ESG Puts Audit Committee Oversight of Management’s Disclosure Committee in the Spotlight

By Patrick A. Lee


Audit Committee ESG Online Article

Demands for higher quality environmental, social, and governance (ESG) disclosures—particularly in the US Securities and Exchange Commission’s (SEC) climate proposal—should prompt boards and management teams to reassess and adjust their governance and oversight of ESG risks and disclosures.

As investors, regulators, ESG rating firms, and other stakeholders seek ESG information that is accurate, comparable, and decision-useful, clarifying the role and responsibilities of management’s disclosure committee, including coordination with any related ESG disclosure and control activities at the company, should be front and center.

In light of SEC proposals for climate and cybersecurity disclosures, anticipated proposals on human capital disclosures, recent ESG-related SEC enforcement actions, and shareholder proposals on an array of ESG issues, companies require robust systems and procedures to collect and maintain high-quality ESG data. Adding to that challenge, such data is often dispersed across the organization and the SEC’s climate rule would require collecting new data, some from third parties (e.g., for scope 3 emissions, including determining whether scope 3 emissions are material). We’re also seeing companies’ customers demanding this data for their own reporting.

This presents an opportunity—if not an imperative—for audit committees to reassess the role of management’s disclosure committee in maintaining ESG disclosure controls and procedures (DCP), both for ESG disclosures contained in SEC filings and for voluntary ESG disclosures in sustainability reports, on websites, or elsewhere outside of SEC filings.

To that end, we highlight five areas of focus:

The disclosure committee’s role and responsibilities, including coordination with cross-functional management ESG team(s) or committee(s). Many or most public companies have management disclosure committees that are responsible for evaluating the company’s disclosure controls and procedures for disclosures required in SEC filings. Given the SEC’s climate disclosure rulemaking proposal and increasing demands for ESG disclosures generally (voluntary and mandatory), many companies have been assembling or expanding management ESG teams or committees charged with managing a range of ESG activities, including preparing for the SEC climate disclosure rules by, for example, identifying and recruiting climate and ESG talent and expertise, developing internal controls, and putting in place technology and systems.

There can be potential overlap and confusion as to the responsibilities of management’s disclosure committee and management’s ESG committee(s); structures are evolving and may be company specific. The experience and existing DCP of management’s disclosure committee may be leveraged for gathering, verifying, and reporting ESG data, and in the maintenance of related DCP. However, a management ESG committee may also have responsibilities for gathering, verifying, and reporting ESG data, particularly for voluntary sustainability reports. Clarification of committee structures and responsibilities is critical, and committee charters may need to be updated. As a baseline matter, ESG disclosures should be reviewed with the same rigor as financial disclosures.

In reassessing the responsibilities of management’s disclosure and ESG committees, it is important to consider the company’s global ESG and climate reporting, both mandatory and voluntary, under various standards, such as those of the International Sustainability Standards Board and the proposed European Sustainability Reporting Standards. The scope of these disclosures may be more extensive than, or otherwise differ from, those required by the SEC, with different definitions of materiality.

Composition of management’s disclosure committee. As recommended by the SEC, management disclosure committees have historically comprised the company’s principal accounting officer, general counsel or other senior legal officer responsible for disclosure matters, chief risk officer, chief investor relations officer, and other officers and employees as appropriate. Depending on the nature, size, and complexity of the business, other members may be essential, such as a senior mergers and acquisitions executive, a senior human resources executive, senior executives from each major business unit or geographic region, and the chief audit executive.

Given the SEC’s climate proposal and the intense focus on ESG, companies should consider expanding management’s disclosure committee to include appropriate ESG functional leaders, including the chief sustainability officer, chief diversity officer, chief supply chain officer, or chief information security officer.

Of course, there may be concerns that expansion of the disclosure committee to include so many functional leaders may make the committee unwieldy, in which case these ESG functional leaders might form a subcommittee of the disclosure committee. The key is that the activities of the disclosure committee and the subcommittee (or ESG functional leaders in the absence of a subcommittee) be closely coordinated.

DCP around voluntary ESG disclosures. Given increasing stakeholder demands for information regarding ESG risks, opportunities, and activities, many companies are providing information regarding their ESG activities in sustainability or corporate social responsibility reports. According to a KPMG study, 98 percent of the top 100 US companies by revenue issued sustainability reports.

For voluntary ESG disclosures contained in these reports (and not included in SEC filings) the SEC requirement for the maintenance of DCP does not apply; nonetheless, a company would still be subject to the anti-fraud rules and potential liability for false or misleading statements, as well as run the risk of public relations harm even for inaccurate statements that may not be material.

Given stakeholder demands for high-quality ESG data, coupled with growing risks associated with voluntary ESG disclosures and commitments, audit committees should task management’s disclosure committee and ESG committee with building robust DCP around the company’s voluntary ESG disclosures so that the company reviews voluntary ESG disclosures with the same rigor as financial disclosures.

Preparation for proposed SEC rules on climate disclosures. Unlike the principles and materiality-based disclosures, the SEC’s proposed rules would require detailed disclosures in a number of areas, including oversight and governance of climate risk by the board and management; the impacts of climate-related risks on the business, financials, strategy, business model, and outlook over the short, medium, and long term; processes for identifying, assessing, and managing climate-related risks; historical greenhouse gas emissions data (scopes 1 and 2, and in many cases, 3), with third-party assurance; climate-related targets and goals, if set; and financial statement disclosure on the financial impacts of physical and transition risks. The proposed disclosures would phase-in. If the proposal is adopted in 2022, large accelerated filers would not be subject to the rules until filings made in 2024 that include 2023 financial statements.

An analysis of the proposed rules is beyond the scope of this article, but the proposal is highly controversial, and the SEC received a significant volume of comments on the proposed rules. Given the scope of the undertaking, audit committees should encourage management’s disclosure committee to prepare now by working with management’s ESG committee to assess management’s path to compliance and closely monitoring the rulemaking process. Even if the SEC rule were struck down on appeal, investor and stakeholder demands would require more extensive disclosure.

Expansion of management’s sub-certification process to support CEO and chief financial officer (CFO) quarterly certifications regarding design and operational effectiveness of disclosure controls (including internal controls) and procedures. Management’s disclosure committee supports quarterly CEO and CFO certifications as to the effectiveness and design of the company’s internal controls and DCP that are required by section 302 of the Sarbanes-Oxley Act. The disclosure committee typically maintains a sub-certification process involving cascading sub-certifications from employees regarding the company’s internal controls to support the CEO and CFO certifications. Given the intense focus on ESG disclosures as well as the scope and detail of the SEC’s proposed climate disclosures, the sub-certification process should be expanded to obtain new ESG-related sub-certifications. This may require obtaining sub-certifications from employees who have not had experience with SEC disclosures. As a result, more education will be required, together with additional staffing and skills.

Patrick A. Lee
Patrick A. Lee is a senior advisor with the KPMG Board Leadership Center.

KPMG is an NACD strategic content partner, providing directors with critical and timely information, and perspectives. KPMG is a financial supporter of the NACD.