Just how reliable are those carbon footprints that many large companies have been publishing in their sustainability reports?  Even putting aside concerns about greenwashing, what about those nebulous Scope 3 GHG emissions?  As we all know, the SEC is now is the midst of developing a proposal for mandatory climate-related disclosure.  (See, e.g., this PubCo post and this PubCo post.)  The WSJ reports that “[o]ne problem facing regulators and companies: Some of the most important and widely used data is hard to both measure and verify.” According to an academic cited in the article, the “measurement, target-setting, and management of Scope 3 is a mess….There is a wide range of uncertainty in Scope 3 emissions measurement…to the point that numbers can be absurdly off.”

In one example described by the WSJ, a company was able to cut its GHG emissions in half in just a few years—“with a wave of a calculator.” The change came as the company “doubled down on driving accuracy” in its calculations, revising its Scope 3 emissions, which accounted for 97% of its total emissions for the year. The company’s original report published several years before indicated that its estimates might be off “by as much as 50 percent.”  In another instance identified by the WSJ, Scope 3 data relied in part on outdated numbers, using data from three or four years prior to the fiscal year of the report. (The company responded that the outdated numbers were not material to the total footprint and that it had updated other categories of emissions that accounted for an aggregate of 99% of the Scope 3 total emissions.)

One way that the SEC might address the issue of reliability is to require some type of assurance through an independent audit or attestation. The SEC’s request for public comment on climate disclosure requested views on how climate disclosures should be enforced or assessed and, if there were an audit or assurance process or requirement, what organizations should perform those tasks. In remarks this year to the Center for American Progress, then-Acting SEC Chair Allison Herren Lee indicated that verification of climate and other ESG disclosures, including potentially auditor attestation of sustainability reporting, was under consideration.  In her view, symmetry around ESG and financial reporting, such as through attestation, should be the “ultimate goal.”  (See this PubCo post.)   SEC Commissioner Elad Roisman, on the other hand, contended that companies may not be in a position to make some types of climate disclosure with much precision.  He cited as an example the difficulty of obtaining reliable information about Scope 3 GHG emissions, which depends on the company’s “gathering information from sources wholly outside the company’s control, both upstream and downstream from its organizational activities.” Companies may not be in a position to disclose that type of information with much precision. As a result, he expressed concern about requiring verification through an audit or an attestation. (See this PubCo post.)

The WSJ suggests that, based on current data regarding verification of climate information on a voluntary basis, audits may be a challenge.  According to the WSJ, many companies “don’t calculate Scope 3 at all. Those that do are generally forced to rely on estimates and assumptions. Likely holes in the data include suppliers who don’t measure their emissions and estimates of employees’ commuting patterns and how exactly customers use and then dispose of the products.” In addition, there is “no set standard for how climate data should be verified, or by whom.” What’s more, the WSJ reports, verification of ESG data “is generally less rigorous than the external audits required for financial reporting.”

A report from the Center for Audit Quality, cited by the WSJ, indicated that 95% of companies in the S&P 500 made available “detailed ESG information,” typically in a standalone sustainability or corporate responsibility report that is not part of an SEC filing.  The CAQ found that most of the remaining 5% of companies published “some high-level policy information” on their websites. Companies adopted or referred to different reporting frameworks to varying extents, and most referred to multiple frameworks (e.g., 146 companies referred to four frameworks in their reporting). The CAQ found that 371 companies referred to CDP (formerly known as the Carbon Disclosure Project), 362 to Sustainability Accounting Standards Board (SASB), 328 to Global Reporting Initiative (GRI), 239 to The Task Force on Climate Change (TCFD) and 13 to Integrated Reporting (IR).

According to the CAQ, just over half of the companies (264) in the S&P 500 had some type of independent verification of their climate data. Around 235 used an engineering or consulting firm; only 31 used an accounting firm.  In addition, the scope of assurance varied. The vast majority of assurance from engineering or consulting firms related solely to GHG metrics, with 123 covering only GHG, 79 covering GHG plus a select number of additional metrics (“GHG+”) and only 23 covering multiple metrics related to a broad range of topics. Assurance provided by public company auditors was generally broader, with nine related only to GHG emissions, 13 covering GHG+ and nine covering multiple metrics related to a broader range of topics. The standards employed also varied. Among audit firms, 27 applied the AICPA attestation standards, and four referenced the International Standard on Assurance Engagements 3000.  Among engineers and consultants, 162 applied ISO 14064-3 for greenhouse gases and 72 applied their own methodology, which they often indicated was based on ISAE 3000. 

Notably, regardless of the provider, the CAQ reported that the levels of assurance were, for the most part, not comparable to the levels provided in a financial statement audit. Among audit firms, 25 provided “limited assurance,” that is, they typically involved limited procedures and included reports that were framed in the negative—e.g., nothing has come to our attention to cause us to believe that the sustainability report has not been prepared, in all material aspects, in accordance with XYZ standards, or we are not aware of any material modifications that should be made to the schedule of sustainability metrics for it to be in accordance with XYZ criteria. Only two provided “reasonable” assurance (a positive opinion) and three were mixed. Similarly, among consultants and engineers, 174 provided “limited” assurance, 17 “reasonable” assurance, 17 “moderate” assurance and 15 were a mix.  Why the less rigorous levels of assurance? The engagement may provide only “limited assurance” because of time and cost constraints or, perhaps as explained by the Institute of Chartered Accountants in England and Wales, it may be because, in contrast to financial statements that are “extracted from a double entry bookkeeping system,” a non-financial assurance engagement may address a subject that is “less well defined and for which the control environment is far less mature and robust. For example, the calculation of a company’s carbon footprint may have been performed by an individual and the results collected on a spreadsheet and supported by files of memorandum information.” Nevertheless, limited assurances are sought and provided in other contexts, and, in this context, investors may well find that even limited assurances provide basic comfort. Moreover, climate reporting is still developing. As the dynamic changes and the control environment becomes more mature, will higher levels of assurance become more available?

Posted by Cydney Posner