COSO’s new ”Internal Controls Over Sustainability Reporting”

Here is the intro from this blog from Cooley’s Cydney Posner:

Under the pressure of institutional investors, environmental groups, employees, consumers and other stakeholders, many companies have sought to demonstrate their bona fides when it comes to ESG through disclosure about their sustainability efforts, goals and achievements, whether in periodic reports or in separate sustainability reports.

But, as reporting increases, so do concerns by some about potential greenwashing. How can companies assure the quality of their sustainability reporting and create more trust and confidence among stakeholders? One way might be through effective internal controls. So far, however, according to a new report from Committee of Sponsoring Organizations of the Treadway Commission, known as COSO, ”[f]ew best practices have been established.

While some larger institutions have progressed in building controls around ESG reporting, many organizations have designed ad hoc controls around certain key sustainable business metrics. Many also perform internal verification and assurance procedures to ensure management comfort with this information. Yet few of them seem to have developed effective, integrated systems of internal control over their material or decision-useful sustainable business information.”

Now, leveraging insights gleaned from development of the most widely used internal control framework—the COSO Internal Control-Integrated Framework—COSO has developed the concept of ”internal control over sustainability reporting” (ICSR). In its new report, which weighs in at 114 pages, COSO provides supplemental guidance that explains and interprets how each of the 17 principles in the 2013 version of the COSO ICIF applies to sustainable business activities and sustainable business information. According to the authors, “[i]nternal controls have value beyond compliance and external financial reporting.

Effective internal controls can help an organization articulate its purpose, set its objectives and strategy, and grow on a sustained basis with confidence and integrity in all types of information.” As companies seek to “generate sustained value—ethically and responsibly—over the longer term,” with an emphasis on sustainability and ESG, both companies and their stakeholders need effective controls and oversight to provide the reliable and high-quality data needed for “decision making in this changing world.”