A roadmap for managing ESG risks

Fraud examiners don’t need cutting-edge techniques to fight fraud in the burgeoning area of environmental, social and governance (ESG) initiatives. They can simply build on existing tools and guides to mitigate those risks, according to the latest report from the ACFE and Grant Thornton LLP, Managing Fraud Risks in an Evolving ESG Environment.

“Even though these risks are expanding and evolving, we don’t need to recreate the wheel; we just need to add them to our existing risk registers as we work to identify, evaluate and address fraud risks comprehensively,” says Andi McNeal, CFE, ACFE’s vice president of education.

Setting standards

Financial markets and regulators are increasingly scrutinizing the accuracy of companies’ ESG claims and holding their feet to the fire on such promises. (See “Green gremlins,” by Paul Kilby, Fraud Magazine, March/April 2022.) Failing on commitments to social justice or the environment can cause irreparable damage to an organization’s reputation. But navigating those risks is complicated as rules and standards for ESG compliance are still evolving. Indeed, the Securities and Exchange Commission (SEC) only just proposed ESG disclosure rules in May. (See “SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices,” SEC, press release, May 25, 2022.) Without clear and consistent guidelines, there’s greater opportunity for fraud. That’s where fraud examiners come in.

“The Grant Thornton-ACFE report helps outline the potential threat of ESG fraud risks for organizations and explains how organizations can work with anti-fraud practitioners to shore up their ESG programs,” says James Ruotolo, CFE, senior manager in Grant Thornton’s Fraud & Financial Crimes practice. “CFEs have an important role to play in mitigating the new fraud risks related to ESG programs.”

An updated taxonomy

In their critical role as fraud risk managers, CFEs often turn to ACFE’s Fraud Tree with its handy breakdown of schemes to determine their organizations’ financial fraud vulnerabilities. And to help manage ESG fraud risks, Grant Thornton has added another branch to the tree with a category for nonfinancial reporting fraud to accompany the corruption, asset misappropriation and financial statement fraud branches. (See page 14 of the report for the updated ESG taxonomy and for the traditional Fraud Tree.)

“ESG covers so many areas of risk that it can be a challenge to know where to start when incorporating them into your fraud program. So, the goal of the report was to provide anti-fraud professionals and organizational leaders with practical, accessible guidance to integrate ESG considerations into their existing anti-fraud initiatives,” says McNeal.

Putting it all together

Despite ESG’s nascent arrival to the list of fraud risks, both Ruotolo and McNeal stress the importance of relying on the foundational principles of the Fraud Risk Management Guide, developed by the Committee of Sponsoring Organizations (COSO) and the ACFE, for its rigorous and comprehensive anti-fraud plan. (See ACFE.com/fraudrisktools.)

“We propose following the COSO fraud risk management guidance and its five components to address ESG fraud risks, similar to how other fraud risks should be addressed,” says Ruotolo.

The five principles comprising COSO/ACFE’s guidance include governance, risk assessment, control activity, investigation and corrective action, and monitoring activities.

“While the ESG environment is rapidly evolving and ESG-related fraud risks carry some unique factors, the overarching principles of fraud risk management still provide a solid foundation for managing risks in this area,” adds McNeal.

Jennifer Liebman is the assistant editor of Fraud Magazine. Contact her at jliebman@ACFE.com.