Internal Controls and Sustainability Data: Closing the Confidence Gap in the Quest for Value
Jeffrey C. Thomson | November 20, 2017 |
It’s time to admit it. The calls for increased use of sustainability data to drive and communicate enterprise value are not going away [enterprise value can also be loosely referred to as non-financial, balanced scorecard, performance dashboard, environmental, social, and governance (ESG), and/or integrated reporting].
What started as a grassroots movement among sustainability advocates has now entered the mainstream with large institutional investors taking up the cause. Recently, Vanguard Chairman and CEO, Bill McNabb, published an open letter to boards asking them to embrace the disclosure of sustainability risks. Similarly, BlackRock, the world’s largest asset manager, recommended that, “Policy makers should focus on establishing a framework that enables stakeholders and market participants to develop detailed ESG standards and best-practice guidelines.”
Sustainability performance management more fully integrated with traditional financial analysis and reporting benefits investors and corporations alike. Reporting on sustainability data enables organizations to create, sustain, and communicate their value generation capacity and capability for stakeholders, helping strengthen global capital markets and serve the public interest. A recent Harvard Business School study corroborates this: “firms with good performance on 'material sustainability issues' enjoy enhanced market returns (6% annualized alpha) over firms that perform poorly on material factors."
Sustainability performance (or related non-financial data) has unique characteristics. It is less tangible and more qualitative than financial performance data—although sustainability data is often quantifiable, as reported by companies in sustainability and corporate social responsibility reports. It is also more forward-looking, covering multiple time periods, and often more manually sourced.
For those reasons my coauthors—Robert Herz, Former Chairman of the US Financial Accounting Stability Board, and Brad Monterio, Managing Director of Colcomgroup, Inc.—and I assert in a new paper that a tangible step must be taken to improve confidence in sustainability performance data. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework is that tangible step.
The COSO Framework, originally issued in 1992 and refreshed in 2013, was developed as guidance to help improve confidence in all types of data and information. The forward from the 2013 update reads:
- “The Framework will enable organizations to effectively and efficiently develop and maintain systems of internal control that can enhance the likelihood of achieving the entity’s objectives and adapt to changes in the business and operating environments.”
- “The Framework continues to emphasize the importance of management judgment in designing, implementing, and conducting internal control, and in assessing the effectiveness of a system of internal control.”
- “The Framework has been enhanced by expanding the financial reporting category of objectives to include other important forms of reporting, such as non-financial and internal reporting.”
We believe this expansion is inclusive of sustainability performance measures and that the COSO principles on effectiveness—controls that are present, functioning, and integrated—could apply to all types of performance data, including sustainability, using professional judgment.
In the paper, we painstakingly apply the 17 COSO principles to the content domains used by the Sustainability Accounting Standards Board: environment, social capital, human capital, business model and innovation, and leadership and governance. To improve confidence in non-financial or sustainability performance data, we assert that integrated governance, strategy, and controls design are keys to success, with the CFO in a unique leadership position to leverage well-established financial processes (sourcing, reporting, analyzing, and assuring).
We took a practical approach, leveraging many third-party resources, conducting interviews, and soliciting corporate case studies from first-movers like Novo Nordisk, CalSTRS, and US Steel to support our thoughts and observations. Our goal is to help move the reporting ecosystem further along in the journey toward better utilizing, assuring, and communicating this type of data—with an emphasis on professional judgment and stakeholder learning.
The Institute of Management Accountants believes in a culture of challenge, which is why my coauthors and I decided to take on this topic. We encourage all IFAC members, including partners like the International Integrated Reporting Council, to embrace this culture of challenge and remember that the end in mind is not a standard, a control, or a report: nothing less than the strength of our global capital markets for business and societal value is at stake.