Sustainability and ESG reporting is a top area of focus for many companies and something many companies need to implement or improve. The Committee of Sponsoring Organizations of the Treadway Commission (COSO), responsible for the most widely used internal control framework, has published an article on how to apply the COSO framework to sustainability reporting. The article is called “Achieving effective internal control over sustainability reporting (ICSR): Building trust and confidence through the COSO internal control – integrated framework” and describes how the five components and 17 principles of the COSO framework can be operationalized and gives practical examples of how to apply it in the area of sustainability reporting.
GRC Insight – The COSO framework for internal control over sustainability reporting
Some key takeaways are:
• Cultivate a culture of accountability – it is important to make sure that the decision makers have access to reliable information about the performance of internal control over sustainable business information.
• Revisit the interrelationship of purpose and various objectives – it is important for an organization´s objectives to balanced and understood throughout the organization.
• Establish a cross-functional team – a cross-functional team provides diverse perspectives and subject matter expertise and can be a valuable early step to start the integration process.
• Leverage existing expertise – Internal control over sustainability reporting is a new application of concepts from control over financial information which means that the CFO team already has considerable expertise in applying these concepts. In addition, the operations team have valuable insights into how an organization is producing the goods and services that are being delivered.
• Leverage existing controls – The processes and automated controls that already exists as part of internal control over financial reporting can be modified and applied to sustainability information.
• Leverage enabling technologies and platforms – The systems around sustainable business information is often immature, and it can therefore be beneficial to incorporate this information into IT platforms with well-established controls to improve decision-maker confidence in the sustainability data.
• Focus on decision usefulness – A reason for the fact that many companies are reluctant to establish internal control over sustainable business information, is because of the amount of data and KPIs that are typically included in a sustainability report. By prioritizing and viewing sustainability through the lens of decision usefulness, an organization can focus on covering a small subset of metrics that are the most important to its success over time.
• Start early – To design and refine a system of controls that fully supports reporting objectives can take time, so it´s important to begin your work early.
With the new requirements for sustainability reporting coming up such as the Corporate Sustainability Reporting Directive (CSRD), the need for developing internal control over sustainability reporting is only getting bigger. The COSO framework can offer a great support in achieving this and for those already using it for financial reporting it can provide a familiar way to approach it.