IMA® (Institute of Management Accountants) is one of the five founding members of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) focused on improved governance, internal control, risk management, and fraud prevention in business. He served as a COSO board member from 2006 until 2011 and, after rejoining the COSO board a few years ago, served as lead director, helping to guide COSO’s ESG and sustainability initiatives, including working on the recently published major study on applying the COSO Internal Control—Integrated Framework (ICIF) to build trust and confidence in ESG data and sustainable business information. I spoke to Jeff about the recent COSO study that he coauthored, Achieving Effective Internal Control over Sustainability Reporting (ICSR): Building Trust and Confidence through the COSO Internal Control―Integrated Framework, and about the importance for professionals  to learn about sustainability and ESG in the context of applying best practices in governance, strategic planning, internal control, risk management, and more.


Butcher: What are some of the highlights and primary takeaways of this recent COSO study?


Thomson: One of the main takeaways is actually a reinforcement of what we’ve long been articulating, particularly IMA and COSO, that ESG and sustainable business management are truly multistakeholder activities that involve the organization’s entire value chain. In the old days, we tended to think about financial returns for investors, essentially one set of financial metrics for one stakeholder: shareholders. This guidance reinforces that today, when we go to multistakeholder environments, we’re not only trying to achieve the organization’s financial goals but also working for society’s benefit. And internal control applies equally, whether you’re trying to achieve financial goals and understand the risk in achieving those goals or in sustainability goals such as reducing carbon emissions or getting to net-zero carbon emissions by a certain year.


Investors, customers, society—all of those stakeholders make decisions based on the financial and sustainability outcomes, opportunities, and risks you provide them. And they want to have trust and confidence that the data you’re providing to whatever stakeholder group in or outside the company to make decisions on your company is accurate; that requires good internal control. In other words, good internal control is good for business. A former COSO chair commenting on the 2013 COSO framework stated, “While effective internal control requires leadership from the top, the responsibility for effective implementation of internal control resides with everyone in the organization, not just the finance function.” This includes accountants, compliance officers, those involved in supporting operations, and those working on the production line to make sure that products meet the expected quality standards.




The impact of, and responsibility for, ESG and sustainable business management has broadened, not only to those in the finance and accounting groups but also product groups, operations groups, public relations, investor relations, corporate social responsibility, and other parts of the organization value chain. Internal control becomes a point of connectivity for financial and nonfinancial metrics in achieving multiple goals, not just financial returns for investors. Now that ESG and sustainable business management are going mainstream, it’s even more important that organizations build the internal capacity for collecting, analyzing, and reporting sustainable business information.


Butcher: How does this new COSO report indicate the importance of sustainability and ESG for the management accounting and finance profession?


Thomson: Regulators are increasingly requiring companies to report mandatorily on their climate risk to their short- and long-term financial outcomes. The [U.S.] Securities & Exchange Commission (SEC) is putting out the final rules on reporting on climate risk sometime in the second quarter of this year, and the International Sustainability Standards Board (ISSB) will release corporate sustainability/ESG disclosure standards by the end of the second quarter this year. To meet the needs of investors, rating agencies, and insurers, organizations especially outside the United States have voluntarily produced sustainability reports for many years What does it take to get there? It takes a strong, competent CFO team with management accountants to build that internal capability, just as they do for financial reporting, utilizing their core competencies in a different context (


But ESG reporting and sustainable business management are a bit different. You still need to produce forecasts, perform enterprise optimization of assets, and do long-term business cases to determine your investment choices, pricing, and funding on initiatives for solar, wind, and renewables, for example. We have to figure out how to fund decarbonization, how to price it, whether it’s carbon pricing or a carbon tax. All of these things require sound analytics, a data-driven approach, professional judgment, good risk management, and good internal control. That sounds like a job for a CMA® (Certified Management Accountant) to me.


Butcher: How can the collection, analysis, and reporting and disclosure of sustainable business information and metrics help to improve organizations’ enterprise performance and relationships with stakeholders?


Thomson: It’s very important that this fast-evolving world of ESG and sustainable business management is built into an organization’s mission, vision, core values, governance, and strategic goals and isn’t bolted on in an ad hoc way. Organizations need to start with purpose. Are ESG and sustainability goals appropriately reflected in their purpose, in their mission statement? What about their governance? Whether it’s audit committees or strategic planning committees, do you have a statement of corporate social responsibility? Is it woven throughout your organization? Does everyone in the organization understand that in serving multiple outside stakeholders, not just investors, but also societal needs and other intermediaries, that they’re accounting to produce data and analyses they can trust? It’s very important in our reporting, dashboarding, long-term analysis, allocation of assets, business cases, and funding plans that we take an integrated approach to financial performance and sustainability goals in a holistic, connected way.


And that’s what management accountants do every day. Now, it’s very important that we understand that ESG and sustainable business information is different than financial data. And therefore, it really puts a premium on proper data governance and understanding, for example, what your direct, indirect, and partners’ carbon emissions are so you can get that managed to a reasonable level, which requires estimation, measurement, and data modeling. ESG data and sustainable business information tend to be more estimated, qualitative, unstructured, and judgment-based. And all of that means that you need to raise your competency in, and your application of, internal control over sustainability reporting similar to application of internal control over financial reporting. As we marry these two data sets together, one very structured and quantitative and the other very unstructured and qualitative, we still need to apply the same tried-and-true principles of good internal control because it’s good for business—you can grow with confidence and integrity.


Butcher: Can you share a story or two from your research about companies that are seeing benefits from enhancing their governance and oversight regarding sustainability and ESG?


Thomson: Organizations that started early, got moving on this [sustainability/ESG] journey, and built in the infrastructure and the internal capacity [have a head start]. Fast-forward to 2022 when the SEC for the first time ever says, “You must report on your climate risk if you’re a publicly traded company in the U.S.” Outside the U.S., there’s been more push for mandatory reporting. There have been benefits for organizations that were more anticipatory of the future environment, whether it’s regulators pushing the demand for mandatory sustainability reports and climate risk analyses and disclosures, or the general market requiring it, including asset management firms like BlackRock, the largest institutional investor in the world with trillions of dollars of assets. Larry Fink, BlackRock’s CEO, for many years has been issuing a warning to companies annually, saying that, in terms of their evaluation of your company’s performance currently, and more importantly in the future, you better give them some insight into your sustainability initiatives and how you aren’t only serving financial investors, but also the larger planet and society in which we live. It’s pretty powerful.


Bottom line, reputation counts in the world of sustainability. Companies that got an early start [on sustainability/ESG initiatives] and anticipated what they saw coming—because regulation forces it, from a voluntary perspective, or from a market perspective—have improved their reputation. We talk about Berkshire Hathaway, U.S. Steel, ABN AMRO Bank, and different companies around the world that got that early start to build the concepts of sustainable business information into their vision, mission, and core values.


Butcher: How do you express to folks with a sustainability and ESG background that following a good control system such as COSO ICIF may actually help them become more effective?


Thomson: There’s no doubt that the CFO and the finance and accounting team are in a very strong position to lead and facilitate the integration of climate risk and sustainable performance into the goals and achievement of those goals. As CMAs, we’re both ethical stewards of value and creators of these values like integrity and credibility.


The finance team, the CFO, and CMAs have a unique opportunity to be the convener and leader of enterprise performance to meet the needs of multiple stakeholders now and in the future. Who better than the CFO team, armed with CMAs’ strategic planning and resource allocation, to take the lead on this? Now, with that opportunity comes the obligation to upskill. I found in industry, for example, when I was CFO of a large business unit at AT&T, that the more I learned about the business in terms of its value proposition and business model, the more effective I could be as a business partner. In the world of ESG and sustainability, there’s so much to learn about carbon emissions and different types of renewable energy sources, how they impact the environment, and the science and politics of it.


In many ways, ESG and sustainability business management can help unite the organization and better connect it on a common purpose to meet the needs of multiple stakeholders. COSO said this in 2013 and before: Internal control is good for business, and it’s everyone’s responsibility, just like ethics and detection and prevention of fraud are everyone’s responsibility. The finance team, led by the CFO and CMAs, may even put out guidelines and training to help be the facilitator of sustainability/ESG initiatives, but that doesn’t mean that it’s siloed in a big black box that nobody wants, needs, or chooses to understand—just the opposite.


Butcher: How can we make sustainable business management meaningful, not only for large global companies that are subject to disclosure mandates, but also for small, medium-sized, and privately held companies?


Thomson: IMA is a very heterogeneous mix of members from 100-plus countries around the world. We probably have a slight majority of our 140,000-plus members who come from small private businesses. So, we’re very much aligned with the ISSB on this. It has an explicit callout in its planning that says, “Whatever guidance, training, and education capacity building we produce, let’s make sure that it works and is cost-effective for developing and emerging countries in Africa and other parts of the world, and small and medium-sized private business.” The COSO supplemental guidance is that producing internal control over sustainability reporting is agnostic to industry vertical and company size. That produces greater trust and confidence in sustainable business information regardless of structure, size, or geography. In our digitization of the tools and delivery of this data, we have to make sure that [we consider] small private businesses in emerging and developing countries, encourage their effort, and seek their feedback in the evolution of this [sustainability/ESG] journey.


Butcher: How can attention to sustainable business information and management and sustainability/ESG reporting make a career path in accounting purposeful and meaningful?


Thomson: We tend to talk about the drive to comply with regulators, rating agencies, and ESG reporting [guidelines]. We talk about the drive for investors to want to see more ESG metrics, climate risk [assessments], and quantification of capacity and capability. Stakeholders are putting a premium on organizations that genuinely and ethically invest in sustainable business information. Also, rating agencies are giving higher ratings to organizations that have more robust implementation of ESG and sustainability. Insurers are increasingly putting a premium on it too.


ESG and sustainable business management are going mainstream and touch every part of an organization’s value chain, including the likely need to measure partners’ and suppliers’ emissions. This presents such an incredible opportunity for our broader profession and IMA to attract the best and brightest. This profession, especially in the public accounting side of it, is facing a talent pipeline challenge. And so, from the outside looking in, how can we convince students, including Millennials and Generation Z, that they want to be part of this profession? Here’s a stronger answer: with organizations driven by purpose, ethics, and data analytics.


We, as CMAs and other professional accountants in business, [strive to] make a difference, not just for investors, but for society at large. We truly help everybody put into action ethical principles and the concept of profits for purpose. We are counted on to not only report and analyze the numbers and make choices for the future, but we’re helping [to further sustainability/ESG initiatives] and we’re committed to ethics and integrity. We’re now heavily into data analytics and visualization, dashboards, and technology. Add on top of that the societal purpose of making the world a better place while still achieving financial goals. We’re seeing increasingly new titles popping up, like ESG controller and ESG analyst, in different parts of the world. I could use my interest in finance and accounting and analytics to really serve the right purpose in our department and organization with our commitment to competence and continuous learning and growth.

About the Authors