Bloomberg Tax
Free Newsletter Sign Up
Bloomberg Tax
Advanced Search Go
Free Newsletter Sign Up

Untested ESG Reporting Draws Scrutiny as SEC Readies Rules

Dec. 15, 2021, 9:45 AM

Investors hungry for information about corporate climate risk and performance on social issues want some confidence that the data companies report are accurate and calculated consistently from year to year.

But so far that isn’t possible. Only half of big public companies hire a third party to review their sustainability disclosures, and almost none choose an accounting firm to provide that scrutiny. That may change soon.

The lack of outside review of the disclosures that investors increasingly rely on points to a yawning compliance gap as U.S. companies brace for new mandates to discuss these issues in their annual securities filings.

Delivering figures that companies can back up and that will withstand legal tests is a massive task, and management shouldn’t wait for Securities and Exchange Commission rules, said Jurgita Ashley, who co-chairs the public company group for the Thompson Hine LLP law firm.

“Companies need to get started now, because it’s a tremendous challenge both to collect the data and to build out these control frameworks,” Ashley said. “In the very best-case scenario, we’re talking months.”

The largest U.S. companies have gradually added and expanded disclosures about climate change risks in SEC filings, documents that are meant to inform investors about their economic performance. But the details and scope of the reports vary.

Investment managers like BlackRock Inc. and others have said they need consistently reported ESG metrics that they can use to compare companies and track them over time. The details on environmental, social, and governance, or ESG, issues not only help them decide where to invest, but also increasingly inform how shareholders vote on board appointments and executive pay during proxy season.

Investors want clarity about how specific ESG statements are vetted and whether external assessments of those metrics, through a process called assurance, can be trusted.

“The scope of the assurance process and verification process is really important,” said Lauren Compere, who heads Boston Common Asset Management’s ESG and shareholder engagement work. “Absolutely, investors want this.”

Vetting ESG Metrics

Just over half of S&P 500 companies, 52%, paid for a third party to check their 2020 ESG reports. Those providers included engineers and boutique consulting firms. Just 31 companies—6% of the S&P 500—hired accounting firms, best known for vetting financial reports, to provide those reviews. That handful included Verizon Communications Inc. and Coca-Cola Co., among others, according to a review by the Center for Audit Quality.

The voluntary reviews often covered only greenhouse gas emissions or a few select other metrics, but not the entire report. Only 12% of the 264 reviews covered multiple metrics involving a range of ESG topics, according to the CAQ report.

For example, Verizon and Coca-Cola both hired Ernst & Young LLP, among the four largest accounting firms in the U.S., to test their greenhouse gas emissions and water usage. PayPal Holdings Inc. hired Bureau Veritas UK Ltd. to test not just emissions but also diversity data and turnover rates.

The differing levels of scrutiny and the scope of the reviews creates confusion in the market, said Kristen Sullivan, a Deloitte LLP partner who leads a task force focused on sustainability assurance for the American Institute of CPAs.

Companies asked the reviewers for different levels of assurance: reasonable, limited or moderate. Engineers and boutique firms that specialize in sustainability metrics were among the providers, along with accountants. Combined, those providers relied on a jungle of testing standards that mirrors the confusing mix of frameworks that companies rely on to create their reports.

A common framework for assurance could both encourage more companies to pay for those outside reviews and enable investors to rely on them, Compere said.

Assurance vs. Audit

In the U.S., accountants that vet corporate ESG reports rely on attestation standards, a framework set by the Audit Standards Board for testing non-financial information. The board, part of the AICPA, also sets audit rules for privately held businesses and nonprofits.

The optional ESG reviews that accountants provide differ in scope and process from the financial statement audits required of U.S. listed companies, audits that scrutinize corporate transactions and accounting and provide the highest degree of verification that CPAs offer.

EY, in reports for Verizon and Coca-Cola, cautioned that the scope of its reviews was limited to checking that the corporations followed their own criteria for certain metrics and that different calculations could alter the results.

U.S. regulators are watching closely as they work on a proposal that would require companies to provide more details about their carbon emissions and exposure to a changing climate. Inconsistent testing of voluntary ESG reporting—including the myriad providers and the varied scope of the assurance—will inform the drafting of SEC rules, acting Chief Accountant Paul Munter said earlier this month.

SEC Chairman Gary Gensler has said climate disclosures will likely be required in annual SEC filings—something that would trigger at least a cursory review by auditors, who read, but don’t test, management disclosures. Still, it would fall to auditors to ensure that any new climate reporting aligns with the performance described in the financial statements.

How much time and effort auditors spend reviewing any new disclosures remains to be seen. The Public Company Accounting Oversight Board, the U.S. audit regulator, is reviewing its rules to see whether updates are needed to address emerging ESG reporting issues.

Getting It Right

Without draft rules to guide them, corporate controllers and CFOs are trying to figure out what information their companies should collect, where it comes from, and who is responsible for tracking and protecting it.

The aim is to build up the same level of protections that are already in place for their SEC filings, so investors can rely on ESG reporting just as they would reporting on lease liabilities or marketing expenses and prepare for any new SEC disclosure requirements.

“They are recognizing that they really need to mobilize quickly,” Deloitte’s Sullivan said of financial teams, “so that the company is ready to be in a position to provide that investor-grade ESG disclosure in a timely fashion.”

But that oversight and data governance must be in place before accountants can come in and test the data, said Shari Littan, director of corporate reporting research and policy at the Institute of Management Accountants.

Tracey Travis, chief financial officer for Estée Lauder Companies, said her team had built a central database for ESG information and brought in the internal auditors to review its reporting. Recently the cosmetics line hired an outside firm to provide external assurance, Travis said at a November accounting conference.

Big Four accounting firm PwC LLP reviewed certain environmental and social metrics that the cosmetics brand included in its latest sustainability report.

“It really is fundamental that we treat this kind of data with the same hygiene and the same rigor and the same effort that we are treating the rest of our information,” said Gabrielle Rabinovitch, senior vice president of corporate finance and investor relations at PayPal, at the same conference. “We can’t afford to sort of not engage in the same diligence around them.”

To contact the reporter on this story: Amanda Iacone in Washington at

To contact the editors responsible for this story: Jeff Harrington at; Kathy Larsen at