Reasonable assurance: Philips puts data scrutiny first
Simon Braaksma - Senior Director, Sustainability Reporting
External assurance of sustainability reports, data or content in annual reports aims to enhance the credibility of companies’ disclosure on non-financial or Environmental, Social and Governance (ESG) efforts. It is, however, a time-intensive process - partly due to the wide scope and diversity of issues addressed. Companies going through this process with their auditors need to give proof of both their commitment and their higher ESG integration. Philips, a company with a longstanding reputation as a sustainability leader, demonstrates how it gives confidence to stakeholders by having its non-financial disclosure reasonably assured by its auditor – Ernst & Young (EY).
‘Reasonable assurance’ – the level of confidence that an auditor needs to attain in order to approve financial statements and confirm that they are not materially misstated – is the legal requirement for financial reporting. But there is still an exception for sustainability reporting. For ‘limited assurance,’ less evidence is required and fewer tests are expected to be performed, with smaller sample sizes than for a reasonable assurance. Therefore, the risks of material misstatement are potentially higher than they appear.
Philips’ journey to integrated reporting
Philips published its first environmental annual report in 1999, the same year that the Global Reporting Initiative (GRI) released its first-ever draft of the Sustainability Reporting Guidelines. In 2003, Philips expanded this into a sustainability annual report, which provided details of the company’s social and economic performance, as well as its environmental results. From 2008 onward it moved into publishing integrated reports.
It is now generally accepted that companies need to manage and report on their sustainability performance. In 1999, a mere handful of companies disclosed their performance in this space but today, according to KPMG, an impressive 93 per cent of the world’s largest companies now report on their sustainability performance. The number of companies with externally assured GRI reports rose from 29 per cent in 2008 to 45 per cent in 2013 - and only 10 per cent in the US in 2013. However, reports meeting limited or reasonable assurance standards were still at low levels, especially in the case of the more stringent standard.
Sustainability reporting has gathered both speed and momentum during this time, evolving into a process that helps businesses align their goals and strategies and mitigate risks. Studies show that organizations that factor in material non-financial issues outperform those that do not. Reporting on those material issues in a way that investors can trust thereby constitutes a strong foundation for companies aiming for long-term, positive financial performance.
The reporting landscape is constantly changing and is challenging to navigate; simply reporting on sustainability performance is no longer enough. According to the Global Insights Report, in the last three years alone ESG-related regulations grew by more than 100 percent across the UK, US, and Canada, indicating that the ESG regulatory landscape is evolving fast. In order to build and maintain trust from stakeholders, businesses must be transparent in their approach and be able to provide hard evidence that supports their claims. The recent European Non-Financial Reporting Directive is only one example of this type of regulation, which Philips complies with through its integrated report.
Sustainability assurance challenges
Being able to present reliable, convincing, and verified data is therefore crucial to establish credibility, accuracy, and relevance of a company’s sustainability efforts. To achieve this, some companies include sustainability reporting in their external assurance process. This third-party verification of the report content varies in scope: from greenhouse gas (GHG) emissions data to the materiality analysis process itself. The assurance allows, through controls of certain data, to demonstrate that information were compiled in a systematic, documented and evidence-based manner through a traceable procedure. Obtaining this verification will enable a company to assure its internal and external stakeholders that its disclosures are transparent and trustworthy.
At first glance, it might seem natural to look to a company’s financial auditors for assurance on sustainability. However, several facets of sustainability reporting contrast quite distinctly to the financial. In financial reporting, providing assured data via external audit is straightforward enough, with clear objectives and long-established procedures existing in the accounting process.
For non-financial disclosure assurance, two main frameworks exist:
ISAE 3000: developed by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC). The parameters in ISAE are similar to traditional financial statement auditing. They focus on ethical requirements, evidence gathering and evaluation.
AA1000AS: developed by AccountAbility, a non-profit organization. It focuses on assessing the enactment of four principles: inclusivity, materiality, responsiveness and impact.
These approaches can be complementary but are both time and resource intensive, partly due to the range of topics disclosed by companies.
Philips’ approach to non-financial data assurance
For Philips, it was a given that its sustainability efforts should be externally assured – credibility of data is essential. Simon Braaksma, Senior Director, Sustainability Reporting, says that the company has been committed to sustainability for many years and that part of this commitment is to provide data in a way that stakeholders can trust.
Core to Philips’s approach is that sustainability is not an add-on to their business: it is integral and integrated. To achieve that, their approach to financial and non-financial data needed to be aligned. For Braaksma, it is important that stakeholders find the company’s non-financial disclosures as trustworthy as its financial data, meaning that reasonable assurance on all data, including materiality levels, needs to be obtained. As such, auditors were presented with the materiality analysis process and raw data to understand how material topics were determined using Datamaran. ING also suggests there is a convergence of financial and non-financial data.
The value of reasonable assurance when compared to limited assurance is implicit in the language used by auditors. In limited assurance, the auditor’s conclusion takes the form of a non-committal, almost defensive statement such as: “Nothing has come to our attention that causes us to believe that the report is not fairly stated.” In reasonable assurance, the conclusion is expressed in a more affirmative fashion: “In our opinion, this report is, in all material respects, fairly stated."
In a constantly evolving regulatory landscape, Braaksma believes that obtaining reasonable assurance now will help prepare the company for any updates to the EU’s Non-Financial Reporting Directive: “In the future we will be expected to have assurance on the regulatory side, but that won’t happen overnight,” he says. “If the EU says it’s the next step, let it come, we are at that stage already.”
“What we now have with Datamaran is a process that is not only extremely auditable but also, in my opinion, provides a far deeper insight into a broader stakeholder group than these 20 or 30 people that you would normally invite to a stakeholder engagement session.”
Simon Braaksma, Senior Director, Sustainability Reporting at Philips
Internal controls and reasonable assurance
“You can only have reasonable assurance if you have good internal controls,” he continues. “You need a good internal control framework and processes. You also need to find an auditor who is willing to work with you on this.” Philips has chosen to use EY, which already audits its financial reporting, rather than bringing in another third party to deal with non-financial data. In the Netherlands, assurance of sustainability reports is done according to a national standard based on the ISAE 3000, which was used for the assurance process by EY.
This brings us to perhaps the greatest challenge: identifying and justifying which topics are material and should be presented in the report to show how they are addressed. Philips was no exception. “What we did in the past regarding stakeholder engagement and materiality analysis in particular is going through a pretty manual process whereby we invited stakeholders to an event,” explains Braaksma. “We had a good afternoon of discussions and then put a report out.”
In order to be able to conduct reasonable assurance of their non-financial data, Philips needed to implement a more reliable, traceable, and systematic solution, which is why they turned to Datamaran. Datamaran provides a consistent methodology and rationale on materiality analysis in line with major external assurance standards such as AA1000AS and ISAE3000. Its approach, which quantifies qualitative information and covers key stakeholders, is fully auditable by default. Every step of every stage is documented and rationalized with all raw data traceable to the source.
Reasonable assurance powered by Datamaran
Using Datamaran, Philips was able to redesign business processes and improve internal controls over data, and ultimately build its materiality matrix, harnessing Datamaran’s technology to implement an improved materiality analysis process. According to Braaksma, “what we now have with Datamaran is a process that is not only extremely auditable but also, in my opinion, provides a far deeper insight into a broader stakeholder group than these 20 or 30 people that you would normally invite to a stakeholder engagement session.” In other words, Datamaran leverages the informational value available across multiple publicly available sources representing stakeholders’ voices, and aggregates it in a comprehensive and dynamic assessment explaining why certain topics are material.
As described in Philips’ 2018 annual report, the materiality matrix was built using an evidence-based approach to materiality analysis, powered by Datamaran. “By applying Datamaran’s automated sifting and analysis of millions of data points from publicly available sources, including corporate reports, mandatory regulations, and voluntary initiatives, as well as news and social media, we identified a list of topics that are material to our business,” the report explains. “With this data-driven approach to materiality analysis we have incorporated a wider range of data and stakeholders than before and managed to get an evidence-based perspective into regulatory, strategic, and reputational risks and opportunities.”
An auditor perspective
Even for a company as large as Philips, it is difficult to keep up to date with all the relevant developments (peer disclosure, applicable legislation, voluntary initiatives, news etc.) around the world that affect the industry. Datamaran’s software-as-a-service (SaaS) platform is designed to enable companies to monitor and analyze emerging non-financial risks and opportunities on a continuous basis. By automating what has often been a manually generated analysis, efficiency, and accuracy are greatly improved. Each step of the analysis and every data point are fully traceable to each individual data source, which makes the materiality process easily assured.
It may seem surprising that with all the talk about sustainability, Philips is among the few companies that apply reasonable assurance to their non-financial reporting. In the words of its auditor, EY: “Philips is indeed at the forefront of integrating sustainability into business-as-usual. Having its sustainability data reasonably assured is a testimony of Philips’ commitment. Datamaran has certainly facilitated the assurance process by providing a proper audit trail of their materiality process.” Phillips may not be the first, but for companies that are truly committed to sustainability, it is a lead that would be natural to follow.
Datamaran is the only software analytics platform in the world that identifies and monitors external risks, including ESG. Trusted by blue-chip companies and top tier partners, it brings a data-driven business process for external risk and materiality analysis. In house - at any time.
Datamaran’s patented technology offers real-time analytics on strategic, regulatory and reputational risks, specific to your business and value chain.
- Gain a clear view of risks and opportunities tied to ESG, geopolitical, technology and emerging issues - with the power of patented technology;
- Monitor these material and emerging risks through live dashboards; and
- Strengthen risk management, Board oversight and annual reporting with credible data and real-time insights.
Already a Datamaran User?
Watch the video to exploring how Datamaran can support your audits and assurance needs. You will see how you can use Datamaran’s Data Export function to provide evidence of your materiality analysis to your internal and external auditors.