24 August 2010

What would you pay to use the GRI standard?

Recently Stewart Mckie in a blog posting (http://holistic.tripos.biz/about/gri-and-software-certification/) pointed out that the GRI appears to have changed the wording of its copyright notice with regard to use of the GRI content in software solutions. It is now "Illegal" to use GRI text, indicators or content in software systems without paying a license to the GRI.

The GRI (Global Reporting Initiative) is one of the more widely known and used CSR/Sustainability reporting standards. It was developed using the contributions of members and government grants.

Now the GRI is asserting that if you use software to create a GRI compliant report (i.e. actually use the GRI Indicator label and text) and the software provider did not have the GRI's permission (and pay them a fee), a crime will have been committed. While we've heard a fixed price for the license, I cannot imagine that the GRI would charge a small firm the same as they would charge a very large software provider. It certainly would be a great deal for SAP or Oracle, but not for smaller market participants. And does a flat annual license make sense when one provider's software might facilitate the creation of 100 reports, while another provider's software might facilitate the creation of 1000.

This means that preparers of a GRI compliant report will pay for use of the (free) standard through the license fee that the software provide must remit to GRI. This includes companies that may have contributed to the development of the standard or membership in the GRI as Organizational Stakeholders (OS).

Could the GRI go to the producer of a report with a GRI Index, and ask what software was used to feed the content of that report? What if a company chooses not to disclose their service provider? Is the reporting company then a party to the illegal use of the GRI standard?

Will companies simply stop providing GRI Indexes, and instead simply state "Prepared in the spirit of the GRI G3 standard". The report provider could then simply provide an index. You know, the good old fashion kind with a list of word and concepts, pointing to the page where the information can be found.

Regardless, what does the need to monetise the standard point to, and what might be the unintended consequences of such a move?

16 August 2010

Risk of Fraud in CSR / Sustainability reports (the "Balloon")

Risk of Fraud (the balloon)
No one should believe that CSR / Sustainability reports will be Fraud-Free zones. Where there is a need or desire to provide reported outcomes that differ from actual outcomes, there will be mis-staement and fraud. Corporate officers are now required (under the US Sarbanes-Oxley law – “SOX”) to certify that the reported results are accurate. These officers face criminal and civil penalties if they knowingly certify inaccurate information in the reports.

While this has reduced the opportunity for direct financial statement fraud and misstatement, the concept of the balloon comes into play. Squeeze the balloon in one place, and it pops out in another. Misstatement of business information with the objective of misleading regulators, investors and analysts is a bit like the balloon. Tighter controls over financial reporting decreases the risk of misstatement of this information, but increases the danger of misstatement of unaudited information.

The fact of greater controls does not mean that the number of individuals willing, able or motivated to "fudge the numbers" has decreased, only that the opportunities have decreased.

Let us consider for a moment the reasons that information is misstated in the first place. Managers and executives in companies are given metrics and objectives that they need to achieve. These metrics could be operational, or could include improvements in share price or other external metrics. To commit fraud there need to be three factors; opportunity, reward and rationalization. Increased internal control quality under SOX has reduced the opportunity, but has done nothing to remove the other two motivations. Where the desire is to influence observers of a company's reported value in order to protect or increase personal reward, those who might have manipulated financial statements will find other externally visible measures they can manipulate. Unaudited information such as CSR/Sustainability information provides such an opportunity.

The investment analyst community use information well beyond the audited reports; non-financial or extra-financial information, projections, unaudited segment information, competitor profiles and performance and industry comparisons, to name a few. Unintentional reporting of inaccurate unaudited information can skew investor models, and intentionally misstated non-financial or extra-financial information could be used to intentionally alter analysts perceptions of a company.

Therefore we should not expect the tightening of systems of internal control and the introduction of penalties for the reporting of knowingly inaccurate information in audited reports to automatically reduce the volumes of intentionally misstated information.

To give an example, imagine a situation in which a company commits, at least in a CSR/Sustainability report, to reduce waste water by a given percentage or volume. Senior managers may have parts of their remuneration tied to achievement of these objectives. In such a case there is an incentive to influence reported results. As this information is not audited, but it is reported externally, senior management could decide to manipulate the results for both positive public relations and to meet personal targets and therefore protect bonuses and other remuneration. The resulting reports, while not audited, certainly are provided into a market place with the intent of influencing valuations of the company.

It should also be noted that we expect this risk to have a relatively short life, as we expect CSR/Sustainability information to become part of SEC and other regulatory reporting over the coming years. In the case of SEC registrant companies, the inclusion of CSR/Sustainability measures into mandated reports could result in this information becoming audited information under the reporting responsibility of the CFO or Finance Director. More importantly this information will become subject to two key sections of Sarbanes-Oxley; 302 and 404.

Under section 302 the CFO and CEO need to certify that the reported results are accurate, with penalties for knowingly reporting inaccurate information. Inclusion of CSR/Sustainability information under this section will result in this information coming under significant additional internal scrutiny, and review by the external audit community.

Should CSR/Sustainability information be considered part of the "Financial Statements" (or equivalent) then the creation of that information will become subject to section 404, and management will be required to both document and test the controls over the production of that information. In this scenario CSR/Sustainability information creation will become far more formalized and process driven, with correspondingly greater depth and quality, resulting in consumers of the information having greater confidence in that information.

05 August 2010

Forgetting is not an option

Last weekend I visited Monparnasse Cemetery in Paris. In section 28 there is a family tomb. The top name is familiar to me (and to many others). Subject to false accusations of treason, convicted on false evidence, his sword broken before him and his epaulets torn from his shoulders before being transported to a prison island. Finally rehabilitated, retired from the French Army and died in 1935.

Now look at the name directly below. Look at her age. Then read the line directly above that: "Disparue A Auschwitz". 

Now, look at this picture. Potokari cemetery in Bosnia.

Does it matter what religion? What country, or time?

Forgetting is not an option.