noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

EPA - U.S. Environmental[...]

CWA 01 2024 0039 (DAVE'S AUTOMOTIVE ENTERPRISES)
EPA - U.S. Environmental[...]

CWA 06 2024 4803 Consent Agreement and Final Order (Trecora Resources)
Idaho Department of Fish and Game

Spring Chinook Salmon Fishing Update 5/21/2024: Rapid River Run, Hells[...]

Workiva Inc.

04/12/2023 | Press release | Distributed by Public on 04/13/2023 16:23

Unpacking COSO’s New Guidance on Internal Control Over Sustainability Reporting (ICSR)

In case you haven't had time to fully review the 114 pages of new guidance published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), we're here to help.

We'll share a series of blog posts with insights and ways to apply the new guidance, "Achieving Effective Internal Control Over Sustainability Reporting: Building Trust and Confidence through the COSO Internal Control-Integrated Framework." First up, an introduction with some background for any ESG, sustainability, audit, or internal controls professionals who many not be as familiar with COSO, plus key takeaways from the guidance. Let's dive in.

What is COSO and what does it do?

In response to the collapse of the U.S. savings and loan industry, COSO was formed in 1985 with the intent to resolve fraudulent corporate financial reporting. Here's a quick overview of COSO's history from there:

1992: COSO issued their Internal Control-Integrated Framework to define internal controls (which surprisingly hadn't been well-defined previously) and to lay out a model for all organizations, regardless of industry, to use for developing and evaluating internal controls
2002: After corporate financial reporting fraud became prevalent again in the early 2000s, both Congress and the Securities and Exchange Commission (SEC) moved quickly to enact the Sarbanes-Oxley Act (SOX). COSO's Internal Control-Integrated Framework became the de facto framework used to evaluate the adequacy of internal controls over financial reporting (ICFR)
2013: COSO's framework underwent a major revision to become the 2013 Internal Control-Integrated Framework (ICIF-2013). The updates identified 17 Principles and 87 Points of Focus within the Principles that are core to establishing effective internal controls
2017: COSO updated the Enterprise Risk Management-Integrated Framework, which was originally released in 2004, to address the evolution of enterprise risk management (ERM) and highlight the importance of risk in both strategy-setting and in driving business results
2020s: With ESG rising in prominence, COSO issued guidance on how to apply ICIF-2013 to establish appropriate internal control over sustainability reporting (ICSR) in preparation for upcoming regulatory requirements in Europe and pending regulations in the U.S.

What changes did COSO make to the Internal Control-Integrated Framework?

So you might be wondering-what exactly did COSO change in ICIF-2013 to accommodate the unique needs of sustainability reporting? The short answer is that COSO made no changes.

While there were no actual changes, COSO did add explanations throughout the new guidance on how the 5 Components, 17 Principles, and 87 Points of Focus of ICIF-2013 are applicable to the challenges involved with establishing and maintaining effective ICSR.

What are some key call outs from COSO's new ESG guidance?

COSO included eight key takeaways in its guidance that provide solid insights for organizations as they consider how to approach ICSR. Here's a short summary of those main points:

Create accountability: Everyone involved from collection to communication of sustainability information needs to understand the importance of establishing effective controls and meeting key targets
Identify how your mission drives objectives: How does your organization's mission or purpose tie into your objectives? Whether objectives are financial, non-financial, compliance, etc., they need be balanced and understood throughout the organization to create effective controls
Collaborate cross-functionally: Establishing a multidisciplinary team with members from across your organization-accounting and finance, sustainability, legal, investor relations, and more-is crucial to align on goals and assess sustainability-related issues, metrics, and controls
Tap into existing expertise: While ICSR is a new application, there is already a solid foundation to start from with internal control over financial reporting (ICFR). The CFO team has expertise in applying these concepts and can help guide the process
Modify existing controls: Your organization will likely need to create new processes and new controls, but you don't need to start from scratch! You can look to modify and apply processes that already exist as a part of ICFR
Adapt existing or adopt new technology: Leveraging existing or utilizing emerging technologies to establish and maintain an effective system of internal control over sustainable business information can help improve processes and decision-maker confidence in data
Focus on what's material: Organizations can prioritize efforts through the concept known as materiality. By viewing sustainability through the lens of decision usefulness, organizations can hone in on metrics that are most important
Start now: With all of the data and systems coming into scope with sustainability information, it's going to take a lot of effort to design and refine a system of controls to support your program. It's important to start having those conversations with other teams and stakeholders early

Each of these lessons will likely prove more valuable to an organization that has integrated its sustainability practices and business strategy. Just as an entity's control environment provides the foundation for effective ICFR, it is also an essential starting point for designing, implementing, and maintaining an effective system of internal controls over decision-useful sustainable business information.

Applying ICIF-2013 to sustainability topics

This new guidance does three key things to help organizations and individuals understand how to apply the ICIF-2013 to sustainability topics:

Highlights common challenges that are unique to the sustainability area when compared to the more familiar financial reporting process
Articulates practical recommendations for applying each of the 87 Points of Focus to those challenges
Provides illustrative examples to help readers see how the individual points of focus have been met by other organizations

While this new guidance doesn't provide a "paint by numbers" checklist for readers, it does stay true to ICIF-2013's principle-based approach that your organization can use.

I hope you have a better understanding of what the new guidance includes and how you can start to apply it. Stay tuned for parts two and three of this blog series, where we'll explore more about how the new COSO guidance can help you and your organization meet stakeholder expectations for your sustainability reporting.

In the meantime, check out our infographic series, The Intersection of ESG and GRC, and learn more about how Workiva can help you on your ESG assurance journey. We will also be sharing more in our monthly Risk Resilience newsletter, so be sure to sign up here to keep up to date with the latest!

The Intersection of ESG and GRC

See how to integrate ESG with overall governance, risk management, and compliance.

Infographic Enterprise Risk Management

Sharing and Personal Tools

Please select the service you want to use: