Count Me In® | Ep. 225: Unraveling ESG: Understanding Environmental, Social, and Governance Factors in Business

Get ready for part two of our insightful ESG (Environmental, Social, and Governance) discussion on the Count Me In podcast. Our expert panel, Douglas, Dan, and Catie, unpack the pressures and fraud risks inherent in ESG reporting, offering invaluable insights gleaned from real-world scenarios. But it's not just about identifying risks; they also provide practical guidance for those embarking on their ESG journey. Learn how to start with what you have, concentrate on materiality, and establish a robust, cross-functional ESG team. Tune in for an essential roadmap to navigate the complexities of ESG reporting in today's business landscape. This is one episode you won't want to miss!

Connect with our speakers:
Catie: https://www.linkedin.com/in/ctserex/
Dan: https://www.linkedin.com/in/dan-mosher-8552519/
Doug: https://www.linkedin.com/in/douglas-hileman-fsa-crma-cpea-p-e-6abbb71/

Download the reports mentioned into today's podcast:
Achieving Effective Internal Control Over Sustainability Reporting
Managing Fraud Risks in an Evolving ESG Environment

Full Episode Transcript:
Adam: Welcome back to Count Me In. Today we have part two of Unraveling ESG. We're joined, again, by Catie Selex, Douglas Hileman, and Dan Mosher for the completion of their conversation. Now, if you didn't hear part one, I encourage you to pause right now and listen to that first. In today's episode, we explore the challenges and risks of ESG reporting, including the potential for fraud.

Our experts delve into the pressures companies face and discuss real-world examples of how well-intentioned sustainability efforts can sometimes lead to misreporting and potential fraud. But it's not all about the pitfalls, they also offer essential guidance to those new to ESG. Emphasizing the importance of starting with existing resources, focusing on materiality, and setting up the dedicated cross-functional ESG team.

Don't miss this invaluable conversation, so let's get started.

[00:00:55] < Music >

Dan: Doug, I mentioned the ACFE's Fraud Triangle earlier, and I'm eager to hear some of your perspectives on applying that Fraud Triangle to ESG.

Doug: Thank you, Dan, it can be done too. It's a familiar construct, and I was fortunate to be an in-house at a Big Four when Sarbanes-Oxley hit. And at the very beginning of designing internal controls and testing internal controls, we had to consider the possibility of fraud.

We had to design controls to prevent fraud, in audits we had to detect fraud.

Being an environmental specialist, and then with the IIA coming out with changing their IPPF, their framework, to require testing for fraud. I've been testing for fraud and considering fraud for 20 years, in the environmental space since 2002.

It looks a little different for ESG, but not as different as you might think. There is pressure, pressure can be, "We've got to get this report out."

"The customer wants this answer."

"We have to say, for example, that our products didn't come from Bangladesh, so what the heck? How will they find out?" There's so much pressure. I see that people are involved in ESG, in this non-financial reporting, as an add-on to their jobs. It might be 20% of their job, and it's the 20% between 120 and 140% of what they're supposed to do. People are under, and companies, are under tremendous pressure to put the right answer out there.

They have the opportunity to do so because the controls are not designed, and have not been implemented with the potential for fraud in mind. So where there are weak controls or no controls, the opportunities are there. I see this comes into play, also, when data and information comes from outside the organization.

There's this tricky thing where so much of what we do, in ESG, is not only what the organization controls but what the organization can influence. There are some challenges there, how do you control what you don't control?

So the opportunity is there because the controls can be weak or nonexistent. And the rationalization can be, "Well, everybody does it."

Or "It's not about money, it's about prestige."

"It's not really this, we want the award." We've seen, for example, there's a magazine, an organization, that rates colleges, the 10 best colleges in each thing. And we've started to see, in recent years, where the colleges are even fudging the information to get the prestige of being in that award. That may have secondary effects for how many people go to that college or what they're willing to pay for tuition, but that's fraud.

In my book, if you submit data and information that is incorrect, or inaccurate, or misleading, with the intent to deceive at the expense of others. Especially if that turns into actual or potential financial gain, I call that fraud. So that applies on all three sides of the triangle. It's just a matter of thinking about this ESG and non-financial world and how that can happen.

Dan: Excellent, Doug. Yes, maybe, just to add a couple of extra points around those pressures and incentives. Today we are seeing that there is incentive compensation for certain executives that is linked to various ESG measures. If you think about that and the opportunity for management override of certain controls that are out there, that's a great incentive.

If you're going to get paid a bigger bonus because of greater ESG metrics, and your ESG, for example, your emissions information is held in Excel spreadsheet, which in many cases that is the case. I saw a survey, not so long ago, of more than a thousand executives saying that, I think, it was 86% of them had their emissions data just sitting in a spreadsheet.

And if you could change that with a few keystrokes, at the executive level, to boost your bonus, someone might do that. Other things I think of are from an incentive or pressure standpoint. Things around ESG-linked bonds or credits where there are a key performance indicators and you're required to maintain those metrics, to maintain certain interest rates or payment on your bond. Those things are out there and they're going to influence some portion of those that are held to them. Catie, maybe, you have some other thoughts around this as well?

Catie: Yes, Dan, so one of the things that we're seeing in ESG, especially because people are so compelled to make great strides on their data and to make progress towards their targets, in a very quick manner, is there's an emerging market of solutions that some are absolutely legitimate and there's good actors, but they're also bad actors.

So one real-life example of this happening is the Vatican used a third party to preserve a forest area, as part of its carbon offset effort and to help move towards its emissions reductions targets. So, in this instance, the Vatican thought that it had protected an area of Hungarian Forest as part of that reductions plan, but that actually never happened.

So while there were good intentions to reduce the Vatican's emissions footprint, ultimately, that desire left them to susceptible to fraud by this third party. So that's something else to think about is as you're incorporating other entities, that are outside of your organizational boundaries to help you reach these targets, are they genuine good actors?

Have you conducted the due diligence to ensure that they're going to support you in getting to those targets, as opposed to hinder or even mislead you, which could lead to misreporting on your part? And, Dan, I wanted to get back to that pressure element. A lot of the clients that we're working with are in those early stages of ESG reporting, and are just getting their program started.

So, Dan, Doug, and I am happy to contribute, as well, but what are some guidance that we can give to listeners? In terms of for those who are at ground zero and need to start reporting, and disclosing, and to ease some of the pressure that they're experiencing from stakeholders and regulators.

What are some ways that they can approach this? What are some tools that they can use to mitigate associated risks?

Dan: I'll go ahead and start. So I refer back to some of those frameworks, that you have mentioned, Catie, as a starting point. In terms of the kinds of disclosures that an organization might make in a certain business sector. I think that they should be taking stock of the various channels in which they might be reporting that information, and looking at the various kinds of scenarios, in which the information might be incomplete or inaccurate. So even just thinking about those processes will get them on a good path forward.

I think that you probably want to think about starting fairly small, with the kinds of disclosures, and build upon those as your maturity from an ESG perspective grows. Doug, what are your thoughts?

Doug: For companies just starting out, or in the early stages, what I would say to them is, first, just recognize this is not a hobby. This is not a nice to do, this is a business imperative and it is not going away. Put the right people on it and devote resources to it, who can really get things moving.

Another thing I would say is, one of my phrases, is begin with what you've got because you really can't begin with anything else. A gap assessment is a really good idea. What are the requirements that are expected from the general capital markets?

What are the questions you're getting from impact investors and customers, where you're getting that pull and you're expected to provide something?

Well, what is it you have?

Companies may have a little more information than they think they have. Because much of this information is already being collected to achieve regulatory compliance obligations, with let's say the EPA, or with OSHA, or the Department of Labor. Is that data and information fit for purpose or can it be modified a little bit, to meet the expectations of the stakeholders who want this kind of reporting and disclosures?

Another point I would say, we've touched upon the cross-functional team. This cannot be the responsibility of any one person. This is a team effort because this non-financial information touches every part of your business internally, and it touches many parts of your business externally. With your providers of capital, your banks, your insurance companies, your customers. So all the people who engage in external relations with folks outside the company, it has to include those.

One tip I would say is climate change is the single biggest issue of our time and climate change and climate change reporting, greenhouse gas emissions reporting, is expected of everybody. So climate change has got to be on your agenda. There is some specialized expertise that comes with that.

I would suggest that climate change has even its own team and its own work streams. I think supporting that when the ISSB put out their two exposure drafts. They had one for all sustainability reporting disclosures and one for climate change risk and exposures. So you've got to address climate change.

And, finally, I would say I put in a shameless plug for using the COSO Framework, that if the data is going to be complete. If it's going to be accurate, if it's going to be verifiable if you're going to have the right people with access to it and only the right people with access to this data. There's nowhere better to start than that COSO Internal Controls Framework. And even backing up that COSO Enterprise Risk Management Framework to lead into materiality. And to lead into what are the issues where we should be reporting on and focus our efforts.

To use an extreme example, if you're a Chevron you're not going to bet the company on recycling paper. So what are the issues that matter to you as a company? Where you invest your time, your resources, your people, and your initiatives on improving performance.

Catie: And, Doug, you brought up a great point when it comes to materiality, and I want to make sure that for our listeners, they know that when it comes to ESG and sustainability, materiality is separate and distinct from the concept of materiality under federal state securities law, as well as GAAP. And that's because items that are material to ESG they're not, necessarily, the same as those that are material under securities law or GAAP.

So one of the ways that we help clients and, especially, our year zero clients who are trying to uncover what is material to their company. We always recommend starting with a materiality assessment, and ESG strategy and policy development.

This is going to help you set your own guardrails so that you don't overextend or overcommit on ESG. Doug mentioned that climate change is becoming one of those topics, that companies absolutely need to have resources and teams dedicated to. And I'm seeing that with most of my clients, climate, even if it's not on the horizon immediately, it's coming.

And, so, it's something that you will need to consider and continue to refresh what's material to you. So having those assessments, we recommend every two to three years because material topics for ESG are not stagnant. You don't select them, and then that's what you have for the entirety of your company's lifespan.

They change because society changes, the political environment changes, and the actual environment changes. So you want to make sure that you're staying on top of and looking ahead to what those risks are.

So that you've got the data, mechanisms, and the internal control processes in place, to be able to have that data, have those baselines that you need. And then as you're planning out your ESG programming, set realistic goals and targets. So that you're not overextending yourself and that you are setting commitments that you know that you can achieve, and you're not falling victim to the fraud triangle in an attempt to achieve those commitments that you set for yourself.

Dan: Doug, I know you talked a bit about the great importance of climate change and emissions reporting. I did want to give our listeners some food for thought around emissions reporting. If you think about how some of that emissions reporting takes place, it's a calculation. So, for example, I've been in touch with a large organization. They calculate some of their emissions, taking their rented square footage of office space and applying the relevant coefficient to it, to come up with an estimate of their emissions.

I asked the question, well, "You have a number of offices across the country. What would happen if you, accidentally, forgot the Dallas office? Would someone catch it?"

And the answer was, "Not necessarily." And, so, the care and the completeness, and the extra effort to make sure you have that completeness, it can be challenging, but I think it's completely necessary. Because if something could be forgotten accidentally, it could be forgotten on purpose, and if it's forgotten on purpose that's contributing to fraud.

Catie: And to add to that point, Dan, some of the frameworks, specific to climate, already have built-in mechanisms to help you guard against that fraud. So, for instance, The Greenhouse Gas Protocols Corporate Standard sets guidelines for when to recalculate your corporate base year emissions. Because companies are setting their targets and their reduction strategies based upon that base year calculation.

And, so, there are some particularities in terms of, for instance, if your company goes through an acquisition and your footprint goes by X percent, that is what triggers a base year recalculation for your emissions metrics specifically. And, so, that's a policy example. That's an example of a policy that you would want to have in place for some of these metrics.

So that as your company continues to grow, and circumstances change, and your footprint either shrinks or increases, based upon your operational size. You'll want to have policies in place so that you know when to recalculate your base year, so that you're continuing to report complete and accurate data.

Doug: I think carbon emissions reporting, encapsulates everything we've discussed on this podcast and everything that's in both of our reports, the COSO Report and ACFE Report. And I think we could probably do a separate podcast on that. I'd encourage our listeners, many of whom are accountants, to read the Greenhouse Gas Protocol and become familiar with it.

There are operational and technical people doing it, but at its heart it really is an accounting protocol. We've discussed how you put together data and information to meet different purposes.

I've worked with clients who get called upon to publish a greenhouse gas report, greenhouse gas emissions, using an operational control basis. Using the equity share basis, using the financial… So there's the same data that needs to be sliced and diced three different ways and for different reporting periods.

Catie brings up the good point that there are protocols to restate or to correct errors when identified, or to account for forgotten facilities. There are uncertainties documented in it because many of these emissions that are reported involve estimates. What if you get better estimates?

Do you apply that to this reporting period or do you retroactively do that and report it?

Much of this involves judgment. What is a material change? So maybe you apply materiality in ways that you would apply it elsewhere or differently. All this has to be documented and the possibility of fraud starts to creep in, when there is the pressure to say, "We are on target for getting carbon neutral by 2030, in accordance with senior management's directives." So they can get their compensation bonus, and we can stay in that ESG-preferred trading fund, and we can get our low-interest rate from the bank or decline from that.

If you understand, if accountants, and business folks, and operations, and environmental people take a good look at the Greenhouse Gas Protocol and you overlay that with the COSO Internal Control Framework, and you overlay that with that terrific publication on ESG fraud, from the ACFE. A lot of what we're saying will start to make sense and you will understand where you can contribute to more effective and more efficient reporting, and prevention, and detection, of fraud.

Catie: So we know that, especially, because ESG is still an emerging discipline and there's different interpretations of data, and some of the data points themselves are evolving. So what do you say to those who are concerned about, unintentionally, misreporting data. And realizing two to three years down the road, "Oops, we made a mistake." How should they approach that in the future?

Doug: Well, that's a great question, Catie, and we see that all the time. And I predict we will see it a lot more as this field matures, and as companies mature their processes and controls, and as more people take a look at it, both, assurance providers, investors, and the like, we're going to see more of that. And it's understandable that everybody will be handwringing and so afraid of making a mistake. And I go back to what we said 20 years ago, at the beginning of Sarbanes-Oxley.

I was on many financial audit teams supporting them as ESG specialist for asset retirement obligations, environmental liabilities. And, well, we don't know the right number. We don't know if it's going to happen, and my advice, at the time, as a non-CPA, just an engineer and auditor is to say, "Well, in good faith, read, interpret what is required, develop a process, document the process, and then follow the process and document that you followed the process and the output from that process." That's what goes on the line item in your financial reporting.

If somebody determines that that was not correct or it can be improved. Maybe it's an internal suggestion, maybe it's from an auditor, maybe it's from an enforcement authority. It doesn't really matter how you discover something that needs to be changed.

At least you can produce what it was you did and show that you were consistent with the design. The operation was consistent with the design. If you need to change it later, then change it later.

Then comes the question, do we change it from this point going forward or do we have to do an adjustment for prior reporting periods? So that can be part of your process and your criteria. Set a threshold, a materiality threshold for that. Develop a process for how teams consider that and who decides yes or no. It's really using processes that you already have, and apply those for non-financial reporting.

Catie: And just to jump in there from the ESG perspective, Doug, I think, not every year will be one marked by progress towards your targets. There's a million different circumstances that can affect progression on your commitments. And, so, again, going back to being transparent and communicating challenges and setbacks to your stakeholders, goes a long way in the ESG space. In terms of them continuing to have faith that you are reporting these disclosures, as they go along, and highlighting where you are experiencing those challenges and setbacks.

Doug: That's right.

Dan: One part of the ACFE's Fraud Triangle is rationalization, and I think that this longer time horizon that Catie was just pointing to, actually, causes some rationalization to happen. Because there's a longer time horizon, someone might say to themselves, "Well, I can catch up next year.

Let me fudge the number a little bit this year, and show some progress, and I will make it all better next year."

And, so, there is something particular to ESG with that longer time horizon for those commitments being made around, "I'm going to be net zero by such and such a date. Well, that's a long time from now, let me just show that I have progression every year and hope that I can catch up in reality."

Dan: I maintain that non-financial reporting has a couple of attributes that are a little different from financial reporting, or at least they occur in greater proportion. Two of those attributes are much more narrative in non-financial disclosures, descriptions of processes, and also some forward-looking statements. Companies are encouraged to announce goals and targets, which sets the stage for reporting in future reporting periods on their progress to the goals and targets.

One of the things that is starting to look a little different, companies will say, "We are committed to meeting our climate goals for 2040." Where they make some grand, forward-looking narrative statements, and talking to some folks who are reviewing that, and even some of the external auditors, they're comparing those forward-looking narrative statements to where the companies are spending their money.

So if you're making statements and disclosures that are these grand, forward-looking projections, and the auditors see you're spending $7, a year, towards meeting that goal. Well, is that statement itself?

Is that disclosure?

Is that negligent?

Is that sloppy, or is that in order to get into an ESG fund, or to attract Helen, in ways?

Is that tiptoeing into fraud?

I think the dust is yet to settle on that, but the topic is coming up.

Dan: I think it's a great point, Doug, and I'm sure that there are a host of attorneys out there who will, gladly, be spending time to figure out when the line has crossed into fraud.

Catie: And I will add to that, we're seeing a lot of companies set 2040 goals. And just for context, that comes out of the Paris Agreement, saying that the global target for net zero needs to be… Hang on, Adam, let me pause and make sure that I don't misstate this. So part of that Paris Agreement was this global recognition that net zero needs to happen by 2040.

And, so, that's why you're seeing that number come up in a lot of different corporate targets, when it comes to their net zero goals. That said, there is still a lot of work that needs to be done, at the company level, in order to achieve that. And there are things that are beyond your control.

So the different breakthrough technologies that are needed in order to accelerate transitioning to a decarbonized economy. There's still a lot of research being done in terms of the electrical grid and the different green technologies that can generate energy, to help reduce that carbon footprint.

So I urge caution in terms of setting your goals because it needs to be, again, coming back to the point, it needs to be realistic and something that you think you can achieve. So one thing that we encourage our companies to do is it's great to have a moonshot goal, and if 2040 is your moonshot goal, then that's awesome. But setting those intermediary milestones to hold yourself accountable, to that moonshot goal, is something we really encourage our clients to do.

So that could be as simple as setting your baseline year for Scope 1 and 2 emissions. So that you have a complete understanding of your carbon footprint. And then from there you can understand what are those emission sources that we have?

What can we do, that's in our power, to reduce those emissions?

Are there simple process changes that can reduce our footprint?

So it's important, again, just go back to what you have already, what you know, and work from there. And there's no shame in having a really great moonshot goal if it's 2040 or if it's not 2040. But I think that setting those intermediary goals is going to be what really helps you to not fall susceptible to the fraud triangle.

Dan: I think, we've had a really good conversation here and we've covered a lot of ground. Everything from visibility into your supply chain and the challenges raised by that. All of the complexities around data quality for emissions reporting and other sorts of reporting. I really have enjoyed this conversation immensely.

Doug: As have I, it was a privilege. I hope our listeners enjoyed it as much as we enjoyed having the conversation.

Catie: Yes, thank you to Dan and Doug for this discussion. I really enjoyed chatting with you and, hopefully, the listeners will get some useful information out of this that they can take back to their organizations, and start to implement some of those tools and mechanisms to help them guard against fraud.

[00:29:20] < Outro >

Announcer: This has been Count Me In, IMA's podcast. Providing you with the latest perspectives of thought leaders from the accounting and finance profession. If you like what you heard and you'd like to be counted in, for more relevant accounting and finance education, visit IMA's website at www.imanet.org.

Creators & Guests

Producer

Adam Larson

Producer and co-host of the Count Me In podcast

Guest

Catie Serex

Guest

Dan Mosher

Guest

Douglas Hileman, FSA, CRMA, CPEA, P.E.

What is Count Me In®?

IMA® (Institute of Management Accountants) brings you the latest perspectives and learnings on all things affecting the accounting and finance world, as told by the experts working in the field and the thought leaders shaping the profession. Listen in to gain valuable insight and be included in the future of accounting and finance!

< Intro >

– Welcome back to Count Me In.

Today we have part two of Unraveling ESG.

We're joined, again, by
Catie Selex, Douglas Hileman,

and Dan Mosher for the
completion of their conversation.

Now, if you didn't hear part one,

I encourage you to pause
right now and listen to that first.

In today's episode, we explore the challenges

and risks of ESG reporting,
including the potential for fraud.

Our experts delve into the
pressures companies face

and discuss real-world examples

of how well-intentioned sustainability efforts

can sometimes lead to
misreporting and potential fraud.

But it's not all about the pitfalls,

they also offer essential
guidance to those new to ESG.

Emphasizing the importance of
starting with existing resources,

focusing on materiality, and setting up

the dedicated cross-functional ESG team.

Don't miss this invaluable
conversation, so let's get started.

< Music >

– Doug, I mentioned the ACFE's
Fraud Triangle earlier,

and I'm eager to hear some of your perspectives

on applying that Fraud Triangle to ESG.

– Thank you, Dan, it can be done too.

It's a familiar construct, and I
was fortunate to be an in-house

at a Big Four when Sarbanes-Oxley hit.

And at the very beginning of
designing internal controls

and testing internal controls, we had
to consider the possibility of fraud.

We had to design controls to prevent
fraud, in audits we had to detect fraud.

Being an environmental
specialist, and then with the IIA

coming out with changing
their IPPF, their framework,

to require testing for fraud.

I've been testing for fraud and
considering fraud for 20 years,

in the environmental space since 2002.

It looks a little different for ESG,

but not as different as you might think.

There is pressure, pressure can be,
"We've got to get this report out."

"The customer wants this answer."

"We have to say, for example, that our products

didn't come from Bangladesh, so what the heck?

How will they find out?"

There's so much pressure.

I see that people are involved in ESG,
in this non-financial reporting,

as an add-on to their jobs.

It might be 20% of their job, and
it's the 20% between 120 and 140%

of what they're supposed to do.

People are under, and companies,
are under tremendous pressure

to put the right answer out there.

They have the opportunity to do so
because the controls are not designed,

and have not been implemented
with the potential for fraud in mind.

So where there are weak controls or no controls,

the opportunities are there.

I see this comes into play, also,
when data and information

comes from outside the organization.

There's this tricky thing where
so much of what we do, in ESG,

is not only what the organization controls

but what the organization can influence.

There are some challenges there,

how do you control what you don't control?

So the opportunity is there because the controls

can be weak or non-existent.

And the rationalization can
be, "Well, everybody does it."

Or "It's not about money, it's about prestige."

"It's not really this, we want the award."

We've seen, for example, there's a
magazine, an organization,

that rates colleges, the 10 best colleges in each thing.

And we've started to see, in recent years,

where the colleges are even
fudging the information

to get the prestige of being in that award.

That may have secondary
effects for how many people

go to that college or what they're
willing to pay for tuition, but that's fraud.

In my book, if you submit data and information

that is incorrect, or inaccurate,

or misleading, with the intent to
deceive at the expense of others.

Especially if that turns into actual

or potential financial gain, I call that fraud.

So that applies on all three sides of the triangle.

It's just a matter of thinking about this ESG

and non-financial world and how that can happen.

– Excellent, Doug, yes, maybe, just
to add a couple of extra points

around those pressures and incentives.

Today we are seeing that there is
incentive compensation

for certain executives that is
linked to various ESG measures.

If you think about that and the
opportunityfor management override

of certain controls that are out
there, that's a great incentive.

If you're going to get paid a bigger bonus

because of greater ESG metrics,

and your ESG, for example, your emissions
information is held in Excel spreadsheet,

which in many cases that is the case.

I saw a survey, not so long ago, of more
than a thousand executives saying that,

I think, it was 86% of them
had their emissions data

just sitting in a spreadsheet.

And if you could change
that with a few keystrokes,

at the executive level, to boost
your bonus, someone might do that.

Other things I think of are from an
incentive or pressure standpoint.

Things around ESG-linked bonds or credits

where there are a key performance indicators

and you're required to maintain those metrics,

to maintain certain interest
rates or payment on your bond.

Those things are out there
and they're going to influence

some portion of those that are held to them.

Catie, maybe, you have some other
thoughts around this as well?

– Yes, Dan, so one of the things
that we're seeing in ESG,

especially because people are so compelled

to make great strides on their data

and to make progress towards their targets,

in a very quick manner, is there's
an emerging market of solutions

that some are absolutely legitimate

and there are good actors,
but they're also bad actors.

So one real-life example of this happening

is the Vatican used a third
party to preserve a forest area,

as part of its carbon offset effort

and to help move towards its
emissions reductions targets.

So, in this instance, the Vatican

thought that it had protected
an area of Hungarian Forest

as part of that reductions plan,
but that actually never happened.

So while there was good intentions to reduce

the Vatican's emissions footprint,

ultimately, that desire left them to susceptible

to fraud by this third party.

So that's something else to think about is

as you're incorporating other entities,

that are outside of your organizational boundaries

to help you reach these targets,
are they genuine good actors?

Have you conducted the due diligence

to ensure that they're going to support
you in getting to those targets,

as opposed to hinder or even mislead you,

which could lead to misreporting on your part?

And, Dan, I wanted to get
back to that pressure element.

A lot of the clients that we're working with

are in those early stages of ESG reporting,

and are just getting their program started.

So, Dan, Doug, and I am happy
to contribute, as well,

but what are some guidance
that we can give to listeners?

In terms of for those who are at ground zero

and need to start reporting, and disclosing,

and to ease some of the pressure
that they're experiencing

from stakeholders and regulators.

What are some ways that
they can approach this?

What are some tools that they can use

to mitigate associated risks?

– I'll go ahead and start.

So I refer back to some of those frameworks,

that you have mentioned,
Catie, as a starting point.

In terms of the kinds of
disclosures that an organization

might make in a certain business sector.

I think that they should be taking
stock of the various channels

in which they might be reporting
that information, and looking

at the various kinds of scenarios,

in which the information might be
incomplete or inaccurate.

So even just thinking about those processes

will get them on a good path forward.

I think that you probably want to
think about starting fairly small,

with the kinds of disclosures,

and build upon those as your maturity
from an ESG perspective grows.

Doug, what are your thoughts?

– For companies just starting
out, or in the early stages,

what I would say to them is, first,
just recognize this is not a hobby.

This is not a nice to do,
this is a business imperative

and it is not going away.

Put the right people on it
and devote resources to it,

who can really get things moving.

Another thing I would say is,
one of my phrases,

is begin with what you've got

because you really can't begin
with anything else.

A gap assessment is a really good idea.

What are the requirements that are expected

from the general capital markets?

What are the questions you're getting
from impact investors and customers,

where you're getting that pull and
you're expected to provide something?

Well, what is it you have?

Companies may have a little more
information than they think they have.

Because much of this information
is already being collected

to achieve regulatory compliance obligations,

with let's say the EPA, or
with OSHA, or Department of Labor.

Is that data and information fit for purpose

or can it be modified a little bit,

to meet the expectations of the stakeholders

who want this kind of reporting and disclosures?

Another point I would say, we've
touched upon the cross-functional team.

This cannot be the responsibility
of any one person.

This is a team effort because
this non-financial information

touches every part of your business internally,

and it touches many parts
of your business externally.

With your providers of capital, your banks,

your insurance companies, your customers.

So all the people who engage in external relations

with folks outside the company,
it has to include those.

One tip I would say is
climate change is the single

biggest issue of our time and climate change

and climate change reporting,
greenhouse gas emissions

reporting, is expected of everybody.

So climate change has got
to be on your agenda.

There is some specialized
expertise that comes with that.

I would suggest that climate change

has even its own team
and its own work streams.

I think supporting that when the ISSB

put out their two exposure drafts.

They had one for all sustainability
reporting disclosures

and one for climate change risk and exposures.

So you've got to address climate change.

And, finally, I would say I put
in a shameless plug for using

the COSO Framework, that if the
data is going to be complete.

If it's going to be accurate,
if it's going to be verifiable,

if you're going to have the
right people with access to it

and only the right people
with access to this data.

There's nowhere better to start than
that COSO Internal Controls Framework.

And even backing up that COSO
Enterprise Risk Management Framework

to lead into materiality.

And to lead into what are the issues

where we should be reporting
on and focus our efforts.

To use an extreme example, if you're a Chevron

you're not going to bet the
company on recycling paper.

So what are the issues that
matter to you as a company?

Where you invest your time, your resources,

your people, and your initiatives
on improving performance.

– And, Doug, you brought up a great
point when it comes to materiality,

and I want to make sure that for our listeners,

they know that when it comes
to ESG and sustainability,

materiality is separate and distinct
from the concept of materiality

under federal state securities
law, as well as GAAP.

And that's because items
that are material to ESG

they're not, necessarily, the same as those

that are material under securities law or GAAP.

So one of the ways that we help clients

and, especially, our year zero clients

who are trying to uncover what
is material to their company.

We always recommend starting
with a materiality assessment,

and ESG strategy and policy development.

This is going to help you set your own guardrails

so that you don't overextend or overcommit on ESG.

Doug mentioned that climate change
is becoming one of those topics,

that companies absolutely need to
have resources and teams dedicated to.

And I'm seeing that with
most of my clients, climate,

even if it's not on the horizon
immediately, it's coming.

And, so, it's something that
you will need to consider

and continue to refresh what's material to you.

So having those assessments, we
recommend every two to three years

because material topics for ESG are not stagnant.

You don't select them, and
then that's what you have

for the entirety of your company's lifespan.

They change because society changes,
the political environment changes,

and the actual environment changes.

So you want to make sure
that you're staying on top of

and looking ahead to what those risks are.

So that you've got the data, mechanisms,

and the internal control processes in place,

to be able to have that data, have
those baselines that you need.

And then as you're planning
out your ESG programming,

set realistic goals and targets.

So that you're not overextending yourself

and that you are setting commitments

that you know that you can achieve,

and you're not falling victim to the fraud triangle

in an attempt to achieve those
commitments that you set for yourself.

– Doug, I know you talked a
bit about the great importance

of climate change and emissions reporting.

I did want to give our listeners some food

for thought around emissions reporting.

If you think about how some of that emissions

reporting takes place, it's a calculation.

So, for example, I've been in
touch with a large organization.

They calculate some of their emissions,

taking their rented square footage of office space

and applying the relevant coefficient to it,

to come up with an estimate of their emissions.

I asked the question, "Well, you have
a number of offices across the country.

What would happen if you,
accidentally, forgot the Dallas office?

Would someone catch it?"

And the answer was, "Not necessarily."

And, so, the care and the completeness,

and the extra effort to make
sure you have that completeness,

it can be challenging, but I
think it's completely necessary.

Because if something could
be forgotten, accidentally,

it could be forgotten on purpose,

and if it's forgotten on purpose
that's contributing to fraud.

– And to add to that point,
Dan, some of the frameworks,

specific to climate, already
have built-in mechanisms

to help you guard against that fraud.

So, for instance, The Greenhouse Gas Protocols

Corporate Standard sets guidelines
for when to recalculate

your corporate base year emissions.

Because companies are setting their targets

and their reduction strategies based
upon that base year calculation.

And, so, there are some particularities
in terms of, for instance,

if your company goes through an acquisition

and your footprint goes by X percent,

that is what triggers a base year recalculation

for your emissions metrics specifically.

And, so, that's a policy example.

That's an example of a policy
that you would want

to have in place for some of these metrics.

So that as your company continues to grow,

and circumstances change, and
your footprint either shrinks

or increases, based upon your operational size.

You'll want to have policies
in place so that you know

when to recalculate your base year,

so that you're continuing to report
complete and accurate data.

– I think carbon emissions
reporting, encapsulates everything

we've discussed on this podcast and everything

that's in both of our reports,
the COSO Report and ACFE Report.

And I think we could probably
do a separate podcast on that.

I'd encourage our listeners,
many of whom are accountants,

to read the Greenhouse Gas Protocol
and become familiar with it.

There are operational and
technical people doing it,

but at its heart it really
is an accounting protocol.

We've discussed how you put
together data and information

to meet different purposes.

I've worked with clients who
get called upon to publish

a greenhouse gas report,
greenhouse gas emissions,

using an operational control basis.

Using the equity share basis,
using the financial...

So there's the same data that
needs to be sliced and diced

three different ways and
for different reporting periods.

Catie brings up the good
point that there are protocols

to restate or to correct errors when identified,

or to account for forgotten facilities.

There are uncertainties documented in it

because many of these emissions
that are reported involve estimates.

What if you get better estimates?

Do you apply that to this reporting period

or do you retroactively do that and report it?

Much of this involves judgment.

What is a material change?

So maybe you apply materiality

in ways that you would apply
it elsewhere or differently.

All this has to be documented
and the possibility of fraud

starts to creep in, when there is the pressure

to say, "We are on target for
getting carbon neutral by 2030,

in accordance with senior
management's directives."

So they can get their compensation bonus,

and we can stay in that
ESG-preferred trading fund,

and we can get our low-interest rate
from the bank or decline from that.

If you understand, if
accountants, and business folks,

and operations, and environmental
people take a good look

at the Greenhouse Gas Protocol

and you overlay that with the
COSO Internal Control Framework,

and you overlay that with
that terrific publication

on ESG fraud, from the ACFE.

A lot of what we're saying
will start to make sense

and you will understand where
you can contribute to more effective

and more efficient reporting,
and prevention, and detection, of fraud.

– So we know that, especially, because
ESG is still an emerging discipline

and there are different interpretations of data,

and some of the data points
themselves are evolving.

So what do you say to those who are concerned

about, unintentionally, misreporting data.

And realizing two to three
years down the road,

"Oops, we made a mistake."

How should they approach that in the future?

– Well, that's a great question,
Catie, and we see that all the time.

And I predict we will see it a
lot more as this field matures,

and as companies mature
their processes and controls,

and as more people take a look at it,

both, assurance providers,
investors, and the like,

we're going to see more of that.

And it's understandable that
everybody will be handwringing

and so afraid of making a mistake.

And I go back to what we said 20 years ago,

at the beginning of Sarbanes-Oxley.

I was on many financial audit teams
supporting them as ESG specialist

for asset retirement obligations,
environmental liabilities.

And, well, we don't know the right number.

We don't know if it's going to happen,

and my advice, at the time, as a non-CPA,

just an engineer and auditor is
to say, "Well, in good faith,

read, interpret what is
required, develop a process,

document the process, and then
follow the process

and document that you followed the process

and the output from that process."

That's what goes on the line item
in your financial reporting.

If somebody determines that that was
not correct or it can be improved.

Maybe it's an internal suggestion,
maybe it's from an auditor,

maybe it's from an enforcement authority.

It doesn't really matter how you discover
something that needs to be changed.

At least you can produce
what it was you did

and show that you were
consistent with the design.

The operation was consistent with the design.

If you need to change it
later, then change it later.

Then comes the question,

do we change it from this point going forward

or do we have to do an adjustment
for prior reporting periods?

So that can be part of your
process and your criteria.

Set a threshold, a materiality threshold for that.

Develop a process for how teams consider that

and who decides yes or no.

It's really using processes that you already have,

and apply those for non-financial reporting.

– And just to jump in there from
the ESG perspective, Doug,

I think, not every year will be one

marked by progress towards your targets.

There are a million different circumstances

that can affect progression on your commitments.

And, so, again, going back to being transparent

and communicating challenges
and setbacks to your stakeholders,

goes a long way in the ESG space.

In terms of them continuing to have faith

that you are reporting these disclosures,

as they go along, and highlighting

where you are experiencing
those challenges and setbacks.

– That's right.
– One part of the ACFE's

Fraud Triangle is rationalization,

and I think that this longer time horizon

that Catie was just pointing to,

actually, causes some rationalization to happen.

Because there's a longer time horizon,

someone might say to themselves,
"Well, I can catch up next year.

Let me fudge the number a little bit this year,

show some progress, and I will
make it all better next year."

And, so, there is something particular to ESG

with that longer time horizon
for those commitments

being made around, "I'm going to be
net zero by such and such a date.

Well, that's a long time from now,

let me just show that I
have progression every year

and hope that I can catch up in reality."

– I maintain that non-financial
reporting has a couple of attributes

that are a little different
from financial reporting,

or at least they occur in greater proportion.

Two of those attributes are much more narrative

in non-financial disclosures,
descriptions of processes,

and also some forward-looking statements.

Companies are encouraged to
announce goals and targets,

which sets the stage for reporting
in future reporting periods

on their progress to the goals and targets.

One of the things that is starting
to look a little different,

companies will say, "We are committed
to meeting our climate goals for 2040."

Where they make some grand,
forward-looking narrative statements,

and talking to some folks
who are reviewing that,

and even some of the external auditors,

they're comparing those
forward-looking narrative statements

to where the companies are spending their money.

So if you're making statements and disclosures

that are these grand, forward-looking
projections, and the auditors

see you're spending $7, a year,
towards meeting that goal.

Well, is that statement itself?

Is that disclosure?
Is that negligent?

Is that sloppy, or is that in order to get

into an ESG fund, or to attract Helen, in ways?

Is that tiptoeing into fraud?

I think the dust is yet to settle
on that, but the topic is coming up.

– I think it's a great point, Doug,

and I'm sure that there are
a host of attorneys out there

who will, gladly, be spending time to figure out

when the line has crossed into fraud.

– And I will add to that, we're seeing
a lot of companies set 2040 goals.

And just for context, that comes
out of the Paris Agreement,

saying that the global target
for net zero needs to be…

hang on, Adam, let me pause and
make sure that I don't misstate this.

So part of that Paris Agreement
was this global recognition

that net zero needs to happen by 2040.

And, so, that's why you're
seeing that number come up

in a lot of different corporate targets,

when it comes to their net zero goals.

That said, there is still a lot
of work that needs to be done,

at the company level, in order to achieve that.

And there are things that are beyond your control.

So the different breakthrough technologies

that are needed in order to accelerate

transitioning to a decarbonized economy.

There's still a lot of research being done

in terms of the electrical grid

and the different green technologies
that can generate energy,

to help reduce that carbon footprint.

So I urge caution in terms of setting your goals

because it needs to be, again,
coming back to the point,

it needs to be realistic and something
that you think you can achieve.

So one thing that we encourage
our companies to do is

it's great to have a moonshot goal,

and if 2040 is your moonshot
goal, then that's awesome.

But setting those intermediary milestones

to hold yourself accountable,
to that moonshot goal,

is something we really
encourage our clients to do.

So that could be as simple
as setting your baseline year

for Scope 1 and 2 emissions.

So that you have a complete
understanding of your carbon footprint.

And then from there you can understand

what are those emission sources that we have?

What can we do, that's in our power,
to reduce those emissions?

Are there simple process changes
that can reduce our footprint?

So it's important, again, just go back
to what you have already,

what you know, and work from there.

And there's no shame in having
a really great moonshot goal

if it's 2040 or if it's not 2040.

But I think that setting those intermediary goals

is going to be what really helps you

to not fall susceptible to the fraud triangle.

– I think, we've had a
really good conversation here

and we've covered a lot of ground.

Everything from visibility into your supply chain

and the challenges raised by that.

All of the complexities around data quality

for emissions reporting and
other sorts of reporting.

I really have enjoyed this conversation immensely.

– As have I, it was a privilege.

I hope our listeners enjoyed it as much

as we enjoyed having the conversation.

– Yes, thank you to Dan and
Doug for this discussion.

I really enjoyed chatting with you and, hopefully,

the listeners will get some useful information

out of this that they can take
back to their organizations,

and start to implement some of
those tools and mechanisms

to help them guard against fraud.

< Music >

– This has been Count Me In, IMA's podcast.

Providing you with the latest
perspectives of thought leaders

from the accounting and finance
profession.

If you like what you heard and
you'd like to be counted in,

for more relevant accounting
and finance education,

visit IMA's website at www.imanet.org.