This blog first appeared on Workiva.com on January 31, 2023. Written by Grant Ostler.
There’s no denying that this past year has brought new challenges. Between increasing investor demands, market volatility, and expanding regulations—especially around ESG—there is a slew of new risks to consider.
And given that expectations were already increasing for audit and risk teams, figuring out how to manage ESG risk on top of everything else may feel a bit overwhelming.
When it comes to new risks like ESG, sometimes the hardest part is knowing where to start. That’s why I sat down with Sue King, Partner at KPMG LLP, to get insight into what organizations can do now to stay ahead of ESG and other emerging risks. During our conversation, we discussed how to create robust internal controls and governance for ESG, bring key teams together to build effective ESG programs, and increase internal control over financial reporting (ICFR) efficiency.
Here are a few highlights from our conversation—but we’re only scratching the surface! If you want to dive deeper into these topics and get even more actionable advice, join Sue and me on February 23 at 2:00 p.m. ET for the “Hot Topics in Risk and Compliance: ESG and Navigating Economic Headwinds” webinar. Save your seat here.
It takes a village: Establishing effective governance and internal controls for ESG assurance
With the Corporate Sustainability Reporting Directive (CSRD), which will impact not only companies in the European Union but also organizations with subsidiaries in the region, and the SEC’s pending climate and cyber disclosure rules, there’s no denying that ESG reporting is here to stay. And that means ESG data will be under the microscope like never before (to leverage SOX terms, the data needs to be complete and accurate).
To some extent, many organizations already disclose ESG-type data in the 10-K, a press release, or a CSR report. To ensure the completeness and accuracy of this data (and any additional data that companies may need to disclose in the future), Sue said now is the time to build appropriate internal controls.
It's never too soon to start. While we don't know exactly when the SEC will finalize the climate and cyber rules, companies really need to start thinking about having the right robust ESG controls in place.
Partner, KPMG LLP
And as organizations start to think about how to build a solid foundation for ESG controls, they also need to consider the critical collaboration it will take—how will internal audit, accounting and finance, ESG and sustainability, legal, investor relations, and more come together to deliver investor-grade ESG reporting? ESG reporting truly takes a village, and having the appropriate governance around your program is just as important as having the right controls embedded throughout your processes.
One of the biggest things to really think about is the governance around ESG reporting," Sue said. "Given we have environmental, social, and governance—we already have a G in there—but I'm talking about building program governance around ESG. How do we start defining policies? What will our process look like to set targets or decide what commitments we’ll make externally?"
“As new rules or regulations come out, you’ll have a team to go to, and you can start making decisions and driving action,” Sue said, “as well as having one central point to make decisions on standard policies, definitions, process, and systems in order to standardize and streamline the reporting.”
We’ve been here before: Applying SOX lessons to ESG
The good news is that many of us have been here before when we formalized internal control processes around financial reporting in response to section 404 of the Sarbanes-Oxley Act (SOX) 21 years ago, and there are many lessons we’ve learned that can be applied to ESG.
The biggest lesson? Standardize, standardize, standardize! Instead of immediately diving into documenting, remediating, and testing, Sue said it’s critical to standardize first. While many of us jumped right into documenting processes in response to SOX, there’s a lot your team can benefit from when you take a step back to standardize ESG processes first. Then, look to automate as much as possible.
“Let's make sure that we stop and spend the time standardizing the processes across geographies, across teams, across systems so that we can really drive better automation and efficiency around the reporting process,” Sue said.
With ESG, you can start to standardize various data inputs to help with data collection and assurance. Take carbon emissions for example. If your organization only reimburses travel when booked through a designated travel company, that will help facilitate and streamline data capture from all airlines.
If tackling ESG feels daunting, it will get better—remember that SOX was new and unfamiliar to us in the beginning! Plus, you don’t have to go on the journey alone. There are trusted advisors that can help and technology available that can connect data across your finance, audit and risk, ESG, and legal teams, allowing all stakeholders to collaborate and work from a single source of truth.
Everyone counts: Building a culture of efficiency
Increasing efficiency, especially in ICFR programs, is top of mind for many audit and risk leaders. A lot of teams find themselves bogged down with manual, repetitive tasks that get in the way of doing more strategic, value-added work.
When it comes to driving efficiency, automation is one surefire way to make an immediate impact. Before looking into new tools, Sue suggests optimizing within your current tools and systems, whether an ERP or GRC platform. She said many organizations haven’t taken full advantage of the automation capabilities within these types of systems, making it the best place to start.
“Now is the time to say, ‘How do we truly start using all of those tools to their full advantage?’ to make sure we've really transformed the first line,” Sue said. “Ultimately, the more efficiency you can drive into the first line, that then flows through the second and third lines.”
Another point Sue emphasized about efficiency: building the right culture. And it comes down to accountability, she said.
“It’s really important to get everyone bought in—that it's everybody's responsibility, not just the SOX director or the ESG director. I think focusing on your culture can be really beneficial from an efficiency perspective.”
Want additional examples and practical steps you can take to formalize an effective ESG program and improve efficiency?
Then join us! Sue and I will cover all of these topics and more (like how to engage and retain top talent) in our upcoming webinar “Hot Topics in Risk and Compliance: ESG and Navigating Economic Headwinds” on February 23 at 2:00 p.m. ET. Register now—I hope to see you there!
NOTES: Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.
The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organization.
Please sign in to leave a comment.