Preparing Your Audit, Risk, and Compliance Team for SEC ESG Reporting Rules

An ongoing global transformation in the ESG risk disclosure landscape — marked most recently by the U.S. Securities and Exchange Commission’s (SEC’s) final rule for the Enhancement and Standardization of Climate-Related Disclosures — is poised to significantly impact the work performed by audit, risk, and compliance professionals. Proactive companies are working diligently to adopt ESG frameworks, streamline their financial reporting processes, and prepare for compliance with SEC requirements.  

I had the privilege to lead a lively discussion on navigating the evolving ESG rules and the implications these would have on financial reporting, internal controls, and corporate governance with three well-respected subject matter experts, Michelle Dewarrat (Head of Risk, CSG International), Mark Stone (VP, Internal Audit and Chief Audit Executive, SEE), and Lori Kaczynski (SVP, Chief Audit, Risk, and Compliance Officer, Graphic Packaging International). This article highlights their timely advice for other audit, risk, and compliance professionals in light of the SEC’s ESG reporting requirements.

1. Get Started on the Disclosures Now

Past requirements, like Sarbanes-Oxley (SOX), can provide a roadmap for implementing controls and processes around data collection for this type of disclosure. We should expect to produce top-down risk assessments, process documentation, and control evaluations. With ESG, the processes may involve many new players from within the organization.

Mark Stone advised everyone to start working on compliance with the newly-issued ESG rules as soon as possible. “My advice,” said Mark Stone, “would be to connect your ESG and Finance teams early. Don’t wait until three months before your sustainability report publication goal or until the final rule becomes effective. The effort related to increased data collection, assurances, and reporting processes is substantial.”

Mark also pointed out that compared to prior SEC disclosure requirements such as the SEC’s 2020 human capital disclosure requirements, the ESG disclosures are more complex and involve significant data that companies have likely never disclosed in their SEC reporting.

2. Focus on Education and Collaboration

ESG is a rapidly evolving area of concern, but it also presents new opportunities within an organization. Michelle Dewarrat pointed out that even performing a risk assessment on ESG will involve many people who have never been exposed to assessment or risk management.

Michelle said, “Working with these groups requires foundational education about risk management. I encourage people to have patience — many are new to ESG and it can be challenging learning and navigating through this ever-changing environment.” The effort pays off. Michelle shared she sees people get excited. “They’re getting to look at their jobs through a new lens. They’re looking for opportunities to improve, which ultimately helps the business, drives innovation, and gives teams recognition that may not always receive recognition.”

Considering the scope of work with corporate governance, social responsibility, and environmental responsibility, the people and processes involved extend well beyond those assurance teams may have dealt with in the past, and collaboration among the groups can be the key to success.

3. Lean Into Your Expertise

Audit, risk, and compliance professionals may be entering the ESG conversation for the first time, but thinking through end-to-end processes and identifying risks and controls is a unique skill set that adds tremendous value to any organization. Lori Kaczynski commented that assurance professionals “add value through process control expertise, to ask the right questions, and to evaluate a process so that it can be honed.”

She also added the advice to think through the implications of ESG in the long term and consider supplementing your staff if needed. Lori noted that “our purview continues to expand over time, so our teams may need a variety of individuals like environmental engineers or lawyers to be able to comply with these rules.” Now is an excellent time to evaluate your team’s skills and consider upskilling or hiring to fill the knowledge gaps. 

Apply ESG Best Practices Now

Now is the time to act on the advice from this group of experts. If your team has not done so already, get familiar with the SEC’s ESG disclosure final rule, strategize the plan for auditing the topic, connect with those closest to the subject, and consider how the team will evaluate the underlying processes that will feed data into the disclosures. The advice from our expert panel was clear: audit, risk, and compliance professionals will play an active role in ensuring our organizations meet these new rules, and there is no time to wait. 

Download our 2024 Sustainability and ESG Guide to hit the ground running on SEC ESG compliance with resources including a sample organizational chart, sample materiality matrix, technology assessment checklist, and more.