Ep. 242: Tim Hedley and Shari Littan - Building Trust in Sustainability Reporting

Welcome to Count Me In, with your host, Adam Larson. In this
episode, Adam is joined by Tim Hedley, the Executive in Residence
at Fordham University and Shari Littan, Director, Corporate
Reporting Research & Thought Leadership at IMA.  Join
this thought-provoking discussion as they delve into the
importance of internal controls, the evolving landscape of
sustainability reporting, and the challenges and benefits
organizations face in adopting sustainable business practices.


Discover how the COSO framework, the gold standard for reliable
reporting, has been adapted to include non-financial reporting
objectives, aligning with the rise of sustainability and ESG
reporting. Explore critical trends in the world of ESG reporting,
from increasing regulations to stakeholder engagement and supply
chain transparency.


Learn from Tim and Shari as they share their insights on the
challenges organizations face in implementing sustainable
practices and balancing short-term profits with long-term
sustainability goals. Understand the significance of internal
controls in providing a basis for external assurance and building
stakeholder trust in reported information.


Full Episode Transcript:
< Intro >


 


Adam:           
Welcome to another episode of Count Me In. In today's episode,
joining us are two guest experts. Tim Hedley, who is
Executive-in-Residence at Fordham University, and Shari Littan,
Director, Corporate Reporting, Research and Thought Leadership at
IMA. Our discussion revolves around the importance of internal
controls and sustainability reporting. And how they enhance
trust, accountability, and reliability of the reported
information. 


 


Tim and Shari share insights from the COSO framework. Which was
developed to help improve confidence in all types of data and
information. The landscape of sustainability reporting is
constantly evolving, with shifting regulatory requirements and
increased stakeholder expectations. We explore crucial trends;
such as the focus on materiality and risk assessments,
stakeholder engagement, supply chain transparency, and evolving
reporting metrics. Let's get started, with this enlightening
conversation.


 


 < Music >


 


Adam:           
Shari, Tim, thank you so much for coming on the podcast. We're
really excited to be talking about COSO, internal control, and
everything in that whole ESG world. But just for our listeners,
who may be unfamiliar, you could've, probably, have heard the
term COSO, or ICSR, and those things before, but maybe you're not
familiar with those terms. Maybe, Shari, you could take a little
bit of time and define, maybe, a high-level overview of what COSO
is, the significant, internal control framework, and the purpose
of the new documents.


 


Shari:           
 I'd be happy to, thanks, Adam, it's great to be
here. So COSO stands for Committee of Sponsoring Organizations
and it came about in the late 1980s. It is a collaboration of
five accountancy and auditing organizations. There's the American
Accounting Association, which is an academic organization,
primarily. AICPA, everyone is familiar.


 


IMA, where we sit, and we primarily focus on the accountants and
finance professionals in business, the in-house folks are ours.
Institute of Internal Auditors, and FEI, Financial Executives
International. So those five organizations make up COSO.


 


COSO came about in the late 1980s, amid what was then the savings
and loans crisis, and there was concern that the profession
needed to do better. That we were starting to see major
accounting failures, disclosure, litigation, regulation,
questions. Are we doing the right things in the profession?" So
the five accountancy organizations got together, and they said,
"How are we going to resolve this? How are we going to promote
trust and accountability in what we do, as a profession?" The
focus became on this concept of internal controls, which we'll
get to. 


 


So in '92, after that, the COSO, as an organization, produced its
first internal control framework. And then we can move forward to
1990s, late 1990s, 2000, the Enron, WorldCom's era, which led to
Sarbanes-Oxley. And Sarbanes-Oxley, rather than looking at the
substance of what a company needs to disclose, again, looked at
the idea of governance process, auditing, and said, "In order to
produce financial reports to the markets, 


you need to focus on your systems and your controls. You need
management to speak to it, in your reporting system. You need
auditors to address controls." We had the PCAOP.


 


So we have this Sarbanes-Oxley, which created this idea of
internal controls over financial reporting. And, although,
Sarbanes Oxley didn't specifically say, "You must use the COSO
framework." It was considered the best thing around, and it's
become the gold standard in how to produce reliable financial or
corporate reporting in more general.


 


Now, in 2013, the framework was refreshed, we got a new internal
control framework. And what it did, in the 2013 refresh, is it
added the idea of non-financial reporting objectives. That was
around the same time, about 10 years ago, when we started to see
all kinds of sustainability integrated, ESG, reporting
frameworks.


 


And, so, though not express, what the framework did, in its
refresh, was say "Yes, this is completely applicable to these
types of activities and reporting." And, so, that leads us to
where we are, today. Where, earlier, in 2023 we issued the
internal control over sustainability reporting publication. And
what the authors did, in that publication, was we looked at the
existing internal control framework and said, "Okay, now we're
seeing an acceleration of ESG or sustainability reporting and
activities, performance and activities. 


 


And that means we need good information, and that means we need
quality information and transparency. Let's look at the COSO
Internal Control Framework, and see how we can interpret it and
apply it to these new forms of reporting.


 


Adam:           
Shari, I think that's a great overview. And, as you mentioned,
there's the ever evolving nature of this new type of
non-financial reporting, ESG reporting. There are shifts in
regulatory compliance. We were just speaking before we started
recording how this could change, or that could change, or this
regulatory body can make a statement, at this moment, at this
time, how this is constantly changing. 


 


And, Tim, maybe, I'll ask you, how do you see this landscape
changing? And what should organizations be, particularly, aware
of, especially, with the ever evolving nature and things
constantly moving?


 


Tim:             
 Well, Adam, thank you, and thank you for having me
here. The sustainability reporting landscape has rapidly changed,
particularly, recently, to meet stakeholder expectation, and
government regulations. And, Adam, your question could be an
entire podcast, or a big section of this podcast if we had that
kind of time, but I do see some critical trends, just some of the
ones, from my perspective. 


 


I mean, many pe...