Listen on Apple Podcasts, Spotify and YouTube.
Welcome to AccelPro Audit, where we provide expert interviews and coaching to accelerate your professional development. Today we’re featuring a conversation with Jim Pelletier, Senior Product manager at Wolters Kluwer.
Pelletier talks us through gathering effective data for ESG reporting, why it's important for auditors to develop relationships with other operational leaders, and how they can develop mature processes and controls around data collection and reporting.
He stresses the need for transparency in audit. “And the way we get there is by having reporting standards in place, so it's understood what an organization is required to report. What metrics need to be in place? What is the type of data that the public needs to be able to see and the investors need to be able to understand? Those standards need to be in place.”
Listen on Apple Podcasts, Spotify and YouTube.
Jim Pelletier‘s Wolters Kluwer TeamMate profile.
TRANSCRIPT
I. FACING THE PAIN POINTS OF ESG REPORTING
Alizah Salario, Host: I want to set the stage and provide a bit of context about the current state of ESG reporting. We know that businesses are required to comply with ever evolving regulations, and they're also faced with standardizing that data from a bunch of different sources, including the third party sources and internally. In other words, before businesses can disclose and comply with ESG standards, they need to gather data, and in order to gather that data, they need a system to collect it, which is easier said than done. What's the challenge for auditors who are currently trying to gather that granular investor grade data to conduct an ESG audit?
Jim Pelletier: That's a great place to start. There are three areas that I think are really challenging today for auditors in this space. One is the complexity of the regulatory environment or the standard setting environment. There's a lot of players. There's not a single reporting or disclosure standard that's universal around the world.
You have a lot of folks involved in the game, and so it's not necessarily clear what organizations need to report on. Now, depending on where you are in the world, there may be a very clear regulation, but, at least here in the United States, that's not really laid out in stone quite yet.
The complexity of the environment is number one. Number two, getting inside of an organization is looking at the maturity of the underlying business processes. We've been doing financial reporting for years and finding—hopefully, in most organizations—maturity in underlying business processes on that side, but I don't know that we're quite there on the non-financial side or the ESG related side. Understanding those business processes and what data they produce is going to be a challenge that most organizations will face.
And then the third one I'll say broadly within an organization is the maturity of the organization's overall data governance structure. That's everything that an organization does to make sure that data is available, complete, accurate, usable, and secure. What policies and processes are in place? Does it apply to data holistically, or is it focused on the financial side of the house? That data governance structure is something that I think auditors really could start with to get an understanding of what's required in their organization and what policies are in place.
AS: You bring up a really important point when you mentioned the maturity of governance structures. Auditors have been developing these processes and controls around gathering and reporting financial data for decades. And even though ESG has been around for a while now, it's still a relative newcomer. Naturally the processes around ESG data are going to become more mature and more rigorous over time. What needs to happen in order for them to really become more disciplined and developed?
JP: Auditors are really going to have to start from scratch, even more so than we did when Sarbanes Oxley hit. There was a lot of panic in terms of what are we going to do and CFOs not wanting to go to jail for not having proper controls in place. But when I look at the breadth and depth of ESG we really got to drill down into that level.
One, ramping up your knowledge in that space as an auditor is going to be key, so that you can start asking the right questions. Whether it's through training or reading or conferences or listening to podcasts like this, whatever it takes to get that base knowledge up so that you can start asking the right questions, so you understand these processes and where the data comes from.
Next is having the right relationships with the right people in your organization, the right leaders and business contacts across the organization that have responsibilities in the ESG space. You need people that understand how things work and, frankly, can intelligently discuss their risks and controls even if they're not formalized. You have to start those conversations somewhere. I think that's making sure you have the right relationships.
And then I think you have to roll up your sleeve and start to document processes. Document risks and controls. Incorporate these things into your ERM and GRC processes. Starting with the basics, I think, is what auditors need to do here.
AS: Another one of the differences between reporting and disclosing financial data versus ESG data is, with ESG data, we're also looking to create new controls and meet targets like reducing carbon emissions or setting timelines to switch to more sustainable materials for a particular product. How does this both present an opportunity and a challenge for auditors?
JP: The challenge is that a lot of this is going to be new for the organization. Processes will lack maturity and proper data governance. That's going to be the biggest challenge, getting to the data that we need and understanding where that data is coming from, and being able to know what the data represents, what it truly represents.
There’s two pieces to the opportunity side. Auditors can put on their advisory caps and they can help to ensure that the business is establishing well designed and efficient processes and controls from the very beginning. We have an opportunity to help them to understand what makes a good control, what makes a good process, and how do we get those things established from the very beginning?
The other piece, and I think this is a really big opportunity for internal auditors, is to take the lead in what I call integrated assurance. How do internal auditors coordinate with other assurance function within the organization? What is the risk team doing in this space? What is the compliance team doing? Is there an environmental health and safety team? What are they doing? Can I rely upon some of the work they're doing so I can free my internal audit team up to do other, more strategic things?
You can paint a holistic picture of assurance to management and the board, because nothing looks worse than a chief audit executive going into the board and telling one story and a Chief Compliance Officer going in and telling a slightly different story and a Chief Risk Officer going in and telling another. You can imagine that starts to look pretty ridiculous over time. Internal Audit has an opportunity to step up and take the lead in that space, so that they go in with one cohesive story that talks about where they align, where they don't align, why they have differences of opinions on things.
–
II. ESG DATA COLLECTION AND DISCLOSURE
AS: You mentioned risk, and in a conversation about data, we need to talk about privacy. What are some of the security concerns with ESG data gathering and our internal auditors raising the issues right now?
JP: I think you're going to see a lot of the same type of concerns that you have with any type of data. And privacy is going to be a piece of that because as we get into particularly the social aspects are likely going to involve a degree of sensitive type data, perhaps. And so, the same types of things that we do to protect data today have to be applied here. And again, it goes back to those data governance structures that we talked about a little bit earlier. Is the organization putting the right policies and procedures in place to have proper oversight of data governance in the organization?
As we look at these new types of data that we're analyzing now from an ESG perspective, we have to ask ourselves those same questions. Where is this data coming from? How did we collect this data? Where are we storing this data? All of those things need to be thought through, and the proper controls need to be put in place all along the way, just like any type of data that you consider with the organization. It's important to get a sense of what solutions are being used to integrate data, and then in turn, help map that data to the relevant ESG standard.
AS: Can you give us an example of what this looks like on the ground?
JP: Yeah, and I think that's a great place to go. We know that the breadth and depth of ESG is going to take a lot of company resources for them to get to where they need to go. And data integration, I think, is going to be really critical. What I mean by that is, with the breadth and depth of ESG, you're collecting potentially data from multiple systems in the organization.
Some of that might be manual, some of that might be in spreadsheets.
Whatever it happens to be, you need a place where you can bring all that data into one place. That's your big starting point, data integration and a solution that can do that well is critical, because then I can do the analysis I need to do; I can summarize that.
Now, beyond that, I think we're seeing an opportunity for organizations to start to deploy algorithms and things like natural language processing to help ensure that data integrity is there and to ultimately help to ensure the quality of ESG data. We can leverage some of those technologies.
One example is language processing. You can analyze vast amounts of text, look for gaps and inconsistency, and check for conformance with known reporting standards; you can leverage things. The technologies that you're already seeing within chatGPT and large language models can help you to review vast amounts of textual data and help you to identify any anomalies in that data.
The other thing I'd say with that is companies who are truly embracing ESG are also looking into leveraging things like predictive analytics. That’s where they can look to tie different factors within ESG to financial performance. Because I want to ultimately be able to say that some of these efforts that I'm taking are going to actually improve the value of my organization over time.
For example, how can gaining a better understanding of emissions help me to better control costs? If I look at the emissions of my organization across everything that we do, can I get a better understanding to help me to control my costs and maybe improve my profitability? For a more future looking perspective, how do my emissions impact profitability in the long term? And if I can look into the future like that, based on the data that I have today, it can really help me to make some good decisions today that can make me more profitable in the future.
AS: I want to take a step back now and talk about what all this means for the auditor. Asking auditors who've spent their careers working with financial data to also address ESG data requires a mental shift as well as a practical one. For example, with ESG, there's a different threshold of materiality and that can impact decision making. What does it mean for the role of the auditor?
JP: We can't repeat the mistakes that we first made around IT auditing. When I go back 20 years ago, we looked at IT auditing as this separate special thing, and we created a new class of auditor that would only do that job. And I think we wasted, frankly, a lot of time not building up the skill sets of our teams so that everyone can address at least basic issues in information technology as part of every audit.
I use that as a parallel to ESG, which is going to be part of everything that we do going forward. It's going to be embedded in so much of the fundamental processes that organizations are undertaking. We just need to incorporate that fundamental knowledge with every auditor.
I would encourage folks to not look at, I need to hire a couple of ESG folks and that's going to be their job. And they're going to be over in the corner doing their ESG stuff. I would look at it as we need to upskill our entire team, just like we've learned over time with IT, so that we are all intelligent enough to ask the right questions when it comes to environmental issues or social issues.
We’ll be intelligent enough that when the technical nature of what we're asking goes beyond our skillset we know we need to bring in additional expertise. We're not going to get every auditor up to that level, but we at least need to get to the level of knowing the right questions to ask and when they should and should not dive deeper.
AS: I want to hone in on data collection and disclosure. When it comes to the S in ESG, or the social aspect, getting metrics on pollutants or measuring a carbon footprint is really different from measuring social ills like human trafficking, child labor, or the health and safety of a work environment, which all fall under that social umbrella. How can auditors gather data on these practices? And once they have it, what's their responsibility along with other operational leaders to make change?
JP: Again, it’s going to go back to relationships. Who are the right people to talk to? Do you have a seat at the table when you're talking about these types of issues? Because oftentimes these are sensitive issues, both by the nature of the issue itself, but also from the fact that these issues can have a pretty dramatic impact on an organization's reputation.
You're talking about things that can get real ugly real fast. It's important for auditors to understand that this may not be the traditional sort of thing that we're used to auditing, but the risk to my organization is significant and I need to be part of that conversation. I need to apply my objectivity as an auditor to that conversation, and I need to have the ability to go to senior management and the board to have conversations about these things so that I can bring that objective perspective to them because of the nature of these types of risks. I think that’s key.
The other piece I'd add there is, these types of risks need to be included if you have ERM or GRC practices within your organization. These types of risks need to be included in that as well. We can't ignore the elephant in the room.
AS: I want to dig into the accountability and transparency aspect of what you just said. What happens when, for example, companies gather more sophisticated data and it reveals something that might negatively impact the company's image with stakeholders? What's done to ensure transparency and to move forward in a positive, productive way?
JP: I think the need for good transparency here is really important. And the way we get there is by having reporting standards in place, so it's understood what an organization is required to report. What metrics need to be in place? What is the type of data that the public needs to be able to see and the investors need to be able to understand? Those standards need to be in place.
That's part of the challenge that we're facing today. It's not always clear what those standards are. It's not always clear that every organization is going to report data in a similar fashion. And in order for things to be investor grade and to be able to compare one company to the next, I need to have that type of consistency and standardization. I think that's a critical piece.
The other side of that then, of course, is the proper degree of assurance over that data and what data's being reported. Both internal assurance and internal auditors and even compliance functions and risk functions can provide varying degrees. Having an outside party, your external auditors, come in to validate the completeness and accurateness of this data.
I think those are the things that need to come together. You need to understand what the reporting requirements are, have some standardization on the type of data that needs to be reported, and then you have to have the proper assurance in place.
And this is an opportunity for internal auditors, knowing that this is coming in one way or another. It's going to develop over the next few years. You can get started now and you can help your company to be prepared, to do the right thing when it comes to this type of data.
–
III. THE PAST AND FUTURE OF ESG REPORTING
AS: As I mentioned, you're currently a Senior Product Manager at Wolters Kluwer, but before that, you held a number of roles at the IIA. And you are also the city auditor for the city of Palo Alto and the chief of audits for San Diego County. Sometimes when we look back on our careers, all the dots connect, but when you're at the beginning or the middle, it's not always clear how everything is connected. Looking at the diversity of your experience, can you tell us if there's a common theme that you see connecting your path?
JP: I'll start by saying I've been really lucky. I've had a series of really interesting positions that have allowed for a lot of personal growth. Starting in the corporate sector, I worked for some of the largest corporations in the world, then moved into the public sector, and worked in the county, in the city, etc. I spent 10 years with the Institute of Internal Auditors and worked with some of the giants in the profession of internal auditing and learned from them.
For me I never thought I would have a career in internal audit, but it's been one of the most exciting things that I've had to do because we are able to have such a positive impact on organizations when we do our job well.
Transitioning to Wolters Kluwer and specifically to our teammate product, which is our audit management solution, was a great opportunity. I got to leverage all that knowledge and experience I've gained about the profession and apply that to building better solutions for internal auditors.
The tie has always been my passion for internal audit. I like to believe that I've become an expert in that space. And to be able to share that back now through teammate auditors is fantastic.
AS: I want to pick up on something you mentioned throughout our interview, which was relationship building. And I always like to ask my guests about who they turn to for help. Do you have a sounding board for when you're facing a difficult career decision or a challenging situation comes up?
JP: I think it's important to have a strategy that really works for you in terms of mentorship, and the right mentor. It’s about identifying leaders who I feel like I can trust, and who are willing to take the time to listen to what I'm concerned about and provide really honest feedback—the kind of folks that can slap you upside the face if they need to in order to get you to realize that maybe you're thinking in the wrong direction.
AS: The last thing I want to ask you is about what's next. We know that ESG is a dynamic space, which is both what's exciting and what's challenging about it. What do you see on the horizon and where do you see yourself in the ESG environment?
JP: I think on the horizon, frankly, what we'll continue to see, or at least I hope, is a more balanced view of how business value is defined. Early in my career, I worked for a large global corporation who was very focused on short term net income growth. Quarter after quarter, they made those short term net income numbers, whatever they needed to do to get them. But when the economic challenges in the late 2000s hit, that organization wasn't ready for it. They couldn't withstand it, and so the organization doesn't look the same as it did back in the very successful days of the early 2000s.
I think there should be a shift to a more balanced thinking of, I need to make money today. I get that investors want money today, but they also want long term value. They also want to know that they can rely on this company creating value over time.
More practically, I think we're going to see increasing pressure on regulators and standard setters to get aligned around reporting and disclosure requirements. Ultimately, we need to get to a more mature state where we have a single well-defined set of reporting requirements to ease that burden on organizations so that they can focus on doing good things with this data that they're collecting.
Listen on Apple Podcasts, Spotify and YouTube.
This AccelPro audio transcript has been edited and organized for clarity. This interview was recorded on March 28, 2024.
AccelPro’s expert interviews and coaching accelerate your professional development. Our mission is to improve your day-to-day job performance and make your career goals achievable.
Send your comments and career questions to questions@joinaccelpro.com. You can also call us at 614-642-2235.
If your colleagues in any sector of the audit field might be interested, please let them know about AccelPro. As our community grows, it grows more useful for its members.