Sustainability data now has accounting standards and regulatory disclosure requirements. The ground has shifted and as with financial data, sustainability data now needs established methods, internal controls, and external audits. The compliance framework organizes these requirements into a logical whole.
And compliance is at the heart of reliable sustainability data, which not only meets investor and regulatory demands, but also drives enterprise valuations. A recent roundtable of accounting experts sums it up.
On Integrated Financial-Sustainability Reporting
“Investors want a holistic view of the company. Financial data alone is not enough. Sustainability data is not enough. This leads to integrated reporting, which better communicates the value creation potential of the enterprise.”
On Sustainability Data
“The importance of the credibility, accuracy, and reliability of this information cannot be emphasized enough,”
How Will Integrated Financial-Sustainability Reporting Develop?
“Controls, controls, controls.”
Source: CPA Journal, Roundtable on Integrated Reporting
End-to-End Compliance is Required
For businesses reporting sustainability data, the new rules require a change. Either Internal systems – the ones that use ad hoc spreadsheet and manual methods to prepare data – must add internal controls and compliance frameworks, or external providers, such as GLYNT, must provide compliant data as well as compliance documentation.
This is not just a standards requirement, but a business imperative. Without end-to-end compliance, the ad hoc workflow is pushing error-prone, unreliable data into systems of record and potentially into external reporting. This can lead to fines, penalties and lawsuits; half-done compliance is risky. And obviously, using a compliant data service such as GLYNT reduces that risk.
A Shared Responsibility
GLYNT is responsible for delivering compliant data, and the documentation and attestations that validate that claim. The customer is responsible for how that data is used in its systems and applications. A non-compliant customer could mangle and transmute previously compliant data. GLYNT could deliver inaccurate data that blows up analytics. The shared responsibility model defines each party’s roles and responsibilities, simplifying the shared nature of end-to-end compliance.
Our Four Guiding Principles
#1 Data is our Product
Every modern enterprise undertakes security and privacy measures, and possibly a SOC2 or similar audit. GLYNT is no different. But because data is our product, we take compliance up to the next level. And we share our perspectives, efforts and documentation with our customers and partners, as they rely on GLYNT to execute and lead the way. With data as our product, compliance and communication about our compliance framework and methods is a must-have product feature.
#2 Shared Responsibility
GLYNT cannot deliver customer compliance. GLYNT brings data from primary sources to the point of verified delivery, then our customers and partners use GLYNT data in their systems. Each of us has a role to play. GLYNT sets the stage for a shared framework with training, certifications, best practices and more.
#3 It’s always People, Processes and Tech
It’s tempting to rely on technology to provide security and compliance, but experience shows that people and processes play an equally important role. In fact, it is often people and processes that break down, leading to mishaps and security breaches. Processes must be documented, with clear roles and levels of access. And people must be mobilized to use the processes, with accountability.
#4 Always Ready for a World-Class Audit
The modern audit is more than checking numbers for accuracy. World-class audits check management’s logic, the risk management, and the built-in checks and balances through controls and methods that deliver reliable data. And communication – at the employee, process and company level. The tone is set at the top with clear communications. Whether you use our materials with your internal audit team or share with your external auditors, GLYNT is ready to engage in the conversations that shape customer success.
Applying the COSO Framework
Going one layer deeper, here is a summary of how GLYNT applies the COSO framework to sustainability data. COSO is a non-profit organization that helps businesses improve performance through thought leadership on internal controls, risk management, governance and fraud deterrence. Businesses around the world rely on the COSO frameworks to organize their compliance frameworks. In the US, SOX and COSO are highly aligned.
In 2019 COSO issued a white paper on how its principles apply to sustainability data. In the era of voluntary disclosures, this work was largely ignored by the environmental advocates, but in our new era of mandated disclosures and updated accounting standards, the COSO framework has moved to front and center. COSO plans to release an updated white paper in early 2023. (We will update this section of the GLYNT Compliance Framework when the white paper becomes available). To learn more about COSO, go to coso.org.
The COSO framework has been developed over several decades and is a well-documented and operational method to capture the inter-related components – and how they come into compliance – of the modern enterprise. The “COSO Cube” is a good summary.
The COSO Cube
Confidence in Sustainability Performance Data,” coso.org
Application to Sustainability
Components: The five components also apply to sustainability data, with a few additions
It Starts at the Top. The senior team and board sets the business objectives and risk tolerance. As the producer of data that an ecosystem relies on, the GLYNT team lays out our objectives, our perspective on risks, and constantly communicates to our employees and stakeholders about the importance of everyday actions for compliance.
Analyze the Risk. What prevents GLYNT data from supporting the stated objectives? Where are the risk points? Sustainability data is a new class of non-financial data that impacts enterprise valuations. The risk surface area is broader than one might initially expect, so we have built a structured diagnostic and make the business logic connections to the bodies of controls required.
Establish the Controls. As a producer of sustainability data, we implement preventative and detective controls, and look to setting up systems that lead to clear metrics and outcomes. But sustainability data is non-financial data, so we have a particular focus on controls in these areas:
- Data Quality (the standard data governance, verification and controls)
- Sustainability Data Quality (with a focus on controls for the non-standard aspects)
- Privacy and Security (standard controls)
- Financial Data Alignment & Integration (to support integrated financial-sustainability reporting)
- Audit Readiness (for our customers’ internal and external audit teams)
Communication. Internally, communication is key to producing a great product. Externally, our customers are relying on GLYNT to achieve their sustainability goals. Communication is central to both needs, and includes annual employee training, partner certifications, GLYNT certifications, compliance attestations, weekly updates and more.
Monitoring. Internally, GLYNT has built in monitoring and logging throughout our processes. This enables alerts, issue prevention, and root cause analysis. Monitoring is an area where people, process and tech intersect and we watch this closely. Because GLYNT works with customers to capture primary source data, one area of monitoring and alerts we have extensively built out is the coordination of status and alerts for an on-time and complete primary source data flow.
The era of mandatory climate and sustainability disclosures is here. Businesses around the globe face mandatory disclosures in 2024 and 2025 based on data from 2023 and 2024. This puts enormous pressure on finance and sustainability teams, and many must build new processes and workflows from the ground up. GLYNT supports our customers and partners with detailed, documented and market-leading frameworks for sustainability data that address regulator compliance, risk management, internal controls and governance. The result is sustainability data that is as useful, credible and reliable as financial data.
If you have comments or feedback on the GLYNT Compliance Framework, please email us at email@example.com.
Last Updated: January 3, 2023