Audit committees focus a lot of attention on the potential for financial fraud, but this Deloitte memo says that they need to devote greater attention to an emerging area of fraud risk – ESG fraud. Here’s an excerpt:
In preparation for expected new reporting requirements, many companies are in the process of developing more robust ESG-related disclosure controls and procedures as well as internal control over financial reporting (ICFR). Some companies are developing ESG-related metrics for financial reporting and for incorporation into incentive compensation.
Ahead of these possible rule changes, fraud risk in this area should be top of mind for audit committees and a focal point in fraud risk assessments overseen by the audit committee. Many companies are currently providing information to investors that is not governed by the same types of controls present in financial reporting processes.
As an example, companies may voluntarily provide information on carbon emissions that has not been gathered, tested, and reported under the kind of internal controls that typically are present with financial reporting. This may suggest a heightened opportunity for people within the organization to manipulate ESG-related information.
The memo notes that the increasing desire to link the achievement of ESG metrics to compensation is another factor that may elevate fraud risk. It points out that under the classic “fraud triangle” theory, the presence of three factors – financial pressure, opportunity, and rationalization – can create an elevated risk of fraud, and that ESG-related financial incentives can represent a source of financial pressure.
Lawrence has blogged about this issue – and related guidance – on PracticalESG.com. If you aren’t already a member of that site, sign up to take access curated, practical guidance on these risks. Our “100-Day Promise” makes this a “no-risk” situation: during the first 100 days as an activated member, you may cancel for any reason and receive a full refund.
– John Jenkins