Public company executives weighing risk management strategies going into 2022 must devote part of their focus to the Securities and Exchange Commission’s (SEC) requirements for environmental, social and governance (ESG) reporting and climate disclosures. Regardless of whether annual or quarterly disclosures will be the new norm and to what degree of auditability will be required — assuming the standard will require equivalent assurance to Financial Accounting Standards Board (FASB) and/or generally accepted accounting principles (GAAP) — companies will shortly have a new set of reports to manage.
To take on the impending task, companies need to prepare themselves to accomplish sustainable and auditable ESG reporting, which will hinge on data — granular data at that. With the SEC slated to issue its mandates before the end of the year, the following includes active steps companies can do now to best prepare for the changes ahead.
Choose Metrics To Report On Now
For companies based in the U.S., the best bet for reporting metrics looks to be a combination of the Sustainability Accounting Standards Board (SASB) (download) industry-based reporting metrics and relevant additional metrics from the Global Reporting Initiative (GRI) (download). Executives can opt to either retain ESG-focused consultants to help craft the relevant and material metrics to report on or start from these bodies’ industry-specific recommendations. For example, the SASB provides specific metrics for 77 industries and the GRI metrics are applicable across industries.
Perform A Gap Analysis
Once metrics are chosen, companies can perform an analysis of the data they have versus the data that are missing. Typically, companies have sufficient data within their existing systems to cover most reporting on their own operations, whether that be safety incidents, workforce composition or emissions from their owned facilities. However, gaps appear when companies look to report on their upstream and downstream emissions — for instance, from third-party logistics companies or parts suppliers. The inclusion of indirect scope 2 and scope 3 emissions from a supply chain or customer means that companies will need to gather more data from up and down their value chain in order to meet compliance requirements.
Make Contract Adjustments
Because the anticipated reporting will most likely include upstream and downstream elements, it’s recommended that requirements allowing for the capture of these data streams be incorporated into all new contracts with suppliers, logistics providers and, in some cases, customers. For example, to conform with the California Low Carbon Fuel Standard (LCFS), biodiesel producers must track not only the exact origin of every feedstock but also the carbon emitted by transporting those feedstocks to the refinery and then from the refinery to California to be able to calculate the value of carbon credits. This means that any contract for direct purchases or purchases from traders must now require the point of origin data, as well as data on the route and mode of transportation for every feedstock. Adding data requirements doesn’t change the commercial day-to-day execution of a contract but provides access to the context necessary for ESG reporting.
Standardize And Automate
For sustainability reporting to be sustainable, companies need to standardize across their portfolio companies and business units. This will likely be a one-time jarring event, but making sure all entities report a certain commodity usage in tons or cubic meters instead of a mix of units of measure will be critical to automating the collection and reporting of data. Larger companies should consider rolling out a platform or a new set of reports using existing business insight (BI) tools that can tie directly into both enterprise resource planning (ERP) and IIoT/edge/control systems within their business units to minimize the amount of human time and spreadsheet work to collect and report.
Prepare For Auditing
If the SEC does mandate high-quality, third-party auditing for these disclosures, companies should plan for both the policies and systems that will implement data collection, prevent data from being tampered with or manipulated and make data easily shareable with auditors and regulators. With scope 2 and 3 emissions, customers and joint venture partners will be asking to share all sorts of data. Clearly, companies aren’t just going to let partners, suppliers and customers directly into their financial systems of record, so thought must be given to how this data can be cleansed of confidential commercial information and shared in a secured, controlled way with necessary parties, investor groups and advisory services.
Play The Waiting Game
Although it’s not yet known exactly what the SEC will propose, prudent risk management requires that companies plan for reporting that will reach upstream and downstream of their own enterprise and will become integral to the contracting process. Getting a plan in place in the interim can mitigate the headaches associated with standardizing and automating processes that support this type of reporting. After that, we’ll have to wait and see.
This article, authored by Andrew Bruce, originally appeared at Forbes Technology Council.