Sustainability Reporting vs. Financial Reporting
Sustainable business information differs from traditional financial data, and regulations have upended the sustainability reporting ecosystem. Unlike financial reporting, sustainability reporting emanates from a myriad of standards that often result in fragmented disclosures. As regulatory authorities like the Securities and Exchange Commission (SEC) increase their oversight, companies need a structured approach to data strategy and data governance to integrate their sustainability information with financial data to produce investor-grade disclosures.
The Differences Between Financial and Sustainability Reporting, According to COSO:
Control vs. Influence
- There are unresolved differences regarding the setting of organizational boundaries between financial reporting and sustainability frameworks.
- Financial accounting principles define a “consolidated entity” and detail how to account for minority investees.
- Depending on the framework or standards, sustainability reporting may be based on different concepts of “control” or “influence” (COSO Principles 3 and 12).
Quantitative vs. Qualitative
- Sustainability information is inherently more qualitative than traditional financial reporting, and it aims to estimate and assess the ongoing availability of resources and stakeholder willingness to make these resources available.
- The goal is to produce information so that users may assess short-, medium-, and long-term future performance and expectations that relate to an ultimate enterprise value (or going concern value).
Historical vs. Forward-Looking
- Sustainability information can be more forward-looking and long-term than financial information.
- Financial accounting rests on the summarization of past transactions and events and reflects economic expectations and estimates of the future.
- Sustainability is about the use and preservation of resources over the long-term, and the associated targets that inform business objectives.
- Communicating long-term goals and targets sets the stage for future reporting on the achievement of targets.
- The process of estimation is the same, but the time horizon is longer.
Integrating Financial and Sustainability Reporting
As internal control requirements are interwoven with sustainability disclosure regulations, organizations will be required to assess the effectiveness of their process and policies. Regulations like the European Union’s Corporate Sustainability Reporting Directive (CSRD) require companies to disclose how their risk management and internal control systems encompass their sustainability reporting processes. They must outline those processes, their risk assessment and mitigation strategies, the risks they have identified, and how the findings will inform future disclosures and controls.
March 2023 Updates
Below, we highlight the key changes from COSO’s 2013 Internal Control – Integrated Framework (ICIF) to the new supplemental guidance released in March 2023, “Achieving Effective Internal Control Over Sustainability Reporting” (ICSR).
Origins of the COSO Framework
In 1992, COSO published its landmark framework. The guidance provides a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. To achieve an effective internal control system, COSO concludes that five components must be present and functioning:
A decade later, when Congress passed the Sarbanes-Oxley (SOX) Act, thereby establishing the Public Company Accounting Oversight Board (PCAOB), there was a need to evaluate internal control over financial reporting (ICFR). The COSO framework provided a solid foundation for an effective control environment. In 2013, the framework was modified to encompass changes in the business environment. It is now among the most widely used financial reporting guidance in the U.S. for companies, nonprofits, and government agencies.
Component: Control Environment
Just as an entity’s internal control environment provides the foundation for effective ICFR, it is also an essential starting point for designing, implementing, and maintaining an effective system of internal control over decision-useful sustainable business information.