Larry Bradley, Leadership | 22 December 2022
As I have written before, quality corporate reporting is the lynchpin of the capital markets that enables investors and stakeholders to make informed decisions. It’s the foundation on which our financial system and capital markets depends.
Now, the situation is beginning to get more complex as the scope of decision-useful information expands to include ESG. Decision makers will likely rely on an increasingly integrated mosaic of information. It’s something that’s coming at us fast – for example, the International Sustainability Standards Board (ISSB) issued its first standards for sustainability-related reporting in June and the European Commission adopted the European Sustainability Reporting Standards in July. More are being developed, both nationally, regionally and globally.
This time marks an important juncture at which to stand back and reflect on the responsibilities that auditors and preparers respectively have to help ensure quality reporting: what guiding principles should be at play?
Assurance provider responsibilities
Auditors have long served the public interest by providing independent assurance on companies’ financial reporting. In time, ESG reporting should be subject to the same quality and rigor of assurance as financial information since it will have an integrated impact on investor decisions.
That is why auditors and any other ESG assurance providers must operate to consistent high standards and be subject to the same rules surrounding quality and consistency, whoever they are. For example, we believe that requirements around basic education, knowledge of relevant standards, continuing professional education, systems of quality management, and independent oversight should apply consistently to all assurance providers—large or small.
Assurance providers must rise to the challenge – investing in the necessary tools and techniques and developing the skills and experience of their teams including, where needed, partnerships with niche service providers related to the sustainability agenda.
Preparer responsibilities
Preparers also have unique and vitally important responsibilities. Only they can implement the systems, processes, controls, and governance that are key to preventing material misstatements in their financial reporting - versus detecting them.
Many leading economies enforce that responsibility by requiring a company’s senior management or directors to certify that the company has maintained effective internal controls over its financial reporting (ICOFR). At the largest companies, an auditor then independently tests whether effective internal controls were indeed maintained.
We support expansion of that approach, and so do many others. Academic studies and real-world experience over two decades show that emphasising and enforcing the preparer’s responsibility for ICOFR can improve audit quality while significantly reducing companies’ cost of capital1. We acknowledge that the scaling of such an approach is important, and various scaling approaches could be viable or warrant exploration.
Like other forms of non-financial reporting, we believe that listed entities should be required to maintain controls and procedures to ensure that ESG disclosures are recorded, processed, summarized, and reported in a timely way. However, companies—particularly those that are already subject to ICOFR regulation—may wish to go further and implement internal controls that put the quality of their ESG reporting on an equal footing with their financial reporting.
Market choice and scope
Then there are important questions over who does the work. We believe that audit committees should be free to appoint whoever they deem best suited for their audit and assurance work, whether that is multiple providers or one provider. Audit committees are generally best positioned to consider their company’s unique risk and cost profile.
From our standpoint, there are strong quality (and efficiency) benefits to having a single audit or assurance firm. Being able to see the full picture across the financial and non-financial domains leads to better, deeper and more joined-up assurance consistent with an integrated reporting concept. I would call out the following points:
- Financial statement auditors have long been called upon by market participants to provide “comfort” letters and other assurance when companies raise capital or issue new shares. This recognizes that knowledge gained in the audit can uniquely reduce users’ risk from adjacent reporting.
- Stakeholders and investors want enhanced ESG reporting so they can more efficiently price companies’ risks and opportunities. They cite related downstream questions about impairment, accrual, and other financial statement impacts. We believe that a single auditor is best positioned to verify that integrated corporate reporting is internally consistent.
- The same systems or ERP will commonly be utilized in the preparation of both financial and non-financial disclosures. The assurance provider should understand those systems, processes, controls and governance in order to assess their quality and compliance with reporting rules.
- Finally, providers of ESG assurance must be appropriately independent and objective of the companies they are providing such assurance on – independence has long been the bedrock of the audit profession. And such assurance is subject to the requirements of the newly effective ISQM-1 governing a system of quality management.
We also believe that proposals to mandate a joint or shared audit approach would artificially fragment the auditor’s view of risk and unduly complicate an effective response. Academic studies on such dual auditor structures indicate that they are as likely to hinder audit quality as to enhance it. Even proponents of dual auditor structures acknowledge that they would increase cost without evidencing how they would enhance audit quality.
Working in alignment
Both preparers and auditors have distinct responsibilities for the quality of corporate reporting and each must play their part.
As the picture now becomes more complex with the increasing integration (and growing volume) of ESG information, I believe that, working with aligned objectives to meet the public interest, and with the right regulatory framework in place, a system can be created to underpin the credible, trusted and high-quality corporate reporting the markets require.
1 An academic study (Ashbaugh-Skaife et al, 2009) found that the cost of equity for companies with effective internal control was 50 to 150 basis points lower than those with ineffective internal control. A more recent study (Oxera: da Silva and Williams, 2022) found that companies subject to either Italian or US internal control regulations had a cost of equity that was approximately 100 basis points lower than companies in other (non-Italian) European companies, where comparable internal control regulations do not exist.
- ASHBAUGH-SKAIFE, HOLLIS, et al. “The Effect of Sox Internal Control Deficiencies on Firm Risk and Cost of Equity.” Journal of Accounting Research, vol. 47, no. 1, 2009, pp. 1–43, https://doi.org/10.1111/j.1475-679x.2008.00315.x.
- da Silva, Luis Correia, and Ryan Williams. An Analysis of the EU Governance Framework for Corporate Reporting, 30 Nov. 2022, www.oxera.com/wp-content/uploads/2023/02/Oxera-EU-governance-framework-for-corporate-reporting-30-November-2022.pdf.