The SEC’s recently proposed climate disclosure rules, including the need to disclose a significant amount of data in your 10-K, means your company will need robust, auditable ESG data.
The Securities and Exchange Commission (SEC) is set to finalize new rules for climate disclosures that, as proposed, focus on the oversight of climate-related risks, the financial impacts of severe weather events, Scope 1 and Scope 2 greenhouse gas (GHG) emissions, and Scope 3 emissions when material (or if the registrant’s emissions target includes Scope 3). The proposed rules also require attestation reporting on Scope 1 and Scope 2 emissions performed by an independent auditor.
If the proposed rules take effect as written, companies will be required to validate the data — from the sources to reporting. The SEC will likely phase in the rules over the next few years. But it will be critical for companies to start thinking now about the process for ESG data collection (completeness), data quality (accuracy), data transformation and reporting strategy as they provide investors, customers, suppliers, auditors and management with reliable ESG data that has been independently audited, using approved procedures.
The SEC’s proposed rules aren’t the only catalyst for changing the way companies report their ESG information. Regulatory bodies in countries and regions such as the United Kingdom, Europe and Australia have proposed voluntary guidelines or are requiring companies to disclose certain information on the way they manage social and environmental challenges. There is also an increasing expectation from investors that companies publish the material risks climate change poses to their operations. PwC’s 2021 Global Investor Survey reflected those expectations.
There are various systems and tools designed to automate and streamline reporting, but the software being used is only as effective as the data entered into the system. Without complete, accurate and reliable ESG data, the software alone will not be sufficient to satisfy the proposed SEC requirements or management’s reporting goals. Unreliable reporting can expose your company to financial, regulatory and reputational risks even in the absence of SEC reporting requirements.
We’ve learned from companies across all industries that identifying the sources of ESG data is often one of the primary challenges. In many cases, the data comes from multiple sources and/or is manually derived, susceptible to human error, and the origin of the data may be unknown, which makes it challenging to identify and trace the data from initial source to final report.
Company leaders should consider the following steps as they evaluate the best approach for their organization:
Once companies have selected the metrics they plan to disclose, they need to assess if their organizations have controls over the information. The best way to do that is to walk through the journey of that metric — starting at the source data, going through its entire life cycle, until it is in the report.
The challenge is to balance speed with quality. Many companies already produce sustainability reports annually, but they will have to accelerate their processes to meet 10-K reporting requirements.
It’s also critical to quickly establish rules for information governance. One model is a tiered approach for different categories of information. Define categories and align around requirements for each, so that there is clarity across the organization on how existing and new metrics will be incorporated into ESG reporting.
For information that is reported externally, information owners should ensure it is accurate and complete, and data reviewers should independently review it before release. Company management, most likely the chief financial officer, will be required to demonstrate to the independent auditor that they have sufficient evidence over the reliability of GHG data and other metrics so the independent auditor can form an opinion related to the new footnote disclosure in the financial statements as well as the GHG attestation report. A large global organization could have an ESG controller with additional team members:
As company leaders turn to building a methodology for collecting and reporting ESG data, they can take the following steps to help their companies transition to reporting as expected under the proposed SEC disclosure requirements. This will also allow companies to quickly react to changes in global reporting standards.
In addition to the anticipated guidance from the SEC specific to your company’s expected ESG disclosure, your company should also understand and select any incremental reporting frameworks and metrics that may be meaningful for your business needs, requirements, investor expectations and what existing regulations may require.
Within your company’s voluntary disclosures and management needs, identify climate measures and metrics that are most relevant for the industry, and that meet stakeholders’ expectations and incremental company strategy and goals.
Once your company identifies the appropriate metrics, it should determine the data sources and perform procedures that will assess the completeness of the information.
A data source inventory should help answer important questions such as:
If needed, enhance the underlying data being collected and the process infrastructure for collecting it.
Remediate potential data gaps identified inclusive of lookback periods as applicable.
Perform quality assessments on relevant data to assess its accuracy, the reliability of the calculations and the effectiveness of reporting.
Design and execute data remediation strategy for accuracy concerns that may impact required calculations and reporting.
Using the transformed and cleansed data, your company can calculate and report on the relevant metrics.
Consider integrating ESG reporting through the enterprise system architecture, processes and internal controls that already exist.
The completeness, accuracy and validity of information and assumptions used during initial data collection and assessment activities should follow a well-defined process and set of controls management can leverage for adoption and future needs.
Design and maintain processes and controls to capture and maintain relevant, complete and accurate data for management to achieve their goals and timely reporting obligations.
Your company’s ESG data reporting strategy should be dynamic and adapt when global reporting standards are updated. While the proposed SEC requirements today are focused on greenhouse gas protocols, they are subject to change as investor expectations and global regulations evolve. Over time, requirements may include capturing social and diversity dimensions, and more. As regulations change, data needs will also evolve to potentially include vendors, customers, business partners and other groups to effectively gather the data needed to satisfy the regulations and meet the demands of investors.
Having a foundation and process to capture data will help your company quickly comply with new regulatory requirements and build trust with stakeholders in global markets.
Ask these questions when contemplating existing data collection and assessment processes for ESG reporting: