The ESG Controller—A “Job Of The Future” That’s Actually Here Now This blog post was authored by James W. DeLoach - Managing Director on The Protiviti View.As the stakes increase for ensuring the integrity of sustainability reports, CFOs across all industries should not only consider adding the ESG controller role in the finance function but also determine where it sits in the organisational structure and how a newly appointed ESG controller can be positioned to succeed.What you should know: ESG controllers ensure that sustainability data collected from all manner of sources beyond the general ledger is complete, accurate and auditable; they apply the same control discipline and rigor to non-financial sustainability data that financial controllers apply to financial reporting data.The bottom line: Although CFOs cannot control how sustainability reporting will evolve in the future, one way they can get a handle on ESG reporting requirements today and put their organisations in an ideal position to address future regulatory changes is by installing an ESG controller sooner rather than later. Topics ESG/Sustainability Industries Banking and Capital Markets Asset and Wealth Management Do you have an ESG controller? It’s an important question, for the era of the ESG controller is on the way. In fact, some might say it’s already here.Nearly 99% of S&P 500 companies publish annual sustainability reports, according to research from the Governance & Accountability (G&A) Institute. Another paper from the G&A Institute notes that a growing percentage of large public companies, led by early-adopter Fortune 500 firms, have created an ESG controller position to oversee sustainability reporting and the information processes feeding that reporting—wherever they reside in the organisation.CFOs serving smaller businesses and private companies should take note of this trend and consider doing the same, given that their organisations are increasingly required to share greenhouse gas (GHG) emissions data and other sustainability information with larger trading partners, especially those that are publicly held. Moreover, these CFOs may find, at some point soon, their organisations subject to regulatory standards or market demands requiring them to do so.Establishing the ESG controller position addresses three pressing questions CFOs now field on a regular basis from CEOs, boards, investors, customers and other stakeholders:Who is responsible for sustainability reporting?Where is the data coming from?How do we know it is complete and accurate?As I wrote earlier this year, sustainability reporting is, unequivocally, the CFO’s responsibility. The CFO certifies the financial statements. The finance group possesses the organisation’s internal controls and reporting expertise, the muscle memory, and a skin-in-the-game interest to ensure the numbers the company reports are complete, accurate, properly valued, timely and consistent. If they aren’t, all heads turn to the CFO for answers.Finance also has cultivated collaborative relationships with internal audit, the compliance team and external assurance providers, most of whom are—or will soon be—reviewing the efficacy of sustainability information, processes and internal controls that support sustainability reporting activities. Plus, there is a view among a growing number of stakeholders that given the stakes in meeting compliance reporting requirements as well as preserving brand reputation, sustainability reporting is becoming nearly as important as financial reporting.These drivers, combined with the ongoing promulgation, enforcement and refinement of sustainability reporting requirements around the world, make it imperative for CFOs—especially those in publicly held organisations—to consider creating the ESG controller position. Many CFOs in the oil and gas and financial services industries have already done so. I suspect that technology, manufacturing and consumer products companies whose products are energy-intensive (think AI data centre workloads or crypto mining) and/or resource-intensive (think water usage) will follow suit.Can one imagine a financial reporting process without the disciplined oversight of a financial controller? As the stakes increase for ensuring the integrity of sustainability reports, CFOs across all industries should not only consider adding the ESG controller role in the finance function but also determine where it sits in the organisational structure and how a newly appointed ESG controller can be positioned to succeed.Roles and reporting relationships“With an understanding of the risks to achieving sustainable business objectives and the processes that underpin the measurement, management and reporting of the data, the organisation identifies specific control activities to manage a risk or mitigate it to an acceptable level,” according to COSO’s report, Achieving Effective Internal Control Over Sustainability Reporting (ICSR). Substitute “ESG controller” for “organisation” in that passage and you have a useful distillation of the position’s mission.ESG controllers ensure that sustainability data collected from all manner of sources beyond the general ledger is complete, accurate and auditable; they apply the same control discipline and rigor to non-financial sustainability data that financial controllers apply to financial reporting data. This work requires scrutiny of systems access and version control along with the design of controls and review processes.While the following attributes do not necessarily qualify as formal job specifications, effective ESG controllers tend to demonstrate the following competencies:Roles and reporting relationships“With an understanding of the risks to achieving sustainable business objectives and the processes that underpin the measurement, management and reporting of the data, the organisation identifies specific control activities to manage a risk or mitigate it to an acceptable level,” according to COSO’s report, Achieving Effective Internal Control Over Sustainability Reporting (ICSR). Substitute “ESG controller” for “organisation” in that passage and you have a useful distillation of the position’s mission.ESG controllers ensure that sustainability data collected from all manner of sources beyond the general ledger is complete, accurate and auditable; they apply the same control discipline and rigor to non-financial sustainability data that financial controllers apply to financial reporting data. This work requires scrutiny of systems access and version control along with the design of controls and review processes.While the following attributes do not necessarily qualify as formal job specifications, effective ESG controllers tend to demonstrate the following competencies:Roles and reporting relationships“With an understanding of the risks to achieving sustainable business objectives and the processes that underpin the measurement, management and reporting of the data, the organisation identifies specific control activities to manage a risk or mitigate it to an acceptable level,” according to COSO’s report, Achieving Effective Internal Control Over Sustainability Reporting (ICSR). Substitute “ESG controller” for “organisation” in that passage and you have a useful distillation of the position’s mission.ESG controllers ensure that sustainability data collected from all manner of sources beyond the general ledger is complete, accurate and auditable; they apply the same control discipline and rigor to non-financial sustainability data that financial controllers apply to financial reporting data. This work requires scrutiny of systems access and version control along with the design of controls and review processes.While the following attributes do not necessarily qualify as formal job specifications, effective ESG controllers tend to demonstrate the following competencies:A deep understanding of the business (i.e., how the gears really work)Credible relationships throughout the organisation forged through effective collaboration skillsInternal controls and regulatory reporting expertiseThe right attitude (i.e., a genuine commitment to the value of controls and control frameworks)The ability to work with third-party assurance firms (and, ideally, established relationships with those firms)These attributes explain why most ESG controllers hired to date have: 1) been promoted from within their companies; and 2) previously worked on financial reporting or SEC reporting teams. In fact, the creation of such a position is a way to address another concern of CFOs: developing leadership in their finance organisation. (Of note, in our latest global survey of CFOs and finance executives, leadership within the organisation is ranked sixth on the list of priorities for the finance function to address and improve in the coming year.)The vast majority of ESG controllers report to the CFO, as they should, even in organisations with chief sustainability officers and formal sustainability functions or ESG programs. While ESG controllers work closely with sustainability officers, sustainability groups and even ESG counsel (another emerging sustainability job title), their purview can be significantly larger, extending across the enterprise and beyond, to wherever sustainability data is gathered. As one of two signatories (with the CEO) of the company’s public and regulatory filings in the United States, the CFO has a personal stake in ensuring the effective functioning of the ESG controller’s work. Access to the right data and functions throughout the organisation is paramount for the ESG controller’s success.Position the role for successCFOs play a key role in laying the groundwork for ESG controllers to thrive in performing their respective duties. Finance leaders can do so by making sure the ESG controller possesses the following:Proper authority: ESG controllers need access to a broad range of leaders and managers who produce or provide sustainability data that must be auditable. Some organisational groups, like HR, are accustomed to audits; others, such as operational teams, often are not. While, in addition to collecting data, ESG controllers should guide and counsel their business counterparts, they also must have the authority to obtain the information they seek.Credibility: ESG controllers perform better when their emails, direct messages and phone calls are returned promptly. This explains why most current ESG controllers were promoted from within their companies—where they earned respect and reputations as high performers and trusted collaborators.A sufficient budget: To succeed long-term, ESG controllership functions will need to grow beyond “a department of one.” Doing so requires investments in awareness, training, staffing and supporting technologies. As with any new senior role or reporting structure, change enablement is required to help the workforce and other stakeholders understand the context of the ESG controller’s mandate and its importance to the company’s market permission.Supporting technology: In many organisations, a substantial percentage of sustainability data resides in spreadsheets. This needs to change, as COSO’s ICSR guidance emphasises: “The systems around sustainable business information are often immature and depend on spreadsheets with few formal controls. By incorporating this information into IT platforms with well-established controls, an organisation can significantly improve decision-maker confidence in data that has previously been measured, validated, managed, and reported outside the formal financial control environment.”It’s worth keeping in mind that sustainability reporting has only recently entered adolescence—a phase sometimes described as the “SOX-ification of sustainability reporting.” The first EU Corporate Sustainability Reporting Directive (CSRD) report has yet to be filed. Third-party assurance of sustainability reports is in its infancy. There is much more to come as enforcement actions, rules refinement, lessons learned, and leading reporting and compliance practices take form.Although CFOs cannot control how sustainability reporting will evolve in the future, one way they can get a handle on ESG reporting requirements today and put their organisations in an ideal position to address future regulatory changes is by installing an ESG controller sooner rather than later. From where I sit, that would be a smart move on the board.This article originally appeared on Forbes CFO Network. Leadership Jeffrey Hau Jeffrey leads Protiviti Hong Kong's risk and compliance and internal audit practices with more than 20 years of experience in regulatory compliance consulting and auditing. As the leader of the financial services practice, his specific areas of focus include advising ... Learn More