Month: December 2020

If NFR data and information is so important to so many stakeholders … shouldn’t it be right? As stakeholders make more – and more important – decisions based on ESG data, audits can add confidence to the quality and reliability of the information.

Auditing is an excellent tool to get greater comfort over processes, controls, data, information – whatever is identified as areas of risk, and for audit objectives. Assurance (always done by an external entity) provides even greater comfort to external stakeholders.

 

DHC has performed many audits of NFR, each tailored to be fit for purpose.

• Audits (“second line”) for EHS, systems & controls, and/or contents of Non-Financial Reports (ESG)
• Advisor to Internal Audit (“third line”) with ESG focus
• Lead or advise to external assurance (“fourth line”) of NFR, including conflict minerals
• Senior advisor (ESG, audit) to monitorships working on behalf of the US Department of Justice

DHC supports external assurance firms as an ESG specialist.

The Institute of Internal Auditors developed the “Three Lines (of Governance)” model over 15 years ago; it has become widely adopted and referenced.  Mr. Hileman has experience in all three lines – plus a bonus fourth! – unmatched by few in the professional services field.  Second line is corporate management and internal topical (EHS) auditing; third line is Internal Audit (reporting to the Board).  DHC suggest that external assurance (e.g., financial audits) are yet another wave of governance – a “fourth line.”  Mr. Hileman has supported financial audits, and conducted external assurance per the SEC’s conflict minerals rule.  Mr. Hileman served as the senior environmental management and audit specialist on the Volkswagen Monitor Team; this is yet another type of governance.

Throughout it all, DHC retains the perspective from roots in facility operations and compliance – the first line.  The hands-on experience on night shifts and weekends provides distinctive experience to drive simple, practical solutions and procedures.  Applying these perspectives to the complicated and dynamic area of NFR helps clients go further, faster, and more efficiently.

DHC’s experience on all sides of this issue make for distinctive perspectives that add value.

• Environmental, Health & Safety
• Non-financial reporting and financial reporting and disclosures
• Program design and implementation
• Advisory and (external) assurance
• Compliance and risks

What’s an audit?  An audit is a comparison of an “actual” to any “standard” using a structured, documented process, with the intention of looking for conformance or gaps.  Identifying the “standard” (also “audit criteria”), understanding the “actual”, and defining and documenting the process are easier said than done.

The very notion of “compliance” has changed, with ESG compliance changing fast.  This poses risk – to operations, compliance, content of [financial and non-financial] reports, and business reputation.  Climate change, ecosystems and biodiversity, product content, microplastics, circular economy, human rights – these issues and more have increased in visibility and importance.  Governments have passed new laws and regulations.  These may be the most visible (and pose the risk of enforcement), but they are hardly the end of the story.  Industry groups, customers, investors, and other stakeholders have established their own standards and expectations.  Losing market share can be more costly than a regulatory fine.

Co-sourcing adds value.  Audits cost money; as much as Management wants to mitigate risk, they would usually prefer to devote this money to operations.  In co-sourcing arrangements, DHC leverages our experience, bringing perspectives from different types of audits, collecting and evaluating evidence, reporting methods, and options for corrective measures.  Co-sourcing also serves as a coaching opportunity.

When you’re ready for an audit, you’re ready for anything.  DHC helps clients prepare for high-profile, high-stakes audits.  Audit results can make the difference between hefty fines and penalties, or a clean bill from regulators.  Or the difference between closing out onerous obligations under a contract or agency enforcement agreement, and requirements for additional actions and an extension of oversight.  Or the difference between acceptance and rejection by a prospective new customer, or a socially-screened investment fund.  DHC has helped Clients achieve successful outcomes, allowing them to return to their business – which often runs more efficiently based on our input.

“What gets measured gets done.”  NFR is particularly challenging;  reporting metrics track activity, but stakeholders clamor for impact.

NFR frameworks provide many suggestions for organizational performance.

DHC helps organizations with systems and controls to improve the rigor of NFR data and information.  DHC also helps organizations with performance evaluation and improvement of the NFR/ Sustainability programs themselves.

DHC has developed and reviewed strategies for ESG performance measurement and reporting.  DHC understands that performance metrics should be tailored to those who need them; Senior Management may need a few things, but department managers may need more information for their areas.

Mr. Hileman authored thought leadership for the Institute of Internal Auditors on measuring performance of Environmental, Health & Safety (EHS) auditing programs themselves.

DHC has helped companies identify and implement performance measures to reduce incidents, improve operations, and reduce costs.  DHC includes focus on leading indicators in these efforts, rather than solely relying on lagging indicators.  If compliance violations or incidents have already happened, it’s too late to do much about them.

SASB is a good place to start for ESG performance indicators.  SASB’s mission was to develop a framework to encourage reporting in ESG parameters that would be material to investors.  Michael Bloomberg, former SEC chairs, FASB directors and others with relevant leadership positions have all supported this effort.  SASB used existing securities law and precedents.  With the bar set this high, companies would do well to begin here.  Companies should ensure that systems and internal controls are rigorous, and the data and information can be supported.

Benchmarking – useful or a red herring?   Without fail, as DHC has worked with Clients on ESG performance management and reporting, the first question is “what is everyone else doing?”  This is valid – to a point.  Benchmarking provides a view of what other companies are doing.  Companies should select who they benchmark against with care.  Benchmarking information has two inherent limitations.  First, information is dated.  Companies report on what they have done; whereas the Client is using information to plan for the future.  Second, companies may paint an overly rosy picture when they respond to benchmarking requests.  Nobody wants to show their dirty laundry.  Benchmarking data will not provide real problems, or the challenges that companies are likely to face.  Experience in developing or auditing ESG programs (such as DHC’s) can help interpret benchmarking information.

Stakeholders could do more – much more – to reward top ESG performers.  DHC has seen Clients overwhelmed with information requests, and answer to multiple auditors.  DHC has seen companies consider many demands for improved performance and reporting, on topics including those of universal concern (climate change, greenhouse gas emissions), and pet issues from a stakeholder group.  Companies can be targeted for boycotts or investment divestitures for ESG performance some stakeholders regard as insufficient.  The opposite rarely holds true.  If companies heard more comments like “Our fund bought 10,000 shares of your stock because of your actions on climate change”, this would provide a carrot for further performance.  Similarly, if companies heard “We are removing these 10 products from our future orders because if the packaging is not yet sustainably sourced and entirely biodegradable”, this would be a tangible stick to motivate companies to take ESG more seriously.

IT solutions are essential for environmental management.  Few – if any – can be used directly off the shelf to achieve compliance or efficient operations.  All must be tailored for purpose.  IT, Operations, and Environmental don’t talk the same language.  DHC has identified this as a root cause of problems in several audits.

Management must have appropriate, reliable information on ESG topics to evaluate performance, consider needs, and steer resources to enable achievements of goals and objectives.

ESG information is developed for many purposes – regulatory compliance, industry standards, customer commitments, and investor requests, to name a few.   Each channel presents its own risks and opportunities.  This poses challenges to ESG leaders, Compliance leaders, Risk Management and others for internal Management reporting.

DHC helps clients with NFR programs, systems and controls that organizational Management needs to meet the needs of various departments.

These include:  Compliance; Environmental; Finance; Human Resources; Investor Relations; IT; Legal; Management (senior, divisional, functional); Operations; Procurement; Quality; Real Estate; R&D; Risk Management.

DHC also helps clients differentiate between internal non-financial reporting for:

• Routine reporting
• Non-routine reporting