In reading over my daily deluge of ESG information, I was reminded of the SEC’s Human Capital Management (HCM) rule which went into effect three years ago. The rules are principles-based and provide a lot of room for discretion and ambiguity – which is why wheels are turning to make changes. Much of the emphasis in company HCM reporting to date has been on DEI and how issuers generally manage, develop, and retain their workforce. But employee health and safety policies and statistics can be included – and may be explicitly part of SEC’s future proposed updates.
Safety professionals and auditors are accustomed to having their work reported to OSHA, but not many know their work could be used in SEC reporting under the current HCM rules. Longer term, employee safety information could be part of updated rules – but those aren’t imminent nor is it yet known exactly what those will look like. My experience with site level ESG data like injury/safety performance statistics gives me pause about whether that data is “ready for prime time.”
Similar to other ESG topics, HCM disclosures are outside the financial statements and associated assurance, but that doesn’t mean it is okay to report data that is incorrect or unverified. Companies should follow established internal controls and ensure reported safety data/statistics are validated before they are disclosed. Our recent podcast with Shari Littan, one of the primary authors of COSO’s new guidance “Internal Controls over Sustainability Reporting” (ICSR) goes over why existing controls may not work, how ESG data differs from financial data and how to address these gaps. Safety professionals should become very familiar with ICSR and other disclosure control mechanisms in place by companies – these will only increase in importance.
