Internal controls: Building sustainability reporting on strong foundations

For decades now, businesses have strived to establish and build trust in the market—with investors, consumers, regulators, and an ever-increasing range of stakeholders. As markets evolved and matured, high-quality financial reporting emerged as a company’s primary vehicle to attain the desired trust. The importance placed on this information led to ongoing efforts to fine-tune processes and mechanisms in order to deliver the most reliable financial information. Today, businesses face a new challenge—building trust in outputs and impacts that extend beyond traditional financials to the pressing topic of sustainability.

In response to this seismic shift in corporate reporting, standard-setters and regulators around the world are moving quickly, and companies that want to build and maintain trust must keep pace. While the subject matter of sustainability reporting may be new to many, the principles for high-quality sustainability reporting mirror those that formed the foundations for financial reporting—governance, controls and compliance. 

Governance, controls and compliance are foundational elements in the effective management and oversight of a company by management and boards. These concepts, when effectively applied, enhance reporting accuracy, reduce the risk of fraud, and promote both accountability and operational efficiency.

Decades of evolution and improvement in these areas have led to the rigorous financial reporting standards, regulations, and expectations that define today’s market. However, their application should not be limited to financial reporting alone. When applied to sustainability reporting, these principles significantly enhance the credibility and reliability of the sustainability information being disclosed. 

The good news is that it’s seldom necessary to start from scratch. Just as new houses can often be built on the foundations of old ones, the training, discipline and experience that the financial teams under the CFOs already have make them ideally suited to take a leading role in shouldering responsibility for sustainability reporting. The key is to combine the controls and information-governance skills of financial teams with the expertise of sustainability practitioners in areas like emissions, waste, and water data. The function of the controller can be crucial here, bringing together financial and sustainability expertise to lay the foundation for value creation from the reporting process. Companies should start with what is material to their business and strive for an internal control environment that supports the data and processes for those specific topics, and that allows management to rely on the information for decision-making. 

Of course, challenges remain. PwC’s recent Global Corporate Sustainability Reporting Directive (CSRD) Survey highlighted that data availability and quality and value chain complexity are the biggest obstacles to implementing the CSRD, with 74% of respondents still using spreadsheets for sustainability reporting. Relying on these manual methods for collecting information creates risks of inefficiencies and human error. 

Leading companies can get ahead by asking themselves the same questions that they might for financial information, particularly when it comes to data; what data is required, how will the data be used in reporting, where is the data and is it reliable, who is responsible for the data, and what are the gaps that might exist? 

Just as with financial reporting, the first step for sustainability reporting should focus on materiality assessments. Businesses need to set clear plans based on sustainability goals that are material to their operations and economic sustainability. Crucially, the data required for disclosure should be collected and consolidated with the same rigour as financial information. 

A durable framework is needed for the internal controls processes that must be consistent but also agile to meet evolving risks or needs. This requires strong corporate governance, particularly in bringing together people from different parts of the business whose work touches on sustainability. A key responsibility of the board is ensuring that management is adhering to this principle by enacting or maintaining an effective controls framework that is supported by employees across all sectors of the organisation. 

Companies that have implemented robust internal controls from the outset often generate value that extends well beyond mere compliance. Enhanced cross-team communication, as mentioned earlier, is a valuable exercise in itself. As clients have told us, compliance—with, for example, CSRD—requires them to gather data from new sources that they might have not previously had to collect. In doing so, however, they have access to more information that may drive more informed decision-making. 

The fast-evolving legal and regulatory landscape makes it imperative that the board and management minimise the risk of a material misstatement. As companies pursue this outcome, executives and stakeholders should recognise that there is not a uniform ‘starting line’ across the business community; companies enter this space with varying levels of maturity. For some, it will take more time to establish and refine the necessary internal controls. What matters is that businesses maintain steady progress, and, when necessary, seek advice both internally and externally to achieve best practices. 

Financial services companies are often ahead of the curve, perhaps in part due to the regulatory regimes they have historically been subject to, meaning that in many cases, robust internal control environments for financials—and other information, if we consider Sustainable Financial Disclosure Regulation (SFDR)—are already in place. And whilst internal controls for sustainability information being on a par with those for financial is an end goal, it might not be the first step for companies in addressing this challenge. Financial reporting underpinned by generally accepted accounting principles has had many years to evolve to its current state, and sustainability is still catching up with the process for establishing underlying measurements that in many cases are still being developed. 

Harnessing the latest technology is also crucial in achieving these new objectives. All businesses need to identify the right technology systems and information-gathering processes to meet the demands for greater sustainability disclosure. Often, data is managed with little uniformity in spreadsheets, and this lack of standardisation can make it challenging to produce reliable, consistent data. Businesses should ask themselves: Are they using their existing technology to its full potential, including new sustainability reporting solutions provided by their existing enterprise resource planning (ERP) providers? In addition, what new solutions or technology—such as AI—could they leverage?

The use of existing and emerging technologies and solutions should streamline internal controls processes and bring together all the relevant stakeholders. The CFO should closely align with the CSO and CTO to ensure accurate data collection and seamless integration across systems, resulting in one reliable source of data. 

Although many companies have been voluntarily reporting sustainability information, metrics, and targets, it is increasingly becoming a regulatory and legal obligation; those charged with governance are increasingly expected, and in some cases required, to monitor sustainability information and ensure the right controls are in place. The European Union’s CSRD is an example of how much the reporting environment has changed, with full transparency now required rather than recommended when it comes to workers in the supply chain, human rights, climate change, and other environmental, social and governance concerns. And this is just one piece of the reporting ecosystem, with other standards and rules issued by the International Sustainability Standards Board (ISSB), the Securities and Exchange Commission (SEC) (currently stayed) and California, as well as additional country-specific requirements.

As regulators require compliance, companies must also respond to enhanced expectations from other stakeholders, namely investors. A recent global survey from PwC shows that investors want as much clarity as possible from businesses when it comes to sustainability plans. In order to measure progress against the commitment and targets set, the businesses themselves need information that is robust and reliable. 

So what should today’s senior leaders do to build upon the internal controls their businesses need for sustainability information? A lot of it is about the masking the right questions.

It’s not just in the best interests of any one business to ensure the sustainability information it produces is reliable, it’s in the best interests, too, of investors in the capital markets. It improves the way in which these markets are perceived and function. And that, in turn, results in better allocation of resources, efficient operations through better managed processes and, ultimately, cost efficiency. 

It has taken several decades to solidify financial reporting controls and systems. With the rapidly changing environment, it’s imperative that sustainability reporting reaches the same level as financial reporting in a much shorter time frame. This can be achieved by leveraging the strong foundations of financial reporting to provide markets and stakeholders with the sustainability information they can trust.