The Public Company Accounting Oversight Board (PCAOB) issued new staff guidance for auditors to use in evaluating the relevance and reliability of evidence from external sources in financial audits. Being an audit nerd, I read the report as soon as I found it online. Although the guidance is intended for financial auditors, it is equally meaningful in an ESG context.
PCAOB has found increased auditor use of/reliance on information coming from technology platforms such as social media, web data aggregators and artificial intelligence algorithms, called “external sources.” These can be valuable sources of audit evidence but they come with concerns. As PCAOB stated, “The reliability of audit evidence depends on the source and nature of the evidence and the circumstances under which it is obtained.”
The guidance provides the following considerations in evaluating the reliability of external sources of information:
- The expertise or reputation of the source
- The extent, if any, of regulatory oversight of the source
- The relationship of the source to the company being audited
- Whether the information has been originated, aggregated, or adjusted by the source
- Whether the information was reviewed or verified by the source
- Whether the information was obtained through a complex process
Under the guidance, auditors are to apply professional judgment in making these determinations on a case-by-case basis.
I find it interesting that these considerations apply perfectly well to ESG data and ratings frameworks, and are aligned with much of that public dialog underway.
What This Means
The PCAOB’s guidance document may be a blueprint for what a future SEC proposal would look like concerning ESG data/ratings. The guidance lays out key information risks that a rule would likely address.
If you provide ESG data aggregation, management or ratings: Read this guidance and consider how the concepts may impact your processes/systems. It also give you an idea of how auditors would likely frame ESG audits of customers using your services. Continue monitoring PCAOB, SEC and FASB developments in this space.
If you are a company providing ESG disclosures: Consider applying this guidance when generating and evaluating your ESG data.
If you are an auditor (internal or external): Become familiar with the guidance and think about how you might use it in the field. It would be worth drafting some criteria or thoughts around how you would apply PCAOB’s suggestions to ESG audits of different scopes.