The title given by the GRI for this discussion was ‘Assurance trends – improving the quality of sustainability data’. But when I’m reading a corporate report, whilst I expect the data to be accurate, its the quality of the internal control, management and governance processes that matter most to me.
I doubt I’d find anybody at a GRI conference who didn’t agree that businesses and capital markets need to increase their focus on sustainable development and pay attention to Environmental Social and Governance (ESG) risks. In recent decades we’ve seen a dramatic decrease in the average length of shareholding and the dramatic increase in the proportion of profits paid to shareholders as dividends. Conventional reporting encourages this situation. It is backward looking and doesn’t provide the information needed to determine the value created beyond profit nor the likely future value. More quality non financial information is needed to fill the gap.
This will only be produced if governance and management processes are robust and credible. So if the assurance of non-financial reports is to be fit for purpose there needs to be a focus on those processes. Auditing the data is not enough.
Take the example of the chemical company with the significant reporting – performance portrayal gap discussed here. It was contributing to the development of the industry’s Responsible Care guidelines in the 1990s. Its 1999 report was audited by KPMG but the scope was limited by the reporting company to only part of the reporting process. The company’s report was incomplete with respect to material negative impacts, it contradicted the scientific literature of the time with respect to the causes of global warming and all in all provided a very different portrayal of performance from that provided by regulatory agencies, NGOs and quality media outlets.
Yet large MNC’s with significant impacts continue to limit the scope of these audits. Or is it the firms conducting the audits who are concerned about the risks of broadening the audit scope? Whilst assurance reports are not addressed to stakeholders, they might arguably reasonably assume an assurance statements means that information provided by a company is credible.
More recently EY’s assurance statement of the 2015 BP report includes the materiality process and a check that sustainability claims made in the report are consistent ‘with the explanation and evidence provided by BP managers’!! Can we trust evidence provided by senior managers whose remuneration is linked with shareholder interests encouraging a focus on short term profits? I’m not convinced.
The terms of reference for the EY 2001 assurance engagement included reviewing a selection of media sources for reports related to BP’s adherence to its policies. Again, I question whether this is sufficient evidence of adherence to policies. Following a serious of safety and pollution incidents in the 2000s and the Gulf of Mexico disaster weaknesses in BP’s accountability and governance oversight of health, safety and environment have subsequently been revealed. Reports by US government agencies have pointed to systemic lapses in management, budget cuts, poor risk identification processes and poor reporting and monitoring programmes.
Large companies are being influenced by the developments in integrated reporting whether or not they explicitly declare that they are following the International <IR> Framework (Adams et al, forthcoming). They are recognising that making money for shareholders requires creating value for stakeholders and they are making statements in their reports about how they create value and for whom. This is important information and there is plenty of scope for wishful thinking, manipulating public opinion and greenwash. Boards and senior executives of companies making these statements might wish to stand by them by including an assessment of their validity in the scope of assurance. Assurance providers might find ways of assessing them.
It is critical to the long term success of companies that Environmental, Social and Governance (ESG) risk and opportunities are incorporated into strategy. This requires an ongoing engagement with, and accountability to, key stakeholders. Assurance statements are not addressed to shareholders or other stakeholders, but does ignoring their concerns undermine the credibility of assurance and those who provide it? Readers of non financial information want to know whether: the company creates value the way it says it does and to those for whom it claims it does; material ESG risks, opportunities and impacts are identified; the Board is involved in the reporting process; there is a culture of cooperation across silos.
So, in conclusion, there are compelling reasons for assurance of non financial reporting to focus on management and governance processes and qualitative statements about value creation and values in company reports at least to the same extent as quantified data – if not more. It is not easy – many things worth doing are not – but some fresh thinking about the scope of assurance and what constitutes appropriate evidence is needed. Large companies with significant reach and impacts who increase the scope of their assurance engagements could reap significant benefits from increased credibility and trust and independent advise on their processes.
Adams CA, Potter B, Singh PJ and York J (forthcoming) Exploring the implications of integrated reporting for social investment (disclosures) British Accounting Review.
Professors Brendan O’Dwyer and Roger Simnett are picture here – but the views expressed in this article are my own.