《COSO:2023实现对可持续发展报告实施有效的内部控制研究报告(英文版)(114页).pdf》由会员分享,可在线阅读,更多相关《COSO:2023实现对可持续发展报告实施有效的内部控制研究报告(英文版)(114页).pdf(114页珍藏版)》请在三个皮匠报告上搜索。
1、ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):Building Trust and Confidence through the COSO Internal ControlIntegrated Framework 2ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGR
2、ATED FRAMEWORK Nonauthoritative,Interpretative Publication.4Preface by Two Previous COSO Chairs:The Call to Action.5Executive Summary.6Definitions.8Acknowledgments .9Recommendations:Building Trust and Confidence in Sustainable Business Information.11Background.16What Is COSO?.17ICIF-2013:The Basics.
3、19Applying ICIF-2013 to Nonfinancial Information.20Sustainable Business Information:Goals and Users.21Regulatory Bodies and Standard Setters that Oversee ESG Reporting.24ESG:Types of Sustainable Business Information.25Delivery of ESG Reporting.26Differences between Conventional Financial Reporting a
4、nd Sustainable Business Information.28Applying the ICIF-2013 Principles to Sustainability:Building Internal Control over Sustainability Reporting(ICSR).32Component:Control Environment.34 1.Demonstrates commitment to integrity and ethical values.34 2.Exercises board of directors oversight responsibil
5、ities.38 3.Establishes structures,authority,and responsibilities.42 4.Demonstrates commitment to competent human resources.45 5.Enforces accountability .47Component:Risk Assessment.50 6.Specifies suitable objectives.50 7.Identifies and analyzes risks to meeting sustainable business objectives.56 8.A
6、ssesses fraud risk.61 9.Identifies and analyzes significant changes and emerging trends.65Component:Control Activities.69 10.Selects and develops control activities.69 11.Selects and develops general controls over technology.72 12.Deploys oversight through policies and procedures.78Component:Informa
7、tion and Communication.82 13.Uses relevant information.82 14.Communicates internally.86 15.Communicates externally.89TABLE OF CONTENTS3ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Componen
8、t:Monitoring Activities.93 16.Conducts ongoing and/or separate evaluations.93 17.Evaluates and communicates deficiencies.96Principles in Action:Illustrative Cases.98 Illustration:A publicly held organization subject to disclosure regulations considers its reporting agenda.99 Illustration:A privately
9、 held supplier begins its sustainable business journey.101 Illustration:A publicly held organization continues its evolution toward reasonable assurance.103Top 10 Takeaways.105Biographies.106Sources.108TABLE OF CONTENTS(Continued)4ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(IC
10、SR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK For more information,please visit www.coso.org.NONAUTHORITATIVE,INTERPRETATIVE PUBLICATIONThis report is nonauthoritative.It expresses only the interpretations,opinions,and perspectives of the authors on how the
11、COSO Internal ControlIntegrated Framework may apply to sustainable business activities and information.Originally formed in 1985,COSO is a joint initiative of five private-sector organizations and is dedicated to helping organizations improve performance by developing thought leadership that enhance
12、s internal control,risk management,governance,and fraud deterrence.COSOs supporting organizations are the American Accounting Association(AAA),the American Institute of Certified Public Accountants(AICPA),Financial Executives International(FEI),the Institute of Management Accountants(IMA),and The In
13、stitute of Internal Auditors(IIA).Copyright 2023,Committee of Sponsoring Organizations of the Treadway Commission(COSO).COSO BOARD MEMBERSLucia WindCOSO Chair Paul J.SobelCOSO Chair(2018-2022)Douglas F.PrawittAmerican Accounting AssociationJennifer BurnsAmerican Institute of CPAsDaniel C.MurdockFina
14、ncial Executives InternationalLarry R.WhiteInstitute of Management AccountantsJeffrey C.ThomsonInstitute of Management Accountants(2018-2022)Patty K.MillerThe Institute of Internal Auditors5ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH
15、 THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK When first issued in 1992,the Committee of Sponsoring Organizations of the Treadway Commission(COSO)Internal ControlIntegrated Framework was focused on trying to resolve unprecedented,unexpected,and embarrassing fraudulent corporate financial reporting.
16、Tarnished by these events,the sponsoring organizations banded together to try to heal their bruised reputations,mitigate these events,and develop a solution so that corporate fraudulent financial reporting would never reoccur.With the appointment and leadership of former U.S.Securities and Exchange
17、Commission(SEC)Commissioner James C.Treadway Jr.,they did so in the form of defining internal control and laying out a construct and model for all organizations of any size to use in order to develop and evaluate internal control,a key term that surprisingly had not been formally well defined in the
18、 past.Unfortunately,however,regulation to require the evaluation and reporting on internal control was proposed but not approved.Fast-forward to 2000.Fraudulent corporate financial reporting crept back onto the landscape with numerous restatements and destruction of enterprise value at levels never
19、seen before.This time,however,the U.S.Congress and SEC acted more decisively.As part of the Sarbanes-Oxley Act of 2002(SOX)and formation of the Public Company Accounting Oversight Board(PCAOB),an evaluation of internal control over financial reporting(ICFR)by using a“suitable framework”became requir
20、ed,to which the 1992 COSO framework qualified.Today,the framework is essentially the only such suitable framework used by U.S.stock exchange companies to report on the effectiveness of ICFR through a management certification and,for large companies,additional external auditor assurance of ICFR.A maj
21、or revision and update to the 1992 edition occurred from 2011 to 2013 and culminated in the release of the revised 2013 Internal ControlIntegrated Framework.The 2013 version is the most widely used internal control framework to meet the requirement of SOX Section 404 and reporting on ICFR.It has bee
22、n translated into most of the languages of the major stock exchange countries.An important modification in the 2013 edition was to eliminate the word“financial”from the reporting objective to expand the scope and application of the framework to all forms of reporting,which the revised version define
23、s as internal,external,financial,and nonfinancial.One reason for this modification was the clear recognition in 2013 of additional corporate reporting already occurring in the form of enhanced regulatory reporting,corporate social responsibility,corporate citizenship,sustainability,and now,most rece
24、ntly,reporting on environmental,social,and governance(ESG),which reflects both financial and nonfinancial information with the lens of preservation of resources,performance,and value creation.As past COSO chairs involved in the development and dissemination of the 2013 revised Internal ControlIntegr
25、ated Framework,we are pleased to see the realization of the modifications made to increase the applicability to all forms of reporting and,in particular,to sustainability and ESG reporting.We are both thoroughly convinced that the use of the 2013 framework for sustainability and ESG reporting will g
26、reatly enhance the overall effectiveness,efficiency,and accuracy of the underlying processes and internal controls as well as the accuracy of this reporting.Sustainability and ESG reporting now seem to have become a permanent expansion of corporate reporting all over the world to better meet the nee
27、ds of multiple stakeholders in understanding the sources of enterprise value.Accordingly,there should be effective internal control over this reporting.Robert B.Hirth Jr.COSO Chair,2013-2018David L.LandsittelCOSO Chair,2008-2013PREFACE BY TWO PREVIOUS COSO CHAIRS:THE CALL TO ACTION6ACHIEVING EFFECTI
28、VE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Effective internal controls are good for business.This is perhaps an interesting way to introduce the purpose of this thought paper,but,as its authors,our colle
29、ctive knowledge is very straightforward in this regard.Internal controls have value beyond compliance and external financial reporting.Effective internal controls can help an organization articulate its purpose,set its objectives and strategy,and grow on a sustained basis with confidence and integri
30、ty in all types of information.The Committee of Sponsoring Organizations of the Treadway Commission(COSO)Internal ControlIntegrated Framework,originally issued in 1992 and refreshed in 2013(ICIF-2013 or Framework),was developed as guidance to help improve confidence in all types of data and informat
31、ion.We cite from the Frameworks foreword,dated May 2013:The Framework will enable organizations to develop and maintain systems of internal control that can enhance the likelihood of achieving the organizations objectives and adapt to changes in the business and operating environments effectively an
32、d efficiently.The Framework continues to emphasize the importance of management judgment in designing,implementing,and conducting internal control,and in assessing the effectiveness of a system of internal control.The Framework has been enhanced by expanding the financial reporting category of objec
33、tives to include other important forms of reporting,such as nonfinancial and internal reporting.We believe that this expansion is inclusive of sustainable business information.Often referred to as“nonfinancial,”“balanced scorecard,”“performance dashboard,”“environmental,social,and governance(ESG),”“
34、integrated,”or“impact”data,this information is accelerating in importance as organizations seek to improve their enterprise performance and relationships with stakeholders,both local and global.Given the increasing complexities and challenges of doing business in the world today,organizations are do
35、ing so in order to generate sustained valueethically and responsiblyover the longer term.Companies are improving their performance management systems to have reliable data for decision making.Meanwhile,investors and rating agencies around the world are increasingly seeking and relying on sustainabil
36、ity performance data.So,there is a need among all stakeholder groups for effective controls and oversight so that this information is high-quality and fit for purpose:decision making in this changing world.Whether the 1992 or 2013 version,the COSO Internal ControlIntegrated Frameworks(collectively I
37、CIF)are holistic.An organizations entire integrated system supports how it achieves its objectives,and effective external ESG reporting rests on the totality of these enterprise-wide processes.Moreover,rather than bright-line differentiation,the substance of the respective components,principles,and
38、points of focus overlap.Indeed,as the title indicates,the intention is integration.The Road to ICSRThis paper updates and expands on the 2017 study Leveraging the COSO Internal ControlIntegrated Framework to Improve Confidence in Sustainability Performance Data,which was coauthored by Robert H.Herz,
39、Brad J.Monterio,and Jeffrey C.Thomson,who received invaluable input and counsel from then COSO Chair Robert Hirth.That paper advocated for greater integration between sustainability and finance teams as an essential driver of the path forward to improved internal and external reporting on sustainabi
40、lity and enhanced data quality for management of sustainable business issues.While some of the people and companies interviewed for the 2017 paper embraced that premise and had started to implement processes and internal controls in this EXECUTIVE SUMMARY7ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SU
41、STAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK area,our overall sense was that most companies had not yet begun the journey.Fast-forward to 2023.From our interviews for this publication,we perceive a sea change in attitudes since 2017
42、.With sustainability and ESG reporting now having become a top area of focus for CEOs,senior management,boards,investors,regulators,customers,and other stakeholders,we find that many more companies are now in various stages of implementing controls and governance processes over the collection,review
43、,and reporting of sustainability information,including creating multifunctional teams that bring together a companys sustainability,finance and accounting,risk management,legal,and internal audit professionals.So,akin to internal control over financial reporting(ICFR),we are now seeing the emergence
44、 of what we call internal control over sustainability reporting(ICSR).While organizations are at different stages in this process,the need to bring together people with experience and expertise in the many dimensions of sustainable business with people experienced in ICFR continues,in our view,to be
45、 an essential element of successful design and implementation of ICSR and management of sustainability issues.8ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK DEFINITIONSSustainability:meetin
46、g the needs of the present without compromising the ability of future generations to meet their own needs.Sustainable business:the activities and transactions that an organization conducts to achieve long-term survival as a going concern and concurrently deliver value that meets the expectations of
47、all stakeholders that contribute resources for the organization to achieve its objectives.Following from this,sustainable business information and sustainable business reporting mean the data or information that reflects an organizations sustainable business activities and transactions,and sustainab
48、le business management refers to the means by which an organization directs and oversees its sustainable business activities and reporting.ESG:an acronym for environmental,social,and governance.Often,this term is used synonymously or as a shorthand for sustainability or sustainable business to refer
49、 to the internal and external information value chain.More narrowly and within,this term is used generally to describe the constructs of external disclosure of categories of sustainable business information to investors and other stakeholders.Without precise,generally accepted definitions,many peopl
50、e conventionally use variations of the term“sustainability”or“ESG”interchangeably.Following this convention and without bright-line definitions,in this publication,we generally use the following terminology:9ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND
51、CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK ACKNOWLEDGMENTSManaging Editor and CoauthorShari Helaine LittanDirector of Corporate Reporting Research and Thought Leadership,Institute of Management AccountantsCoauthorsRobert H.HerzFormer Chairman of the Financial Accounting Standar
52、ds Board;original member of the International Accounting Standards Board;former board member,Sustainability Accounting Standards Board Foundation Robert B.Hirth Jr.Senior Managing Director,ProtivitiDouglas Hileman President,Douglas Hileman Consulting,LLC Brad Joseph MonterioGlobal Executive Vice Pre
53、sident,Member Competency&Learning,The Institute of Internal Auditors Jeffrey C.ThomsonPresident and CEO,Institute of Management AccountantsThe COSO board acknowledges the six coauthors of this publication.This publication would not have been possible without their dedication,expertise,and contributi
54、ons.Charles Mario AbelaSenior Strategic Advisor,Value Balancing AllianceSanjay Anand Chairperson and CEO,Sarbanes Oxley Group LLC Liz BarzelattoVice President and Chief Auditor,IBM CorporationJared BrandmanSenior Vice President,General Counsel,and Secretary,National VisionHank BoernerChairman and Ch
55、ief Strategist,Governance&Accountability InstituteDebbie Biddle-CastilloManaging Director,Advisory Services,Internal Audit,KPMG Kevin DanceyCEO,International Federation of AccountantsBrigitte de GraaffAssistant Professor,Researcher,and CMA Program Director,Vrije Universiteit Amsterdam;Chair,IMA Sust
56、ainable Business Management Global Task ForceJim DeLoachManaging Director,ProtivitiMichal P.Dusza Partner,KPMGAaron GagnonPartner and Chief Audit Officer,McKinsey&Company Manpreet GrewalCorporate Vice President,Controller,and Chief Accounting Officer,United States SteelJanine GuillotFormer Special A
57、dvisor to the International Sustainability Standards Board Chair;former CEO,Sustainability Accounting Standards Board and Value Reporting FoundationThe authors appreciate the input of all contributors to our research and publication,including:10ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILIT
58、Y REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Jeffrey HalesMember,International Sustainability Standards BoardMaura HodgeIMPACT Audit Leader,KPMG Patti HumbleChief Accounting Officer,UPS Loreal JilesVice President,Research and Thought Leadershi
59、p and Global Head of DE&I,Institute of Management Accountants Paul JurasVander Wolk Professor of Management Accounting and Operational Performance,Babson CollegeRobert KingCorporate Vice President and Chief Audit Executive,FedEx Corporation Tjeerd KrumpelmanGlobal Head of Reporting,Regulations&Stake
60、holder Management,ABN AMRO Mark LaMontePartner,WilliamsMarston LLCMichael LittenbergPartner and Global Head of ESG,CSR,and Business and Human Rights,Ropes&Gray LLP Gina MastantuonoCFO,ServiceNowChristopher McClurePartner,ESG Services Leader,Crowe LLP Tim MohinPartner and Director,Boston Consulting G
61、roup;former CEO,Global Reporting InitiativeKevin OConnellESG Trust Solutions Practice and Global Asset&Wealth Management ESG Leader,PwC Ivor ONeillManaging Director,Risk Services,KPMGEdward OlsonPartner,National Leader,Environmental,Social,and Governance,MNP LLPKristin ProosDirector,Global Finance S
62、trategy and ESG Reporting,Whirlpool CorporationMarc SiegelAssurance Partner,Corporate and ESG Reporting Thought Leader,Ernst&Young LLPKristen SullivanPartner,Global Audit and Assurance Sustainability&Climate Services Leader,DeloitteMarty Vanderploeg Nonexecutive Chair,WorkivaLarry WhiteExecutive Dir
63、ector,Resource Consumption Accounting Institute11ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK As the discussion,insights,and illustrations make clear,applying effective internal controls t
64、o sustainability information for internal and external purposes constitutes a rapidly growing use of existing risk and control concepts.Few best practices have been established.While some larger institutions have progressed in building controls around environmental,social,and governance(ESG)reportin
65、g,many organizations have designed ad hoc controls around certain key sustainable business metrics.Many also perform internal verification and assurance procedures to ensure management comfort with this information.Yet few of them seem to have developed effective,integrated systems of internal contr
66、ol over their material or decision-useful sustainable business information.There is an expectation among policy makers,investors,and other stakeholder groups that some organizations will be able to achieve reasonable assurance,rather than limited assurance,on their external disclosures relating to c
67、limate and other ESG risks.All organizations,and particularly professional accountancy organizations,are on a learning and growth journey to build trust and confidence in sustainable business information for internal and external decision making.A good starting point for implementing internal contro
68、l over sustainability reporting(ICSR)is the process and ecosystem of the Committee of Sponsoring Organizations of the Treadway Commission(COSO)Internal ControlIntegrated Frameworkoriginally issued in 1992 and refreshed in 2013(ICIF-2013 or Framework)with a key addition,the concept of organizational
69、commitment to integrity and purpose,which is an important aspect of sustainability(see Figure R-1:Flow of Internal Control Framework).Recommendations:Building Trust and Confidence in Sustainable Business InformationFIGURE R-1:FLOW OF INTERNAL CONTROL FRAMEWORKCommit to integrity/purposeDetermine obj
70、ectivesIdentify control activitiesIdentify and assess risksEvaluate effectivenessBased on Leveraging the COSO Internal ControlIntegrated Framework to Improve Confidence in Sustainability Performance Data12ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CON
71、FIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK This framework creates five action points:1.Commit to integrity by stating your purpose:One of the key elements of beginning a sustainable business program is the articulation of an organizations purpose and commitment to acting with inte
72、grity.In many cases,an organization can look to its existing mission statement and values.In other cases,however,it may prove beneficial to consider a broader perspective:the reason that stakeholders contribute their precious resources to an organization and what they expect in return.2.Determine ob
73、jectives:The organization establishes,documents,and communicates internal and external sustainable business objectives and establish measurement and reporting principles for specific sustainable business factors with sufficient detail that they may be applied properly and considered in assessing pot
74、ential risks in the process of preparing sustainable business data.3.Identify and assess risks(and consider opportunities):To identify significant risks,the organization evaluates the relevant qualitative and quantitative risk factorsfor example,those that might result in a misstatementthat are reas
75、onably likely to jeopardize the achievement of its sustainable business objectives.This includes a determination of the extent of the risk and whether and how it may be managed.Moreover,one of the key benefits of developing and implementing sustainable business initiatives is highlighting means for
76、turning risks into strategic opportunities,such as reduced waste,enhanced stakeholder engagement,and improved resource deployment.4.Identify control activities:With an understanding of the risks to achieving sustainable business objectives and the processes that underpin the measurement,management,a
77、nd reporting of the data,the organization identifies specific control activities to manage a risk or mitigate it to an acceptable level.5.Evaluate effectiveness:Having established internal control over sustainable business activities and ESG disclosures,the organization can regularly evaluate system
78、 design and operation to determine whether or not the Framework components and principles(see Background)are present and functioning.As some examples in this paper illustrate,applying ICIF-2013 as a systematic,consistent framework to the achievement of an effective system of internal control over su
79、stainable business activities and reporting can result in a variety of benefits,including:Alignment of an organizations employees,partners,and stakeholders with its commitment to purpose and articulated objectives.Enhanced data quality,utility,comparability,and reliability.Strengthened ability to su
80、pport operations and compliance objectives.Better-informed decision making by internal management,external investors,and other stakeholders.Enhanced understanding of risks and the ability to mitigate them.Greater overall market efficiency.Increased access to and lowered cost of capital.These benefit
81、s are most likely to accrue to organizations that have aligned their sustainable business objectives with their business strategies and focused on the issues most likely to contribute to performance and value preservation and creation.13ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORT
82、ING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Aligning External Reporting and Internal BenefitsDelivering Internal BenefitsMetrics related to key sustainability issues can provide organizations with business intelligence to support internal decision ma
83、king and the management of performance and impacts.In reviewing its management of key sustainable business information for internal reporting objectives,an organization may wish to consider the following factors related to its data governance and management practices(this does not represent a compre
84、hensive list of considerations,but rather an attempt to highlight certain key aspects of such an assessment):Does the organizations creation,collection,validation,storage,use,archive,and deletion of sustainable business-related data assets adhere to its data governance policy or strategy to support
85、responsible management?Is relevant,reliable sustainable business information integrated into existing management reporting systems,processes,and reports?If so,is management actively using this information to run its operations?If not,why not?Is data lineage(the connection to original sources)maintai
86、ned throughout information systems and the supply chain?Does the organization leverage technology to establish and maintain data lineage,access information,and connect to source data?If not,can it readily do so?Are relevant connections and dependencies maintained and preserved between sustainable bu
87、siness information and other types of information?How often is key sustainability data collected?Can it be collected and reported internally in a timely and cost-effective manner?Is decision-useful sustainable business information integrated into the key analyses supporting management decisions,such
88、 as those related to resource allocation,product development,mergers and acquisitions,compliance,and risk management?Are employee and supply chain partner incentives aligned with the organizations sustainable business objectives,such as service and product development?Is product design in accordance
89、 with demands around sustainability from customers throughout the distribution chain?Do the reports have meaning and usefulness beyond compliance with financial reporting standards and support management decision making on the deployment and use of resources so that the organization produces results
90、 and achieves its purpose?Delivering External BenefitsMeanwhile,the same information can provide decision-useful disclosures for external users,such as investors.In reviewing its data management practices for key performance indicators(KPIs)specific to external sustainability reporting objectives,an
91、 organization may wish to consider the following factors(this is not intended to be a comprehensive list):Is key sustainability information integrated into existing reporting systems?If not,can it be readily incorporated?Or can effective controls be built around current or other reliable systems and
92、 platforms?Have consistent,formal policies been established across the organization to help ensure reliable sustainability data collection,validation,analysis,and reporting/communication?Has the organization established and communicated clear ownership of and accountability for the collection,valida
93、tion,and reporting/communication of key sustainability information and implemented means for intervention and correction toward the achievement of established objectives?14ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL
94、 CONTROLINTEGRATED FRAMEWORK Are the organizations sustainability reporting/communication processes well documented,including controls to prevent or detect misstatements?Are they aligned with other external communication channels for consistency?Have internal audit,the compliance team,the CFO team,a
95、nd relevant third parties such as an external assurance provider(if required or deemed beneficial)been engaged to review the quality of key sustainability information,supporting processes,and the system of internal control?Is there confidence in data quality?Would a CEO or CFO feel enabled to sign a
96、 certification with confidence?To realize both internal and external benefits of an effective system of internal controls over sustainable business reporting for both internal and external users,data lineage and governance is critical.KPIs and transactional data for financial and ESG/sustainable bus
97、iness decision support and reporting must be governed in a holistic and integrated data architecture.Today,much financial reporting data is likely to be structured,housed in the general ledger systems,and flowed through enterprise resource planning(ERP)processes.ESG and sustainable business informat
98、ion,on the other hand,tends to be longer-term and more qualitative,with data sources both within and outside of the organizations systems,and considerable estimation and data modeling are required.At the same time,operations teams may have access to specific data that is highly actionable for correc
99、ting deviations.It is extremely valuable to translate and connect financial information,operational data,and sustainable business information.This integration supports not only ESG reporting but also internal decision making.Key Takeaways:Stakeholder Goals around SustainabilityA number of key themes
100、and important top takeawayshave emerged as organizations begin or continue their journeys toward establishing and maintaining an effective system of internal control over financial and sustainable business information.Despite the fact that ICSR is not well established in practice,crucial insights ca
101、n be gained from the experiences of those organizations that are leading the way for others,including:Cultivate a culture of accountability:For internal control over sustainable business information and performance data to function effectively,it is essential that everyone involved in the collection
102、,validation,management,and communication of sustainability information understands the strategic significance of organizational performance on key issues as well as the critical importance of effective controls to ensure that decision makers have access to reliable information about that performance
103、.Revisit the interrelationship of purpose and various objectives:One of the primary means for an organization to use sustainable business concepts and practices strategically is to considerand reconsiderhow its stated mission or purpose drives its objectives.As ICIF-2013 demonstrates,it is important
104、 for an organizations objectives,whether financial,nonfinancial,compliance,operational,internal,or sustainable business to be balanced,harmonized,and understood throughout the organization.Effective controls begin by considering this balance.Establish a cross-functional team:Assembling and educating
105、 a cross-functional team can be a valuable early step to start the integration process.Such a team provides diverse perspectives and subject matter expertise in assessing sustainability-related issues,metrics,and controls.Organizations may wish to draw from a diverse set of departments,including fin
106、ance and accounting;sustainability;environmental,health,and safety(EH&S);risk management;internal audit;investor relations;strategy;operations;information technology(IT);compliance;human resources;and legal.Some organizations might even consider inviting key value chain partners to participate.15ACH
107、IEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Leverage existing expertise:Its important to keep in mind that ICSR is a new application of tried-and-true concepts from control over financial in
108、formation,and the CFO team has already developed considerable expertise in applying these concepts.The team has experience and understandingnot just with internal control but also with data measurement,management,reporting,and analysisand it is well positioned to drive the design,establishment,and m
109、aintenance of internal control over sustainable business information.In addition,operations teams have valuable insights into how an organization is actually producing the goods and services that are being delivered.Over time,CFO teams can help educate and train other organizational functions on how
110、 to ensure their sustainability data achieves the same quality and credibility as financial data and how it can be integrated more easily into ongoing performance management and the periodic external reporting cycle.Leverage existing controls:Internal control over some sustainable business informati
111、on may require the establishment of new processes and new controls.Yet the processes that already exist as part of internal control over financial reporting(ICFR)may be modified and applied to sustainability information.For example,automated controls built into IT platforms,data governance policies,
112、or established monitoring techniques can be leveraged in the design and development of the control system over sustainability data.Leverage enabling technologies and platforms:Technologies may carry risks,such as business continuity risks related to system failure,security risks related to cloud-bas
113、ed data storage,and integration risks associated with“ripping and replacing”systems.Yet organizations consider how they might adapt existing or emerging technologies to establish and maintain an effective system of internal control over sustainable business information.The systems around sustainable
114、 business information are often immature and depend on spreadsheets with few formal controls.By incorporating this information into IT platforms with well-established controls,an organization can significantly improve decision-maker confidence in data that has previously been measured,validated,mana
115、ged,and reported outside the formal financial control environment.Focus on decision usefulness:Organizations may be reluctant to establish internal control over sustainable business information due to many factors,not the least of which is the sheer volume of data that might be coveredfor example,th
116、e dozens(or,in some cases,hundreds)of KPIs that are typically included in a sustainability report.Such an undertaking could involve a significant amount of time,effort,and cost.Traditionally,prioritizing information by its importance is captured by the concept of“materiality”(see Principle 6 for dis
117、cussion).By viewing sustainability through the lens of decision usefulness,an organization can focus on covering a small subset of metrics that are most important to its success over time by reducing risk and contributing to growth and value creation.Start early:It can take time to design and refine
118、 a system of controls that fully supports reporting objectives,so its important to begin the conversation sooner rather than later.Each of these lessons is likely to prove more valuable to an organization that has integrated its sustainability practices and business strategy.Just as an entitys contr
119、ol environment provides the foundation for effective ICFR,it is also an essential starting point for designing,implementing,and maintaining an effective system of internal control over decision-useful sustainable business information.16ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTI
120、NG(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Background Sustainability is multidisciplinary.The professionals needed to bring sustainability to an organization have different backgrounds and areas of expertise.While some have significant familiarity wi
121、th internal control systems,they may lack familiarity with sustainability.Others may have expertise in public policy or corporate social responsibility but lack the background in developing sophisticated governance and reporting systems.Further,sustainability means the involvement of participants fr
122、om a range of other areas,such as legal,human resources,facilities,operations,and investor relations,all of whom may lack understanding of COSO and reporting systems.The goal of this publication is to provide a valuable means for facilitating this interdisciplinary cooperation.As noted throughout,IC
123、IF is holistic.While it indeed supports the development and execution of ICFR,it explains“how to”support the operationalizing of sustainability throughout an organization.As a result,many readers will find this Background section helpful in providing context and understanding the Framework.Nearly ev
124、ery modern global company issues some form of external reporting on sustainability.Some companies issue reports to comply with newly adopted or proposed regulations and securities markets listing requirements(see Figure B-1:Disclosure of ESG Information).Where not mandated,companies are issuing sust
125、ainability reports voluntarily to respond to stakeholder demands.Sustainable business information from these reports,as well as from individualized questionnaires and commercial ratings,are readily delivered to investors,policy makers,and a range of stakeholders through modern software applications
126、and platforms.Such information has become part of the data used in the competition for capitalparticularly from institutional investors such as asset managers,insurance companies,and lenders with long-term horizons.At the same time,by articulating corporate purpose and objectives,companies are integ
127、rating sustainable business information with traditional performance metrics to identify and respond to risks,identify and realize opportunities,and create effective strategies for value preservation and creation over the short,medium,and long term.Organizations and their key stakeholders FIGURE B-1
128、:DISCLOSURE OF ESG INFORMATIONScope of Reporting and AssuranceGHG92%Social96%Governance95%All Topics89%Other Environmental98%Reporting:Most companies reported some information on GHG,other environmental,social,and governance sustainability matters.89%of companies provided information in all four of
129、the ESG categories examined in this study.Source:The State of Play in Reporting and Assurance of Sustainability Information:2019-2020 Data&Analysis17ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAM
130、EWORK recognize that making effective business and investment decisions requires information beyond traditional,historic,short-term financial measures.However,significant concerns remain regarding the nascent systems that are producing this decision-critical information.This raises the fundamental q
131、uestion:How can the ecosystem generate accurate and reliable sustainable business information that meets the dynamic needs of diverse stakeholder groups?What Is COSO?COSO refers to the Committee of Sponsoring Organizations of the Treadway Commission,which is made up of five global accountancy and au
132、diting organizations:American Accounting Association(AAA);Association of International Certified Public Accountants(AICPA);Financial Executives International(FEI);Institute of Management Accountants;and The Institute of Internal Auditors(IIA)(see Figure B-2:Sponsoring Organizations).COSO was founded
133、 in 1985 in response to regulatory and market concerns about the quality of financial reporting.Today,these five organizations continue to work collaboratively under the COSO partnership.In COSOs earliest days,the five organizations sponsored the National Commission on Fraudulent Financial Reporting
134、(Commission),a nongovernmental initiative that included representatives from corporations,audit firms,investment firms,and the New York Stock Exchange.The Commissions first chair,James C.Treadway Jr.,general counsel of Paine Webber,was particularly passionate about the quality of financial informati
135、on and the need for potential reform.In 1987,the Commission issued a set of recommendations that highlighted the need for a workable framework to address internal controlsa system of governance,processes,and oversightthat produced relevant and reliable financial information.Ultimately,in 1992(with s
136、ome revisions through 1994),COSO published its first framework,called the Internal ControlIntegrated Framework.The publication made two giant steps forward.First,it provided a definition of“internal control.”Second,it provided a common framework for evaluating and improving internal control systems.
137、The goal of issuing this framework was to support various professionals in financial reporting with common language and concepts.Later,ICIF became a premier tool for operationalizing and implementing the Sarbanes-Oxley Act of 2002(SOX),which gave both the U.S.Securities and Exchange Commission(SEC)a
138、nd the Public Company Accounting Oversight Board(PCAOB)responsibility to issue interpretive regulations for implementing SOXs provisions,many of which were novel.1 The PCAOB describes its authority“to establish auditing and related professional practice standards for registered public accounting fir
139、ms to follow in the preparation of audit reports for public companies,other issuers,and broker-dealers.”With respect to annual report filings,these new requirements for public companies under the SECs FIGURE B-2:SPONSORING ORGANIZATIONS 1 This publication does not offer legal advice.Any references t
140、o legal and regulatory matters in this publication are for educational and descriptive purposes.18ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK authority included:A report by management tha
141、t assesses how well ICFR is functioning,commonly known as SOX Section 404(a),and An auditors report attesting to managements report,commonly known as SOX Section 404(b).Formally,the SEC did not mandate use of ICIF,but instead mandated the use of a suitable framework that satisfies four suitability c
142、riteria to operationalize SOXs assessment standards.2 Professionals with responsibilities for compliance with SOX look to ICIF for guidance.Therefore,the Framework,while not mandatorily imposed by the SEC,may be considered“generally accepted.”In 2013,COSO released an updated framework(ICIF-2013)that
143、 superseded previous versions and became the operative document(see Figure B-3:Evolution of ICIF).The updated Framework incorporates a risk-based approach to designing,assessing,and reporting on internal controls.In addition,the update responded to the evolution of audit procedures and critiques bec
144、ause the original formulation was sometimes inadequate for practical,real-world preparer and audit challenges.ICIF-2013 endured and remains a gold standard framework regarding internal control,oversight,and governance of information used not only for external reporting but also for sustainable busin
145、ess management.Although ICIF-2013 generally finds its roots in the United States,it is also used internationally,in countries such as Japan,Canada,and China,where there are similar mandates to SOX for internal control assessment and reporting.Multinational companies that must file with the SEC look
146、to ICIF-2013 and apply its well-accepted concepts and principles to units operating around the world.2 Final Rule:Managements Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports states that a suitable framework must(1)be free from bias
147、;(2)permit reasonably consistent qualitative and quantitative measurements of a companys internal control;(3)be sufficiently complete so that those relevant factors that would alter a conclusion about the effectiveness of a companys internal controls are not omitted;and(4)be relevant to an evaluatio
148、n of internal control over financial reporting.FIGURE B-3:EVOLUTION OF ICIFSource:COSO materialsOperationsFinancial ReportingComplianceMonitoringInformation&CommunicationControl ActivitiesRisk AssessmentUnit AUnit BActivity 1Activity 2Control Environment1992 COSO Cube2013 COSO Cube19ACHIEVING EFFECT
149、IVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK ComponentsPrinciplesNo.of Points of Focus1.Commitment to integrity and ethical values2.Independent board of directors oversight3.Structures,reporting lines,aut
150、horities,responsibilities4.Attract,develop,and retain competent people5.People held accountable for internal control443456.Clear objectives specified7.Risks identified to achievement of objectives8.Potential for fraud considered9.Significant changes identified and assessed1554310.Control activities
151、selected and developed11.General IT controls selected and developed12.Controls deployed through policies and procedures64613.Quality information obtained,generated,and used14.Internal control information internally communicated15.Internal control information externally communicated54516.Ongoing and/
152、or separate evaluations conducted17.Internal control deficiencies evaluated and communicated73ICIF-2013:The BasicsICIF-2013 defines internal control as follows:Internal control is a process,effected by an entitys board of directors,management,and other personnel,designed to provide reasonable assura
153、nce regarding the achievement of objectives relating to operations,reporting,and compliance.ICIF-2013 is comprised of five components:Control Environment Risk Assessment Control Activities Information and Communication Monitoring ActivitiesFollowing from the definition of internal control,the model
154、provides three categories of objectives:operations objectives,reporting objectives,and compliance objectives.The interaction of the objectives and the components leads to the iconic diagram that demonstrates ICIF-2013 as a cube(as shown in Figure B-3).The cube is further subdivided to correspond to
155、the way entities are typically organized.These categories are the levels of entity,division,operating unit,and function.Each of the five components contains two to five principles,for a total of 17 principles.These make up the heart of the Framework in describing how effective internal controls can
156、be operationalized.An organization has achieved an effective system of internal controls when all principles are present and functioning.As shown in Figure B-4:Components,Principles,and Points of Focus,each principle is further subdivided into points of focus that explain how the principle works in
157、practice.Generally,the FIGURE B-4:COMPONENTS,PRINCIPLES,AND POINTS OF FOCUSSource:Protiviti 20ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK points of focus help the user interpret and apply
158、 the Frameworks principles to the organizational levels.Through its components,principles,and points of focus,ICIF-2013 provides a comprehensive road map for handling sustainable business activities and information.Applying ICIF-2013 to Nonfinancial InformationCorporate reporting teams,regulators an
159、d standard setters,investors,policy makers,and other stakeholders have been responding to vocal and active demands for sustainable business information.Initially,this information was termed“nonfinancial”for multiple reasons.First,the information was for reporting outside the basic financial statemen
160、ts and notes to the financial statements so that the term“nonfinancial”distinguished information that was not part of an annual report subject to audit.In addition,the term reflected the fact that some of the metrics,indicators,and qualitative descriptions of sustainable business information were no
161、t monetized.For example,corporate reporting of greenhouse gas(GHG)emissions typically follows the GHG Protocol,which generally calls for information-based carbon dioxide equivalents rather than dollars.Similarly,corporate reporting under the category of diversity,equity,and inclusion(part of the“S”i
162、n ESG as it addresses social inclusion and the value of human resources)is based on percentages of representatives from specific demographic groups,such as the percentage of women on a board of directors.This information is nonmonetized or nonfinancial.As various stakeholders showed increased intere
163、st in sustainable business information,COSO responded by issuing materials that expressly endorsed the use of ICIF-2013.COSO incorporated the term“nonfinancial”directly into the 2013 Framework.In addition,with respect to applying its Enterprise Risk ManagementIntegrating with Strategy and Performanc
164、e framework(ERM Framework),COSO delivered two publications:Demystifying Sustainability Risk:Integrating the triple bottom line into an enterprise risk management program Enterprise Risk ManagementApplying enterprise risk management to environmental,social and governance-related risksThese publicatio
165、ns demonstrate how the ERM Framework can be interpreted and applied to support an organizations sustainable business strategy that it carries out through its internal control system(Principle 7).21ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE
166、THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Sustainable Business Information:Goals and UsersFollowing global drivers for sustainable development,organizations around the world are reconsidering their activities and producing new information.A key goal is to provide information that utilize
167、s a broader perspective of resources and resource contributors than under traditional financial accounting and reporting.Under mainstream generally accepted accounting principles(GAAP),internally generated intangible value is not reported on the financial statements;yet by 2020,it grew to comprise m
168、ore than 90%of market value(see Figure B-5:Ocean Tomo Intangible Asset Market Value Study).A broad range of stakeholders,from management to investors,look at this disparity between market value and book value and realize that the sources of this value need to be identified and managed not only to av
169、oid impairment but also to leverage it for additional future value creation.Otherwise,it can readily be wasted before an entity can realize it.Management needs tools to understand how this value arises and its relationships with various resource contributors,such as loyal customers,employees,vendors
170、,long-term committed investors,and the community who expect to benefit from their relationships with the entity.Groups other than investors are relying on corporate information to understand how a reporting entitys transactions,operations,and activities impact external stakeholders,such as policy ma
171、kers that speak for communitiesboth local and globaland the people and natural resources that they represent.As with any type of corporate reporting,it is beneficial to identify the“user,”the shorthand term for the professionals and organizations that will consume the information.By 2022,in the U.S.
172、,$8.4 trillion(12.6%)FIGURE B-5:OCEAN TOMO INTANGIBLE ASSET MARKET VALUE STUDYSource:Ocean Tomo,Intangible Asset Market Value Study22ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK of assets
173、under management reflected sustainability investing(see 2022 Report on US Sustainable Impact Investing Trends).As with mainstream financial reporting,much of the ESG information is delivered to capital markets.Within the ESG world,it has been recognized that not all users can be considered the same.
174、Indeed,there are short-term traders and investors(or even programmed investing)that aim for short-term pricing disparities and help streamline the markets and keep them functioning.There are also plenty of short-and medium-term investors who aim to hold particular instruments for one to two years wi
175、th the objective of trading as conditions change.However,over the last 30 years,as investors began to rely on 401(k)and similar retirement vehicles,many asset managers have taken a longer-term view regarding investee activities.Their asset ownersfuture pensioners and retirees who direct their own fu
176、ndsoften hold underlying investments for decades.The use of index funds and exchange-traded funds(known as ETFs),moreover,makes it challenging for long-term asset managers to trade out of companies that are poor performers,slow decision makers,or fail to innovate.And these long-term asset managers,s
177、uch as State Street,Vanguard,BlackRock,and pension funds from California to New York and throughout Europe,have been at the forefront of bringing about demands for corporate information regarding climate risk and other sustainable business concerns.As long-term,committed investors seek ESG informati
178、on as part of their decision making,other users along the information value chain have increased their demands for ESG information.For example,stock exchanges in varied geographic regions,such as Johannesburg,Amsterdam,Singapore,and Hong Kong,have all published guidelines on ESG reporting by listed
179、companies,according to the Sustainable Stock Exchanges Initiative.This list isnt exclusive to the exchanges housed in developed economies,such as NASDAQ.Exchanges in developing countries see ESG requirements as a means for ensuring global investors that they are giving due attention to concerns abou
180、t risk.Rating agencies,data aggregators,data platforms,and similar investor service providers have grown in prominence in the ESG world.Partly because there is a lack of generally accepted reporting standards and regulations,these companies business models depend on delivering ratings,rankings,and a
181、ssessments of publicly listed companies.Many have developed their own proprietary models to create these ratings.Perceiving a lack of uniform reporting by corporate entities under voluntary guidelines,these data providers and financial services firms often seek to supplement their modeling by reques
182、ting information via survey or questionnaire from individual companies.Examples of these surveys include MSCI,S&P Dow Jones,and Morningstar Sustainalytics.CDP,a noncommercial organization,has also served as a premier collector of corporate data related to GHG emissions,climate strategy,and water man
183、agement.CDP also has a system of awarding ratings that are widely used.While voluntary,many corporations make submissions to these surveys a high priority because their data and ratings will appear on the dashboards of many investors.Interest in sustainable business information,however,is not limite
184、d to capital markets.It reflects the range of stakeholders interested in an organizations use of valuable resources in a way that meets diversified performance expectations(see Figure B-6:Who Uses Sustainable Business Information?).Policy makers are also demanding new types of corporate reporting ar
185、ound sustainability-related issues.Many EH&S and occupational data points have been reported to regulators for decades,but now,sustainable business and financial reporting are connecting to a greater extent than in the past.This is leading to the issuance of new and proposed regulations and standard
186、s around sustainable business reporting.Increasingly,customersanother category of stakeholdersare looking for sustainable business information.Large commercial buyers are seeking internal information from their suppliers so that the buyers,in turn,can tell consumers and their business buyers that th
187、e sourced goods and services are 23ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK sustainable.The buyers are responding to their own stakeholders as they commit to overall reductions in GHG
188、emissions and waste,and avoidance of human rights issues,such as modern slavery or child labor.Many employees also seem increasingly interested in their companies policies and practices regarding major environmental and social issues.Some are refusing to work for a company with policies or practices
189、 they find concerning.An organizations management as well as its board of directors are important users of sustainable business information for internal decision-making purposes.Access to quality information for internal use,as previously described,is critical to decision making.Additionally,informa
190、tion about tangible and intangible resources and the stakeholders who contribute them is necessary for managing an organization as a whole,ongoing enterprise.FIGURE B-6:WHO USES SUSTAINABLE BUSINESS INFORMATION?Capital markets Long-term investors (asset managers,passive investments)Stock exchanges D
191、ata aggregators/rating companies Proxy advisorsPublic policy entities Governments Regulators Nongovernmental organizationsCustomers Commercial buyers End usersEmployeesSuppliersBoard of directors Senior management Who Uses Sustainable Business Information?Source:Authors/IMA24ACHIEVING EFFECTIVE INTE
192、RNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Regulatory Bodies and Standard Setters that Oversee ESG ReportingESG reporting is moving from voluntary to mandatory.That is,increasingly,reporting regulations and sta
193、ndards are being proposed by securities regulators,governments,and standard-setting bodies.In the U.S.,the SEC oversees the delivery of required information from publicly listed companies.With respect to the financial statements of registrants,the SEC has designated the Financial Accounting Standard
194、s Board(FASB)to issue substantive generally accepted guidance,but the SEC can direct or overrule the FASBs work.Thus far,the FASB has largely taken the position that much of the ESG information today relates to sections of an annual report(Form 10-K)outside of the financial statements and notes,and,
195、therefore,setting disclosure mandates is the SECs remit.However,as accounting for ESG items evolves,it is likely that more items will indeed relate to the basic financial statements.This will likely include accounting for environmental credits and offsets,impairment of tangible and intangible assets
196、 due to physical and transitional climate-related risks,and financial instruments with links to ESG metrics.The SEC also has jurisdictional oversight of the PCAOB,which oversees audit firms that examine the financial statements of publicly held companies.To the extent that the SEC adopts new reporti
197、ng around ESG,the information reported in a filers Form 10-K,even if its within the unaudited sections,must be consistent with information provided in the financial statements.Outside the U.S.,more than 140 jurisdictions have adopted the International Financial Reporting Standards(IFRS;see Who uses
198、IFRS Accounting Standards?).Although IFRS is issued for global use,the actual standards are adopted on a jurisdictional basis.For example,Canada,Japan,and the Netherlands have each adopted IFRS for reporting entities within their authority.In 2021-2022,the IFRS Foundation,which oversees the Internat
199、ional Accounting Standards Board(IASB)that issues IFRS,established the International Sustainability Standards Board(ISSB)to address sustainable business reporting(see Figure B-7:Organization of the IFRS Foundation,IASB,and ISSB).As its initial work,the ISSB released two proposed standards,IFRS S1,Ge
200、neral Requirements for Disclosure of Sustainability-related Financial Information,and IFRS S2,Climate-related Disclosures.These proposals incorporate existing voluntary standards,such as the GHG Protocol,the Sustainability Accounting Standards Board(SASB)standards,and the Recommendations of the Task
201、 Force on Climate-related Financial Disclosures(TCFD).These guidelines have been adopted,to some extent,by many entities for voluntary external reporting.Importantly,although this standard setting seeks connectivity between sustainable business and financial reporting as a priority,much of that conn
202、ectivity was vague or unexplained in the initial proposals.It is expected that the IASB and the ISSB will work collaboratively in issuing standards so that the corresponding effects can be considered.The first of the voluntary reporting standards were developed in the 1990s and issued by the Global
203、Reporting Initiative(GRI).Generally,the GRI states that its standards use a“multistakeholder”approach.In recent years,GRI has clarified that this concept means an impact accounting approach that makes the effects of an entity on external stakeholders its primary goal.GRIs approach aligns well with t
204、he United Nations Sustainable Development Goals(SDGs),which aim to operationalize national commitments to sustainable development and contributions to progress by individual organizations.25ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH
205、 THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK The European Commission adopted its Non-Financial Reporting Directive(NFRD)in 2014.The NFRD required member states to transpose new ESG-related disclosure requirements into national law by 2016.Taking a step further in 2019,the European Green Deal was i
206、ntroduced.This sweeping initiative provides a set of interrelated climate,energy,transport,and taxation policies to reduce GHG emissions and,in turn,strengthen the European economy.3 Following from the initiatives,the European Commission aimed to update the NFRD with a more comprehensive Corporate S
207、ustainability Reporting Directive(CSRD)and designated its European Financial Reporting Advisory Group(EFRAG)to issue standards to operationalize the proposal.4 These European authorities are seeking to incorporate an impact accounting approach under the CSRD.In its December 2021 report,the G7 Impact
208、 Taskforce,which is advising the G7 leaders on ways to increase the mobilization of capital to address climate change and other global environmental and social issues,including enhancing the transparency and integrity of reported ESG information,strongly supported the mission of the ISSB to create a
209、 common global baseline for reporting sustainability information and further urged the rapid development of standardized methodologies on impact valuation that would enable reporting of impacts in monetary terms.To that end,in July 2022,the International Foundation for Valuing Impacts(IFVI)was estab
210、lished to bring together existing impact valuation initiatives by the Harvard Impact-Weighted Accounts Project and the Value Balancing Alliance and to coordinate with other efforts in this area such as that of the Capitals Coalition.ESG:Types of Sustainable Business InformationIn the 1990s,John Elki
211、ngton,considered by some as the father of modern sustainable business reporting,coined the term“triple bottom line,”which is also referred to as the“3 Ps”:people,planet,and profit.His metaphor suggests the interrelationship of financial,environmental,and social concerns.FIGURE B-7:ORGANIZATION OF TH
212、E IFRS FOUNDATION,IASB,AND ISSB International Financial Reporting Standards(IFRS)FoundationInternational Accounting Standards Board(IASB)International Sustainability Standards Board(ISSB)Value Reporting Foundation(VRF)International Integrated Reporting Council(IIRC)Sustainability Accounting Standard
213、s Board(SASB)Climate Disclosure Standards Board(CDSB)Source:IMANote:SASB merged with the IIRC in 2021 to become the VRF.Subsequently,in 2022,the IFRS Foundation acquired the VRF,along with the CDSB,as it organized the new ISSB.3 As part of the European Green Deal,the European Commission adopted the
214、European Union Taxonomy Regulation(Taxonomy),which provides classi-fication rules for the labeling of activities and investments as“sustainable.”Related to this,under the Sustainable Finance Disclosure Regulation(SFDR),certain entities(primarily financial institutions)must disclose information regar
215、ding their operations and portfolios in alignment with the Taxonomy.4 In 2001,when the IFRS Foundation and IASB were founded,the European Union,working with the business community,established EFRAG to provide it technical advice on accounting and reporting matters.26ACHIEVING EFFECTIVE INTERNAL CONT
216、ROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Similarly,and regardless of the particular framework employed,sustainable business information generally falls into one of three categories:environmental,social(human resources
217、),and governance(see Table B-1:ESG Topics).Environmental information includes considerations of GHG emissions,the use of water,the release of waste,and the use of other natural resources such as forests.It addresses not only the use of energy and physical resources but also the transformation of the
218、 economy and value chain.The movement of economic actors from fossil fuel-dependent assets,operations,and investments to those with low or zero emissions creates risks(and opportunities)to existing value.For example,companies that produce diesel fuel trucks(and their input parts)need to consider pot
219、ential impairment risks to their assets and expected value(that is,both tangible and intangible,even if unrecognized)as their customers and competitors look to electric vehicles.Social refers to resources or value contributed through relationships with humans.There are many ESG data points,metrics,i
220、ndicators,and disclosures that relate to human resources(or synonymously“human capital”or“human capital resources”).These include information about employee turnover,diversity,and training.It can also include the protection of personal data that an organization collects.In 2020,the SEC adopted new r
221、egulations that require disclosures concerning human capital resources that are material to an understanding of a registrants business(see Release No.33-10825,Modernization of Regulation S-K Items 101,103,and 105).For example,healthcare,financial services,and technology entities are highly dependent
222、 on access to skilled professionals with expertise.For certain sectors,such as pharmaceuticals,it also includes human-related outcomes and risks from product safety.The“S”category also includes the organizations role and influence in areas such as human rights.Governance refers to how an organizatio
223、n executes its transactions and manages its business.This includes business ethics,such as anti-bribery and anti-corruption.Some would also categorize compliance with data security and privacy protection as part of this category.In addition,an organizations established processes for internal and ext
224、ernal audits demonstrate a commitment to good governance and oversight and that activities are conducted responsibly.Of course,these are not bright-line classifications.Some sustainability items can be classified in multiple categories.For example,anti-bribery and anti-corruption can represent a“soc
225、ial”issue,a means for promoting equitable access to resources and opportunities;at the same time,it might be considered a governance issue for board and audit committee oversight.Delivery of ESG ReportingAs noted previously,companies are releasing sustainable business information to multiple parties
226、,in multiple formats,via multiple channels.Certain information may be released in annual reports,such as on Form 10-K or Form 20-F(for non-U.S.filers).In fact,many disclosures that can be classified as sustainable business information overlap with current disclosure requirements.For example,Commissi
227、on Guidance Regarding Disclosure Related to Climate Change states that information relating to the effects of climate change is subject to reporting on Form 10-K.A great many reporting entities elect to issue sustainable business information pursuant to the United Nations SDGs,SASB,TCFD,GRI,and the
228、Integrated Reporting Framework of the former International Integrated Reporting Council(IIRC)separately from their regulatory filings and annual financial reports.Companies electronically post their sustainable business reports on their websites.Many also submit to CDP.Data aggregators and rating ag
229、encies strip information from these reports and make it available via complex investor platforms,such as Bloomberg or Refinitiv.However,much of the information issued by different reporting entities is not directly comparable for multiple reasons,including the lack of uniform,27ACHIEVING EFFECTIVE I
230、NTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK EnvironmentalSocialGovernanceBiodiversityCommunity relationsAnti-bribery and anti-corruptionClimate changeData privacyAnti-fraudDeforestationDiversity,equity,and in
231、clusionCorporate board,structureEnergy use Education and trainingData protectionExtreme weatherEmployee compensation and benefitsExecutive compensation policiesGHG emissionsEmployee engagementRegulatory complianceLandfillHealth and safety,product useShareholder rights and engagementOceansHealth and
232、safety,productionTransparency,disclosureRecyclingHuman rightsWhistleblower policySoil healthModern slaveryTransportationOpportunities for meaningful workWater managementUnion rightsTABLE B-1:ESG TOPICSglobal standards.At the same time,companies today build business models that utilize unique strengt
233、hs and positions,and competition is unlike the days when products and services were more commoditized than they are today.The gathering and aggregating of data(sometimes referred to as“scraping”),however,occurs not only from annual reports and company websites.ESG information can show up on an inves
234、tors dashboard from a variety of sources,such as other regulatory filings,environmental reports,legal databases,employee rating sites,and reports of nongovernmental(NGO)organizations.Critically,a publicly held entity in the U.S.is subject to anti-fraud securities rules for all of the information tha
235、t it releases,even if it is released for some other purpose than a securities filing.For example,a healthcare company that misstates known dangers from a particular pharmaceutical or medical device can be held responsible for investor losses even if the misstatement is in another regulatory report o
236、r part of a product release(Securities Exchange Act of 1934;SEC Rule 10b-5).This is important to remember when considering sustainable business reporting and internal controls.By 2020,nearly every global company was issuing some form of external reporting on sustainability.The Governance&Accountabil
237、ity Institute,which monitors the pervasiveness of ESG reporting by large public companies,reported that by 2021,96%of the S&P 500 and 81%of the Russell 1000 published sustainability reports(see Figure B-8:11-Year Track Record of S&P Reporters).28ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILI
238、TY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Differences between Conventional Financial Reporting and Sustainable Business InformationAlthough market demand for sustainable business information continues to rise steadily,internal stakeholders
239、(management,staff,and board members)as well as external stakeholders(asset managers,asset owners,and policy makers)often do not have the same level of confidence in the reliability,utility,and quality of currently available information that they have in traditional financial data.Some of these conce
240、rns follow from the somewhat different qualities of sustainable business information and reporting.As demonstrated in Figure B-9:Three Attributes of ESG Reporting that Differ from Financial Reporting,Douglas Hileman has summarized this into three categories:control vs.influence;quantitative vs.quali
241、tative;and historical vs.forward-looking.More specifically:Control vs.influence:There are unresolved differences regarding the setting of organizational boundaries between financial reporting and sustainability frameworks.Financial accounting principles define a“consolidated entity”and detail how to
242、 account for minority investees.Depending on the framework or standards,however,sustainability reporting may be based on different concepts of“control”or“influence”(Principle 3 and Principle 12).As rules and standards evolve,alignment may follow.Quantitative vs.qualitative:Because the goal is to est
243、imate and assess expectations of ongoing availability of resources and stakeholder willingness to make these resources available,sustainability information is inherently more qualitative than traditional financial reporting.The goal is to produce information so that users may assess short-,medium-,a
244、nd long-term future performance and expectations that relate to an ultimate enterprise value(or going concern value).Historical vs.forward-looking:Sustainability information can be more forward-looking and long-term than financial information as organizations set goals and targets.Traditionally,fina
245、ncial accounting rested on the summarization of past transactions and events.Over time,however,reporting evolved to reflect economic expectations and estimates of the future.At its heart,sustainability is about wise use and preservation of resources over the long term.Long-term sustainability target
246、s and goals inform business objectives.Further,communicating long-term goals and targets sets the stage for future reporting on the achievement of targets.The process of estimation is the same,but the time horizon is longer.FIGURE B-8:11-YEAR TRACK RECORD OF S&P REPORTERSSource:2022 Sustainability R
247、eporting in Focus:Examining 2021 trends of companies on the S&P 500 +Russell 1000201120%201253%201372%201475%201581%201682%201785%201886%2019202092%90%202196%29ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTE
248、GRATED FRAMEWORK In addition to these inherent differences,the drivers around sustainable business information raise additional challenges:Voluntary reporting ecosystem:Even the companies that issue reports generally do not follow a single set of uniform standards.Instead,they have been selecting as
249、pects of different guidelines,such as SASB,TCFD,GRI,and the SDGs.This fragmentation makes the development of information and reporting systems challenging.Acceleration toward regulation:Enacted and proposed legislation,regulation,and listing requirements are coming to the forefront.In addition,regul
250、atory authorities,such as the SEC,are increasing their oversight of filings even under existing regulations.This movement brings a more structured approach and the input of legal counsel and compliance professionals.Novel data streams:Much of the information that a company needs to gather for ESG re
251、porting and management of sustainability initiatives has never been gathered,summarized,and analyzed.Examples are numerous.Many companies did not gather information on GHG emissions,water use,employee turnover,diversity,waste management,and energy sourcing and usage.Or,if they did gather this inform
252、ation,it was with the narrow objective of complying with local laws or regulations and not for disclosure in securities filings.Talent availability and competence:Local operating units may not have the resources or competence to support the gathering of new types of data.Alternatively,they may respo
253、nd with apprehension regarding new metrics of performance oversight.Members of remote teams may resist strongly if they do not understand the purpose of these new demands for information or if the requests are seemingly unsupported by management.Immature systems and unstructured data:Largely,the IT
254、solutions for financial reporting are mature.They incorporate information technology general controls(ITGC)and follow well-defined and consistent processes with the goal of supporting an independent audit.Much of the data is structured.It comes from systems that identify information from its source,
255、through processing,and results in detailed reports on sales,receipts,purchases,payments,inventory,and plant assets.With respect to sustainable business information,at many companies,generally,comprehensive systems are not yet in place and data comes from a variety of sources,including spreadsheets a
256、nd email.It does not flow FIGURE B-9:THREE ATTRIBUTES OF ESG REPORTING THAT DIFFER FROM FINANCIAL REPORTINGCourtesy Douglas Hileman Consulting,LLCCONTROLBoundariesJudgmentExpectations and estimatesQUANTITATIVEHISTORICALINFLUENCEQUALITATIVE/NARRATIVEFORWARD-LOOKING30ACHIEVING EFFECTIVE INTERNAL CONTR
257、OL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK from technology solutions that have built-in data controls.There is much hope that these will develop in a way that produces information that is useful not only for ESG reportin
258、g but,as importantly,for internal decision support.Proliferation of reporting platforms and software services:Along with new reporting demands,commercial providers have been entering the space to provide reporting platforms and tools.However,some preparers find that these standardized approaches are
259、 inadequate for their organizations unique data and information streams.And,as professionals in the finance,internal audit,governance,risk,and compliance functions become increasingly part of sustainability reporting teams(that is,the sustainable business information value chain),they instill attent
260、ion to data quality and internal controls.Many of these reporting professionals,however,have had disappointing results with some of these platforms.Yet others are finding that some of the platforms incorporate many of the same desired features and functionalities as their financial and regulatory re
261、porting systems and thereby can help instill good controls and oversight systems,including documentation and review,by relying on the systems ability to track data.However,if poorly used,these platforms can create even more challenges.Sustainability reporting relies on third-party data:A good portio
262、n of sustainability accounting relies on gathering,assessing,and reporting on information sourced from third parties.GHG Protocol accounting,for example,calls for Scope 1,Scope 2,and Scope 3 accounting,depending on the source of emissions(see Figure B-10:Overview of GHG Protocol Scopes and Emissions
263、 across the Value Chain).5 The impact accounting approach favored by certain sustainability advocates also depends on information from external sources,including government and NGO statistics.This raises concerns from preparers,compliance professionals,and auditors on the quality and reliability of
264、externally sourced data on which a reporting organization relies.Demands for external assurance:Users of sustainability information are seeking the comfort that third-party independent assurance provides in the financial reporting arena.They want similar assurance that the information that a company
265、 issues externally results from rigorous oversight systemsboth internal and independentthat they have come to rely upon from financial reporting.Today,certain types of information that is now considered under the ESG umbrella,such as environmental data,is audited before submission to agencies.Howeve
266、r,as more sustainability information is delivered via general corporate reporting such as Form 10-K,voices are becoming louder in seeking independent assurance and moving from limited assurance to reasonable assurance(which also provides opportunities for feedback on process effectiveness;see Princi
267、ple 15,Principle 16,and Principle 17).This demand is being reflected in the proposed rules and regulations.For example,the SECs proposed rules regarding climate-related disclosures call for larger accelerated filers to obtain limited assurance for Scope 1 and Scope 2 emissions disclosures within one
268、 year of adoption and an additional two-year period to obtain reasonable assurance.All of these items make the interpretation and application of ICIF-2013 a practical challenge for professionals who are now part of the sustainable business information value chain.These include management,operational
269、 teams,financial reporting teams(preparers),internal audit,compliance teams,and independent auditors.Yet taking steps to do so furthers the delivery of relevant,reliable,complete,and unbiased information so that management,investors,business advisors,and other stakeholders can make informed decision
270、s about the use of precious resources.5 GHG Protocol;see Management Accountants Role in Sustainable Business Strategy:A Guide to Reducing a Carbon Footprint.31ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEG
271、RATED FRAMEWORK Although new corporate ESG measures may seem novel,in many ways,they follow the traditional information flows of other types of corporate information.These key differences between mainstream financial reporting and sustainable business information,as addressed previously,highlight th
272、e need for organizations to consider data strategy and data governance.ICIF-2013,particularly the Control Environment component and the Information and Communication component,supports the means for addressing these concerns(see Recommendations).While this represents a challenge,it also represents a
273、n opportunity.FIGURE B-10:OVERVIEW OF GHG PROTOCOL SCOPES AND EMISSIONS ACROSS THE VALUE CHAINSource:GHG Protocol32ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK In this section,each of the
274、17 principles in ICIF-2013 is explained and interpreted for application to sustainability.It follows the following format:Each principle is cited directly from ICIF-2013.Then,it is explained and stated as it may apply to sustainability.Each point of focus is cited from ICIF-2013.Then,each is explain
275、ed and stated as it may apply to sustainability.Insights bring forward information on how the principles are being considered and implemented,either directly or indirectly,through new and proposed regulations,evolving professional standards,and organizational practices.They reflect a review of autho
276、ritative and thought leadership materials along with the authors extensive interviews with professionals with a variety of relevant backgrounds.These points also reference selected,publicly available ESG reports.In sum,these informational insights reflect the views of the various stakeholders who af
277、fect how an organization responds to the drivers for sustainability by considering its processes.As illustrated in Figure P1-1:Innovating ICSR,the components,principles,and points of focus interrelate.Therefore,certain explanations and insights may relate to multiple principles in a way that indicat
278、es overlap.This integration is part of the design of ICIF-2013.The work begins with commitment,authority,and accountability and continues throughout the process as foundational themes.The organization considers objectives and reconsiders them on an ongoing basis.From there,it considers risks to meet
279、ing its objectives and how to counter them with systems and processes that are monitored for effectiveness.This facilitates the fundamental goals of delivering complete,accurate,reliable,and decision-useful information for all stakeholders.Applying the ICIF-2013 Principles to Sustainability:Building
280、 Internal Control over Sustainability Reporting(ICSR)Sustainability information is increasingly integrated into investor decision making,along with traditional financial data.This means sustainability information needs to be reliable and prepared with internal control processes and board governance
281、and oversight,similar to the processes used for financial data.Janine Guillot,former Special Advisor to the International Sustainability Standards Board Chair;former CEO,Sustainability Accounting Standards Board and Value Reporting Foundation33ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY
282、 REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK FIGURE P1-1:INNOVATING ICSRINTERNALLYEXTERNALLYCUSTOMER PUBLICSECIdentifies and assesses riskCommunicatesMonitor effectivenessSelects and develops control activitiesCOMMITMENT,AUTHORITY,ACCOUNTABILIT
283、YOBJECTIVESOPERATIONS|REPORTING|COMPLIANCECOMPLETEDECISION USEFULACCURATERELIABLE34ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK 1.Demonstrates commitment to integrity and ethical valuesThe
284、 organization demonstrates a commitment to integrity and ethical values.(ICIF-2013-1)An organization furthers its objectives by demonstrating to its stakeholders that it is trustworthy and acts in the public interest.An entity demonstrates its commitment to acting sustainably.POINTS OF FOCUS Sets th
285、e tone at the top An organizations actors look to how senior leadership behaves,speaks,acts,and directs others to act.6 Senior leadership can prioritize and facilitate the building of respect toward building a sustainable business.Senior leaders can influence conduct and performance by behaving as r
286、ole models.Establishes standards of conduct Organizations establish standards of conduct for their actors.Often,an organization,at its highest levels,operationalizes its mission or purpose through a values statement.These values are then further operationalized with sustainable business programs and
287、 policies that are communicated throughout the organization.Evaluates adherence to standards of conduct Organizations establish a system or processes to assess whether its actors are complying with its established values and policies,including those that apply to values and policies that support the
288、 organizations efforts to act sustainably.This means developing oversight processes,including internal audit review,if appropriate.Addresses deviations in a timely manner An organization follows up when an actor(or group)diverges from its policies around sustainable business management and reporting
289、.This is effectuated through communications and follow-up with the purpose of correcting course and supporting improvement and development.INSIGHTS Purpose of a corporation:Today,thought leadership in management and business strategy is addressing the concept of corporate purpose.In 2019,the Busines
290、s Roundtable redefined the purpose of a corporation through the commitment of 181 CEOs to lead their companies for the benefit of all stakeholderscustomers,employees,suppliers,communities,and shareholders.This is an example of the concept of multistakeholderism,which addresses the preservation and o
291、ptimization of value over the short,medium,and long term for the benefit of all stakeholders that contribute resources.This concept challenges the familiar maxim that the purpose of a business is the maximization of profits for the benefit of equity holders.However,Leo E.Strine Jr.,former chief just
292、ice of Delaware,observes that the maximization interpretation of fiduciary duties is inexact,and we can“better align our corporate governance system with the interests of humanity in ensuring that in trying to build wealth,we 6 As used in this publication,the word“actor”refers to all of an organizat
293、ions personnel,including persons at subsidiaries,affiliates,and subdivisions.It also includes part-time employees,independent contractors,and externally hired consultants who are working on behalf of the organization.In the case of sustainable business,it also includes persons that are part of its v
294、alue chain for which the organization may have responsibility,such as vendors and buyers.An actor can also refer either to an individual or an entity.Component:Control Environment35ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO
295、 INTERNAL CONTROLINTEGRATED FRAMEWORK do not destroy the planet,injure customers,or otherwise cause more harm than good.”In sum,adhering to a culture of ethics and principles is the first step(Principle 1)in stablishing an effective system of controls as foundational to trust.Expressing a corporate
296、purpose helps the organization set specific objectives(Principle 6).Thought leaders in sustainable business view a binary construct of shareholder vs.stakeholder as misguided.An organization cannot achieve its financial objectives,such as optimizing profits,without considering its other stakeholder
297、groups,such as customers,employees,suppliers,and communities.Therefore,the culture that an organization creates is about discovering,prioritizing,and integrating sustainable business issues.Fostering genuine change on managing resources and processes:Because the Framework has been utilized heavily f
298、or SOX compliance,there is a tendency to view it as narrowly focused on external reporting.However,achieving any form of reportingwhether internal or externalrequires effective,enterprise-wide organizational elements that manage resources and processes.The Framework guides the design and implementat
299、ion of effective control and oversight systems for an organization to achieve all of its objectives that align with its purpose(Principle 6).United Nations Global Compact(UNGC):Organizations are demonstrating commitment to building a more sustainable world by becoming members of the UNGC.By 2022,mor
300、e than 15,000 companies and 3,800 nonbusiness participants have become members of the UNGC.Among the requirements to join,an organization(1)commits to integrating the UNGCs principles into its organizational culture and decision-making processes,(2)issues a statement of commitment by its chief execu
301、tive and board,and(3)agrees to make progress on the United Nations SDGs and regularly report on such progress.These actions align with Principle 1,which speaks of setting the tone at the top.Instilling trust in sustainable business information:All actors are instrumental in executing an organization
302、s commitment to act ethically and toward stakeholders common purpose.Nevertheless,professional accountantsboth internal and externalhave a critical role to play(see IMA Statement of Position on Sustainable Business Information and Management).Trust,accountability,and transparency are the cornerstone
303、s of professional accountancy.The global community is seeking a thoughtful reconsideration of how all organizations use the planets limited and precious resources and for businesses to deliver on sustainability with the same rigor,thoughtfulness,and energy used to deliver on traditional metrics of p
304、rofits.At the same time,the information relied upon for decision making around sustainability issues must be high-quality,reliable,and produced through processes that instill this trust.Benefit corporations and B Corps:Some companies are making commitments to sustainability as part of their organiza
305、tional purpose.The requirements of becoming a benefit corporation or a B Corp are distinct but overlap.Many jurisdictions now permit companies to incorporate with a stakeholder governance system.For example,in the U.S.,a company can incorporate as a benefit corporation by stating,in its charter,conv
306、entional responsibilities to its shareholders and,concurrently,to a public benefit aligned with its business model,such as an educational or healthcare-related benefit.A company also may elect to become a Certified B Corporation,which means that it has voluntarily decided to commit to the achievemen
307、t of sustainability-related objectives as facilitated by B Lab.36ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK Research on trust:The Edelman Trust Barometer delivers ongoing studies on trus
308、t in institutions,including business.Its 2022 global findings report that 81%of employees believe that CEOs should be personally visible in discussions of public policy with external stakeholders or the work the company has done to benefit society.The study also reflected stakeholder awareness:Custo
309、mers:58%buy or advocate for brands based on beliefs and values.Employees:60%choose a place to work based on their beliefs and values.Investors:64%invest based on their beliefs and values.An organizations commitment to integrity is fundamental to internal control.It speaks to all stakeholders that th
310、eir contributions of resources to the organization will be purposeful.ICIF and reputational risks:Today,following up on commitments to act sustainably can be critical for an organizations reputation and survival.Consider,in recent years,the front-page news about companies and their reported failures
311、 to act sustainably.These include,for example,the sourcing of palm oil,crude and pipeline accidents,slavery in the supply chain,the sale of addictive opioids,and permissiveness in response to discriminatory behavior.These revelations can have particularly detrimental consequences with stakeholders i
312、f the organization has made public statements about its dedication to sustainability issues;it can readily be accused of“greenwashing,”the term used to describe unreliable or untrustworthy claims of sustainability.Further,employees perceptions that an organizations published values regarding sustain
313、ability and corporate social responsibility are hollow can result in disengagement,which is inconsistent to effective controls.Establishing governance,policies,and oversight by following ICIF can help an organization forestall detrimental and costly surprises.Criticism of the business community:Refl
314、ecting cynicism and mistrust,there are voices that are critical of business efforts toward sustainability as inadequate.For example,a recent opinion in The New York Times asserted:On the face of it,E.S.G.investing could be transformative,which is why its one of the hottest trends in the world of inv
315、esting.After all,allocating more capital to companies that do good helps them grow faster and lower their cost of capital,creating an incentive for all companies to be more socially and environmentally conscious.But the reality is less inspiring.Wall Streets current system for E.S.G.investing is des
316、igned almost entirely to maximize shareholder returns,falsely leading many investors to believe their portfolios are doing good for the world.For E.S.G.investing to achieve its potential,Wall Street players will have to change their system.In fact,it coincides with polls in recent years that find yo
317、unger generations have negative views of capitalism(for example,see“Eat the rich!Why millennials and generation Z have turned their backs on capitalism”and“A majority of millennials now reject capitalism,poll shows”).Following ICIF-2013,particularly beginning with Principle 1,gives an organization t
318、he power and tools to consider its activities and statements to promote trust,transparency,and reliability.37ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK CEO LETTERSA widespread practice i
319、n setting the tone at the top and setting sustainable business priorities is the CEO letter.For example,in its 2021 sustainability report,United States Steel President and CEO David B.Burritt states:Steel is critical to a healthy manufacturing base,and it is incumbent upon companies like ours to tak
320、e the necessary steps to remain economic engines that best support their employees,best serve their customers,best enrich their communities,and best reward their stockholders.We believe the key to achieving all of these things is making sustainability central to who we are and what we do.our Best fo
321、r All approach to sustainabilityis making it possible for us to get to our future fastera future where we are leading our industry in the development of innovative,profitable,and sustainable steel solutions that are best for people and the planet.Moving to put the message into practice,Burritt and t
322、he companys board of directors appointed a new chief strategy and sustainability officer,who has joined the senior management team.This sends a message that sustainability is core to the company achieving its long-term strategy to further its mission.CEO ANNOUNCEMENT:B CORPIn March 2022,The Vita Coc
323、o Company announced that it had become a Certified B Corporation.In the announcement,Mike Kirban,founder and co-CEO,stated:Weve always been on a mission to create more equitable access to natural,better-for-you products in a responsible way.Joining a network of like-minded organizations will create
324、collective impact to democratize health and wellness.We are honored to receive this distinction and become part of the B Corp community.This is indeed a control activity,because it announces to all stakeholders the companys commitment to its mission.From this,the company engages all stakeholders to
325、contribute resources to reach its objectives,which include positive impact on farming communities in the Philippines,Sri Lanka,and Ecuador.Sustainable business management is becoming more important for organizations,increasing the urgency for reliable ESG information for decision-making purposes.The
326、 COSO ICIF model enables organizations to streamline their ESG strategy,goals,risks,and thus ultimately the reporting on this topic.This supports organizations in achieving their sustainability goals.Brigitte de Graaff,Assistant Professor,Researcher,and CMA Program Director,Vrije Universiteit Amster
327、dam;Chair,IMA Sustainable Business Management Global Task Force38ACHIEVING EFFECTIVE INTERNAL CONTROL OVER SUSTAINABILITY REPORTING(ICSR):BUILDING TRUST AND CONFIDENCE THROUGH THE COSO INTERNAL CONTROLINTEGRATED FRAMEWORK POINTS OF FOCUS Establishes oversight responsibilities A board of directors ex
328、ecutes its responsibilities over sustainable business management through a system of oversight that facilitates the organizations satisfaction of mandates and expectations.Often,the organizations board of directors establishes structures,such as a designated committee or subcommittee,to oversee the
329、organizations sustainable business activities and reporting.This may necessitate amending existing organizational documents such as the articles of incorporation,bylaws,or charters.Applies relevant expertise A board of directors identifies requisite skills and areas of expertise for its own membersh
330、ip.Therefore,it ensures that board members charged with oversight responsibilities regarding sustainable business have the knowledge base and skill set to be effective.Operates independently A board of directors operates independently from management with respect to oversight and responsibilities fo
331、r decision making on sustainable business issues.This point of focus operates in the same way with respect to sustainable business activities as it does for all other organizational activities.Provides oversight for the system of internal control The board oversees an organizations design,implementa
332、tion,and performance of controls,systems,and processes related to sustainable business activities and reporting.Often,this is a check on management and an oversight of how the organization is utilizing its resources and processes to achieve sustainable business activities,such as programs around ene
333、rgy,waste,GHG emissions,supply chain,cybersecurity,and diversity,equity,and inclusion.INSIGHTS Comments by Allison Herren Lee:In 2021,former SEC Commissioner Lee gave the keynote address at the Society for Corporate Governance National Conference.Her remarks focused on the SECs policy-making process,particularly around its attention to climate change and other ESG disclosures.She noted that boards