Assuring integrated reports – an exploration of the critical issues
The majority of respondents to the IIRC’s Consultation Draft on the Framework for Integrated Reporting viewed independent, external assurance of integrated reports as a fundamental mechanism for ensuring reliability and credibility. However, various obstacles can prevent companies from achieving these benefits. In the fourth EY Trialogue sustainability forum, panellists discussed issues related to non-financial assurance.
Jeannette Horn started her 15-year environmental consulting career with Anglo American, providing environmental consulting and research services to various mines within the group. She continued her consulting career at international consulting firms WSP and SSI, working on big projects such as the Gautrain, the e-toll project and various mining projects. In 2011 she left the consulting industry and joined Altron’s newly established sustainability department as the group sustainability manager. Over the past four years, she has managed and implemented group-wide sustainability strategies in addition to overseeing environmental regulatory requirements, stakeholder engagement, risk management and environmental policy.
Karin Ireton is the executive in charge of sustainability for the Standard Bank group. Focus areas include responsible financing, climate change and energy, environmental and social risk and the communication of sustainability performance and issues to key stakeholders. She held a similar role at Anglo American and previously served as a sustainable energy advisor at Eskom. She serves on the board of the National Business Initiative and the Endangered Wildlife Trust and chairs the Institute of Directors sustainability forum. Karin chaired the stakeholder Council for the Global Reporting Initiative from 2009 -2013.
Vince Paino is a Partner with EY specialising in Assurance Standards. In addition to his client serving role, he leads the Audit Technical Department for EY Africa. Through his technical role Vince provides the EY Climate Change and Sustainability Services Team with support in the area of assurance engagements and assurance reporting. He is a long serving member of the Sustainability Standing Committee (SSC) – a sub-committee to the IRBA’s Committee for Auditing Standards.
How useful is non-financial assurance for the readers of integrated and sustainability reports?
Panellists agreed that while the intended audience may vary, companies and assurers must both be clear on who the specific integrated or sustainability report in question is for, as well as the objectives of both the reporting and assurance process. Karin suggests, “Assurance must give the audience the comfort that what is being said on the critical issues is true. This means presenting findings in a way that makes sense to normal people and avoiding the arcane language and double-negatives that plague typical assurance letters.”
Existing assurance frameworks lack flexibility and do not adequately address the non-financial aspects and principals of integrated reporting. Recent international developments in assurance standards and frameworks have focused on assurance letters and improving the utility to readers. However as Vince explained, “It’s an exciting time with a great deal of change occurring. Non-financial assurance is still in a relatively early stage, and providers are struggling to build something meaningful in an area they haven’t previously spent a lot of time.” Vince compared the endeavour to “building a plane as it’s taxiing down the runway”.
Jannette noted that even with the target audience decided, understanding whether your report has resonated remains a challenge. “We put so much effort and resources into our report and its assurance,” she said, “but it’s hard to know if we get it right when we don’t get stakeholder feedback.”
What are your views on summarised assurance reports?
Karin asks her assurance providers for two deliverables. They provide one detailed management-focused report covering a description of all issues and areas for improvement. A second, more succinct report clearly tells the external reader whether the material issues have been assessed and are as they purport to be in the report. Altron follows a similar approach, distributing the detailed report to the audit committee and operations and incorporating the abridged form in public reporting.
While Vince understands the desire for a succinct report, he raised the concern that within the existing framework for the audit profession, consistency is a key priority. Two professionals examining the same information should ultimately arrive at the same conclusion. While this is straightforward in financial audit, non-financial assurance presents a challenge. “In a drive to clarify,” he noted, “assurers continue to provide further information and detail until they’re confident that their peers would draw consistent conclusions. This approach is understandably at odds with the aim of conciseness and simplicity.”
How does materiality factor in the non-financial assurance process?
Panellists agreed that there is a role for auditors to explore a company’s material issues. While it’s not for the auditors to judge whether the company’s material issues are indeed the most critical, they can play a valuable service in evaluating the process for arriving at the issues.
Jannette stated that materiality for Altron is key to ensuring credibility with stakeholders: “People need to be confident that we’re addressing issues that are most critical. Verifying the materiality processes helps.” Karin felt that assurers should also be questioning whether the material issues align with the company’s stated strategy: “Though traditional assurance is still needed, moving beyond the typical data points is exciting – it’s getting to the core of the business.” She also cautioned that this requires a degree of skill, experience and judgement that is likely to come at an additional cost.
Materiality represents the greatest challenge to assurers according to Vince:
“It’s the multi-faceted nature of the subject matter that makes it so challenging, and the fact that it’s so new.” It requires extensive judgement as well as a framework that introduces more flexibility. This stands in contrast to the well-controlled, rigorous and robust environment in which traditional audit is most comfortable.
Is the assurance profession equipped to assure non-financial content?
Vince argued that the industry is up for the challenge. While the traditional training and qualifications do not necessarily equip auditors to respond to strategic or environmental matters, they are nonetheless accustomed to working in spaces that aren’t structured or routine. “Many of the major firms employ people with strategy experience in their advisory divisions,” he suggested. “They should be tapping into these resident skill sets and look into changing staffing structures, bringing in specialists as required and allowed while maintaining necessary independence.”
How is technology currently being used in non-financial assurance and integrated reporting, and what lies ahead?
Jannette sees significant changes on the horizon. While Altron has been collecting and analysing its non-financial data for years, every year the company identifies areas for improvement. “As technology improves,” Jannette said, “we’ll be able to highlight inefficiencies more clearly.” Stakeholder requirements are also driving more responsive systems. “If you flag an issue in your report,” she noted, “stakeholders want to see progress in a matter of months, not in next year’s report.” This degree of responsiveness is especially difficult for multi-disciplinary companies such as Altron, and will require more specific systems and technologies to respond accurately and timeously. Jannette cautioned against unnecessary responsiveness however. “Companies don’t have the resources to pump out data for the kick of it,” she noted, “It will be critical for us to focus on those areas and stakeholders that are material.”
Karin felt that only some sectors will experience this time-bound pressure from stakeholders. While some facing specific ‘problem areas’ will be under pressure to provide nearly real-time data, she doesn’t believe that full reports will be required with similar frequency. To her, the biggest challenge for companies will be the decision to move to web-based reporting. “While technology allows us to customise the report to users’ interests, this may defeat the objective of holistic/integrated reporting we’re striving so hard to present.”
Where should the boundary between advisory and assurance work lie?
Vince explained that “We need to be careful that we’re not providing advisory and assurance to the same client in order to maintain independence, however the strength of a larger organisation lies in its ability to tap into their pool of skills and experience.”
Karin suggested that boundaries and involvement depends on the sector and the size of the company. Standard Bank, for example, is a large and complex organisation and as such, engages two companies to perform its financial assurance, and one of those two provides the assurance on non-financial issues. It would therefore be impractical to rotate them on a three-year rotation. She recalled that in large and complex companies the burden of training new audit teams every three years means that the goal of rotating auditors had to be reconsidered. “Now we rotate the lead partner and lead firm to ensure the partners don’t ingrain their views too heavily on the team,” she explained. In terms of keeping clear lines between advisory and auditors, she felt that the existing requirement that companies report all expenditure with audit firms is sufficient.
What is the role of internal audit?
According to Karin, internal assurance has an important and underplayed role within an organisation. “A company’s first audit really should be an internal audit, otherwise you’re wasting money,” she cautioned. “You need to make sure that your processes are mature enough to withstand and derive value from an independent third party.”
Companies typically engage auditors at the end of the financial year. Is more frequent assurance warranted or advisable?
Rather than providing more reports, Karin would prefer if assurers provided more timely reports: “We use their reports as a starting point for the coming year, and I like to get an early start for planning purposes.” She also cautioned that frequent audits could evolve into a more advisory-style of engagement.
Jannette argued that internal audit is better positioned to provide ongoing assurance. At Altron, internal audit provides quarterly reports to the audit committee. This provides a more cost-effective means of flagging areas of concern and tracking progress.
What are your opinions on indicator- versus principle-based approaches to non-financial assurance?
Whether basing assurance on AA1000 or ISAE 3000, both company representatives described approaches that included a combination of principles and indicators. Panellists agreed that getting maximum value and achieving your assurance objectives is a matter of clearly defining scope rather than picking a specific standard. Said Vince, “I think you could just as easily have an assurer turning over every rock in an AA1000 engagement, but the big four use ISAE3000, which is very thorough in its requirements. The boutique firms tend to use AA1000 more.”