What Price Assurance?

Third-party verification of sustainability can mean different things to different companies.

By Richard J. Crespin

“How do we lower the cost of sustainability reporting so more companies do it, while also encouraging more companies to report high-quality, verified data that people can use to make better decisions?” That’s how the Climate Registry’s David Rosenheim framed the corporate responsibility movement’s next big debate at VerdeXchange 2012 earlier this year.

“The demand’s not there from our stakeholders . . . yet,” says Danny Wong, Avery Dennison’s head of corporate sustainability and global risk. “The big brands, like Walmart, P&G, and Unilever, increasingly demand sustainability data as part of doing business with them. They want to see the data, though right now they’re not requiring third-party assurance of that data. . . . But it may be coming.”

In fact, many companies—including some of the world’s biggest firms—can barely get the data out there themselves, much less demand sophisticated analysis or assurance. This magazine’s own “Black List” of the world’s least transparent companies is proof of that: The 2011 list counted more than 30 publicly traded companies that failed to disclose a single voluntary sustainability data element.

So what will drive greater disclosure and verification? Risk management. “These big names went down this path to protect their brands,” said one sustainability executive on condition of anonymity. “Efficiency’s part of it too . . . but these firms have a lot invested in their brands.” Clearly, they don’t want to bear the risk of a sloppy supplier whose actions might taint their public image.

“While assurance is a big topic,” says Marjella Alma, manager of external relations at the Global Reporting Initiative, an international body that created one of the world’s most widely used sustainability reporting frameworks, “the reality is that the vast majority of reports are not assured. Of 191 GRI reports in 2010 in the U.S., only 34 were externally assured.”

But the pressure for assurance is growing and comes in part from, “credible rankings like Dow Jones [Sustainability Index], CR Magazine [100 Best Corporate Citizens List], and CDP [Carbon Disclosure Project],” says PwC Partner Liz Logan. “We’re also seeing an uptick in shareholder resolutions driving organizations to voluntarily seek assurance over their sustainability information, as well as organizations like The Climate Registry imposing verification requirements on its members. On the regulatory side, California’s CARB [California Air Resource Board] requires verification of carbon information in anticipation of cap-and-trade in the state. With respect to supply chain demands, while certainly the request for emissions information has steadily increased during the past few years, we are not yet seeing demand for an accompanying assurance report.”

But reporting and third-party assurance both cost money. No one would go on the record regarding how much, but one experienced sustainability executive had asked colleagues at Coke, Nike, and Procter & Gamble how much they spent on their assurance. The prices ranged from $35,000 to $40,000 for a “verified” report from an environmental, social, and governance (ESG) specialty firm up to $75,000 to $200,000 for a report “assured” by a “Big Four” accounting firm. And those fees only account for external advisory services, not the costs of internal staff time, software, etc.

To understand the difference in cost and value within this big range, PwC’s Logan distinguishes between two different kinds of validation: verification and assurance. “Verification,” says Logan, “is the province of engineering firms and is something not defined under universal standards.”

With verification, she adds, “the level of rigor can vary significantly depending upon the agreement between the verifier and their client, which could be limited to recalculations and evaluation of estimates and factors used. There are no standard requirements of verifiers, for example, to be independent of the company they are providing services for. This is in sharp contrast to the standards governing accountants. Now, that’s not a slam on verification, but it’s important for users of any report represented as an assurance or verification statement to understand the differences. For example, both CARB and The Climate Registry have their own accreditation and training requirements they impose on their verification providers.”

In the last year, CDP has introduced what it calls “CDP approved” verifiers. “In contrast, ‘assurance’ has a generally accepted definition under AICPA [the professional body for accountants] professional standards,” continues Logan. “The accountant is required to follow a consistent set of procedures as set forth in AICPA attestation standards, including gaining an understanding of the control environment [the management controls in place], understanding source data, etc.,” says Logan. To complicate things further, there are different levels of assurance defined within the AICPA professional standards. Terms like “audit,” as an example, get used in multiple contexts including the auditing of financial information.

In deciding whether or not to have a third-party validated report, and then selecting which kind of validation to pursue, companies should look at their overall strategy. Logan recommends asking:
• Where does sustainability fit in the business strategy? 

• What do the stakeholders care about? 

• Will the company take a compliance-based or value-based approach to sustainability?

In outlining these questions, Logan unwraps some of the mystery of validation. It all comes down to materiality.

“If you take a compliance-based approach,” she says, “that may be okay, but you may not be fully leveraging the opportunities sustainability reporting presents to your organization.” The other way to look at it, according to Logan, is to consider the impact of sustainability issues on the business. “For a utility,” which operates in a highly regulated environment, “ESG-type issues are front and center, and part of your license to operate,” says Logan.

Which still leaves the question of whether assurance is worth the price. “Assurance gives you the confidence,” says UPS Director of Global Sustainability Steve Leffin, “that your data can be in the public domain. In a large, engineering-driven company like UPS, that gives you a lot of leverage. It drives the reporting process and the quality assurance process. It means things have to be done right, have to be verifiable, with methods in place that you have a trail that you can go back to so you can explain your numbers.”

According to Leffin, “The GHG [greenhouse gas] protocols were derived from accounting standards,” which means at some level it only makes sense to use accounting standards and have accounting professionals review the data. When it comes to sustainability management at UPS, “. . . we measure first, manage second, and mitigate third. Any management process for us therefore starts with very accurate measurement. If you’re truly using the GHG standards for what they’re intended, the better you map your data, the better you understand the opportunities for improvement.”

So did UPS get value for what it spent on assurance? Leffin wouldn’t discuss specific costs due to contractual confidentiality, but he was “impressed with the level of time and diligence we got for the investment we made. . . . How much it ends up costing depends a lot on how organized you are. The more organized you are in the first place, the lower your cost.”

Richard J. Crespin is executive director of the CROA.

Posted March 6, 2012 in Business Ethics