CommentFeatures

What role does audit play in ESG oversight?

By Shamus Rae, CEO at Engine B

The most urgent areas for action in financial reporting relate to Environmental, Social and Corporate Governance (ESG). While society widely recognises the need to move to environmentally sustainable business models, this recognition is only now creating any kind of meaningful change to the global economy. 

Environmental commitments cannot be met, however, unless auditors investigate and report on sustainability. The need for more expansive, joined-up insights into economic activities is clear. And therefore, the work auditors do has to change.

The FRC’s future replacement, the Audit, Reporting and Governance Authority (ARGA), will be empowered to enforce audit standards and practices, including the climate impacts of financial disclosures and non-financial reporting. As an industry-led solution, the FRC recommends that “most firms should develop ways to embed climate change considerations into their audit methodology and software to ensure that audit work is of a consistent quality.”

This raises the crucial role audit technology has to play in guaranteeing consistency and quality in financial reporting generally – especially where that reporting needs to account for environmental impacts. But is also shows that more can be achieved if audit tech is better understood by auditors.

The trouble with digital transformation

However, the transition to a digitally enabled world has built in difficulty due to cultures, process, reporting and regulation all being created in a pre-digital environment.

The world of ESG reporting now has an opportunity to define data collection, regulation setting and assurance in a way that maximises technology to provide accurate, complete and timely data.

The current world of assuring financial reporting is full of frictions that overly relies on human intervention. This of course made sense in a pre-digital world. Regulations and how they are checked are overly dependent on humans who aren’t being deployed where they can best add value – instead they spend unnecessary time on transactional work.

ESG can break this cycle by defining the regulation in a way that allows codification where possible and human intervention where appropriate. This would allow for more efficient assurance and reduction in time, human effort and error coming from Corporate Reporting as the basis of the report can be digitally enabled.

Digitally-enabled reporting – the best solution?

The benefits of accurate data flowing directly from the corporate’s systems into digital filing include:

  • A reduction of the need for human interpretation that allows for errors or fraud to occur.
  • Potentially allowing for high frequency reporting and even always-on reporting.
  • Leveraging 3rd party data (including supply chain etc), which means validation of a corporate’s data can be automated.
  • An embedded system could also apply regulatory rules locally in the corporate’s environment and proactively ‘red-flag’ to management issues, as or before they arise.

Whilst the benefits of the approach are clear, there are four complexities that exist:

1. Data Spaghetti

The challenge: Corporates often have legacy systems where data is held and this is often a non-trivial ‘spaghetti’ scenario.

The solution: As the world moves to the cloud this problem becomes easier to solve, however the problem exists today in the world of audit and has, to some extent, been solved by the creation of an Audit Common Data Model along with data orchestration technology mapping legacy systems to this model. An ESG extension to this approach will be needed and potentially additional operational systems will need to be included.

2. Single Source of Truth

The challenge: How do we know the system managing the single source of truth has not been tampered with?

The solution: Today’s world of audit sees the financial results being audited and, to a lesser extent, the underlying controls systems being reviewed. This needs to be turned on its head. Corporates need to install the software to create a single source of truth for ESG data, leveraging an open-source data model. It is this software, the way information gets into it (controls), and its access to underlying systems that needs to be independently audited.

3. Data Security

The challenge: Will corporates allow data to flow externally from their organisation other than for the purposes of strict regulatory reporting?

The solution: We need to minimise data movement wherever possible. By keeping data within the corporate’s environment, we can ensure it is updated frequently from the core underlying systems and minimise the risk of leakage outside of the organisation. The solution will need to allow standard digital reporting but also allow for continuous assurance to be conducted within the corporate’s own environment – the assurance comes to the data, rather than the data leaving the corporate to go to the assurance organisation.

4. Third-Party Data

The challenge: How do we leverage different data sources both from within and outside of the corporate, including structured and unstructured data sets, to ensure the single source of truth aligns with evidence from the outside world?

The solution: By leveraging third-party data, we can increase the quality of the assurance by both checking the data for accuracy but also adding additional data to improve the scope of assurance. For example, supply chain data, weather data, heat map photos of manufacturing sites, comparisons with competitors on governance layers etc.

Re-inventing a legacy approach is not enough

The world needs to move fast to deliver accurate ESG reporting, and we cannot afford to simply re-invent a legacy approach copied from financial audit and accept the human frictions that come with that. ESG should be about digital reporting from the start and not about creating another industry with millions of people providing assurance using error prone human approaches.

Show More
Back to top button