Notwithstanding the prevalent ESG backlash in the U.S., companies still face pressure, from a variety of sources, to present and substantiate their sustainability credentials. One question with respect to sustainability from the accounting perspective is who will provide assurance for sustainability information and under what conditions? In the following guest post, Jim Peterson examines these issues about assurance for sustainability reports. Jim is an American lawyer and a 19-year veteran of the in-house legal group of Arthur Andersen. His international practice concentrates on the accounting profession’s practice quality, regulatory issues, and litigation and disputes. He is also the author of the Re: Balance blog. I would like to thank Jim for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Jim’s article.
******************************
Advocates for expanded Sustainability reporting are having a global moment. As put by the panelists in a fulsome discussion re-printed in the June 2024 issue of the Accountability in a Sustainable World Quarterly (the “Panel”):
“Of the largest companies in the world, over 95% are reporting ESG, of which about two-thirds are obtaining some assurance…. (and there are) three major assurance standards: the International Standards on Assurance Engagements (ISAE) by the IAASB, AA1000AS coming through from AccountAbility, and the International Organization for Standardization, the ISO.”
The Sustainability train is gaining both speed and momentum. Anyone standing in its path may be left for roadkill. But a prudent perspective on the impending risks for assurance providers suggests that a flagman on the berm should raise a yellow caution flag.
Recognizing “the need to take into account the danger of having information assured,” the Panel cracked open a door to expose a great gap in the dialog. Namely, while Sustainability assurance can be provided, under what limits and conditions should it?
For Context
The goals are worthy, the opportunities for the accountants to provide value are open-ended, and the broad endeavor deserves support. However, I bring a law practice perspective focused on their large-scale legal exposures – litigation and regulatory. Seeing the profession at its best, I have been in close proximity to many of its lowest moments and its gravest threats. That includes its persistent and costly inability to solve the conundrum often expressed about unruly children: “when you do good, nobody remembers; when you do bad, nobody forgets.”
Neither a pessimist nor a cynic, I observe that for the profession to achieve the Sustainability participation to which it legitimately aspires, it must confront, at a level not so far observable, the very real threats that could outweigh either its readiness or its ability to survive the potential for catastrophic consequences.
Sustainability-Based Exposures are Already Here
History’s lessons rest on the volume and scale of decades of claims based on allegedly deficient financial statement audits, and the inability of companies and their auditors to meet the investing public’s “expectations gap.” A sampling from this century alone is daunting enough: Enron, WorldCom, Adelphia, Parmalat, Carillion, Wirecard … and the list goes on.
In the same way, it is inevitable that a non-zero number of Sustainability reports and their related assurance opinions will go wrong, of which some will inflict harmful consequences of dramatically large magnitude. When they do, especially those reaching an audience in the capital markets who will claim reliance, the cries for accountability will echo the too-familiar plea – “Where were the auditors?”
Although most Sustainability reporting and assurance will be non-problematic, the exceptions are already visible. A list that will only grow in both length and scale has drawn the hostile attention and sanctions of regulators and litigants, even ahead of the arrival of assurance opinions:
- On March 28, 2023, the SEC announced its agreement with Brazilian mining company Vale S.A., by which the company would pay $ 55.9 million to settle claims of false and misleading disclosures about the safety of its toxic waste dams prior to the January 2019 collapse of the Brumadinho dam that killed 270 people.
- As announced by the SEC on September 25, 2023, the Deutsche Bank-controlled investment firm DWS agreed to pay $ 25 million to settle charges of green-washing its ESG disclosures and anti-money laundering policies.
- Investor class actions commenced in 2023 continue against ATT and Verizon, asserting damages in the billions, for claims that the telecommunications giants misled investors about the environmental risks and hazards posed to workers and the general public by the miles of lead-shielded cables long buried underground and abandoned rather than exhumed and removed.
- As discussed in the D&O Diary for August 8, 2024, the plaintiff in an action against units of the British publisher RELX Group claims both that he was fired in retaliation for his concerns about “greenwashing” and also that the defendants violated the American securities laws by misleading investors about its climate-related commitments and actions.
To come, these and like examples could or will include the opinions of assurance providers. The circle of contemplated topics is expansively laid out, for example, in the International Sustainability Standards Board’s IFRS S1, General Requirements for Sustainability-Related Financial Information, or the International Accounting and Assurance Standards Board’s ISSA 5000, General Requirements for Sustainability Assurance Engagements. In which case, the assurance providers will not be spared the scrutiny applied to the issuers themselves. Therein lies the future.
The Environment is Not Yet Ready
Service providers in the Sustainability space will confront a dramatically different risk environment as their engagements evolve from consulting and advice on their clients’ processes, systems and controls for recording and reporting, to actual opinions on the content offered to investors.
At the most threatened end of the risk scale will the unqualified assurance opinions referenced or incorporated into the audited financial information filed by either US registrants or non-US companies listing in America.
That is, as foreshadowed by the proceedings involving Deutsche Bank and Vale, cited above, ex-US companies that elect the benefits of the American capital markets will assume the obligations of compliance with US standards and the exposure to American-style courthouse liability.
Meanwhile the ATT/Verizon litigations are additionally instructive for other relevant reasons. The companies have pushed back with vigorous defenses, asserting that the claims greatly over-state the extent of buried cable, the level of health and environmental hazard, and the estimated costs of remediation.
But concerns remain. New approaches to litigation provide learning opportunities for future claimants and the class action plaintiffs’ bar. Here lurks the possibility of a trifecta of legal theories aimed at an assurance provider, under the core anti-fraud provisions of the federal securities laws (see the student note in the Columbia Journal of Transnational Law, March 25 2023, Vale and the Rise of Securities-Based Climate Litigation); the environmental laws and regulations; and the rules of the PCAOB, both as currently in place (AS 2405, Illegal Acts by Clients)and now proposed to be expanded and extended (Docket # 051, Amendments to PCAOB Auditing Standards Relating to a Company’s Non-Compliance with Laws and Regulations, released June 6, 2023)).
Although optimism and “success bias” pervade the Sustainability dialog – no surprise, those attributes being deeply embedded in the DNA of the accounting profession – there is no likelihood of short or medium term reduction in the liability exposure for providers offering Sustainability assurance:
- Claims will be based on the broad association of the provider’s name and brand, despite and irrespective of any attempt to differentiate “limited” from “reasonable” assurance. Whatever the ostensible attempts at limitation of exposure, claims by unhappy investors will take one of two forms: either that the “standards” were deficient or unsatisfactory in protecting the interests of the users, or that if those standards had not been mis-understood and mis-applied, the allegedly deficient opinion would and should not have been issued.
- A prevailing default view is that assurance engagements other than statutory audit – that is, those involving compilations, reviews or agreed-upon procedures, or opinions in “limited” terms – are low risk. That is a view emphatically not shared by litigation lawyers having actual experience with the misery of attempting to defend in court a “limited” opinion, couched in the deadly double-negative language that “nothing has come to our attention that causes us to believe that the (information disclosed) is not prepared, in all material respects, in accordance with (described criteria).”
- Engagement contract provisions between auditors and clients, to limit or mitigate potential damages or exposures, have in general failed to achieve significant adoption, and are expressly not permitted for SEC registrants (see generally the February 9, 2006 discussion paper of the PCAOB’s Standing Advisory Group, The Effects on Independence of Indemnification, Limitation of Liability and Other Litigation-Related Clauses in Audit Engagement Letters.)
- Non-standard audit opinions for SEC registrants are disfavored and severely constrained if not expressly deemed non-compliant (see the SEC’s Financial Reporting Manual, Section 4200, Accountants’ Reports (S-X 2-02).
- Limited “safe harbor” provisions are now allowed by the SEC for “climate-change disclosures pertaining to transition plans, scenario analysis, the use of an internal carbon price, and targets and goals”(summarized at page 35 and set out at length at pages 386 et seq. of its Final Rules Regarding Mandatory Climate Risk Disclosures, issued March 6, 2024), such information to be considered as forward-looking statements for purposes of the Private Securities Litigation Reform Act. Tempting as it might be to view this development as helpful, however, the “safe harbor” is not available for such disclosures as included in a company’s audited financial statements (page 400), nor for Scope 1 or Scope 2 emissions disclosures (ibid.). And in any event, SEC-driven climate disclosures comprise only a minor patch of the entire Sustainability landscape, making unlikely any more extensive adoption. There is no public enthusiasm for relieving assurance providers from the generally unlimited liability imposed under the American securities laws, nor any realistic expectation of liability “reform,” caps on damages or other protection.
The Picture of the Future is Not Pretty
The consequences of an assurance opinion gone wrong, although mistakenly thought to be low risk in its undertaking, will be disproportionate to a provider’s risk assessment or to the resources and processes brought to the job itself. Consider these hypotheticals, by way of predictable extension from the real cases cited above, each of which would readily spawn serious litigation exposure to an assurance provider as well as its client:
- A global energy company, whose procedures for offshore oil well drilling and operations are covered by an opinion on its safety and environmental controls, suffers a blowout on the scale of the 2010 Deepwater Horizon. Timely damage control is difficult and extended; unquantifiable ocean pollution and damages to local business, wildlife and tourism run into the billions.
- A global manufacturing company offers an opinion on its supply chain and labor practices and its local factory conditions – directly after which a high-rise sweatshop in a developing country collapses with total destruction of the building, loss of its contents, and extensive fatalities among the workers including women and small children.
- A dealer in precious metals, whose SEC filings include an opinion on its controls and governance, is revealed by a whistle-blower to have engaged in widespread and systematic gold smuggling and money laundering. The company is shuttered and its principals are targeted for criminal prosecution.
- A manufacturing company includes in its SEC reporting an opinion on its worker safety program, including the number of vehicles needed for emergency evacuation of a factory location, specifically noting compliance with local country standards. A catastrophic event destroys the location with massive loss of life. Investigation reveals that the number of vehicles required by local standards would have accommodated no more than half the workers on site at the time of the attempted evacuation order, and in any event, one-third of the vehicles actually on-site were inoperable due to deferred maintenance.
How Ready is the Profession
Although the Panel’s working text was its headline question – “Who will provide Assurance for ESG Reports?” – neither the accounting profession nor the other possible providers are ready. The Panel was optimistic that “Most of our skills can be applied to sustainability and non-financial information, although additional layers of expertise are needed,” although it did recognize that “We have a lot of work to do as a group of standard setters, regulators and practitioners.”
In his insightful although unfortunately widely disregarded December 2019 report, Sir Donald Brydon’s “Independent Review into the Qualify and Effectiveness of Audit” defined and supported a new professional designation – the corporate auditor – which would contemplate a remit broad enough to include the expanded capabilities required for Sustainability assurance, “to encompass today’s auditors and others with appropriate education and authorization” (¶6.0.11).
The Brydon report is consistent with the Panel’s caution on the present scope of available qualifications, noting that “It is far from clear that an accountant is best placed to opine on many of the variables involved” (¶6.0.13), but opens a door of opportunity with an invitation: “Whilst in this new environment there may be environmental auditors, cyber security auditors and financial statement auditors, only some would need to have an accountancy qualification as known today” (¶6.0.14).
An analogy is found in the tax consulting services that accountants have provided for decades. In the Sustainability environment, they likewise have a valuable and manageable consultative role to play, bringing expertise and discipline to support their client’s reporting and disclosures, without extending their opinions into areas where the risks are increased, unpredictable, and beyond quantification.
Beyond the overhang of liability exposures that, because of these uncertainties, essentially fail to meet the requirements for insurability, at least at their upper end, the providers facing the expanded need to embrace technical competencies and expertise in areas far beyond their traditional scope confront at least two structural issues:
First, these practice expansions have potential to clash with the rules of independence and permissible scope of services that already constrain the profession, especially as in tension with statutory audit. Second, to the extent Sustainability assurance is viewed by regulators as impermissible for statutory auditors, efforts to build those practices or to house them in separate parts of their organizations may be deterred or disincentivized.
What Will the Future Hold?
Addressing directly the skunk of legal exposure that threatens the garden party of the Sustainability advocates – defenses will be required, when the legal claims arrive that will implicate the performance of the providers of Sustainability assurance. With the unpredictability of litigation outcomes, defendants will at minimum suffer extensive time, expense and settlement costs.
For the aspirational providers of Sustainability assurance, it would be reckless at a death-wish level to issue unqualified opinions on which investors will make capital allocation decisions, without protections in place to limit or mitigate their exposures.
To that end, engagement with legislators, regulators and law enforcement agencies could provide channels of communication by which those bodies might – if so disposed – contribute to a realistic and robust assurance architecture that would itself be sustainable. However, whether or not provisions such as safe harbors, liability limits and acceptable opinion qualification language will be within the vision of the authorities is a question to be anticipated and discussed.
Otherwise, and absent satisfaction from officialdom, assurance providers will have little recourse beyond their own self-protection, by way of available liability-management tools and practices that would range from contractual protection provisions to outright refusal to accept engagements lacking appropriate liability boundaries.
The case for future dialog is presented – which to be useful should be approached with both skepticism and anxiety, rather than the prevailing mixture of optimism, inattention and naivete. Uptake is a matter of urgency, lest this fast-moving train hurtles unchecked toward collisions that might even still be avoided.