Google, Netflix, Salesforce, and Coca-Cola all use public company auditors to perform assurance on their environmental, social, and governance (ESG) information.
So do Verizon, UPS, and Johnson & Johnson. But those companies are the exception rather than the rule among the S&P 500, according to an analysis performed by the Center for Audit Quality (CAQ), which is affiliated with the AICPA.
Just 31 of the S&P 500 companies use public company auditors to perform assurance on their ESG reporting, according to the CAQ study. Meanwhile, 235 members of the S&P 500 used a non-audit firm assurance provider, and 236 did not get assurance on ESG information. (Note: The numbers don’t add to 500 because two companies used both an audit firm and a non-audit firm to provide assurance).
Nonetheless, substantial opportunities exist for CPA firms to perform ESG assurance in the future because of increased investor interest and regulatory focus, according to Dennis McGowan, CPA, vice president, Professional Practice for the CAQ.
“I think with the SEC’s focus on this and the likelihood that this information gets closer and closer to an SEC submission or filing, you could see an uptick in demand for assurance from public company audit firms,” McGowan said.
A recent global survey by AICPA & CIMA and the International Federation of Accountants showed that the United States is an outlier in this area. In many other countries in the Americas and Europe, an overwhelming majority of sustainability assurance is provided by audit firms.
That’s probably at least partly because these countries have more stringent regulations around ESG issues, whereas regulations in the United States are less mature. But that may be changing.
The SEC is exploring the possibility of proposing ESG requirements for public companies that would presumably include penalties for companies not in compliance. SEC Chair Gary Gensler has asked the Commission staff to develop a mandatory climate risk disclosure rule proposal by the end of this year. The SEC also endorsed Nasdaq’s move to require board diversity disclosures from companies listed on the exchange.
“The more we move from this market-driven system to a more regulatory-driven system and the information gets closer to the financial statements or the documents containing the financial statements, I think it makes sense for your public company auditors to be involved in the information,” McGowan said.
The finding that 13% of the S&P 100 (largest companies) used public company auditors compared with just 4.5% of the companies in the rest of S&P 500 also may be promising for public company auditors’ future with ESG assurance. Larger companies often lead the way in compliance exercises, with smaller companies following at a later date.
Other findings from the study included:
- Multiple frameworks used: Many S&P 500 companies referenced multiple reporting standards and frameworks, which they used to varying extents. The CDP (formerly known as the Carbon Disclosure Project) had the most commonly referenced framework with 371 mentions, followed by the Sustainability Accounting Standards Board (362), Global Reporting Initiative (328), Task Force on Climate-Related Financial Disclosures (239), and Integrated Reporting (13).
- Level of assurance: Of the companies that received assurance from public company auditors, 25 received just limited assurance; two received just reasonable assurance; three received some limited and some reasonable assurance; and one had a level of assurance that could not be determined from the company’s documentation.
- Assurance standards: Twenty-seven of the S&P 500 engagements completed by public company auditors were done under AICPA standards. Four were done under ISAE 3000 standards, and the standards for one engagement were unable to be determined. (One report referenced both AICPA and ISAE 3000 standards).
Ultimately, McGowan said, public company auditors stand to provide excellent investor protection in ESG assurance because of their robust independence framework, professional skepticism requirements, skills at understanding a company’s business, and audit firm quality control systems.
He said public company audit firms should be getting ready to do this work, and the road map resource issued by the CAQ and the Association of International Certified Professional Accountants, representing AICPA & CIMA, earlier this year provides details on how to perform this work.
When the SEC’s proposed disclosure requirements are issued, they will provide more clarity about the opportunities for auditors, McGowan said.
“What will those disclosures look like? Where will they be? And will there be some sort of assurance required over those disclosures?” McGowan asked. “Our profession will be prepared for those proposals.”
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.