Trust makes the economy go ’round. There is a very good reason why financial statements must be audited by an external auditor: Because it builds trust.
Sustainability and environmental, social, and governance (ESG) reporting is also undergoing external assurance in order to nurture trust. Ninety-one percent of 1,400 companies across 22 jurisdictions report some level of sustainability information and 51% offer some level of assurance. That’s according to “The State of Play in Sustainability Assurance,” a recent report from the International Federation of Accountants (IFAC) and the Association of International Certified Professional Accountants.
The question is, How can ESG assurance build trust in ESG disclosures when the external audit, the most advanced form of assurance, is struggling with a trust deficit? Or will ESG assurance replicate the same mistakes and become old wine in a new bottle?
It wasn’t long ago that amid a spate of corporate scandals, The Financial Times made it official: “Regulators, investors and the wider public have lost confidence in the audit market.” It was hardly the first time such audit-related declarations had been made and it likely won’t be the last. But for ESG assurance, many are looking beyond traditional audit firms for the necessary verifications.
That said, while engaging nontraditional assurance providers is a good step, it may not be good enough. After all, external assurance features many of the same stakeholders as external auditing — the reporting companies and investors, for example — and sustainability and ESG investing already face fierce criticism for alleged greenwashing. Therefore, to avoid a replay of the confidence crisis in external audit, ESG assurance must chart a different path.
Unlike accounting and auditing matters, ESG issues are diverse. Disclosure and assurance are mostly voluntary and have lots of built-in flexibility. A company with assorted sustainability issues and multiple locations may pick and choose among the issues and geographies it reports on. Indeed, some firms may choose not to report on certain criteria or locations. Yet sustainability reporting is critical at a local level.
The 2020 Sustainability Governance Scorecard covers the sustainability leaders featured in one or more sustainability indexes across 10 sectors and seven countries. Its integrated report on Coca-Cola İçecek (CCI) is a useful example of sustainability reporting in practice. CCI produces, distributes and sells sparkling and still beverages of Coca-Cola products for Azerbaijan, Iraq, Jordan, Kazakhstan, Kyrgyzstan, Pakistan, Syria, Tajikistan, Turkmenistan, Uzbekistan, and Turkey, where it is based. It is listed on Borsa Istanbul and reports its sustainability results separately for each of the countries in which it operates. Between 2011 and 2020, CCI sought external assurance on its water and energy usage, among other issues.
The 2020 report and earlier CCI sustainability reports refer to different frameworks and standards, such as the Global Reporting Initiative, the United Nations Global Compact, and United Nations Women Empowerment Program, AA1000, ISAE 3000, and so on. Assurance provider reports tend to give “limited assurance” and state that nothing has arisen to suggest that the selected information is not presented, in all material aspects, “in accordance with CCI’s internally developed reporting criteria.”
External audit is different from sustainability assurance. There is nothing to pick and choose among: Reporting criteria is definitive and mandatory. CCI’s 2020 auditor’s report clearly states that the consolidated financial statements were prepared in adherence to the Turkish Capital Markets Board’s accounting standards. It attests that the audit was conducted in accordance with the applicable auditing standards and that the consolidated financial information is “fairly presented in all material respects.”
Robust global standards are required to make ESG and sustainability reports comparable within and across jurisdictions. Sadly, the development of such standards has lasted the better part of a generation with no end in sight. The first GRI Guidelines were published in 2000 and established the framework for sustainability reporting. In 2004, “The Future of Sustainability Assurance” report from the Association of Chartered Certified Accountants (ACCA) highlighted the need for “a complementary set of Generally Accepted Accounting Principles for Sustainability (GAAPS) and Generally Accepted Assurance Standards for Sustainability (GAASS).” Fast-forward to 2021 and we’ve seen the creation of the International Sustainability Standards Board (ISSB) with much more work still to be done.
We believe the current moment is a once-in-a-lifetime opportunity to set ESG assurance on the right course. As it evolves and catches up with external audit, ESG assurance needs to accomplish the following four tasks, to avoid creating a trust deficit like the one that now plagues external audit.
1. ESG assurance must maintain its independence.
The consensus is clear: Independence is the cornerstone of external assurance. But the audit practice has created its own concept of independence that is not so intuitive. Can the auditor truly be independent of the entity that appoints it, pays it, refers business to it, and, potentially, fires it? The obvious answer: Not really. Of course, the auditor’s answer has long been, Why not?
2. ESG assurance must go beyond offering audit-like boilerplate opinions.
It took the audit practice the global financial crisis (GFC) and a very long time to come up with a discussion of key audit matters in the auditor’s report. ESG assurance providers would do well to offer commentary on key assurance matters right away.
3. ESG assurance must demand that management stand by its sustainability reports.
These reports need to be accompanied by a self-confirmation letter signed by the CEO as well as the relevant board committee members declaring that the report contains material truth, the whole truth, and nothing but the truth.
4. ESG assurance providers should be ready and willing to submit to regulatory oversight.
Unlike external audit, ESG assurance need not go through the prolonged and failed experiment of self-regulation. When stakeholders ask who audits the auditor, the answer from those who offer ESG assurance should be an independent regulator, which may be the same as the pre-existing audit regulator.
In short, to build sustainable trust — an ambitious task in any context — ESG assurance must replicate the knowledge and experience of external audit while avoiding its pitfalls.
Energy Voices is a democratic space presenting the thoughts and opinions of leading Energy & Sustainability writers, their opinions do not necessarily represent those of illuminem.
Usman Hayat writes about sustainable, responsible, and impact investing and Islamic finance. He has served as a content director at the CFA Institute. He is a former executive director at the Securities and Exchange Commission of Pakistan (SECP) and former CEO of the Audit Oversight Board (Pakistan)