Preparing for Your ESG Audit

Recently, Locus CEO Neno Duplan described the need for credible ESG Reporting, and the evolving corporate, financial, and political drivers leading to the proliferation of ESG reporting. Here, we look at some of the practical aspects of building and maintaining an ESG reporting program.  After leading audits for greenhouse gas emissions and other ESG metrics for the past ten years, I wanted to highlight the pitfalls that many organizations face when it comes to supporting their ESG reports, and provide some solutions to improve their auditability.

With the current wave of popularity for Environmental, Social, and Governance (ESG) reporting, many organizations are scrambling to assemble reports that cover these metrics.  While a spreadsheet can be readily put together with enterprise-level totals for emissions, resource consumption, community involvement and other metrics, most of those reports won’t stand up to a full audit process. And increasingly savvy investors and stakeholders aren’t necessarily willing to take these reports at face value.

Whether you are getting started on a new ESG reporting program for your organization, or transforming an existing CSR program to cover ESG elements, it is critical to plan ahead for ensuring your final report is audit-ready. That means not only maintaining full visibility for the raw data, calculations, and various factors that went into the report, but also making that data easily accessible and traceable. Consider the case where a stakeholder is comparing two ESG reports where the overall metrics are similar. But one of the reports has a fully transparent data flow back to the source, and the other report can only be verified through a lengthy documentation request to a consultant. Although the final reports may be similar, the stakeholder gains more trust with less effort when the supporting data is readily available.

There is quite a bit of uncertainty over how comprehensive ESG audits should be. Current audit protocols for ESG reporting vary widely. Organizations like the Center for Audit Quality have put forth guidance on how ESG reports could be audited. However, there are no strict requirements and little consensus on what should or should not be included in the audit of an ESG report. Established reporting frameworks like GRI, SASB, and TCFD have programs in place for assurance of those reports, which include a third-party audit for the accuracy and completeness of that data.  However, organizations have the choice of achieving either limited assurance or reasonable assurance, and they may choose to have only select metrics or disclosures audited, or they may opt to undergo a more thorough examination that covers the full report. That flexibility is likely to change, however, as stakeholders apply additional pressure for better quality and reliability in ESG reports.

So how do you go about developing an ESG program that can meet current and potential future audit requirements?  Based on my auditing experience, here are a few key concepts to keep in mind:

[sc_icon_with_text icon=”cloud” icon_shape=”circle” icon_color=”#ffffff” icon_background_color=”#52a6ea” icon_size=”big” level=”h3″]

1. Centralize your data flow

Centralize your data flow, with consistent data quality controls. A unified data collection program is key to streamlining the audit process and having greater confidence in your report. Historically, reporting for ESG has been the responsibility of multiple departments with little intercommunication. The result of that separation is widely different practices when it comes to assuring data quality. Integrations between systems can help and are sometimes the best option to bring together data from different sectors of the ESG report.  But ultimately, a consistent approach to the overall data collection and processing effort will result in a much smoother (and cheaper) audit.[/sc_icon_with_text]

[sc_icon_with_text icon=”automation” icon_shape=”circle” icon_color=”#ffffff” icon_background_color=”#52a6ea” icon_size=”big” level=”h3″]

2. Automate data collection

Automate data collection wherever possible. Auditors know that manual data entry or transcription is typically one of the major weak points in any data collection program. We’re trained to focus in on those parts of the process with additional data sampling and review to find errors.  If you have any opportunities to collect data through automated tools or direct connections to reliable data sources, those tools are the quickest ways to shore up those potential weaknesses, and also have the benefit of substantially reducing your ESG data collection effort.[/sc_icon_with_text]

[sc_icon_with_text icon=”documents” icon_shape=”circle” icon_color=”#ffffff” icon_background_color=”#52a6ea” icon_size=”big” level=”h3″]

3. Maintain documentation

Maintain documentation throughout the data collection process. During one audit years ago, I asked the reporter for their documentation on their electricity consumption, and they pointed to a scribbled sticky note on their wall. Of course, that didn’t quite suffice for audit purposes, and neither does an email from a co-worker, or any number of other data sources that reporters have tried to pass off as their documentation. For inputs that derive from sources outside your organization, like utility invoices or supplier surveys, data are considered more reliable if they are directly tied to a financial transaction between entities that do not share ownership. The general thought is that if the data quality was considered sufficient to exchange money based on the value, it can be considered reasonably accurate.  If that is not the case, ideally an attestation, or at least the source’s contact information, should be maintained for each data source. For data inputs derived from internal sources (e.g. meter readings), the documentation will need to include the data itself, as well as information on the devices used and their maintenance (e.g. calibration records).[/sc_icon_with_text]

[sc_icon_with_text icon=”calculation-engine” icon_shape=”circle” icon_color=”#ffffff” icon_background_color=”#52a6ea” icon_size=”big” level=”h3″]

4. Avoid black box calculators

Given the many issues with spreadsheet data handling including lack of unification, security, and error proliferation and persistence, many organizations are correctly concluding that a dedicated software application provides numerous process improvements for ESG reporting. But unfortunately there are many software tools that take the input data and generate an ESG report with little or no visibility into how the input data were processed or calculated. And to an auditor, those part of the process are critical to achieving assurance for an ESG report. Sometimes the data processing steps can be viewed, but they’re buried within the configuration settings and require navigation by a system administrator to extract. In this situation, auditors can try to replicate the calculations from the raw data on their own, and attempt to yield the same results. This approach can work for many accounting metrics, which are largely standardized, and easily replicable from the input data.  However, other metrics like Scope 3 emission calculations can follow a number of different methodologies with different factors. Without knowing which methods and factors were used, the auditor is unlikely to yield the same results. Having a transparent calculation engine that can visualize the data flow and processing can make a huge difference when it comes to your audit.[/sc_icon_with_text]

Assembling an ESG reporting program is a significant undertaking, and it may be a monumental effort to simply get the report done, especially if you’re just getting your program started. But to fully set yourself up for long-term success, be sure to assess the audit readiness of your ESG program. Even though ESG auditing is not yet fully codified, more formalized audit protocols are expected soon. Some simple considerations early in your program development will make sure you are prepared for whatever those audit requirements may include.

[sc_image width=”150″ height=”150″ src=”16265″ style=”11″ position=”centered” disable_lightbox=”1″ alt=”Steve Paff”]

About the Author—J. Wesley Hawthorne, President of Locus Technologies

Mr. Hawthorne has been with Locus since 1999, working on development and implementation of services and solutions in the areas of environmental compliance, remediation, and sustainability. As President, he currently leads the overall product development and operations of the company. As a seasoned environmental and engineering executive, Hawthorne incorporates innovative analytical tools and methods to develop strategies for customers for portfolio analysis, project implementation, and management. His comprehensive knowledge of technical and environmental compliance best practices and laws enable him to create customized, cost-effective and customer-focused solutions for the specialized needs of each customer.

Mr. Hawthorne holds an M.S. in Environmental Engineering from Stanford University and B.S. degrees in Geology and Geological Engineering from Purdue University. He is registered both as a Professional Engineer and Professional Geologist, and is also accredited as Lead Verifier for the Greenhouse Gas Emissions and Low Carbon Fuel Standard programs by the California Air Resources Board.