Considering the wide range of risks, opportunities and commitments
Climate change creates many risks and opportunities and requires actions and commitments that will differ across organisations. Managing these risks and opportunities is the responsibility of the directors, and it is important to consider all aspects of the strategic and commercial choices when determining the level and nature of assurance they require.
Risks will include physical and transition risks, as well as issues such as legal, financial and commercial obligations and implications. Assurance must also address the quality of programme management over the transformation that is required to meet targets and deliver on commitments. This may involve systems changes, changes to products and solutions, and behavioural change.
No two organisations will have the same assurance needs. Directors should be commercially driven by aligning their strategic priorities with their climate considerations, particularly in relation to products and services. In doing so they will identify the need to make commitments that will form the basis of the trust customers and other stakeholders have in the organisation. The risks associated with these commitments and with the commercial processes will be bespoke to the company.
As with any risk and control environment, understanding the end-to-end processes will be critical, including where accountabilities lie and where there are hand-offs between different parts of the organisation, or indeed to and from third parties. In creating a process map, the reliance on key systems and third parties will become clear. The lines of defence are central to ensuring that the system of internal control is effective across all significant systems and processes. Much of the assurance that directors require will be sourced through these functions, but the directors will need to determine where they may want particular focus or additional third-party support.
Creating an inventory of commitments
Assurance must include the disclosures that are made externally and those that form internal commitments or are the basis for key decisions such as executive remuneration. The commitments the company makes will go beyond the annual report, including those disclosed on the website or in other documents (such as sustainability reports) provided to investors, customers, suppliers or employees. Directors will want to have confidence that they are not misleading or misrepresenting their position to any of their stakeholders. However, assurance should focus on what is material to strategic decisions.
Beware of assurance pulling management effort from where it needs to be. Rather than debating whether emissions are 100 or 102.5, the debate must be on what is needed to get them to 60 and what the transition plans are.
Manchester Business School and the FRC’s 2021 report on Climate Scenario Analysis stated: “Scenarios provide hypothetical constructs of possible future states that are used to challenge prevailing assumptions and to analyse business model resilience. Climate scenario analysis helps companies to identify and prepare for the impacts that climate change will have on their business models by guiding a structured exploration of different possible futures to identify the most relevant risks and opportunities.”
As with any situation where uncertainty means assumptions and judgements must be made, there is a need to form a view on the appropriateness of those judgements, engaging individuals across all three lines of defence.
Carrying out assurance mapping and developing a meaningful AAP
Although the UK government withdrew its legislation underpinning formal reporting on an Audit and Assurance Policy (AAP), audit committees may still find it helpful to develop a policy, or at least adopt its principles in the audit committees’ discussions. ICAEW’s guidance, Developing a meaningful Audit and Assurance Policy, recommends one such tool in the form of an assurance map.
“Companies must already consider and make extensive disclosures about their risks," says Carolyn Clarke, CEO of risk and assurance specialists Brave Consultancy. "However, [an] AAP presents an opportunity to bring together, in a single place, a much more complete picture of where all the necessary assurance comes from – plus its underlying nature, and the degree to which directors rely upon it.”
In ICAEW’s report on the AAP, climate was recognised as the issue that investors and directors feel should be given the greatest focus in developing the policy. This will mean creating a framework that breaks down the sub-categories of risks associated with climate, incorporates the regulatory requirements, details the specific disclosed commitments, and then maps the assurance provided across all three lines of defence and through third-party providers.
Directors will find it helpful to consider the full range of assurance obtained over climate risks each year. This is in addition to the existing requirement to consider and approve the annual internal audit plan and to consider the nature of all audit and assurance activity undertaken by the firm’s external auditor.
Using the TCFD as a starting point
Providing disclosures aligned with the TCFD is now a requirement for a range of large companies. Many will understandably start thinking about assurance through the lens of the disclosures they are required to make (or choose to make, depending on the nature of the company). This provides a starting point that can be built out over time for both reporting and assurance. The table below outlines possible types of assurance around TCFD considerations.
TCFD pillar | Considerations | Potential assurance |
Strategy |
Sustainability goals and objectives Risk appetite and positioning Obligations and opportunities |
Real-time assurance focused on goals and outcomes Programme and change assurance over strategic transition Integrated assurance to identify opportunities |
Governance |
Board oversight Executive oversight Decision-making authorities |
Internal audit facilitation of total assurance picture and governance arrangements Development of an AAP with clarity over accountability Behavioural and culture assurance |
Risk management |
Mitigation and opportunities Nature of risks: physical, financial, transition Disaggregation of component parts |
Stress testing a range of scenarios, assumptions and judgements Agile audit and assurance, reflecting nature of risk Assurance map to address range of risks |
Metrics and targets |
Reporting and disclosure obligations Full landscape of commitments Regulatory expectations |
Potential external limited or reasonable assurance over specific disclosures or metrics End-to-end process assurance to underpin commitments Response to specific regulatory expectations |
The FRC and the Financial Conduct Authority (FCA) produced thematic reviews considering climate disclosures in July 2022, based on their research into the information provided by premium listed companies at that time on TCFD. This research indicated that most companies were complying with the TCFD’s principles and the majority of its requirements.
The FCA noted that they continued to have some concerns about elements of the quantitative reporting and whether the appropriate level of detail is provided. Among the steps the FCA recommends companies take is ensuring that they “set up compliance review and assurance processes".
The FRC’s recommendations include the need to ensure appropriate linkage between disclosures and other aspects of the annual report, such as risk disclosures.
Recommendations
Case study
Unilever clarifies its approach to sustainability commitments.
This page is part of a series
To find out more about other aspects of climate assurance, visit the hub.