Audit and assurance are the heroes we need on our quest if we are to understand what impact is and how to grow it.
First published by Pioneers Post
Gather together a group of sustainability, ESG or impact managers and the discussion will quickly move to materiality – in other words, the question of what matters. And this does matter if we want investment decisions to result in positive impacts for investors (returns) and for people and planet (impact).
Previously in this series I have explored the role of accountants. Here I will address the importance of audit and assurance, especially in relation to materiality. I will then go on to argue that audit – objectively examining a company's financial statements – could be the solution to the debates on whether or not there is a difference between financial and multi-stakeholder materiality and, if not, whether it is ok to start with financial materiality and then move on later.
As an ex-auditor and subsequently involved in developing Social Value International’s principles, which include verification, it is great to finally see much more discussion about the importance of assurance and audit (and verification and certification). And yet this inevitably means people using these words in different ways for different things. The International Auditing and Assurance Standards Board defines an assurance engagement as:
‘an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.’
There is a lot to unpack in there but the separation between the responsible party, who produces the information; the practitioner, who carries out the assurance; and the intended users, who are different to the responsible party, is critical. And a very useful test if you start seeing ‘assurance’ being used elsewhere. Although audit is strictly a particular type of assurance, the terms are often used interchangeably and I’ll go along with that in this article (You can read more about assurance here if you are keen).
An incredible social innovation
Auditing underpins effective stock markets. Without audit, investment levels would collapse. 2008 would be a picnic in comparison. Not convinced yet?
Until the development of audit, investors basically invested in companies where they knew the directors, or they knew someone who did. They relied on personal trust networks to give them assurance and to underpin their decision to invest, and they required high returns to offset the associated risks.
Audit allow us to invest in companies where we will never know the directors, or the managers, or even much about what the companies do (do you even know which companies your pension is invested in?). It provides us with assurance that the company is managing its affairs properly. It increases the number of businesses we can invest in and reduces the risks associated with our investments and so also increases the universe of potential investments. It’s a win-win. It has contributed to the expansion of investment in stock markets that has driven the extraordinary increase in global GDP (and GDP per head) over the last 100 years. It has only contributed, of course, since the use of fossil fuels and depletion of natural capital, largely un-costed, has played a pretty significant role too.
So, it is an incredible social innovation. But still boring?
Auditing is about risk management, and risk is not boring
In any situation where you are going to make a decision, a choice between alternatives, you will base the decision on some information. Implicitly you will assess the accuracy and the completeness of that information, the risk that the information is not accurate and not complete and then make your decision. When we read our favourite newspaper, we are making the judgement that the editorial process means that what we are reading is accurate, and complete, even if the only decision we are going to make is to the question – Do I need to change my prejudices? – to which the answer will be – No.
Audit is just a way of formalising this process and ensuring some consistency. In the context of a specific decision, it provides assurance that the information you are looking at is free from material misstatement, i.e. complete and accurate. In financial audit, you are a person considering providing (or withdrawing) resources from a business in the expectation of financial returns. Investment managers move investments if they can get higher (risk adjusted) returns somewhere else. So, you will need to have all the information that matters to your decision.
Inevitably the information that would influence their decisions will vary from investor to investor. But of course, businesses do not go out to all their investors and produce individualised sets of financial accounts. This is easy to forget when we are always talking about giving investors what they need. We can’t.
Let’s have a quick look at why and the challenge of deciding what information is material, or to put it another way, what information matters.
Imagine we have five investors. It is possible that they need the same ten pieces of information. If we have a thousand investors they are likely to have less in common, perhaps they all need the same five of these ten pieces of information but after that it breaks down. Some even want different information.
What happens if there are 500,000 investors? And remember, this is not just our current investors. It is all the potential investors as well. One billion? The population of the world? As the number goes up then so does the possibility that there are increasingly diverse information requirements.
It is just not possible that every individual will have the same information needs. Perhaps there are subgroups where there is more commonality. Perhaps grouping by gender, class or race would reveal different views of what matters but share similar views within the group. And yes, these may be social constructs, but they are constructed by those with power for themselves and for those without power. And then what matters to those without power can be conveniently ignored.
Some generalisation is inevitable. And this is why financial accounting standards focus on the information needs of the maximum number of people who share the same, or at least a very similar, view of what matters. This could even be a low proportion of the total but nonetheless accounting has to generalise around a standard investor and has generalised around one that only wants information that relates to the business’ ability to generate financial returns.
Financial accounting standards focus on the information needs of the maximum number of people who share the same, or at least a very similar, view of what matters
As I have argued in earlier articles in this series, this is a bad starting point. We do need to generalise, but we should generalise around someone who is interested in the consequences of the investment for other people as well as their financial returns. What we might call a normal person, a rational person perhaps. The investor who is only interested in personal financial returns, and therefore doesn’t care about the consequences to others, and often makes short-term decisions which may have negative consequences for the investor meets all the requirements of the definition of a sociopath.
It is worth remembering that accounting was developed during a period of European expansion, exploration, invasion and exploitation which explains the root of this madness. Take for example a different topic: fine art. We are slowly getting around to realising that it was men that had access to opportunities, for example to be artists. They were supported by their fathers, had work commissioned by men, or later hung their art in galleries owned by men, were subject to art criticism by men. And that this might, perhaps, account for why women artists were fewer in number and had much less chance of being recognised. I suspect though that we are not about to read a new publication on ‘Forgotten women of imperialism’. While we are slowly addressing the issues of access and recognition to fine art, we have yet to address the issues around the design of financial accounting. We’d do it differently if we were starting from scratch.
But let’s, as usual, start with the current state of affairs. Directors produce accounts, following the requirements of national legislation, generally to comply with international financial reporting standards, providing information that is material to investors in deciding whether or not to provide resources in the expectation of financial returns. Inevitably this requires a judgement. Just what information would influence the decision, especially when we are considering things where we are not 100% sure they exist, or that exist or may not happen, or may happen in the future, or where the consequences are hard to predict and measure. All this means making judgements. Judgements about the risk of leaving something out that would influence a decision and the risk of including something that may influence decisions but shouldn’t. This is especially hard where there is a conflict of interest, where managers may be tempted to present a more positive position than is really the case. Even without this conflict, human psychology has shown us that we are born optimists and hopeless at assessing risk.
Don’t worry though. The knights to the rescue are the auditors, boldly stepping to act in the interests of the investors, or at least the generalised investor, and audit the information to make sure, yes that it is accurate, but more importantly that it is free of material misstatement, that it includes all the information that matters to the decision to provide resources in the expectation of financial returns.
Of course, this process isn’t going to be perfect. Audit also requires judgements about the risks that the information is not free from material misstatement and has to assess what is an acceptable level of risk that the audit gets it wrong. It is not designed to be perfect. It is designed to reduce risk to an inevitably unmeasurable but nonetheless reasonable level. The must-read auditing standard (and yes there are standards for auditing as well as for accounting) is ISA 315 Identifying and assessing the risks of material misstatement. Go on, you know you can’t resist clicking through. And the auditor can disagree with the directors and ask for changes to the accounts. If these changes are not made, the accounts can be qualified to show that the auditor does not agree. And no one wants their accounts qualified if they want to keep their investors on side.
While there are a number of requirements for information to be useful, outlined in my previous article, audit is the final step that turns the information into useful information. The assurance statement specifically says so. In finance, the company does not have the final word on what is material.
The auditor’s determination of materiality is a matter of professional judgment which is affected by the auditor’s perception of the financial information needs of users of the financial statements. – ISA 320 para 4.
This is a big deal. I have been through the consequences as an auditor, flagging up issues around revenue recognition, which led to accounts being qualified and trading in the company’s shares being stopped. The auditor is protecting the investor, the provider of debt and the supplier of goods and services, reducing their risk to an acceptable level. Not boring.
Materiality in non-financial reporting and sustainability reporting
Non-financial information is also expected to be useful to an investor. There is potential for confusion here. For financial reporting it is useful to the existing generalised investor because it has some bearing on
expected financial returns. For the financial statements it must also relate to assets, liability, income, expenditure and equity, and relate to past decisions made by the managers. But, of course, this is not the only information that an investor will use in assessing expected returns. And then there are other users with other purposes who would need different information. Any lack of clarity and it will get messy very quickly.
If financial statements are going to be used to inform decisions to make an investment, they need to be audited against the requirements for it to be useful. If it isn’t audited there is too much risk for the user to be able to use it. Or if they do, the risks associated with this information are seen to be small.
Non-financial information is very broad but generally relates to information provided by the business. It includes sustainability information. And can cover both past and future as well as information about the business and about external factors that affect the business. For consistency with the financial statements, I will focus on sustainability information that is the business’ positive or negative contribution to sustainability. We have to knock the idea on the head that this information relates to small risks and so doesn’t need to be audited. The consequences of social and environmental impacts are felt by all of us, including investors, but over different timescales and to a varying extent depending on where and how we live. An issue that has a small effect on financial returns may have significant effects on the lives of other people. Even if the issue matters to both investors and to the people effected it may not matter to the same extent.
OK, the information in the financial statements is audited, and the amount of audit work done reflects the risk of material misstatement. So rather than saying we don’t need to audit sustainability information that is not in the financial statements, because the risks to financial returns are low, shouldn’t we leave this judgement up to the auditor? They are closer to the action and able to understand the context. If it is true that the risk is low, then there will be less audit work required (and so less cost). But now we have the same assurance that we can use the sustainability information in our decisions as we do for the financial information.
The alternative is that users do not have the assurance they need and have no choice but to ignore the information, or, and perhaps worst of all, are influenced by information that they do not know is free from risk of material misstatement.
Up until recently, national legislation has not required the audit of sustainability information. Up until recently – because the European Commission has just released Proposals for a Corporate Sustainability Reporting Directive updating the existing Non-Financial Reporting Directive, and the proposal makes
this requirement explicit. This is excellent. Without going into too much detail this has required limited as opposed to reasonable assurance, which is, as it says on the tin, limited. But it is a breakthrough that can be extended a later date. And although not specific on audit standards to be used, it does require these to be identified.
The audit of corporate sustainability reports should be based on standards that require the materiality decision to relate to the impacts of the business on people and planet, and not just to those impacts that have financial implications for the business. IAASB Guidance (non mandatory) on Extended External Reporting addresses this, especially recognising that those experiencing the impacts may not be users. The Guidance suggests that one of the users can act in the interests of those experiencing the impact. ‘Can’, but not ‘must’.
At the moment the audit report on sustainability reports generally say that the audience is the management of the company and not the investors, and that the information should not be used by anyone other than the intended user. This is tantamount to saying the information is not useful for anyone other than the managers. And so often overlooked when people talk about sustainability information being useful to investors. The existing audit reports clearly say it is not.
In finance, it’s the auditor who has the final say over the director’s materiality decisions, and whose opinion turns the information into information that can be used. Without an audit a company's sustainability report is the director's views on what is material but the information is not yet useful. It's marketing.
Without an audit a company's sustainability report is the director's views on what is material but the information is not yet useful. It's marketing
While the European Commission’s Corporate Sustainability Reporting Directive is proposing that materiality should be in the context of the impacts of the business rather than on those impacts that have financial implications for the business, it is not the only game in town. And others take a different view. For example, the IFRS proposes a Sustainability Standards Board with a focus on information that is material to investors and other participants in world markets. And shareholder primacy is a deeply embedded in international capital markets (despite being interpreted as meaning investor manager, or shareholders who are trustees, primacy).
Nonetheless, the EC’s proposed requirement for Corporate Sustainability reports to be audited and wrapped up with the financial audit is a big step forward. The risk and the complication is that, for the financial statements, the auditor acts in the interests of the investor. For the sustainability report they need to act in the interests of those experiencing the impacts. Otherwise, there is a risk that information is excluded as not posing a risk to material misstatement. This could be information that relates to different issues or to the same issue where this is much more important to those experiencing the impact than it is to the (generalised) investor.
Auditing sustainability information must mean auditing more than only what is financially material
The beauty of requiring this information to be audited would be that I get to have my cake and eat it.
How do we consider whether impacts on people or planet have, or at least risk having, implications for expected financial returns without first identifying all that matter to those affected? Only then can we assess which of these may have implications. In assessing the risk of material misstatement an audit process would have to review and comment on:
a) the controls around completeness of the assessment of all material impacts, to assess the risk that some and therefore some that are financially material, have been missed and
b) the process by which the financial implications and the materiality of those are assessed.
And probably this would need a standard way of making that assessment. Hang on – that’s part of ISA 315 above. You’ve already read it!
We could argue, as have the Australian Accounting Standards Board, that even though we may have concluded there are no implications for expected financial returns, the assumptions underpinning that assessment should be disclosed. This would mean that we, the investor – or at least our agent, the investment manager – can make their own assessment.
And in the UNDP SDG Impact standards, which provide a framework for integrating impacts on SDGs into business and investment decision making, we have a pretty good idea of what that internal control environment should look like.
Better still if the investor is using this information to compare different options. They don’t just need information on the sustainability topics, they will need information on how they have been managed. On how managers have made trade-offs which have different effects on different topics for different people. These issues are coming to the fore, for example in the UNDP SDG Impact Standards and the Pillars of the Taskforce on Climate-Related Financial Disclosures (TCFD). And the IIRC’s new International <IR> Framework and the IFRS’s sustainability consultation feedback recognise the need to filter from material impacts for those affected down to material impacts that affect investors (and other participants in world markets).
Any (useful) assurance process is going to have to consider all these issues in forming an audit opinion on the risk of material misstatement of sustainability topics that may have implications for financial returns. We all get cake!
So that’s that. Let’s recognise that audit is an amazing social innovation and now use it to protect the interests of the people experiencing the consequences of business operations, positive and negative, in the same way we use it to protect the interests of investors.
Comments