Philosophies, standards and approaches around environmental, social and governance, or ESG, are among the most talked-about issues in corporate circles today, with the world’s largest companies and investors taking notable stands for the long-term betterment of society. A lot has changed and a lot will continue to change, and there’s so much still to be determined.
This is Kevin Donahue, a senior director with Protiviti, welcoming you to a new edition of Powerful Insights. I had the pleasure of speaking with Bob Hirth and Chris Wright about a number of different ESG-related matters, particularly as they pertain to perspectives from boards of directors and executive management. Their comments and insights proved to be highly informative and enlightening. Bob is a senior managing director with Protiviti and currently serves as co-vice chair of the Sustainability Accounting Standards Board. Chris is a managing director with Protiviti and global leader of our firm’s Business Performance Improvement practice. Chris, thanks for joining me today.
Kevin, thanks for having me.
Well, Kevin, there have actually been a number of what I’ll call big developments over the last few years. What I’ve seen is, these developments are just simply accelerating now. Just within the last week, these developments seem to be going faster and faster. You have to rewind a little bit. This started out probably as a green initiative, as an eco-friendly initiative, and then it became corporate social responsibility, and people started to use the word sustainability, and now they’ve gotten to ESG.
As part of that journey, many people and companies thought of this as a cost: “What is this going to cost me to do this?” That’s really been turned around. I think what’s really accelerated is, of course, the activists in terms of board meetings and voting protocols and things like that, but employees and customers now are really getting interested in this; they’re aligning their own values with the values of a corporation and seeing if those are in sync or not.
We’ve obviously seen with this increased broader stakeholder interest – the investors weighing in and their recommendations or mandates, whatever you’d like to call it. There’s a series of letters – we’ll call them the BlackRock letters, and Vanguard and State Street and others – providing, I’ll say, guidance, or more than guidance. Then, we’ve seen again, accelerating what I’ll call the emergence of various ESG standards and frameworks – what many refer to as the alphabet soup of the GRI and SASB, TCFD, and the World Economic Forum framework, but we’ve also seen the companies themselves stepping up.
You may remember the Business Roundtable “Purpose of a Corporation” statement that came out a number of years ago, and about 90 companies had signed up for that, but what’s also really interesting is the number of companies that are reporting, in some way, ESG information – it’s now 90% of the S&P 500. Then, finally, very recently, we’ve seen things like ESG-linked loans where the interest rate of a borrowing may be tied to the achievement of some ESG goals and targets. We’ve seen many companies now publicly reporting goals to get to net-zero carbon by a certain year. I’d say maybe the most recent thing is, we’ve now seen regulators opening their eyes to this issue and beginning to scratch their head as to “What do we do? How do we do it? And when do we do it?” That’s my answer to your question, Kevin.
Thanks, Bob. Chris, do you have any thoughts on that? I was wondering what you’re seeing in the big picture right now.
I think in the big picture, what Bob described as the dynamics that are driving that direction is absolutely the case for the CFO and financial reporting community. The topic of ESG has gone from being an interesting side conversation, maybe, for certain avant-garde companies that were in the forefront of social responsibility a few years ago to front and center for many companies and front burner for those for whom a reporting requirement is imminent, even though ESG reporting isn’t, by definition, financial reporting.
For public companies, it’s logical that the CFO and financial reporting community will be responsible for producing the data, since it goes into filing. For private companies, particularly those that are going public, there’s a lot of pressure to make sure you’re ready for that. All of the momentum that Bob described is consistent with what we’re seeing in particular with the folks who may end up having to report the activity even if they’re not managing it because they have the responsibility for putting pen to paper in the external reports.
Kevin, at first blush, when you consider who responded to our survey, which was about 1,000 respondents – over half of them from outside the US, and also over half of them private, not public, companies – it could be a little bit surprising, but the 60% that are outside the US are in places where the reporting is becoming a requirement. The 40% that are in the United States have a variety of stakeholders, whether it’s investors – Bob mentioned the BlackRock letters and things of that sort – or their board representatives, customers. If you think about what Microsoft and others are looking to see their vendors do. Employees, where people want to work – and they want to work at some of the best places to work, some of the greatest places to work – and they view that as a value that’s important to them. Then, competitors, it’s not unlikely that there’s some unoriginal thought: “My competitor did a report. I should too.”
The fact that it’s getting more focused and the pressure even where it’s regulated, that’s an easy one. The 60% of the respondents that were outside of the US likely have a requirement that’s imminent, but the 40% in the US – even though half of them are private, but perhaps might want to be public – are getting a lot of pressure from the market, not necessarily regulators, and all the stakeholders who have an interest in seeing the reporting. If you peel back the onion one level and understand what’s motivating the people who responded to the survey, it does make sense, and it’s not surprising, even though at first blush it might be.
Bob, what are your thoughts on that? Again, 80% of CFOs are planning to increase that focus and frequency on ESG. Are you seeing that interest level?
Kevin, yes, certainly, I think some of this reporting used to be outside of the CFO’s organisation. It was in corporate communications or investor relations, and in some ways, it got ignored or people didn’t even know it was going on. Now, with those pieces that Chris mentioned – you’ve got investor letters, investor calls, the media and everything bringing this to everyone’s attention – the CFO is now going to ask the questions “What are we reporting? Where did that come from? What are the controls around that? How accurate is it?”
As Chris mentioned, it’s now public reporting. If it’s public reporting, you know it’s being relied on. I think the other interesting intersection is, how does that ESG reporting and the traditional financial reporting and SEC reporting come together, or do they? When are items that are material for ESG purposes also material for financial reporting and SEC reporting purposes, and when are they not? I think what’s also important is that the CFO and the CFO’s organisation is really one of the organisations that has to be involved. Their expertise around reporting and process and controls, and then considering those materiality considerations, are really key. It’s not a surprise to me either at all that the CFOs now have this right, front and center on their radar screen.
Well, that’s what I’ll call the million-dollar question, Kevin. Right now, you could argue that all of this ESG reporting is more or less voluntary. Of course, subject to the materiality requirements, if you’re a US public stock exchange company, and, as I mentioned, there’s just all of these different balls in the air. We’ve had GRI for a number of years, but SASB has come on the stage, and TCFD – there have been commentaries from investors about which framework to use. One thing we’ve seen is that many companies that started out only reporting on one framework now are reporting on multiple frameworks or standards and showing how all of their reporting ties to each of those frameworks.
I’d say the jury is still out to a degree, but one of the big developments that occurred just within the last several months was the IFRS Foundation weighing in and issuing their consultation paper, asking, “Should the IFRS Foundation be involved in this reporting, and how?” I think what they’ve concluded initially was, there’s no question there’s demand for this information. It now becomes whether IFRS has a role similar to the role they have for financial reporting, and of course, many of you listening to the call are thinking about, “What about US GAAP and the SEC?” So, all of that, I’d say, is in play right now. I’d say for now, it’s anybody’s guess, but I feel that the IFRS involvement now is very noteworthy.
Then, those investors that have issued their letters and said different things about what frameworks to use have also supported this idea of what we call convergence to one ultimate single standard-setter, perhaps, but they’ve said, remember, “In the interim, you should report using the existing framework.” They still want reporting based upon something as we move to perhaps some type of single standard-setter globally, if that actually can ever occur.
We do, Kevin. It’s not unlike Sarbanes-Oxley, where early on, companies had choices but ultimately coalesced around using the COSO Framework for internal controls. I think we’re at that early stage here, perhaps with more choices, and quite frankly with more good choices than companies had with regard to internal controls at the time. There will probably be some coalescing around one, perhaps a few, standards to use. The means by which reporting will be done will evolve because again, you have public companies and private companies, and you’ll have country regulations that are prescriptive versus those that are a little bit more principles based, and then seeing what the competition reported.
There is the one place in the world where I would call it not plagiarism, but using similar materials and similar words is OK in securities filings. You can word-search on common sentences and find a lot of overlap, and there’s a reason for that. I think the evolution is as Bob reported it: It’s all moving toward a narrower channel, but right now there’s still optionality.
Then, the rules are also unclear and evolutionary as well. You would expect that as long as the rules have some variability that the use of standards and the means by which the reporting is done will also be evolutionary, and we’ll see things move over time. We’re starting to see some movement toward attestation on some of the reporting, and that, I think, will also drive consistency in reporting. All the signs point toward this coalescing around fewer choices and being more clear and more robust means of reporting, and everything does seem to be headed in that direction.
Chris, we talked briefly about our Global Finance Trends Survey before. I should note that our report and other information is available at protiviti.com/financesurvey. I wanted to ask you also about the results of our just-released global top risks survey. You can find that at protiviti.com/toprisks. This was conducted by Protiviti and the NC State University ERM Initiative. The findings related to ESG are interesting: We see that board members and CEOs perceive ESG-related risk issues to be at a more significant level than do CFOs and a couple of other executive roles. How in sync do you think executive management and the board are at the moment when it comes to their views and practices regarding ESG in their organisations?
Kevin, if you think about the way this is going to evolve, I suspect that they are in sync and in order. First off, the CFO community was about 10% of this survey, which was also about 1,000 respondents, which was also a global audience. The CFO community will largely be focused on reporting, among other activities, but they’ll certainly be responsible for that; reporting is going to come a little bit later. Operationalising ESG activities and acting more sustainably and implementing the programmes will fall more to the operational end of the organisation. As we discovered in both surveys, in the last year, when we were performing the survey, CFOs had a lot of other things going on given what was going on in the pandemic. They are not disinterested compared to CEOs and others who may be interested, but the importance level is, I think, commensurate with where each of them is in the process.
I would also add, generally speaking, CFOs are going to be CFO of one company at a time. Board members, on the other hand, are quite often on more than one board at a time, and so they bring a diversity of experience. It may not be important for ESG at the company where the CFO works, but for that board member, it may have already come up and been addressed at another company where they serve on the board. The diversity of experience that a board member will bring to the table is likely to lead to more heightened interest based on what’s going on at the other companies, where the CFO is focused on her company, as opposed to all the others. CEOs also, for that matter, while they’re also often only CEO of one company at a time, may often be on a board as well. I think in both of those roles where there is a more heightened interest, it is also more likely that there is a more diverse workday involved.
That’s interesting. Certainly, you’re talking about philosophy versus operationalising it. That’s a really interesting distinction. Bob, related to that, what are your thoughts on the recent news and recent meetings over the last year or two, and even this year too, with BlackRock, GM and other organisations regarding their commitments and philosophies toward ESG responsibility? Are investors and businesses taking note?
Kevin, they really are. Let me go back to Chris’s comments: To the extent there is a little difference or a big difference between board members, management and CFOs on this topic, obviously, they have to align their understanding. At some point, they got to come together and converge, or you just have chaos, and you can’t have that. That will happen. It may be that that already exists at many companies.
I think it’s also important to know that these ESG risks or factors or considerations can vary, and vary considerably, by industry. If we take an oil and gas company, or an airline, or a hospitality organisation, or a technology company, or a manufacturer – whatever – those are really different. Chris’s point about being involved in different companies plays into that. I also did want to mention, Chris had talked about COSO. COSO also has issued some guidance on how you consider these ESG factors within the enterprise risk management activities at a company. People listening in today may also want to go to the COSO website to get that guidance, which is free, but yes, certainly, these are really big important, impactful recent announcements.
First of all, the BlackRock letters, as we call them – and they come from more than BlackRock – they’ve been a little bit serial over the number of years, but they continue to weigh in on companies. They continue to say more and more things, and I think this year, they got a little bit prescriptive. There’s a number of portions of the letters that talk about how these investors intend to specifically vote against individual board members because of the particular committee that they chair. They’ve stated that by this year, “We’ll vote against this chair of this committee if this is not disclosed or if this progress is not made.” There’s been some teeth to that, and just take BlackRock as an example: They voted against almost 60 individual board members on various factors or not making enough progress. Everybody is taking note of that.
Certainly, the General Motors statement or announcement, be it a commitment, aspirational, a target to take this notion of not producing fossil fuel-based cars by some year – 2035 – that is really, I think, a big deal. I think it’s come where it’s been accelerated for everything we’ve just talked about, as well as perhaps in many people’s view, it’s just the right thing to do. I think all of these things are coming to a head.
Remember, we’ve got 90% of the S&P 500 doing some kind of report to our previous discussions. That’s the good news. The bad news is that reporting is all different. I think the other very new development we have to watch out for there that’s emerging is an increased or accelerated role that the SEC might play for U.S. stock exchange companies, and that’s tied to the change in the administration in the United States as well. As, hopefully, we’ve communicated, there are a lot of balls in the air – there’s a lot happening, it’s moving fast, and it really behooves every company to pull their ESG team together to watch these things and then figure out how they’re going to react and what their plans are around this type of reporting.
Now, Chris I also wanted to ask you – and, Bob, you can weigh in on this as well – I don’t want to get too wonky here, but I did want to briefly cover the topics of integrated reporting and third-party assurance, when it comes to ESG, of course. These are some of the longer-term considerations that standard-setters – companies and other parties – are going to need to consider and address as effective ESG reporting matures. What do you see happening in these areas?
Kevin, first, it’s really OK to be wonky at some point, for wonks have to step in and help people comply with regulations. It’s a fine conversation to have. You mentioned the longer-term considerations. What we’re seeing here is that the length of longer-term is getting shorter. There are some very real considerations now as companies that are public in the US, for example, choose to report ESG data, well, it has to be reliable, it has to be accurate, it has to be well-sourced, it has to be subject to scrutiny and it has to meet all the standards of any other data that goes into a public report. That represents real-time concerns for – again, back to the CFO and the financial reporting community – because they own the document quite often. They own the annual report. They own the quarterly report. They own the registration filings.
We are seeing that. We have seen, fairly recently, a Big Four auditing firm issue an attest opinion on a green bond at assertion for a global multinational company. Basically, they’ve audited the greenness of an issue, and that, as Bob mentioned, will affect the interest rate paid by that organisation on their bond. That’s very real, very recent, and that is likely to be something that, as I mentioned, competitors will see that – and that company’s in the beverage industry, and it’s likely that other beverage companies will do the same either on their own initiative or under pressure from the stakeholders who are investors, board members, customers, vendors or employees, et cetera. That’s happening.
Then, as public companies and as private companies – those that might either be acquired by a public company or wish to go public themselves care to get ready for an IPO – they need to build this into their planning the same way they’re building all of their other readiness activities. Then, for the companies that are public, there’s no current audit requirement now, but it’s very easy to see how disclosures made in a periodic report, an annual or quarterly report, that are then incorporated by reference in a securities filing – so, a 1934 Act filing incorporated by reference in a 1933 Act filing – suddenly, there’s a comfort-letter request from an underwriter, and an auditor does have to do something with that data in some form of attestation.
As the disclosures are made and then as those disclosures are made in documents that then become part of securities offerings, attestation third-party auditing will occur. As we’ve seen, it has already happened with a Big Four firm with a green bond for a global company fairly recently. That horse is out of the barn too. All of this is escalating at the same rate of pace as the march toward disclosures and coalescing around a common standard.
So, jump in here, Bob. What do you think about this?
Yes, let me add on a little bit. My view is the third-party assurance-concept train is on the track, and the train has started moving in addition to what Chris mentioned about this green bond proceeds report. There are a number of companies that have received a form of third-party or external auditor assurance on their ESG reporting, and it has to do with the particular framework they use because those frameworks create what we call specified criteria like GAAP. We give an opinion based upon something. Most of these reports are what we call negative assurance reports: I reviewed this material against these standards and nothing came to my attention that said something material should be changed, and they refer very specifically to the particular criteria they use like the SASB or the TCFD.
We have noted there’s one company that actually had their auditor issue a positive – in our opinion, in all material respects – opinion using the SASB framework because it’s very focused on an industry. That’s moving. There are AICPA standards for assurance related to this. There’s what I’ll call IFRS related, so, the International Audit and Accounting Standards Board, the IAASB, has got standards on doing this work and reporting, and that’s being looked at and revised.
One of the reasons that this is probably going to take off, there’s this term called “greenwashing” – that people say all these things, but are they true? There’s a concern on behalf of the investors and users that are relying on information; they’re believing it. Therefore, they’re investing in the company or they’re giving the company a certain rating or something like that that they don’t have the same level of confidence, in a sense, that they have in the financial reporting system, which for decades or centuries has had this third-party assurance.
So, I see that this concept is going to take hold. You’re already seeing that the largest megacompanies, for the most part, are in fact getting this reporting more so than the smaller companies, but it’s going to trickle down. I think it’s going to become pretty common. Whether all that, at the end of the day, comes to one single integrated report where it’s all together in one place with one single third-party assurance report, I think we’ll have to see, but I think for sure, there’ll be these two streams reporting, and more and more companies will get both streams to have some form of third-party assurance report.
This has been a fantastic conversation. Thank you both for joining me. I wanted to close with a final question to each of you. Chris, I’ll have you respond to this first. Pulling back to the big picture, what does, in your view, ESG reporting and the broader landscape look like from a business perspective in 10 years?
Kevin, thank you for that. Bob, it’s been great to spend time chatting about this important issue. I think as it relates to the CFO and their financial reporting teams, beyond the obvious issue – and Bob mentioned it in terms of not wanting to greenwash – but wanting, needing, to actually be doing these things that lead to greater sustainability outcomes in 10 years or even five, as reporting is either required by regulation or required less directly by third-party pressure from stakeholders like investors, customers, vendors, and employees, the CFOs and their financial reporting organisations will probably not want to be doing this on the same spreadsheet. They’ll do it the first few times.
It points toward integrated data-gathering – data not from the usual sources, not from the general ledger, not from a financial run and not necessarily where you find it all from the same place where you do find it. This becomes, for the CFO and the CFO organisation, a fairly substantial financial and nonfinancial data-gathering and analytic process to come up with the data, but then also to preserve and present it in a way that it can be demonstrated to a third-party assurance organisation as accurate, as representationally faithful, as based and founded on a reliable standard like the SASB, et cetera. Five or 10 years from now, as this is baked in, the processes that are baked into doing the reporting should look a lot like, and carry the same rigor as, the internal control over financial reporting.
Bob, I’ll give the final word to you. What are your thoughts on this?
Yes. Thanks, Kevin, and Chris – it is always good to have these conversations with you. It’s fun. Let me just get right to the present. So, formal corporate reporting has already expanded. I think we’re looking at this – it’s all evolving, but it is already there. Again, you look at the number of companies that are doing this; it’s going to continue. It’s going to continue to trickle down more, and more companies will do it. Then, as we get more and more companies to report, and as we’re, in a way, already seeing, it’s going to coalesce standardised converge around things that are more similar, whether we get to a single absolute one global standard for the whole planet, I think we’ll have to see.
I also believe that third-party assurance will become more or less standardised. What I also think is important is, people listening may be thinking they’re escaping this concept because they’re a private company, and they’re not. What those private companies are going to see is, they’re going to see their banks asking questions about ESG matters before they grant credit or extend a loan, or they may even ask for some of that information n ow with an existing loan. Private companies that are suppliers to large public companies –their customer is a big public company – they’re going to get pressure to be more sustainable so that that large public company itself has a sustainable supply chain. Those private companies need to be aware of that.
I also think it’s going to become greater – how significant it is, we’ll see – in IPO considerations. As a company begins to think about going public, do they need to think about these ESG considerations before they’re a public company? Maybe to end with this, as I mentioned, this all started out as an eco-green movement that people saw as a cost. I think clearly now, everyone more or less agrees and understands this is really either no longer a cost that can be ignored, but it’s really an opportunity to add value to be a better company, a company that’s aligned with values that all different stakeholders now want to get on the train with and support. Finally, what it does is, it really better positions a company to be most successful in the future.
Thank you for listening today. For more information on the Sustainability Accounting Standards Board, visit their website at SASB.org. Also, Protiviti has published a wealth of information on ESG-related matters. One notable one. called Sustainability Reporting: Why Boards Should Care, can be found at protiviti.com/board. Finally, I encourage you to subscribe to our Powerful Insights podcast series and to submit a review for us, wherever you find your podcast content.