Business people at table

3 focus areas to prepare for proposed SEC climate change regulations

A photographic portrait of Michelle Uwasomba
Michelle Uwasomba

Principal, Consulting Enterprise Risk, Ernst & Young LLP

7 minute read 27 Jul 2022
Related topics
Consulting
Risk
Sustainability

Risk professionals will need to help their organizations get ready for the new disclosure rules.

In brief

  • If the SEC approves the proposed rules, some public organizations may need to comply with the disclosure rules as early as fiscal year 2023.
  • Most data required for accurate ESG reporting is not currently contained in systems that incorporate internal control processes, making it a heavy lift.
  • Enterprise risk functions will need to work together with leadership to help manage climate-related risk.

An increasing number of companies are including sustainability metrics in published reports as they respond to growing investor demand for nonfinancial data and information on environmental, social and governance (ESG) matters. To date, most organizations have not applied the same rigor around governance and controls related to ESG data and metrics that they require for financial data used to prepare financial statements and related filings. That will likely change if the proposed SEC regulations on climate change disclosures take effect.

The proposed SEC disclosure requirements would set specific guidelines on what companies will need to report, such as quantifying the impact of climate-related events on financial line items, disclosing climate-related impacts on the estimates and assumptions they use to prepare financial statements, and obtaining assurance for some of this information.

How EY can help

  •  Enterprise Resilience

    Discover how EY can help transform your business to navigate disruption with agility, stay competitive in the market and help generate long-term value.

    Read more

Preparing for the disclosures will not be an easy lift for many companies. Much of the data required for accurate ESG reporting is not currently contained in systems that incorporate robust internal control processes. In addition, compiling the data may require significant manual processes outside these systems to consolidate and report the desired information. Companies may also find that preparing climate-related information for a sustainability report published on a corporate website is quite different from disclosing information in a regulatory filing subject to a heightened level of scrutiny by regulators. The response to date around the SEC proposal has prompted many questions for companies regarding their ability to operationalize quickly to report required information, the boundaries of information to be reported on, materiality components of required metrics or information, and future assurance requirements for greenhouse gas emissions.

 

While the timeline of the proposed SEC disclosure requirements varies depending on the size of a company, some organizations may need to be ready to comply with the new disclosure rules as early as fiscal year 2023 – for reports issued in 2024 – if the SEC approves the rules as proposed in March. This could necessitate significant change for many companies. The functional teams responsible for monitoring risk, internal controls and enterprise risk management will need to help their organizations comply with the new disclosure rules.

 

As a result, corporate functions responsible for risk management will need to address several areas as they prepare for the new rules. Here are three overarching areas risk professionals will need to focus on as they help their organizations comply with the proposed SEC regulations and other evolving global climate-related disclosure requirements.

1. Embracing an expanded role for risk management

Organizations often need to manage ESG matters across functions, and it is no different with related risk management efforts. Enterprise risk functions will need to work together with the chief sustainability officer, chief financial officer, controllership and other leadership to help manage climate-related risk. Existing risk management methodologies can be leveraged for climate risk assessments and risk governance procedures. This also means incorporating ESG regulatory risk monitoring into existing enterprise risk management programs if risks reach a certain threshold.

While this will expand the role and scope of risk functions, risk professionals may want to use this opportunity to demonstrate how they can add value to their organization by supporting the additional focus and rigor for ESG governance and controls. Forward-looking enterprise risk management teams can also view this as a way to help their organizations unlock the strategic value of ESG by delivering proactive insights that help manage compliance risks and achieve ESG goals and targets.

2. Bolstering internal controls surrounding ESG metrics

One of the first things corporate risk professionals will need to do is to understand the impact the proposed SEC disclosure rules will have on their organization. For example, the proposed rules require companies to report on greenhouse gas emissions including Scope 1, Scope 2, and Scope 3,1 if material. Under the rules, companies will also need to disclose the financial impacts of severe weather events and other natural conditions and transition activities.

Risk professionals will need to collaborate with the sustainability team to perform a careful review of ESG metrics they have been reporting to understand the data, supporting documents and controls underpinning the calculations that will impact filing statements.

As a next step, they should perform a risk assessment of the ESG disclosures already in public domain, review them for completeness and accuracy and determine whether they may need to be adjusted based on the SEC requirements. Risk professionals will also need to assess whether the selected ESG metrics are relevant to the organization’s sustainability narrative and sector issues. A company that manufacturers car batteries, for example, would have different key ESG metrics than a large box retailer that is more concerned about emissions throughout its supply chain.

Looking ahead, organizations will also need to introduce new controls or revamp existing controls focused on emissions and climate change disclosures and other emerging ESG issues such as human capital. Teams experienced in implementing internal control over financial reporting for Sarbanes-Oxley are well-equipped to support their organizations with maturing the internal controls over ESG reporting.

3. Improving governance related to ESG strategy

Risk professionals will also need to advise the C-suite and other key executives on the type of governance structures and processes required to provide sufficient oversight and accountability for ESG strategy and execution. This includes the data collection, collation and calculation processes required to support metrics reporting.

A critical first step will be to engage with other corporate functions as they review the climate-related disclosures that will be included in the financial statements. Risk functions should conduct internal and external benchmarking to understand governance practices within and outside the company and gauge their effectiveness to meet the needs of future reporting. They should also design an ESG audit program for emissions reporting and perform controls testing to monitor and improve internal controls.

In addition, risk functions should advocate and participate in training for employees who will be involved in ESG reporting, especially those on the finance and sustainability teams. Professionals in finance and risk management roles need to be aware of how to interpret environmental data, while sustainability team members will need to understand how regulators might review emissions data.

Organizations should also consider the level of involvement of the board and key leadership, including evaluating the board oversight structure and subject-matter expertise, to establish strong governance over ESG and set the tone at the top for long-term success.

Establishing consistent and rigorous processes for risk management, controls and governance around sustainability reporting and disclosures will provide greater confidence to investors and organizations that want to know how a company is positioned to address the risk of severe climate events. Ultimately, this will help companies better mitigate any long-term impacts from climate change and other related events. And as more companies integrate ESG principles into their core business strategy and governance, they will not only be creating long-term financial value for all their stakeholders, but also taking a major step forward in helping to build a world that embraces more sustainable business practices.

Summary

If the SEC approves the rules as proposed in March, some public organizations may need to comply with the climate change disclosure rules as early as fiscal year 2023, which could necessitate significant change for many companies. Risk management professionals will need to focus on three overarching areas to help their organizations comply with the proposed SEC regulations.

About this article

A photographic portrait of Michelle Uwasomba
Michelle Uwasomba
Principal, Consulting Enterprise Risk, Ernst & Young LLP
Over 17 years harnessing value through strategic enterprise risk management and resiliency programs. Proud advisor through clients’ transformations. Enjoys art and good music.
Related topics
Consulting
Risk
Sustainability

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.