The biggest challenge associated with new ESG reporting regulations isn’t that companies will be compelled to disclose ESG data — many already do so voluntarily — it is that they will need to have their ESG reports "assured," which means the data will be subject to the same scrutiny as financial reporting.
New regulations, such as the European Union’s Corporate Sustainability Reporting Directive and anticipated rules from the U.S. Securities and Exchange Commission and California, will require corporations to get third-party assurance for their climate and ESG-related disclosures. The aim is to elevate the accuracy and legitimacy of ESG disclosures to standards that investors and regulators have come to expect for corporate financial reporting.
That may catch many companies off guard.
Consider that 75 percent of businesses feel they don’t have the policies, skills and systems in place to meet ESG assurance requirements, according to a KPMG survey of 750 companies with an average revenue of $15.6 billion, conducted from April to June.
With ESG assurance requirements expected to take effect as soon as 2025, companies will need systems to collect and manage their ESG data for the 2024 fiscal year. With deadlines rapidly approaching, what can companies do to get ESG assurance ready, and how much will it cost them?
What is assurance?
Before we dive into why ESG assurance matters to your organization, let’s define what it means. Assurance refers to an independent service, typically provided by certified or chartered accountants, that certifies the correctness and validity of the item being reviewed, usually financial statements.
Assurance engagements analyze and assess the operations, processes and procedures related to an organization’s reporting activities to verify that its accounting record complies with regulatory standards and principles.
For those familiar with financial audits, "At its core, ESG assurance and financial statement audit are looking to achieve the same thing, an independent third-party assessment of the completeness and the accuracy of the information that's being reported," said Maura Hodge, ESG audit leader at KPMG.
There are two types of assurance, limited assurance and reasonable assurance. Here’s how KPMG defines them in its survey:
Limited assurance: "A level of assurance at an acceptable level that, based on professional judgment, is meaningful for the intended users. It results in a negative conclusion (‘nothing has come to our attention to indicate that the information is materially misstated’)."
Reasonable assurance: "Expressing reasonable assurance requires the assurance provider to obtain sufficient appropriate evidence to conclude that the sustainability-related information prepared, in all material respects, in accordance with the applicable reporting criteria (positive conclusion)."
Is it expensive?
Assurance brings peace of mind, and that doesn’t come cheap. The SEC estimates its proposed climate disclosure rule will cost large "accelerated filers" — a term covering most public companies with more than $100 million of revenue — $75,000-$145,000 for limited assurance and $115,000-$235,000 for reasonable assurance.
That estimate is based on relative costs of assurance for financial statements. A 2022 survey from the consulting firm ERM found that U.S.-based companies spent an average of $82,000 on assurance related to climate.
ESG assurance shouldn't just be thought about as a cost. If used strategically, ESG assurance can help companies identify and mitigate risks by adopting improved data systems and policies that build trust with key stakeholders. In fact, a study of 4,164 sustainability reports from 1993 to 2014 found that companies that obtained sustainability assurance enjoyed a 0.7 percent reduction in their cost of capital.
How can companies get ready?
Companies can prepare for ESG assurance requirements by consulting the people, processes and partners that drive their financial assurance as a starting point and then filling in any gaps with new roles, tools and professional services.
Internal audit teams are responsible for monitoring an organization’s systems and processes for collecting, verifying, managing and reporting relevant information to stakeholders. When designing an ESG strategy, internal audit teams can help identify and understand risks, design controls and work to manage the cost of current and future ESG data compliance.
The new wave of ESG reporting regulations has led some companies to create a new role, the ESG controller. Half of large banks with over $350 billion in assets have assigned an ESG controller to oversee mandatory ESG disclosures, according to a KPMG analysis published in August.
Last November, for example, Bank of America named Michael Tovey as the bank's ESG controller after he had served as the bank’s corporate controller since 2019. Wells Fargo has an open job posting (automatic PDF download) for an ESG controller “that will provide company-wide direction to ensure required ESG reporting is well-controlled and meets global regulatory frameworks and requirements.” That person “will report to the head of accounting policy and SEC reporting.”
Banks aren’t the only ones turning to ESG controllers to manage regulatory ESG reporting, Alphabet, DuPont and Halliburton have each added ESG or sustainability controllers to their teams and commercial real estate services firm CBRE is recruiting for an ESG controller with a salary range between $225,000-250,000.
Businesses can also look to the existing external auditor that assures the company’s financial reporting practices and disclosures. A report that looked at 2021 data from 1,350 companies across 21 jurisdictions found that when a company received ESG assurance from a professional accountant, 70 percent of the time it was from the company’s existing auditor.
There has been an explosion of ESG software over the past decade. Many companies selling those applications are positioning themselves to benefit from the ESG disclosure regulations expected to go into effect in the next few years by offering audit-ready data platforms.
Cloud-based reporting app Workiva received the highest score in the workflows and auditability category in a July report about ESG software providers published by sustainability research and advisory firm Verdantix. Workiva was recognized for capabilities such as auditor access, digital time and date records, and a feature linking all data to its source.
Carbon accounting software firm Persefoni was named a leader in a 2022 Forrester sustainability software report. Joe Cavanaugh, vice president of strategic finance at Persefoni, has said "auditability must be a core tenet of any company’s GHG data management process and strategy."
Hodge said companies should perform a diagnostic and gap assessment to identify what regulations will apply to them and compare the data and reporting systems they currently have in place to what they will need to comply with ESG assurance. Then companies can build out ESG reporting systems and policies for ESG assurance that maintain an audit trail of assured information.
Check out this free ESG regulatory tracker database to see how your company should prepare.