Adapting a robust control framework for ESG will instill confidence in the accuracy and reliability of key metrics provided to investors, shareholders, senior leadership, regulatory bodies, and other key stakeholders.
Investors view ESG information as material to financial performance, needing consistent and reliable disclosures of ESG information to inform their investment decisions.
ESG reporting remains a manual and labor-intensive process for many organizations. Implementing best practices from SEC and financial reporting can strengthen ESG reporting controls while reducing burdensome workloads.
Implementation of internal controls for ESG, which often gets embedded through COSO framework, provides a reasonable assurance on controls over the 5 pillars of internal controls (control environment, risk assessment, control activities, information and communication and monitoring).
Industry-tested norms address each topic outlined below:
- Completeness and accuracy controls around key reports: Verify reports used for ESG data and calculations capture data in a consistent, complete, and accurate manner
- Governance and defined policies and procedures: Oversee end-to-end ESG process (strategy definition through disclosures), and implement appropriate controls
- Homogeneity across processes, locations, and key jurisdictions: Common policies to define how data is defined, measured, captured, and controlled
- Criticality evaluation: CDE methodology to identify key data elements for proper controls for ESG reporting
- Management attestation: Confirm accuracy of ESG reporting and create accountability for truthfulness of reports
- Independent data validation: Strengthen confidence in accuracy and reliability of data, calculations, and presentation
- Controls over third-party data: Defining consistent measurement of data from third parties to ensure accuracy
- Support for estimates and assumptions: Robust documentation and reliable data backing ESG reporting estimates
- Robust data lineage: To produce ESG reports, data will be extracted from various systems (internal and external) and in structured and unstructured formats. Data lineage and traceability will be imperative to demonstrate accurate and reliable data usage for ESG reporting.
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.