CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

The Public Company Accounting Oversight Board (PCAOB) issued new staff guidance for auditors to use in evaluating the relevance and reliability of evidence from external sources in financial audits. Being an audit nerd, I read the report as soon as I found it online. Although the guidance is intended for financial auditors, it is equally meaningful in an ESG context.

PCAOB has found increased auditor use of/reliance on information coming from technology platforms such as social media, web data aggregators and artificial intelligence algorithms, called “external sources.” These can be valuable sources of audit evidence but they come with concerns. As PCAOB stated, “The reliability of audit evidence depends on the source and nature of the evidence and the circumstances under which it is obtained.”

The guidance provides the following considerations in evaluating the reliability of external sources of information:

  • The expertise or reputation of the source
  • The extent, if any, of regulatory oversight of the source
  • The relationship of the source to the company being audited
  • Whether the information has been originated, aggregated, or adjusted by the source
  • Whether the information was reviewed or verified by the source
  • Whether the information was obtained through a complex process

Under the guidance, auditors are to apply professional judgment in making these determinations on a case-by-case basis.

I find it interesting that these considerations apply perfectly well to ESG data and ratings frameworks, and are aligned with much of that public dialog underway.

What This Means

The PCAOB’s guidance document may be a blueprint for what a future SEC proposal would look like concerning ESG data/ratings. The guidance lays out key information risks that a rule would likely address.

If you provide ESG data aggregation, management or ratings: Read this guidance and consider how the concepts may impact your processes/systems. It also give you an idea of how auditors would likely frame ESG audits of customers using your services. Continue monitoring PCAOB, SEC and FASB developments in this space.

If you are a company providing ESG disclosures: Consider applying this guidance when generating and evaluating your ESG data.

If you are an auditor (internal or external): Become familiar with the guidance and think about how you might use it in the field. It would be worth drafting some criteria or thoughts around how you would apply PCAOB’s suggestions to ESG audits of different scopes.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile