this non-financial information

touches every part of your business internally,

and it touches many parts 
of your business externally.

With your providers of capital, your banks,

your insurance companies, your customers.

So all the people who engage in external relations

with folks outside the company, 
it has to include those.

One tip I would say is 
climate change is the single

biggest issue of our time and climate change

and climate change reporting,
greenhouse gas emissions

reporting, is expected of everybody.

So climate change has got
to be on your agenda.

There is some specialized 
expertise that comes with that.

I would suggest that climate change

has even its own team
and its own work streams.

I think supporting that when the ISSB

put out their two exposure drafts.

They had one for all sustainability 
reporting disclosures

and one for climate change risk and exposures.

So you've got to address climate change.

And, finally, I would say I put 
in a shameless plug for using

the COSO Framework, that if the 
data is going to be complete.

If it's going to be accurate, 
if it's going to be verifiable,

if you're going to have the 
right people with access to it

and only the right people 
with access to this data.

There's nowhere better to start than
that COSO Internal Controls Framework.

And even backing up that COSO
Enterprise Risk Management Framework

to lead into materiality.

And to lead into what are the issues

where we should be reporting 
on and focus our efforts.

To use an extreme example, if you're a Chevron

you're not going to bet the 
company on recycling paper.

So what are the issues that 
matter to you as a company?

Where you invest your time, your resources,

your people, and your initiatives 
on improving performance.

– And, Doug, you brought up a great
point when it comes to materiality,

and I want to make sure that for our listeners,

they know that when it comes
to ESG and sustainability,

materiality is separate and distinct 
from the concept of materiality

under federal state securities
law, as well as GAAP.

And that's because items
that are material to ESG

they're not, necessarily, the same as those

that are material under securities law or GAAP.

So one of the ways that we help clients

and, especially, our year zero clients

who are trying to uncover what
is material to their company.

We always recommend starting
with a materiality assessment,

and ESG strategy and policy development.

This is going to help you set your own guardrails

so that you don't overextend or overcommit on ESG.

Doug mentioned that climate change
is becoming one of those topics,

that companies absolutely need to
have resources and teams dedicated to.

And I'm seeing that with 
most of my clients, climate, 

even if it's not on the horizon
immediately, it's coming.

And, so, it's something that 
you will need to consider

and continue to refresh what's material to you.

So having those assessments, we
recommend every two to three years

because material topics for ESG are not stagnant.

You don't select them, and 
then that's what you have

for the entirety of your company's lifespan.

They change because society changes,
the political environment changes,

and the actual environment changes.

So you want to make sure 
that you're staying on top of

and looking ahead to what those risks are.

So that you've got the data, mechanisms,

and the internal control processes in place,

to be able to have that data, have
those baselines that you need.

And then as you're planning 
out your ESG programming,

set realistic goals and targets.

So that you're not overextending yourself

and that you are setting commitments

that you know that you can achieve,

and you're not falling victim to the fraud triangle

in an attempt to achieve those
commitments that you set for yourself.

– Doug, I know you talked a 
bit about the great importance

of climate change and emissions reporting.

I did want to give our listeners some food

for thought around emissions reporting.

If you think about how some of that emissions

reporting takes place, it's a calculation.

So, for example, I've been in 
touch with a large organization.

They calculate some of their emissions,

taking their rented square footage of office space

and applying the relevant coefficient to it,

to come up with an estimate of their emissions.

I asked the question, "Well, you have
a number of offices across the country.

What would happen if you,
accidentally, forgot the Dallas office?

Would someone catch it?"

And the answer was, "Not necessarily."

And, so, the care and the completeness,

and the extra effort to make 
sure you have that completeness,

it can be challenging, but I 
think it's completely necessary.

Because if something could 
be forgotten, accidentally,

it could be forgotten on purpose,

and if it's forgotten on purpose 
that's contributing to fraud.

– And to add to that point, 
Dan, some of the frameworks,

specific to climate, already 
have built-in mechanisms

to help you guard against that fraud.

So, for instance, The Greenhouse Gas Protocols

Corporate Standard sets guidelines
for when to recalculate

your corporate base year emissions.

Because companies are setting their targets

and their reduction strategies based
upon that base year calculation.

And, so, there are some particularities
in terms of, for instance,

if your company goes through an acquisition

and your footprint goes by X percent,

that is what triggers a base year recalculation

for your emissions metrics specifically.

And, so, that's a policy example.

That's an example of a policy
that you would want

to have in place for some of these metrics.

So that as your company continues to grow,

and circumstances change, and 
your footprint either shrinks

or increases, based upon your operational size.

You'll want to have policies 
in place so that you know

when to recalculate your base year,

so that you're continuing to report
complete and accurate data.

– I think carbon emissions 
reporting, encapsulates everything

we've discussed on this podcast and everything

that's in both of our reports, 
the COSO Report and ACFE Report.

And I think we could probably 
do a separate podcast on that.

I'd encourage our listeners, 
many of whom are accountants,

to read the Greenhouse Gas Protocol
and become familiar with it.

There are operational and 
technical people doing it,

but at its heart it really 
is an accounting protocol.

We've discussed how you put
together data and information

to meet different purposes.

I've worked with clients who 
get called upon to publish

a greenhouse gas report,
greenhouse gas emissions,

using an operational control basis.

Using the equity share basis,
using the financial...

So there's the same data that
needs to be sliced and diced

three different ways and
for different reporting periods.

Catie brings up the good 
point that there are protocols

to restate or to correct errors when identified,

or to account for forgotten facilities.

There are uncertainties documented in it

because many of these emissions
that are reported involve estimates.

What if you get better estimates?

Do you apply that to this reporting period

or do you retroactively do that and report it?

Much of this involves judgment.

What is a material change?

So maybe you apply materiality

in ways that you would apply
it elsewhere or differently.

All this has to be documented
and the possibility of fraud

starts to creep in, when there is the pressure

to say, "We are on target for 
getting carbon neutral by 2030,

in accordance with senior 
management's directives."

So they can get their compensation bonus,

and we can stay in that
ESG-preferred trading fund,

and we can get our low-interest rate
from the bank or decline from that.

If you understand, if 
accountants, and business folks,

and operations, and environmental 
people take a good look

at the Greenhouse Gas Protocol

and you overlay that with the
COSO Internal Control Framework,

and you overlay that with
that terrific publication

on ESG fraud, from the ACFE.

A lot of what we're saying
will start to make sense

and you will understand where
you can contribute to more effective

and more efficient reporting,
and prevention, and detection, of fraud.

– So we know that, especially, because
ESG is still an emerging discipline

and there are different interpretations of data,

and some of the data points 
themselves are evolving.

So what do you say to those who are concerned

about, unintentionally, misreporting data.

And realizing two to three
years down the road,

"Oops, we made a mistake."

How should they approach that in the future?

– Well, that's a great question, 
Catie, and we see that all the time.

And I predict we will see it a 
lot more as this field matures,

and as companies mature 
their processes and controls,

and as more people take a look at it,

both, assurance providers, 
investors, and the like,

we're going to see more of that.

And it's understandable that
everybody will be handwringing

and so afraid of making a mistake.

And I go back to what we said 20 years ago,

at the beginning of Sarbanes-Oxley.

I was on many financial audit teams
supporting them as ESG specialist

for asset retirement obligations,
environmental liabilities.

And, well, we don't know the right number.

We don't know if it's going to happen,

and my advice, at the time, as a non-CPA,

just an engineer and auditor is 
to say, "Well, in good faith,

read, interpret what is 
required, develop a process,

document the process, and then
follow the process

and document that you followed the process

and the output from that process."

That's what goes on the line item
in your financial reporting.

If somebody determines that that was
not correct or it can be improved.

Maybe it's an internal suggestion,
maybe it's from an auditor,

maybe it's from an enforcement authority.

It doesn't really matter how you discover
something that needs to be changed.

At least you can produce
what it was you did

and show that you were
consistent with the design.

The operation was consistent with the design.

If you need to change it 
later, then change it later.

Then comes the question,

do we change it from this point going forward

or do we have to do an adjustment
for prior reporting periods?

So that can be part of your 
process and your criteria.

Set a threshold, a materiality threshold for that.

Develop a process for how teams consider that

and who decides yes or no.

It's really using processes that you already have,

and apply those for non-financial reporting.

– And just to jump in there from
the ESG perspective, Doug,

I think, not every year will be one

marked by progress towards your targets.

There are a million different circumstances

that can affect progression on your commitments.

And, so, again, going back to being transparent

and communicating challenges
and setbacks to your stakeholders,

goes a long way in the ESG space.

In terms of them continuing to have faith

that you are reporting these disclosures,

as they go along, and highlighting

where you are experiencing
those challenges and setbacks.

– That's right.
– One part of the ACFE's

Fraud Triangle is rationalization,

and I think that this longer time horizon

that Catie was just pointing to,

actually, causes some rationalization to happen.

Because there's a longer time horizon,

someone might say to themselves,
"Well, I can catch up next year.

Let me fudge the number a little bit this year,

show some progress, and I will
make it all better next year."

And, so, there is something particular to ESG

with that longer time horizon
for those commitments

being made around, "I'm going to be
net zero by such and such a date.

Well, that's a long time from now,

let me just show that I 
have progression every year

and hope that I can catch up in reality."

– I maintain that non-financial 
reporting has a couple of attributes

that are a little different 
from financial reporting,

or at least they occur in greater proportion.

Two of those attributes are much more narrative

in non-financial disclosures, 
descriptions of processes,

and also some forward-looking statements.

Companies are encouraged to 
announce goals and targets,

which sets the stage for reporting 
in future reporting periods

on their progress to the goals and targets.

One of the things that is starting 
to look a little different,

companies will say, "We are committed
to meeting our climate goals for 2040."

Where they make some grand,
forward-looking narrative statements,

and talking to some folks
who are reviewing that,

and even some of the external auditors,

they're comparing those 
forward-looking narrative statements

to where the companies are spending their money.

So if you're making statements and disclosures

that are these grand, forward-looking
projections, and the auditors

see you're spending $7, a year,
towards meeting that goal.

Well, is that statement itself?

Is that disclosure?
Is that negligent?

Is that sloppy, or is that in order to get

into an ESG fund, or to attract Helen, in ways?

Is that tiptoeing into fraud?

I think the dust is yet to settle
on that, but the topic is coming up.

– I think it's a great point, Doug,

and I'm sure that there are
a host of attorneys out there

who will, gladly, be spending time to figure out

when the line has crossed into fraud.

– And I will add to that, we're seeing
a lot of companies set 2040 goals.

And just for context, that comes 
out of the Paris Agreement,

saying that the global target 
for net zero needs to be…

hang on, Adam, let me pause and
make sure that I don't misstate this.

So part of that Paris Agreement 
was this global recognition

that net zero needs to happen by 2040.

And, so, that's why you're
seeing that number come up

in a lot of different corporate targets,

when it comes to their net zero goals.

That said, there is still a lot 
of work that needs to be done,

at the company level, in order to achieve that.

And there are things that are beyond your control.

So the different breakthrough technologies

that are needed in order to accelerate

transitioning to a decarbonized economy.

There's still a lot of research being done

in terms of the electrical grid

and the different green technologies
that can generate energy,

to help reduce that carbon footprint.

So I urge caution in terms of setting your goals

because it needs to be, again,
coming back to the point,

it needs to be realistic and something
that you think you can achieve.

So one thing that we encourage 
our companies to do is

it's great to have a moonshot goal,

and if 2040 is your moonshot 
goal, then that's awesome.

But setting those intermediary milestones

to hold yourself accountable, 
to that moonshot goal,

is something we really 
encourage our clients to do.  

So that could be as simple 
as setting your baseline year

for Scope 1 and 2 emissions.

So that you have a complete
understanding of your carbon footprint.

And then from there you can understand

what are those emission sources that we have?

What can we do, that's in our power,
to reduce those emissions?

Are there simple process changes
that can reduce our footprint?

So it's important, again, just go back
to what you have already,

what you know, and work from there.

And there's no shame in having 
a really great moonshot goal

if it's 2040 or if it's not 2040.

But I think that setting those intermediary goals

is going to be what really helps you

to not fall susceptible to the fraud triangle.

– I think, we've had a
really good conversation here

and we've covered a lot of ground.

Everything from visibility into your supply chain

and the challenges raised by that.

All of the complexities around data quality

for emissions reporting and 
other sorts of reporting.

I really have enjoyed this conversation immensely.

– As have I, it was a privilege.

I hope our listeners enjoyed it as much

as we enjoyed having the conversation.

– Yes, thank you to Dan and 
Doug for this discussion.

I really enjoyed chatting with you and, hopefully,

the listeners will get some useful information

out of this that they can take
back to their organizations,

and start to implement some of
those tools and mechanisms

to help them guard against fraud.

< Music >

– This has been Count Me In, IMA's podcast.

Providing you with the latest 
perspectives of thought leaders

from the accounting and finance
profession.

If you like what you heard and 
you'd like to be counted in,

for more relevant accounting 
and finance education,

visit IMA's website at www.imanet.org.

©Copyright 2019-2023 Institute of Management Accountants. All rights reserved.