Compliance Framework

Introduction

GLYNT has a large mission: to help businesses everywhere prepare and report sustainability that is as credible, reliable and useful as financial data. To support this undertaking, we have built out an extensive compliance framework. This serves our internal needs, and enables us to transparently convey to our customers and partners why GLYNT data is reliable and accurate.

Sustainability data now has accounting standards and regulatory disclosure requirements. The ground has shifted and as with financial data, sustainability data now needs established methods, internal controls, and external audits. The compliance framework organizes these requirements into a logical whole.

And compliance is at the heart of reliable sustainability data, which not only meets investor and regulatory demands, but also drives enterprise valuations. A recent roundtable of accounting experts sums it up.

On Integrated Financial-Sustainability Reporting

“Investors want a holistic view of the company. Financial data alone is not enough. Sustainability data is not enough. This leads to integrated reporting, which better communicates the value creation potential of the enterprise.”

On Sustainability Data

“The importance of the credibility, accuracy, and reliability of this information cannot be emphasized enough,”

How Will Integrated Financial-Sustainability Reporting Develop?

“Controls, controls, controls.”

Source: CPA Journal, Roundtable on Integrated Reporting

End-to-End Compliance is Required

Currently, investors and regulators have significantly lower confidence in sustainability data than in financial data. Financial data is prepared with well-established accounting standards, effective internal controls, sound data governance, and rigorous external audits. Sustainability data has lacked these processes. To remedy the confidence issue, accounting standards bodies and regulators now require sustainability data to be prepared with the same methods and frameworks as financial data.

For businesses reporting sustainability data, the new rules require a change. Either Internal systems – the ones that use ad hoc spreadsheet and manual methods to prepare data – must add internal controls and compliance frameworks, or external providers, such as GLYNT, must provide compliant data as well as compliance documentation.

This is not just a standards requirement, but a business imperative. Without end-to-end compliance, the ad hoc workflow is pushing error-prone, unreliable data into systems of record and potentially into external reporting. This can lead to fines, penalties and lawsuits; half-done compliance is risky. And obviously, using a compliant data service such as GLYNT reduces that risk.

A Shared Responsibility

GLYNT and its customers have a shared objective: Compliant and reliable sustainability data. And each party has a role to play in this outcome, end-to-end compliance is a shared responsibility. GLYNT Partners are acting on behalf of customers and are responsible for portions of customer compliance tasks.

GLYNT is responsible for delivering compliant data, and the documentation and attestations that validate that claim. The customer is responsible for how that data is used in its systems and applications. A non-compliant customer could mangle and transmute previously compliant data. GLYNT could deliver inaccurate data that blows up analytics. The shared responsibility model defines each party’s roles and responsibilities, simplifying the shared nature of end-to-end compliance.

In sum, the customer has primary source data. This is conveyed to GLYNT who prepares ready-to-use sustainability data. The data, documentation, certifications and attestation are provided to the customer. The customer then further processes the data in its own compliant systems. For internal and external audits, the customer provides its own records and the audit-ready records from GLYNT. This coordinated flow results in end-to-end compliance and reliable climate and sustainability disclosures.

Our Four Guiding Principles

The scale of GLYNT’s ambition – to produce sustainability data as rigorously as financial data – leads to a fairly sizable system of risk management, controls and monitoring. To provide focus and clarity, we have four guiding principles:

#1 Data is our Product

Every modern enterprise undertakes security and privacy measures, and possibly a SOC2 or similar audit. GLYNT is no different. But because data is our product, we take compliance up to the next level. And we share our perspectives, efforts and documentation with our customers and partners, as they rely on GLYNT to execute and lead the way. With data as our product, compliance and communication about our compliance framework and methods is a must-have product feature.

#2 Shared Responsibility

GLYNT cannot deliver customer compliance. GLYNT brings data from primary sources to the point of verified delivery, then our customers and partners use GLYNT data in their systems. Each of us has a role to play. GLYNT sets the stage for a shared framework with training, certifications, best practices and more.

#3 It’s always People, Processes and Tech

It’s tempting to rely on technology to provide security and compliance, but experience shows that people and processes play an equally important role. In fact, it is often people and processes that break down, leading to mishaps and security breaches. Processes must be documented, with clear roles and levels of access. And people must be mobilized to use the processes, with accountability.

#4 Always Ready for a World-Class Audit

The modern audit is more than checking numbers for accuracy. World-class audits check management’s logic, the risk management, and the built-in checks and balances through controls and methods that deliver reliable data. And communication – at the employee, process and company level. The tone is set at the top with clear communications. Whether you use our materials with your internal audit team or share with your external auditors, GLYNT is ready to engage in the conversations that shape customer success.

Applying the COSO Framework

Going one layer deeper, here is a summary of how GLYNT applies the COSO framework to sustainability data. COSO is a non-profit organization that helps businesses improve performance through thought leadership on internal controls, risk management, governance and fraud deterrence. Businesses around the world rely on the COSO frameworks to organize their compliance frameworks. In the US, SOX and COSO are highly aligned.

In 2019 COSO issued a white paper on how its principles apply to sustainability data. In the era of voluntary disclosures, this work was largely ignored by the environmental advocates, but in our new era of mandated disclosures and updated accounting standards, the COSO framework has moved to front and center. COSO plans to release an updated white paper in early 2023. (We will update this section of the GLYNT Compliance Framework when the white paper becomes available). To learn more about COSO, go to coso.org.

The COSO framework has been developed over several decades and is a well-documented and operational method to capture the inter-related components – and how they come into compliance – of the modern enterprise. The “COSO Cube” is a good summary.

The COSO Cube

Source: “Leveraging the COSO Internal-Control Framework to Improve
Confidence in Sustainability Performance Data,” coso.org

Application to Sustainability

As part of operationalizing the COSO guidance, GLYNT has reviewed each component of the framework in light of the differentiating aspects of sustainability data.
Objectives: The three COSO objectives are Operations, Compliance and Reporting. These apply to sustainability data.

Components: The five components also apply to sustainability data, with a few additions

It Starts at the Top. The senior team and board sets the business objectives and risk tolerance. As the producer of data that an ecosystem relies on, the GLYNT team lays out our objectives, our perspective on risks, and constantly communicates to our employees and stakeholders about the importance of everyday actions for compliance.

Analyze the Risk. What prevents GLYNT data from supporting the stated objectives? Where are the risk points? Sustainability data is a new class of non-financial data that impacts enterprise valuations. The risk surface area is broader than one might initially expect, so we have built a structured diagnostic and make the business logic connections to the bodies of controls required.

Establish the Controls. As a producer of sustainability data, we implement preventative and detective controls, and look to setting up systems that lead to clear metrics and outcomes. But sustainability data is non-financial data, so we have a particular focus on controls in these areas:

  • Data Quality (the standard data governance, verification and controls)
  • Sustainability Data Quality (with a focus on controls for the non-standard aspects)
  • Privacy and Security (standard controls)
  • Financial Data Alignment & Integration (to support integrated financial-sustainability reporting)
  • Audit Readiness (for our customers’ internal and external audit teams)

Communication. Internally, communication is key to producing a great product. Externally, our customers are relying on GLYNT to achieve their sustainability goals. Communication is central to both needs, and includes annual employee training, partner certifications, GLYNT certifications, compliance attestations, weekly updates and more.

Monitoring. Internally, GLYNT has built in monitoring and logging throughout our processes. This enables alerts, issue prevention, and root cause analysis. Monitoring is an area where people, process and tech intersect and we watch this closely. Because GLYNT works with customers to capture primary source data, one area of monitoring and alerts we have extensively built out is the coordination of status and alerts for an on-time and complete primary source data flow.

Summary

The era of mandatory climate and sustainability disclosures is here. Businesses around the globe face mandatory disclosures in 2024 and 2025 based on data from 2023 and 2024. This puts enormous pressure on finance and sustainability teams, and many must build new processes and workflows from the ground up. GLYNT supports our customers and partners with detailed, documented and market-leading frameworks for sustainability data that address regulator compliance, risk management, internal controls and governance. The result is sustainability data that is as useful, credible and reliable as financial data.

If you have comments or feedback on the GLYNT Compliance Framework, please email us at support@glynt.ai.

Last Updated: January 3, 2023

Sustainability data for
the business of climate

WHY GLYNT

Getting Started
GLYNT Data
Product Features
Thought Leadership

CUSTOMERS

CFO Buying Guide
The ESG Controller
Success Stories
Industries

PARTNERS

Work with Us
Training
AWS Marketplace
Azure Marketplace

INSIGHTS

The GLYNT Blog
Briefs
Thought Leadership
Certified Training

COMPANY

About GLYNT
Leadership
Careers
Contact Us
© 2023 GLYNT.AI, Inc. | #betterdatafortheplanet | Terms of Use | Privacy Policy | Compliance Framework