Treadway Commission’s COSO framework should have always applied to ESG data

Research conducted by the US Institute of Management Accountants (IMA) shows that the most widely used internal control governance tool, the so-called COSO framework, was always intended to apply to both internal and external reporting of ESG data.

COSO is shorthand for the Committee of Sponsoring Organizations of the Treadway Commission, set up in the 1980s to combat financial fraud.

“The founding fathers and mothers of COSO back in 1985 had a lot of foresight. They did not know about SOX [the Sarbanes-Oxley Act of 2002] and all the frauds that preceded it but they said that the Framework was always meant to apply to non-financial data however [ESG data is] defined,” Jeff Thomson, CEO of IMA told Responsible Investor.

He added: “SOX possibly put COSO on the map but unfortunately typecast the COSO Framework as only applying to financial reporting data.”

The Treadway Commission’s work crystalized in the Internal Control Integrated Framework released in 1992, which a decade later was adopted as the tool to comply with SOX’s reporting requirements enforced as a result of the Enron accounting scandal.

IMA has been involved in an on-going thought leadership campaign to introduce sustainability reporting to its 100,000 global members using governance concepts and language they are familiar with, such as internal controls and enterprise risk management.

Part of this campaign is the research paper Leveraging the COSO Internal Control – Integrated Framework to Improve Confidence in Sustainability Performance Data, co-authored by Thomson, Robert Herz, a board director at the Sustainability Accounting Standards Board (SASB) and former Chairman of the Financial Accounting Standards Board (FASB) and sustainability consultant Brad Monterio (*).The authors pointed to SASB’s standards as “a key early step in the journey toward applying the Framework to sustainability performance data” as the standards provide “a starting point for organisations to narrow the universe of sustainability issues”.

The paper features eight case studies of organisations that represent “real-world applications of internal control to sustainability information”, among which is the California State Teachers’ Retirement System (CalSTRS).

CalSTRS’ Chief Investment Officer Chris Ailman is quoted in the paper saying: “Smart companies are starting to discuss the need to drop the boilerplate MD&A [Management Discussions and Analysis] language and present the material, verified ESG metrics to aid shareholders and management.”

Monterio told RI that comparability of ESG data is a huge problem as it tends to be more qualitative, forward-looking and judgement-based than financials.

Monterio said that “companies are adding narratives to their numbers to tell investors a more complete story” although at the expense of comparability and assurance of non-financial reporting.

“Over 80% of the value of a company is found off the balance sheet, a complete flip from the mid-70s,” he said, quoting research by consultancy Ocean Tomo.

Separately, COSO partnered earlier this year with the World Business Council for Sustainable Development (WBCSD) to provide guidance on how to apply COSO’s other framework on Enterprise Risk Management to ESG-related risks.

(*) Disclosure: Responsible Investor moderated a panel on this topic with the authors of the research paper at IMA’s 2018 annual conference in Minneapolis.