Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Introduction

The Big 4 United States Accounting firms (Ernst and Young LLP; KPMG LLP, Deloitte LLP and PwC LLP) have developed their sustainability and social audit practice units in a substantial way over the past few years. The Big 4 Accounting firms were motivated to build these new practice areas based in large part on new guidance by COSO, the Committee of Sponsoring Organizations. In the United States, corporate stakeholders perceive added value when corporations demonstrate that they will commit to sustainability goals on an environmental or social level. The measurement and disclosure of these sustainability goals is not required to be reported under a standard format or required to be included with the filing of United States financial statements. There is a movement in the American community to demonstrate how sustainability goals have become a part of the fabric of the strategic goals of the corporation, and to follow this extended commitment to financial reporting of sustainability goals within an organization. One leader in this effort of increasing reporting of sustainability goals and adding disclosure metrics of sustainability goals to financial reporting is COSO, the Committee of Sponsoring Organizations, an organization that has gained strength in the years following the passage of the Sarbanes-Oxley Act of 2002. COSO released a white paper on sustainability risks and goals in 2013, and United States firms have responded by adjusting their outlook and practice based on this new guidance. We will examine the impact of this COSO paper on sustainability risk on corporate views of sustainability goals, and the related increase in emphasis of this practice area in the Big 4 firms.

Financial reporting and managerial accounting practices in the United States reflect the Generally Accepted Accounting Principles (GAAP), but United States GAAP does not have specific requirements regarding implementation of sustainability or social goals within a corporation. While typical disclosures within the financial statements indicate legally required compliance with environmental and other concerns, social and sustainability plans and audits are typically not disclosed. A recent paper by the Committee of Sponsoring Organizations (COSO), an American organization comprised of Accounting industry associations, advocates integrating sustainability goals and social audit practices as a part of corporate strategy. In addition, COSO encourages corporations to assess sustainability risk as an ongoing process in business planning, and monitor sustainability programs through social audit.

This chapter examines the white paper on sustainability risk written by COSO in 2013. The white paper seeks to advise corporations of practical ways that corporations may include sustainability goals as a part of the risk assessment process that is ongoing within a corporation. In addition, the white paper addresses benefits to the corporation, and seeks to demonstrate how moving sustainability goals into the overall strategy planning and risk assessment functions of a corporation can also achieve other synergistic efficiencies within the corporation. We will also examine the way that the sustainability practices within the Big 4 accounting firms have expanded in light of the new developments.

2 Background on COSO and Enterprise Risk Management

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control, and fraud deterrence, designed to improve organizational performance and governance and to reduce the extent of fraud in organizations. COSO is a private-sector initiative jointly sponsored and funded by five organizations: American Accounting Association (AAA), American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Management Accountants (IMA) and The Institute of Internal Auditors (IIA).

COSO was expanded as a result of the Sarbanes Oxley Act of 2002 (SOX). With so many American corporations looking for guidance on SOX compliance, COSO prepared a series of studies on how to implement better internal control systems. COSO advocates the use of Enterprise Risk Management (ERM), a systematic and global approach to setting strategies and assessing risks within the corporate environment. The ERM process includes an eight step process; assessing internal environment, objective setting, risk identification, risk assessment, risk response, objective setting, information and communication, and monitoring.

COSO’s work on sustainability includes a recent white paper, entitled “Demystifying Sustainability Risk: Integrating the Triple Bottom Line into an Enterprise Risk Management System.” (COSO White Paper, 2013) The concept is that corporations should include sustainability as a part of the ERM planning process and goals on sustainability should be included as part of the goal setting and audit process.

2.1 The Triple Bottom Line, ERM and Sustainability

The COSO White Paper starts with a discussion of how sustainability goals add value to the organization, by adding intangible value that is perceived by stakeholders and stockholders. This intangible value has been referred to as a “triple bottom line“. The COSO White Paper frames the issue in this way:

Intangibles Identify an Organization’s True ValueThe confluence of risks and opportunities associated with environmental, social and economic performance has made sustainability a strategic priority for companies as part of their overall business strategy. Measuring an organization’s environmental, social and economic performance is often referred to as the “triple bottom line” (COSO White Paper, 2013).

2.1.1 Integrating Sustainability Goals Within the ERM Process

The white paper takes the eight steps of the Enterprise Risk Management ERM process and describes how to incorporate sustainability and social goals into the ongoing ERM process.

2.1.2 ERM Step One: Internal Environment

The first step in the ERM process is an examination of the internal environment of the corporation, understanding the resources strengths and weaknesses of the current corporation. When an understanding of the internal environment is achieved, the corporation can identify risk tolerances and risk appetite, and specifically look at opportunities and risks associated with social and sustainability goals. Risk tolerances and risk appetite are set by the board of directors of the corporation; management must understand the risk appetites that are set by the board of directors and must adhere to these risk appetites when engaging in the everyday operations of the corporation. COSO indicates:

The internal environment reflects the tone of an organization and how it considers and manages risk. It sets the stage for what is defined in the corporate risk appetite, as well as related activities and decisions. Internal environment considerations should not simply be a summary of the status quo. Rather, it is an opportunity to proactively align and drive the organization. The internal environment should be the actualization of leadership vision and strategic aspirations (COSO White Paper, 2013).

The COSO White Paper notes that formalizing the risk appetite process allows the board of directors and management a unique framework to discuss issues regarding operational and strategic risk in greater detail than simply stating vague guidelines. This stage of formalizing risk appetites is an ideal time for the board of directors and management to discuss the integration of social and sustainability goals within the organization, to discuss feasibility, risk and benefit, and to consider alternative solutions for achieving social and sustainability goals. Formalizing risk appetites can identify and solidify the corporation’s commitment to achieving social and sustainability goals, by finding workable solutions to strategic challenges and identifying potential future issues in the overall processes of the corporation.

The vision and mission statements of a corporation may provide insight into the recommended decision making process, however, taking time to create a clear understanding of the risk appetites of the board of directors can provide substantial benefits in the operation and management decision making processes.

Although many organizations have an internalized set of assumptions that reflect the values and guidelines they use for their decision making, few have taken the step of defining their risk appetite. Formalizing the fundamental assumptions and preferences in the form of a risk appetite drives better alignment of risk and establishes a clear foundation for formulating practical risk tolerances (COSO White Paper, 2013).

For social and sustainability goals, a well-developed set of risk appetite guidelines can convey to management, the board of directors intent to prioritize strategies and processes that support and advance social and sustainability goals. The board of directors can also use the opportunity of the process of setting and explaining risk appetites to management, to fully explore stakeholder desires in terms of social and sustainability goals. A discussion of expectations and priorities in strategy for the board of directors, the management and stakeholders can help to clear up the direction necessary in the future decision making processes on all levels.

When formulating or reviewing the enterprise-wide risk appetite, organizations should also establish their sustainability risk boundaries. For example, a basic scenario analysis which tests the acceptability of various sustainability impacts to the organization can help set the tone for what sustainability risks the organization should or should not accept. Other approaches, such as comparing stakeholder expectations to current sustainability strategies and exposures, can help set the management tone by indicating the weighting applied to various considerations and potential impacts (COSO White Paper, 2013).

In a strategic plan, social and sustainability goals must be designed to incorporate many levels of an organization, and to integrate social and sustainability goals at each level and function of the organization as a part of the primary strategy development of the individual parts of the organization.

Organizations should also evaluate whether business sustainability should have its own strategy or be a part of the larger picture. We advocate that sustainability should be an embedded consideration in all organizational strategies and tactics rather than a stand-alone initiative. However, each company’s decision on this aspect will weigh heavily on the internal tone of its ERM efforts as it pertains to sustainability. Ideally, this should occur when an organization creates or updates the organizational strategy and related tactical initiatives. This aligns initiatives and work steps which, in turn, helps mitigate risk and reduce costs. For those organizations that only update their overall strategy on a periodic basis (e.g., every 5 years), it may be prudent to develop a sustainability strategy with the intent of integrating it into the overall organizational strategy during the next period of strategy update and renewal (COSO White Paper, 2013).

The overall goal of introducing the concepts of social and sustainability goals, at this early stage in the strategy and risk assessment process, is to create a holistic vision of social and sustainability goals as a part of the overall corporate strategy. At this early stage, the corporation emphasizes its commitment to social and sustainability goals, and it encourages all participants in the strategy making and risk assessment processes to take responsibility for these social and sustainability goals from the outset of the planning process. This ownership makes it easier to follow through with the same objectives throughout the whole operational process.

This requires considerable coordination to ensure that the sustainability strategy is not developed in isolation and then simply “tacked on” to the overall strategy (COSO White Paper, 2013).

The authors of the white paper also noted the importance of an examination of the external factors, the opportunities and threats in the external environment when formulating strategy and risk appetite. External environmental factors are important to success of operational strategies.

In addition to thinking about sustainability in the context of the internal environment, organizations may also wish to consider the external environment. Although not explicitly called out in this area of the COSO ERM Framework, external scanning is essential to truly connect a company’s internal environment to the world in which it operates. This is especially important relative to sustainability to accommodate a full range of business models and more fully account for the interaction and interdependencies of internal and external forces (COSO White Paper, 2013).

2.1.3 ERM Step Two: Objective Setting

The Second ERM step is objective setting; objective setting is critical to the measurement of desired outcomes, including social and sustainability audit outcomes. Objective setting must be informed by the considerations set out in the first step, internal environment. The COSO White Paper does not address the objective setting section of the ERM in great detail.

All ERM programs need to start with the basis of organizational objectives as the backdrop for risk considerations and management activities. This doesn’t change when considering sustainability objectives. Incorporating sustainability considerations broadens the range of possible risks that can impact organizational objectives. It can also serve to align potential exposures with the risk appetite and highlight risks associated with chosen strategies and pursuits (COSO White Paper, 2013).

2.1.4 ERM Step Three: Event (Risk) Identification

Risk Identification is the third aspect of the enterprise risk management cycle. Risk Identification is the process of choosing the risks with the highest impact to the operational system so that the corporation can be studied. The white paper suggests that all risks that have been analyzed by the corporation in the past should be reconsidered with a specific view towards the impact of implementing additional social and sustainability goals. It is important to analyze whether the additional steps required in the overall process to achieve social and sustainability goals create additional risk. At this stage, alternatives of different processes and methods to achieve social and sustainability goals can be explored. This additional risk presented by adding social and sustainability initiatives should be analyzed and compared to the risk appetites in the first part of analysis. The analysis and identification of risk based events is also significant for different levels and functions of the corporation and this impact should also be discussed.

Sustainability should be top-of-mind when considering risk identification as a whole, but particularly when comparing sustainability risks and opportunities against the full spectrum of a company’s risk universe and specific profile. At this level, sustainability can pose a higher-level impact, which subsequently defines how the organization evaluates the risks and opportunities (COSO White Paper, 2013).

Social and Sustainability issues can also provide an important reason to reprioritize examination of objectives and resource deployment. Re-examining original designations can be beneficial to overall success of newly created objectives.

Organizations need to evaluate all risk exposures relative to potential sustainability issues, as well as how those sustainability issues may impact other risks present within the organization. Organizations can then prioritize the issues within traditional considerations of impact and probability (COSO White Paper, 2013).

Risk identification should be a systematic process to determine materiality and priority, and sustainability should be incorporated in the levels of measurement of risk and impact. The idea is to make the measurement process as useful as possible by putting as much information about social and sustainability goals as possible.

Most risk identification scales include three to five impact dimensions, which are graduated from low (minimal) impact to high (catastrophic) impact. Organizations can integrate sustainability impacts into this scale to expand awareness and prioritize risks. For example, sustainability can be a component of identifying operational risk objectives by considering the type and level of effects sustainability events could present (COSO White Paper, 2013).

Operational evaluation and integration with social and sustainability goals should be examined and refined over time.

To gain a comprehensive view of the potential, possible and likely sustainability threats and challenges to an organization’s objectives, organizations should bring together both sustainability subject matter experts as well as the operational and strategic business content experts. Sustainability knowledge experts can identify and articulate interdependencies, unintended consequences and non-intuitive impacts stemming from social, environmental and economic considerations that often do not come to light in a traditional approach (COSO White Paper, 2013).

2.1.5 ERM Step Four: Risk Assessment

Once Risk Identification is complete, the corporation should seek to assess the probability and impact of the risk on the overall process; this is Risk Assessment. Risk Assessment requires examining the risks identified in the prior examination and determining what the likelihood of occurrence of the risk is and what the impact of the risk will be if it occurs.

Most organizations include a risk root cause and sensitivity analysis to understand the drivers and pathways of organizational risks. Because of the changing nature of company value perceptions, sustainability also provides an increased ability to further analyze risk by enabling a range of potential value impairment estimates tied to the changing perceptions of an organization. For example, by tracking reputational impacts linked to sustainability missteps (yours or another company’s), an organization can build a database that enables correlations and scenario modeling relative to stock impacts, top line revenue impairments and even market dynamics. This is an area that is rapidly developing and provides a valuable dimension to risk assessments (COSO White Paper, 2013).

Connecting social and sustainability goals with associated risks is critical so that materiality of risks can be determined. Connecting risks to other operational objectives and risks can be beneficial to the overall process.

However, it is important to note that sustainability discussions related to materiality can become complex very quickly. Often, there are a number of engaged stakeholders who want to influence which risks the organization should prioritize. In addition, it can be hard for organizations to accurately measure the impact a risk has on its sustainability initiatives. For example, an organization that treats the community in which it operates, or its employees, poorly, could expose itself to operations, financial and reputation risks (COSO White Paper, 2013).

A complete risk assessment also considers the extended effects of the identified risks, as an additional indication of materiality.

Because sustainability concerns extend beyond financial impacts, organizations would do well to also evaluate directional impacts. These may include the eventual impact actions or activities that do not present themselves as a discrete event, such as ignoring an emerging stakeholder group—the risk that those stakeholders gain influence over consumer sentiment and ultimately brand value (COSO White Paper, 2013).

2.1.6 ERM Step Five: Risk Response

Once the risk is identified and risk assessment is completed by understanding the probability of occurrence and the potential for damage as evaluated, Risk Response strategy must be formulated by the management. Risk response is an analysis of potential solutions to the problems that might be generated by the risk. Risk response must consider social and sustainability issues.

As noted earlier, risk responses should be tied to the drivers of risk and anchored in what is an acceptable range of solutions. Sustainability factors that form the core of an organization’s values can help frame what will or won’t serve as an acceptable risk response, and why (COSO White Paper, 2013).

Considering the impact of social and sustainability goals can be important to deciding on the nature and importance of risk responses; the more socially responsible solutions may have the greatest long term benefit even where the initial cost may be greater to the corporation. Choosing appropriate risk responses can also be important to the public perception of the corporation. Crisis management is important to the stakeholders of the corporation.

For example, if a key sustainability precept is protecting cultural history, artifacts or sites where it operates, then risk responses likely include production capacity issues, limitations on facility footprint or building height. Such self-imposed risk responses can significantly impact facility design, but can also provide positive impacts on how the market views the organization (COSO White Paper, 2013).

Proper communication with management is critical at this step. As decision makers, management must take a global and holistic view of the issues.

In addition to specific action planning, organizations should consider these factors when designing business cases or making investment decisions. For example, as an extension of the ERM process, all business cases may incorporate a section, or suite of questions that probe the potential sustainability impacts of the investment. Accordingly, a well-designed set of leading questions can enable management to identify and address potentially overlooked linkages and unintended consequences (COSO White Paper, 2013).

2.1.7 ERM Step Six: Control Activities

The sixth element of the enterprise risk management process is the creation of control activities. Creating effective internal controls is a collaborative effort between the board and management. Controls should be created as a timely indicator of the success of processes and in addition the study of the results of the controls can indicate the emergence of additional risk factors that might potentially be material threats to operations.

Sustainability resources, the controller’s office, operations and other relevant stakeholders can work closely together to develop policies and procedures that effectively execute risk responses. It is also important that the sustainability function collaborate with a wide range of stakeholders who thoroughly understand the risks and opportunities being addressed. Control activities should not be defined in a vacuum. Once internal controls are identified and implemented, they require continuous measurement, monitoring and evaluation to ensure effectiveness (COSO White Paper, 2013).

The Internal Audit process in existence prior to setting social and sustainability goals should be reviewed and revised to add reviews and controls relevant to the social and sustainability process. This reevaluation should make the overall control process stronger.

Internal audit and other control monitoring functions within an organization (e.g., legal, compliance or safety) can also perform audits to evaluate the effectiveness of sustainability practices, communication protocols and reporting initiatives. These audits enable the organization to obtain an independent analysis of the design and operating effectiveness of sustainability initiatives. They can also provide valuable recommendations to improve initiatives or activities based on emerging trends within and outside the industry (COSO White Paper, 2013).

2.1.8 ERM Step Seven: Information and Communication

Once the results of the evaluation process are over, the results must be communicated to the proper decision makers within the organization. Communication is necessary so that timely implementation of changes may be completed. Reputation management goals are closely connected with the communication of the information gained through the value process.

Information and communication are critical factors for managing risks and opportunities, particularly those associated with sustainability. We have already discussed the importance of communicating clearly and truthfully to avoid reputation risks. This same rule applies when communicating sustainability performance to investors and analysts through sustainability reporting (COSO White Paper, 2013).

The triple bottom line is connected with reputation management for a corporation. Accountability of corporate board and management on sustainability issues, through the triple bottom line or similar measurement formats is expected and important to corporate stakeholders. Stakeholders form a community and feel personally about the importance of corporate social and sustainability goals and objectives. Accountability about incorporation of sustainability practices is important to stakeholders.

Stakeholders within the sustainability ecosystem expect organizations to not only share their successes, but also their failures or areas of improvement. This expectation creates an element of reputational risk in the short term. However, in the long term, this risk is often outweighed by the benefits. These benefits include: better measurement of the organization’s triple bottom line performance, greater stakeholder trust, improved risk management and increased operational efficiency (COSO White Paper, 2013).

COSO has advised corporations about the benefits of identifying Key Performance Indicators (KPI), as a part of the overall risk assessment process. KPI are the optimal factors to measure to determine if performance goals have been successfully met. KPI make sure that the relevant items are being measured so that consistent and continuous improvements can be made. COSO has provided guidance on using these KPI as the basis for evaluating risk and strategic goals. KPI are the critical factors in evaluating operational performance.

Many of these benefits are derived from the internal processes and controls organizations put in place to help them collect, store and analyze financial and non-financial key performance indicators (KPI). Obtaining real-time, quality data on such issues as GHG emissions, water use and supply chain activities can help organizations enhance decision making, while reducing risks and enhancing opportunities (COSO White Paper, 2013).

Transparency in operations is a major consideration for corporations. As sustainability goals and reporting become the norm, stakeholders will demand more accountability from corporations on social and sustainability goals and related timelines. Stakeholders will want to understand the social and sustainability goals, and the level of achievement reached, in order to determine the overall commitment of the corporation and its board and management to achieve social and sustainability goals.

Choosing not to report on sustainability, by contrast, can increase reputation risks or limit opportunities. Organizations that do not release sustainability information may appear less transparent than competitors that do, and come across as laggards even if they are not. Furthermore, those that report incompletely, or with insufficient rigor, may find that if reporting becomes mandatory and standards are tightened, glaring discrepancies might appear between past reports and newer ones (COSO White Paper, 2013).

Overall, a constant and consistent sustainability analysis, with its examination of long-term benefits and challenges to the corporation, is an integral part of the risk management analysis. Timely analysis of sustainability goals can provide significant insight into improvement of business practices.

Internally, sustainability reporting is critical to decision making. It validates risk response effectiveness and overall sustainability performance. It can also identify changes to the risk environment, upon which business units can take action, and it can reflect changes to the organization’s overall risk profile (COSO White Paper, 2013).

2.1.9 ERM Step Eight: Monitoring

The true essence of the social audit is contained within the monitoring component of the ERM process. In this monitoring segment of the ERM process, we see whether social and sustainability goals have been added correctly within the process, whether social and sustainability goals have been prioritized and the overall success of achieving social and sustainability goals within the overall operational process. Social audit objectives are confirmed in the monitoring process as the fulfillment of objectives are measured and evaluated.

To ensure that an organization is achieving its objectives, staying within its risk tolerance threshold and satisfying stakeholders, it should constantly monitor and evaluate the sustainability activities it undertakes. Questions organizations should be asking as part of their measurement, monitoring and evaluation activities include:

  • Are activities or processes aligned to the corporate strategy?

  • Are they being executed in such a way to enable the business to better achieve its strategic objectives?

  • Are activities adding value in terms of risk awareness and understanding?

  • Are they agile enough to respond to changes in the risk environment as issues arise? (COSO White Paper, 2013)

The format of monitoring and the social audit implemented within the corporation will vary, and the process of social audit will be tailored and streamlined to fit the individual corporation’s needs. Several useful formats used in the evaluation process are the balanced scorecard, and a dashboard approach. The balanced scorecard provides financial and nonfinancial measures of success, analyzing financial, customer, operational and employee goals.

One approach organizations use to keep track of how well they are doing in their sustainability objective is the use of balanced scorecards. Using key risk indicators, organizations can plan, measure and monitor their sustainability risk management at each level of the organization. Management can then communicate this information using executive dashboards to senior executives and the board (COSO White Paper, 2013).

The usefulness of information provided in Social Audits depends on the timeliness of Social Audit information. Information must be provided to coincide with the times that processes are reviewed and strategic changes will be made. Management must also have confidence in the usefulness of Social Audit information and have a commitment to use of Social Audit report in critical decision-making processes.

In the end, the effectiveness of monitoring approaches lies in the timeliness, integrity and transparency of the results, as well as what is done with the results to manage sustainability initiatives and mitigate the corresponding risks. Having a scorecard alone doesn’t alleviate management’s responsibilities for monitoring sustainability performance. Rather, the scorecard should enable management to make decisions on how to improve performance and achieve a competitive advantage in the marketplace (COSO White Paper, 2013).

3 White Paper, Social Audit Practices and Competitive Advantage

The white paper closes with a reiteration of the practical benefits of using the triple bottom line and social auditing practices as a part of corporate strategy. “Organizations that choose to embed sustainability into a COSO-based risk management program can achieve the following competitive advantages:” (COSO White Paper, 2013)

First, the white paper shows a holistic view of the corporation reveals a strong connection between sustainability and strategy.

  • Alignment of sustainability risk appetite to the organization’s corporate strategy and the new world view of company value. Having a holistic view of sustainability risk that looks across the entire enterprise enables organizations to do a better job of anticipating and responding to issues as they arise (COSO White Paper, 2013).

Sustainability and Social Audits allow corporations a better understanding of the global environment in which they operate. This added level of review that a social audit provides improves operational performance because it allows familiar issues to be viewed in a new way.

  • Expanded visibility and insights relative to the complexity of today’s business environment. Embedding sustainability into an organization’s ERM framework enables the sustainability function to gain valuable insights regarding the sustainability risks the organization faces and the materiality of those risks. These are insights the sustainability function can then share with management and the board so that they have a clear understanding of the sustainability risks relative to the complexity of the business environment (COSO White Paper, 2013).

When corporations embrace sustainability, the corporation demonstrates that they find value in intangible and nonfinancial goals; and that the decision makers within the corporation understand the connection between sustainability goals and strategic success.

  • Stronger linkage of company values and non-financial impacts to the organization’s risk management program. Identifying sustainability risks and opportunities can be challenging. However, organizations that understand how to link them to their value drivers are better able to understand the impacts on the business in non-financial ways (COSO White Paper, 2013).

Using a “sustainability lens” is an additional level of review, and this additional level of review can provide definite benefits. The additional level of review that sustainability lens provides helps make strategy and operations more effective, comprehensive and innovative. Management must also incorporate a long-term approach for sustainability goals, and this long-term consideration can benefit other comprehensive program goals.

The implementation of this “sustainability lens” can also be a benefit as an aspect of reputation management, as stakeholders perceive a more aware and effective management team, a management that is in tune with social and sustainability needs.

  • Better ability to manage strategic and operational performance. Organizations can create competitive advantage by managing sustainability risk to improve business performance, spur innovation and boost bottom- line results. Companies that conceive their products or services through a sustainability lens will attract funding from external investors and boost stakeholder confidence. Sustainability as part of the value proposition is also becoming as relevant to market capitalization as innovation or R&D (COSO White Paper, 2013).

Finally, the Social Audit practices connected with sustainability help corporations to deploy capital in the most efficient way to achieve sustainability and systematic goals. The corporation can examine the benefits and multiple efficiencies achieved with effective capital deployment.

  • Improved deployment of capital. Organizations that have used the COSO ERM Framework to embed sustainability risk management practices have better opportunities to allocate capital more effectively—in ways that maximize capital efficiency or that send the right messages to stakeholders based on the organization’s corporate values and strategy, but in all ways enable the organization to reach its sustainability and, more importantly, its corporate objectives (COSO White Paper, 2013).

Corporations should strive for transparency in reporting and full disclosure should include social audit and sustainability goals. Demand for transparency in social and sustainability programs by stakeholder groups makes sustainability increasingly important for attention. Social and sustainability goals can be aligned with existing corporate policies. Incorporating the social goals with corporate policies is an important step to complete integration of the social and sustainability goals within the business process.

Overall, the white paper provides a good starting point for analysis and discussion of incorporating social and sustainability goals into the fabric of the organizational strategy of the corporation. In the future, COSO could address the process of objective setting in greater detail. Objectives should be tailored to include both the operational and related social and sustainability goals, and additional COSO guidance in this area would be beneficial.

American corporations have an opportunity to embrace sustainability fully by incorporating social audit into their Enterprise Risk Management systems. Although the current norm for strategic planning and financial reporting for American Corporations is to report on sustainability issues (other than required legal environmental compliance) separately from the annual financial reports of a corporation, integration of social audit practices and results into the financial reporting process will be a more holistic view of the operational and strategic success of a corporation. In addition, the process of examining and crafting sustainability goals will benefit the corporation by reviewing and refining existing processes. COSO’s work in the white paper provides an excellent starting point for corporate management to integrate these principles.

4 Accounting Firms Responses to COSO Guidance

Each of the big 4 United States Accounting Firms has incorporated the COSO White paper guidance into their sustainability practices; each firm also has been monitoring the sustainability marketplace in financial reporting.

4.1 Ernst and Young LLP

4.1.1 Sustainability Survey

Ernst and Young prepared a 2013 sustainability survey. The Ernst and Young survey examined how companies are responding to a wide range of internal and external forces related to environmental sustainability risks and how well companies are prepared to address them. The key results that were determined as a result of the sustainability survey were six trends (E&Y Sustainability Survey, 2013).

The six trends in Fig. 1 indicate that most corporations have not yet identified sustainability goals as a part of the overall business strategy. An Executive’s involvement is key to getting sustainability issues prioritized as a part of financial reporting (E&Y Sustainability Survey).

Fig. 1
figure 1

Six trends

Full size image

4.1.2 Executive Involvement

In addition, the Ernst and Young publications made the following observations on financial reporting and the connection with the involvement with the commitment of upper level financial executives.

“Companies that have a greater level of engagement from the CEO and the board have much closer alignment between what they voluntarily disclose (such as CDP and DJSI) and what they are mandated to disclose (such as 10-K filings). When the CEO and the board are involved, there is much greater alignment in risk identification and disclosure. While 22 % of surveyed companies indicated total alignment on both mandated and voluntary sustainability disclosures, 36 % acknowledge “total alignment,” indicating both a fully engaged board and CEO. Heightened CEO and CFO attention to sustainability reflects the gradual ascent of sustainability issues within the corporate risk register. C-suite involvement also underlines the growth of corporate sustainability as a strategic differentiator” (E&Y Tone from the Top, 2014).

At this stage, according to Ernst and Young the majority of companies have not prioritized sustainability issues as a part of strategic planning.

4.1.3 E and Y Vision 2020 Program

The internal sustainability commitment for E&Y as a corporation is a campaign with multiple facets, including a companywide initiative for sustainability. “Recently, the global EY organization launched Vision 2020. A global initiative, Vision 2020 details our purpose, ambition, strategy and positioning for building a better working world in four distinct categories:”

Clients. Through timely and transparent information, we provide help to build trust and confidence in the capital markets and in economies across the world. Through our professional services, we help our clients improve and grow, resulting in higher living standards and more opportunities for growing local economies. And through our Strategic Growth Markets practice, we recognize and help entrepreneurs, who are the key to economic health.

People. We are committed to a highest-performing teaming culture with great people who develop into future leaders; inclusive, borderless teams; and people who live our values. Our people support one another in pursuit of their personal best, and they possess an unwavering commitment to diversity and inclusiveness.

Communities. Our people support the wider marketplace and communities. Globally, we work with organizations such as the World Economic Forum (WEF). Locally, our people give their time, skills and knowledge to the communities in which we live and work.

Environment. We recognize that the biggest positive environmental impact we can have is by supporting our clients in their goals to operate more sustainably. We help our clients improve their environmental performance, lower costs, manage risk and increase transparency. We also recognize our own environmental responsibility.

As such, we continue to challenge ourselves to work in a more environmentally responsible manner and find new ways to reduce our carbon footprint by engaging with our stakeholders.

Although we have launched Vision 2020, we are only at the beginning of our journey. We have a lot of hard work ahead to execute on our Vision 2020 objectives and fulfill our commitment.

In a world filled with uncertainty, our role in the years to come is to support our clients, our people and our communities in making the right decisions. EY is working toward a better working world every day, and we are committed to doing all we can to achieve it” (E&Y Vision 2020).

The Ernst and Young sustainability practices incorporated in the Vision 2020 program demonstrate the internal commitment of the firm to sustainability principles (E&Y Americas Sustainability Report, 2013).

5 PwC

5.1 PwC Strategic Sustainability Practice

PricewaterhouseCoopers (PwC) has a Strategic Sustainability practice that integrates the COSO white paper principles. The PwC description of the practice notes:

As sustainability moves up the boardroom agenda, it is increasingly being integrated into corporate level strategic planning. Management now needs to balance increased regulation, protecting the brand and ensuring stable supply chains with seeking opportunity for enhanced performance and using the sustainability agenda for strategic advantage (PwC Strategic Sustainability).

PwC consulting offers an integrated approach to different levels and aspects of sustainability planning:

“Developing and integrating a detailed sustainability vision into your long-term strategic plan in a way that creates lasting value whilst also building public trust is a common challenge for all types of organisations.

We can help you to:

Identify your issues and goals to determine where the pressures are likely to be and raise awareness of what needs to happen to make your business more sustainable.

Prioritise these issues from both a sustainability and commercial point of view. This will help you recognise and better manage risk, improve efficiency, revenue potential, growth and other opportunities.

Map the short and long-term ambitions for your sustainability vision, assess the risks, and address any gaps in delivery.

Support the alignment and integration of your sustainability vision into your overall corporate strategy.

Develop and deliver a robust sustainability programme that includes prioritised initiatives, enablers, milestones, key performance indicators, and measurable targets” (PwC World Watch Sustainability News, 2014).

As noted, the PwC consulting covers long and short term priority goals integrating sustainability goals at all levels of strategic planning and implementation goals. There is also usage of mapping and KPIs to monitor effectiveness of sustainability initiatives.

5.2 Social Value v. Shareholder Value

Studies prepared by PwC also note that upper level executives are motivated by both shareholder value on the long and short term, and by the desire to leave a legacy of social values for the corporation (Preston, PwC Social and Shareholder Value, 2014).

6 Deloitte

6.1 The Era of Sustainability Reporting

Deloitte’s sustainability practice is anchored by a study entitled “the Era of Sustainability Planning”. Deloitte has combined the information gathering into an environmental, social and governance (ESG) component.

“During the past few decades, the primary drivers of business value have shifted significantly. Formerly, capital market performance most closely tracked an organization’s tangible assets, but today’s markets are more strongly correlated with intangible assets in the form of goodwill or brand equity, which can include research and development, brand, reputation, management of external social and environmental factors, and social license to operate. Many feel that traditional financial metrics may not effectively capture a company’s long-term value creation potential, but rather serve as indicators of short-term performance. This shift in value drivers and a broader recognition of the importance of environmental, social, and governance (ESG) performance have been accelerated by market forces demanding greater transparency by companies. In addition, there has been an increase in initiatives to promote and, in some instances, enforce more structured ESG reporting” (Sullivan Deloitte Internal Audit, 2014).

The Deloitte ESG practice area is devoted to incorporating sustainability issues and metrics into long term corporate goals.

6.2 Deloitte Studies Shareholder Value and Sustainability

Deloitte also emphasizes the shareholder value that is perceived by identifying social goals.

Sustainability has also made it to the top of shareholders’ agendas. In 2013, the number of social and environmental policy proposals filed has grown to comprise the second largest proportion of shareholder-sponsored proposals (after proposals focusing on corporate governance). Many companies are responding to the proposals by publishing sustainability reports and shedding more light on their approach to social and environmental issues raised by shareholders (Sullivan Deloitte Internal Audit, 2014).

7 KPMG’s Internal Sustainability Goals and Reporting

7.1 KPMG Corporate Incentives “Sustainable Firm of the Year”

KPMG’s internal sustainability initiatives received an award for excellence. KPMG highlighted its efforts”

In securing the repeat award for “Sustainable Firm of the Year”, the KPMG Global Citizenship team demonstrated KPMG's global leadership across a range of corporate sustainability initiatives.

Highlights include the Global Green Initiative for environmental sustainability, which has seen KPMG firms meet aggressive goals in reducing emissions and increasing energy efficiency, while KPMG’s Climate Change and Sustainability Services (2014a) was recognized by the 2013 Verdantix Global Sustainability Leaders Survey: Brands, which scored KPMG highest among all organizations on brand preference for sustainability assurance services.

Other sustainability initiatives highlighted included the KPMG Global Development Initiative, which is focused on helping find sustainable solutions to global and local poverty issues. The IAB Awards judges took special note of KPMG’s dedication to new corporate citizenship initiatives across its network, offering thought leadership, research projects as well as internal initiatives making the organizations increasingly sustainable worldwide (KPMG IAB Award, 2014b).

7.2 KPMG Provides Consulting Services on the Journey to a Sustainable Business Model

In advising clients how to integrate sustainable practices into their business strategy, KPMG advocated the following six part model in Fig. 2 to integrating sustainability into the strategic business plan:

Fig. 2
figure 2

Six phase model

Full size image

Conclusions

The Big 4 Accounting firms in the United States have identified sustainability reporting as a priority. The growth of the sustainability practices reflects the guidance of the COSO working paper and this change in view will solidify sustainability planning practices in internal control and social audit in the United States in future years.