ESG Reporting

Managing Fraud Risks in an Evolving ESG Environment

ENVIRONMENTAL | SOCIAL | GOVERNANCE

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | FOREwORD2 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | TAbLE OF CONTENTS

TABLE OF CONTENTS

Foreword.....................................................................................................................

Introduction to ESG..................................................................................................

Defining ESG fraud risk........................................................................................

Mitigating ESG fraud risk....................................................................................

Conclusion...............................................................................................................

About the ACFE.......................................................................................................

About Grant Thornton...........................................................................................

Appendix: Examples of ESG guidance and frameworks.................................

3

4

12

23

28

29

30

31

3MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | FOREwORD

FOREWORD

Bradley Preber CHIEF EXECUTIVE OFFICER GRANT THORNTON LLP

Bruce Dorris PRESIDENT AND CHIEF EXECUTIVE OFFICER ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

Environmental, social, and governance (ESG)

issues are some of the most important topics

discussed in the boardroom today. In an

increasingly interconnected world where

information flow is measured in nanoseconds

and trends go viral in a heartbeat, organizations

can quickly find themselves in the center of a

maelstrom. An executive posts personal views

regarding a controversial topic on social media,

evidence surfaces about unfair labor practices,

a supplier is discovered to have been polluting

the environment. In the age of cancel culture, the

possibility of these headlines strike fear into the

hearts of executives everywhere.

As consumers, employees, and investors are

paying more attention to these topics, ESG

issues have become a major consideration for

individual and institutional investors. The rise of

ESG-focused investing should, on its face, be a

movement defined by trust, good governance, and

accountability. After all, the movement to promote

corporate action on environmental, social, and

governance standards is aimed at making progress

on values and shared prosperity.

But, as with many new trends, the regulatory and

reporting frameworks related to ESG are struggling

to keep up with the pace of change. Without

consistent standards, the opportunity for fraud is

increased. At the same time, organizational leaders

feel pressured to make commitments and to report

positive progress toward ESG goals. For example,

40% of major companies have issued a public

commitment to reduce emissions. The pressure to

achieve those goals will rise as investors rely more

heavily on such ESG-related metrics, on par with

traditional financial reporting.

Anti-fraud practitioners have a critical role to

play in the future of ESG programs. They can

help organizations understand the internal and

external fraud risks presented by this paradigm.

They can also implement new internal controls to

prevent material misrepresentations and fraudulent

reporting of ESG metrics. In addition, they can help

protect the company against ESG-related external

frauds by unscrupulous suppliers.

Understanding how ESG programs impact your

organization and getting a clear look at new and

emerging fraud risks in this area are paramount.

Leveraging existing frameworks such as the

Fraud Risk Management Guide, published by the

Committee of Sponsoring Organizations of the

Treadway Commission (COSO) and the Association

of Certified Fraud Examiners (ACFE), can help

organizations better prepare to address those risks

in a structured and holistic manner.

Organizations that take a proactive approach to

mitigating their ESG-related fraud risk will have a

unique advantage in the marketplace. They will

be better protected and prepared to navigate

the ever-changing landscape to tackle complex

environmental, social, and governance issues

head-on.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG4 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG

INTRODUCTION TO ESG

5MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG

SRI

Inclusive

Responsibility

Impact

Care

Product quality & safety

Access & affordability

Diversity, equity, inclusion, & belonging (DEI&B)

Data security

Materials & sourcing

Customer privacy

Supply chain transparency

Labor standards

Human rights Employee relations

Community investmentEmployee benefitsSocioeconomic

progress

Health & safety

Working conditions Gender equality

Human capital management

Equity

Purpose

Leader

People-first

Green

Customer & product responsibility

Executive compensation

Responsible marketing

Business ethics

Board & executive oversight

Data privacy Internal controls

Anti-corruption

Regulatory compliance Corporate behavior

Critical incident risk management

Systemic risk management

Business model resilience

Board independence

Competitive behavior

Shareholder rights

Management of the legal & regulatory environment

Habitat preservation & enhancement

Sustainability Biodiversity

PollutionCarbon emissions

Water efficiency

Ecological impact Energy management

Waste management

Natural resource managementPackaging

Ecological impacts

GHG emissions

Climate change

Air quality

ESG BACKGROUND

Environmental, social, and governance (ESG) refers to nonfinancial factors that may influence how investors, donors, consumers, and workers choose to engage with an organization. ESG management and reporting focuses on tangible measures and intangible values of an organization. Those measures reflect standards of sustainability, ethical management, and quality of employment within an organization.

ENVIRONMENTAL

The “E” in ESG refers to the “environment.” Specifically, it reflects the goals and objectives an organization has established to protect and conserve the natural world. It considers things such as sustainability and carbon reduction efforts.

SOCIAL

The “S” refers to the “social” efforts an organization endorses to show that it values people and considers things such as diversity, equity, working conditions, and social justice.

GOVERNANCE

The “G” refers to organizational “governance” and specifically relates to an organization’s ethics. For example, governance includes aspects such as management behavior, transparency, and executive compensation.

ESG IN ACTION

FIG. 1 EXAMPLE ESG FACTORS

ENVIRONMENTAL

SOCIAL

GOVERNANCE

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG6 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG

Historically, investor and donor decision-

making relied heavily on a company’s financial

performance. However, ESG has increasingly

become an important consideration when deciding

to invest or donate. Likewise, consumers and

workers are increasingly looking to patronize and

work for companies that better align with their ESG

values.

While the popularity of ESG has risen sharply

over the last few years, it is not a new concept. A

2004 report first used the term ESG, referencing

“recommendations by the financial industry

to better integrate environmental, social, and

governance issues in analysis, asset management,

and securities brokerage.”1 That report laid the

groundwork for the popular interpretation of

ESG. That is, the way a company manages ESG

issues may reflect on its overall management

quality and correlate to the company’s reputation,

performance, and shareholder value.

An increasing focus on ESG should not come

as a surprise given the increasingly globalized,

interconnected, and competitive global market.

As individuals, many of us are adopting conscious

consumer buying habits, such as choosing a shoe

brand in part because the company donates shoes

to disadvantaged groups, or a grocery store that

donates portions of its proceeds to a food bank.

These examples offer a glimpse of some of the

nonfinancial ways that consumers may perceive

“value” in their business encounters.

Investors, donors, consumers, and workers make

choices based on the ethical decisions of the

businesses with which they engage. Companies

have taken notice and realize that strong cultural

awareness and positive ESG-related policies have

gone from a fringe specialty to a core necessity.

This focus is required to secure a strong brand and

market presence that influences decision-makers,

from investors and donors to consumers and

employees.

1 www.ifc.org/wps/wcm/connect/topics_ext_content/ifc_external_corporate_site/sustainability-at-ifc/publications/publications_report_whocareswins__wci__1319579355342 2 www.justcapital.com/news/more-corporate-climate-commitments-are-essential-to-limiting-the-effects-of-global-warming

According to Just Capital, over 40% of Russell 1000

companies have announced a commitment to reduce

emissions with a quarter of those companies disclosing

a Net Zero emissions commitment by 2050.2

7MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG

3 www.bloomberg.com/professional/blog/esg-assets-may-hit-53-trillion-by-2025-a-third-of-global-aum 4 www.unfccc.int/climate-action/race-to-zero-campaign 5 www.un.org/en/climatechange/paris-agreement 6 www.cbp.gov/newsroom/stats/trade

Additionally, the increase in “sustainable investing”

has driven asset managers to expand their

portfolios of ESG-related assets. From 2018 to

2020, ESG assets under management grew from

$22.8 trillion to $35 trillion, with estimates that

they will make up a third ($53 trillion) of all assets

under management by 2025.3 The social and

economic consequences of not investing in ESG—or

appearing to not invest—are larger now than ever.

Due in part to media coverage of climate initiatives,

the environmental component of ESG receives

significant attention. Savvy, climate-conscious

investors are looking for organizations and

businesses that demonstrate climate-conscious

initiatives. Furthermore, internationally mobilizing

sustainability initiatives, such as the Race to

Zero Campaign4 and the Paris Agreement,5 have

accelerated the importance placed on climate

for both the producer and consumer of goods

and services. As such, organizations experience

severe pressure to adopt specific measures that

show they are conducting business in a way that

supports the environment.

Over the last few years, social- and governance-

related issues have also been in the public eye. For

instance, there is increased focus on forced or child

labor used in manufacturing production. In 2019,

the U.S. Customs and Border Protection detained

12 shipments that it believed to hold merchandise

linked to forced or child labor. Detainments

increased to more than 1,400 shipments in 2021

and are on pace to surpass 3,000 shipments

in 2022.6 This trend has increased pressure on

organizations to confirm the integrity of their

manufacturing production and supply chains.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESGMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG8

Pressure is mounting on the C-suite to prove

meaningful progress in setting and achieving ESG

goals. This pressure has resulted in the creation

of a business climate where the real risk is not adopting the principles of ESG. The development

and implementation of ESG-friendly programs can

be costly, both financially and logistically. Pressure

to adopt principles of ESG creates an environment

ripe for fraud, and fraud thrives wherever the

stakes are high.

INTERNAL ESG FRAUD

Internal ESG fraud is fraud committed by

management or employees. It often involves

intentional acts to deceive others by the reporting

of false or misleading ESG information; by omitting

material ESG facts; or by the improper disclosure

of ESG initiatives, programs, and metrics. Internal

ESG fraud may also involve corruption. Examples

of internal ESG fraud include the failure to disclose

the use of child or forced labor, harvesting

resources from illegal sites, or illicit trade and

trafficking.

Internal ESG fraud often occurs due to a lack of

supervisory oversight, poor accountability, and/or

a weak internal control environment. Additionally,

as organizations increasingly link more executive

compensation to ESG progress, certain ESG fraud

schemes may be unintentionally incentivized.

INTRODUCTION TO ESG FRAUD

9MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG

7 www.bloomberg.com/professional/blog/esg-assets-may-hit-53-trillion-by-2025-a-third-of-global-aum 8 Ibid. 9 www.usatoday.com/story/money/2018/05/11/millennials-socially-responsible-investing/580434002 10 www.goldmansachs.com/our-commitments/diversity-and-inclusion/board-diversity 11 www.npr.org/2021/09/10/1035901596/harvard-university-end-investment-fossil-fuel-industry-climate-change-activism; https://news.columbia.edu/news/university-announcement- fossil-fuel-investments; www.georgetown.edu/news/fossil-fuels-divestment-continues-georgetown-commitment-to-sustainability; www.rutgers.edu/news/rutgers-divest-fossil-fuels; www.universityofcalifornia.edu/press-room/ucs-investment-portfolios-fossil-free-clean-energy-investments-top-1-billion 12 listingcenter.nasdaq.com/assets/Board%20Diversity%20Disclosure%20Five%20Things.pdf

QUICK FACTS • Estimates place ESG-driven investment at greater than $35 trillion in assets under

management, and ESG-driven investments are on track to exceed $53 trillion by 2025.7

• Global sustainability investments now surpass $30 trillion, up 68% since 2014.8

• Nearly nine out of ten millennials report that they want their money to go to sustainable investments.9

• Goldman Sachs pledged to take public only those companies that have diverse boards.10

• Harvard’s endowment is divesting itself from fossil fuel companies, as are those for Columbia, Georgetown, Rutgers, and the University of California.11

• NASDAQ issued a rule requiring member companies to publicly disclose board-level diversity in a standardized method and explain if they do not have at least two diverse directors.12

EXTERNAL ESG FRAUD

External ESG fraud is fraud conducted by parties

outside an organization, such as vendors in

an organization’s supply chain, contractors,

customers, or other third parties. External ESG

fraud often involves an intentional act to deceive

an organization by omitting material facts or

disclosing false or misleading information relating

to ESG programs. As suppliers feel the pressure

to adopt ESG policies consistent with their key

customers, external fraud schemes may develop

relating to the reporting of intentionally false

and misleading representations about ESG

policies and adoption. Alternatively, unscrupulous

ESG-related vendors could take advantage of

an organization by supplying inaccurate ESG

information that results in the organization

fraudulently reporting ESG-related data.

One significant example of external ESG fraud

is the sale of fraudulent “green” investments to

supply desirable carbon emission credits to offset

greenhouse gasses. The sale of these fraudulent

investments represents fraud risk for companies

and their investors. Companies that buy these

credits may unknowingly misreport their carbon

position and suffer reputational and regulatory

consequences, while investors who buy stakes in

either the companies selling or buying fraudulent

credits may be subjecting themselves to

traditional Ponzi or other investment schemes that

exploit uninformed investors.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESGMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG10

THE FRAUD TRIANGLE AND ESG

The Fraud Triangle (Figure 2) is a framework

describing the conditions that allow fraud

to thrive. The three elements of the Fraud

Triangle—opportunity, incentive (pressure), and

rationalization—are all easily recognizable in the

ESG landscape.

OPPORTUNITY

Opportunity describes the environment that allows

fraud to occur. The opportunity for fraud to occur

increases when an organization lacks a control

environment to properly mitigate the inherent fraud

risk. In the ESG context, such a control environment

could include clear policies that establish ESG

metrics, as well as oversight of internal and

external actors to ensure compliance with these

policies.

With respect to ESG reporting today, benchmarks

are limited, and consistent guidance is lacking.

Many audiences—even sophisticated ones—

lack a full understanding of company-reported

metrics. These audiences also have a limited

ability to compare ESG claims across companies

and sectors, which is essential to find intentional

misstatements. Without the proper tools to

compare ESG claims, a real opportunity to

manipulate metrics exists and opens the door for

fraudulent ESG-related vendors and suppliers to

exploit immature programs.

FRAUD TRIANGLE

Opportunity

Incentive (Pressure) Rationalization

FIG. 2 FRAUD TRIANGLE

11MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | INTRODUCTION TO ESG

INCENTIVE (PRESSURE)

Pressure describes the perceived burden

potential fraud actors might experience that

would incentivize them to commit fraud. There

is enormous pressure on the C-suite to make—

and achieve—ESG promises. The pressure is

particularly intense when it comes to raising

capital. Increasingly, private equity, venture capital,

pension funds, and public entities are insisting

on reviewing a company’s ESG policies, goals,

and metrics. Even privately held companies must

raise capital—and when they do, investors are

increasingly asking these companies about their

supply chain oversight, environmental impacts,

executive compensation models, and other ESG-

related issues. Increasing investment focus on

ESG raises the stakes and increases the pressure

to commit fraud. This pressure could also result

in reduced scrutiny of suppliers or third parties,

as uncovering ESG fraud in the value chain would

negatively implicate the company.

RATIONALIZATION

Rationalization is a fraudulent actor’s ability to

convince themself that the circumstances justified

their illicit act. ESG represents many social virtues.

Therefore, bad actors may rationalize that making

progress on ESG promises is worthy of a reward,

not punishment. For example, if an organization

comes close—but still fails—to deliver on an

ESG promise, the organization may rationalize

a misstatement with the justification that “some

progress is better than none.” In other instances,

individuals may justify their actions because the

“ends justify the means.” If the choice is between

providing honest and transparent reporting of

poor ESG performance resulting in market losses

and layoffs, or cooking the ESG books to show

a positive result, it becomes clear how some

organizations might rationalize fraud.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK12 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

DEFINING ESG FRAUD RISK

13MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

Grant Thornton developed an ESG fraud taxonomy

(Figure 3), inspired by the ACFE Occupational

Fraud and Abuse Classification System, also known

as the Fraud Tree.13 Traditional fraud taxonomies

typically look at categories of fraud that internal

and external actors perpetrate directly against an

organization, such as billing schemes, cyberattacks,

or fraudulent reporting. Grant Thornton’s ESG fraud

taxonomy considers fraud risks through an ESG

lens.

Examples of identified ESG fraud schemes

include inflating the value of carbon credits, using

modern slavery for production, making illegal

political donations, and paying bribes to forgo

specific regulation meant for the well-being of the

environment or people, among many others.

Some fraud schemes, such as modern slavery

violations, affect the perpetrator and the

organization receiving goods or services from the

perpetrator. ESG fraud and misconduct impacts can

occur anywhere in the supply chain.

ESG FRAUD TAXONOMY

13 www.acfe.com/-/media/files/acfe/pdfs/2022-rttn-fraud-tree.ashx

In addition to the three ACFE Fraud Tree categories— corruption, asset misappropriation, and financial statement

fraud—the ESG fraud taxonomy includes a fourth category called nonfinancial reporting fraud, which

introduces ESG-reporting-related fraud risks.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK14 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

FIG. 3 GRANT THORNTON’S ESG FRAUD TAXONOMY

ILLUSTRATIVE EXAMPLES

Conflicts of Interest Bribery Economic

Extortion Illegal

Gratuities

Concealed ESG-related Liabilities & Expenses

Improper Disclosures

Improper ESG- related Asset

Valuations

Overstated ESG-related Liabilities & Expenses

Bid-riggingSales schemes

Purchasing schemes

Invoice kickbacks

Carbon credit sales to

undisclosed related party

Permit officer demands

payment for logging permit

Grease payment to forgo safety inspection

Collusion for disaster relief procurement

ESG-related Inventory and Other Assets

Larceny Misuse

Theft of personal safety equipment

Personal use of donated goods

Inflated carbon credit value

Environmental cleanup

reserve used as cookie jar

No real estate assets are in

100-year flood plain

CORRUPTION ASSET MISAPPROPRIATION

NONFINANCIAL REPORTING FRAUD

FINANCIAL STATEMENT FRAUD

False Disclosure or RepresentationFalse Labeling or Advertising Failure to Disclose or ReportFalse/Disingenuous Certification or Pledges

Affirmative declarations or assertions

Failure to disclose or

report a fact

Failure to disclose or

report an event or action

Negative declarations or

assertions

Out of compliance

with certification or

pledge

Affirmative declarations or

assertions

Negative declarations or assertions

Affirmative declarations or assertions

Negative declarations or

assertions

Made with 100% recycled

materials

Fully complies with ______ certification

requirements

We are a founding

member of the ______ ESG

initiative

Board does not include a diverse

Director [not reported]

No plant accidents required

hospitalization during the prior

year

None of our products contain inputs resulting

from forced labor

Scope 2 Greenhouse

Gas Emissions declined by 10%

Dolphin-free tuna

On track for net zero greenhouse

gas emissions by 2035

ILLUSTRATIVE EXAMPLES

ILLUSTRATIVE EXAMPLES

15MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

NONFINANCIAL REPORTING FRAUD

In addition to the three ACFE Fraud Tree

categories—corruption, asset misappropriation, and

financial statement fraud—the ESG fraud taxonomy

includes a fourth category called nonfinancial reporting fraud, which introduces ESG-reporting-

related fraud risks. This includes schemes in

which organizations intentionally omit, falsify, or

misrepresent material nonfinancial information to

deceive and attract investors, funding, loans, or

other benefits. Organizations can make material

falsehoods, misrepresentations, and omissions

for any ESG Key Performance Indicators (KPI)

or related operations. All organizations should

integrate ESG reporting metrics and disclosure

requirements across their operations, in the same

way that financial considerations drive enterprise

decisions. Much like financial considerations, these

metrics must have rigorous controls around the

disclosure and assessment process.

ESG FRAUD RISK ASSESSMENT

Organizations use the ACFE Fraud Tree to conduct

traditional fraud risk assessments. They can also

use the ESG fraud taxonomy to conduct an ESG

fraud risk assessment or to enhance a traditional

risk assessment by considering the entirety of an

organization’s operations, including third parties.

Third parties within the supply chain are a vital

piece of an ESG ecosystem, as organizational

leadership is accountable for its own business

practices and for those of its value chain. For this

reason, it is crucial to consider the ESG risks posed

by suppliers and customers, in addition to the risks

faced directly by the organization.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK16 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

During a fraud risk assessment, organizations

characterize fraud schemes to allow for an

enterprise-wide view. This categorization helps to

organize a comprehensive approach to assessing

fraud risks. To illustrate using an example from

the ESG fraud taxonomy, the following is the

categorization of a nonfinancial reporting fraud risk:

• Category: Nonfinancial Reporting Fraud

• Subcategory: False Disclosure or

Representation

• Sub-subcategory: Negative declarations or

assertions

• Scheme: Harvest mixing

Harvest mixing occurs when agriculture and

fishing entities mix valid goods with illicit goods

while declaring all goods valid. For example, a

fish supplier might disclose the fish as legally

caught when in fact only a small portion of the fish

were legally harvested, allowing the bad actors to

generate extra profit.

The ESG fraud taxonomy serves as a useful

foundation on which to build a tailored fraud

scheme library that is appropriate for a specific

industry or company. Organizations can then

leverage this information during a fraud risk

assessment to evaluate the controls in place to

mitigate the inherent fraud risk associated with

each scheme. In this example, we might evaluate

whether disclosures by suppliers are subject to

the proper controls to mitigate the likelihood of a

harvest mixing scheme.

Organizations should periodically evaluate ESG

fraud risks and corresponding internal controls that

mitigate those risks by conducting ESG fraud risk

assessments. ESG fraud risk assessments can be

conducted as stand-alone exercises or combined

with broader fraud risk assessments. Either way,

the assessments should consider both financial

and nonfinancial ESG fraud risks throughout the

entire supply chain.

Organizations should periodically evaluate ESG fraud risks and corresponding internal controls that mitigate those

risks by conducting ESG fraud risk assessments.

17MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

FRAUD-ABUSE SPECTRUM

When discussing fraud and fraud risk related to

ESG activities, it is important to convey there is

a spectrum of wrongful or potentially fraudulent

behavior that may occur that threatens the integrity

of an organization’s financials, operations, and

reputation. The term fraud denotes a criminal act

to be proven in a court of law. For the purposes of

this guide, we use the term fraud risk to mean the

possibility that fraudulent activity could occur.

For example, inadvertent mismanagement and

negligence when vetting third-party vendors

or suppliers may lack malicious intent but still

negatively impact the organization’s ESG goals.

Especially in situations where the pressure to

deliver is high, executives may be tempted to avoid

asking too many questions about their supply

chain or adding rigor to their ESG metric reporting

process. This intentional avoidance—or willful

blindness—can have disastrous impact.

Perhaps less egregious, organizations might

engage in misleading behavior by putting

a positive spin on otherwise questionable

information. Organizations might be accused of

greenwashing—the marketing of environmentally

sustainable activity intended to attract ESG-

conscious investors and consumers with material

omissions or misrepresentation—by making their

environmental claims sound more beneficial than

they really are.

Likewise, when it comes to social initiatives, many

groups have been accused of virtue signaling—a

pejorative term for expressing a moral viewpoint

with the intent of communicating good character

by jumping on a social bandwagon, just for the

purposes of inflating their reputation even if their

position is disingenuous.

Abusive activities like these do not necessarily

rise to the level of fraud. Especially in times of

lacking or conflicting regulatory guidance, it is

important to understand that such activities fall

along a spectrum of behavior. As with any fraud

investigation, anti-fraud practitioners need to

be mindful of whether these misstatements or

omissions are material and if they were made with

intent.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISKMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK18

ENVIRONMENTAL

With the global spotlight on environmental impacts,

companies have more incentive than ever to

appear environmentally conscious. Environmental

risks, such as increased frequency and impact

of natural disasters, have a strong connection to

economic and financial instability. Environmental

risks can lead to operational and financial loss,

such as disruptions to production and changes in

asset value.

Over the last decade, environmental decline has

been a topic of major discussion from classrooms

to boardrooms to Congress and the United

Nations. In March 2022, the Commissioner of

the U.S. SEC issued a proposal to require public

companies to report climate risks and greenhouse

gas emissions.14 Consequently, organizations and

anti-fraud professionals alike must be aware of how

environmental fraud might occur.

The following are some example schemes of how

environmental-related fraud might occur:

• Harvest mixing: Mixing of valid and illicit goods

while declaring all goods are valid to generate

additional profit and nondisclosure gain

• Environmental standards manipulation: Falsifying or rigging environmental tests (e.g.,

emissions software) to falsely claim adherence to

standards

• Inflated carbon credit value: Inflating the value

of a carbon credit, contradicting a fair market

value analysis15

• Jurisdictional bribery: Bribing jurisdictional

authorities for a license or clearance to harvest

or transport protected wildlife and flora

ENVIRONMENTAL HARVEST MIXING AND THE FRAUD TRIANGLE

Opportunity: Regulators have difficulty monitoring the fishing behavior of a large and diverse set of actors spread across the globe, which makes it difficult to determine valid goods versus counterfeit goods.

Pressure: Stakeholders have expectations for the fishing companies to meet the seafood demand of consumers (markets, restaurant industry, etc.), creating increased pressure.

Rationalization: Companies may rationalize their behavior by observing their market—“All my competitors are doing it.”

14 www.sec.gov/news/statement/lee-climate-disclosure-20220321 15 www.ec.europa.eu/clima/eu-action/eu-emissions-trading-system-eu-ets_en. The EU developed a cap-and-trade system for the fair value of emission allowances (credits) in an effort to decrease total emissions.

19MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

SOCIAL

Consumers, investors, and potential employees

are all looking at social factors. Thus, businesses

face increasing pressure to demonstrate socially

minded decision-making across the spectrum of

their operations. For example, human trafficking

and modern-day slavery have been a focal point in

the review and adoption of policies that promote

due diligence in sourcing. Likewise, companies are

increasingly expected to establish diversity, equity,

and inclusion (DE&I) initiatives to show they are

committed to a diverse and inclusive workplace.

With regard to modern-day slavery, although

international reporting and due diligence standards

have been mostly voluntary, companies will likely

begin to bear the legal weight of their supply

chain relationships in the future. Recently, the EU

proposed legislation for a social taxonomy.16

As social consciousness expectations rise,

companies must ensure they consider the fraud

risks inherent in these initiatives. The following are

some example schemes of how social-related fraud

might occur:

• Labor condition concealment: An organization’s

officers collude with supply chain actors

to conceal and misrepresent unsafe and

noncompliant labor conditions.

• Falsified DE&I metrics: An organization

knowingly misrepresents data on DE&I initiatives.

• Nonconforming social services: A vendor

contracts to provide socially conscious services

to support social-wellness programs but is not

capable of performing such services.

• Forced savings and deposit programs: A

supplier withholds a portion of a worker’s salary

and deposits it into a savings account to which

the worker does not have access until their term

of work is complete, creating an element of

servitude over fear of losing the withheld assets.

SOCIAL LABOR CONDITION CONCEALMENT AND THE FRAUD TRIANGLE

Opportunity: Limited standards in foreign territory and citizenship states create the opportunity for companies to exploit workers in retail manufacturing companies.

Pressure: The competitive market increases pressure across industries. Lower overhead costs can warrant lower product prices while increasing the bottom line.

Rationalization: Companies may use the rationalization of providing employment opportunities, which decreases the unemployment rate.

16 www.simmons-simmons.com/en/publications/cl09csqlp16110a47u4pcg3zb/eu-esg-developing-the-social-taxonomy

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISKMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK20

GOVERNANCE

Corporate governance is a top priority for

consumers and investors, as it sets the tone and

expectations for how a company interacts with

stakeholders. An ethical corporate governance

structure provides reassurance to consumers,

employees, and investors that the organization has

a strong culture that aligns with its core values.

The following are some example schemes of how

governance-related fraud might occur:

• Misrepresentation/underreporting of suspicious activity: A company willfully

disregards suspicious transactions passing

through operations with clear indications of illicit

activity; a company violates policy and banking

regulations for greater cash flow.

• Clearing and forwarding extortion: A clearing

agent demands payment from an organization

for additional bond on top of an existing contract

to expedite the import of goods.

• Violation of independence: Audit committee

members violate conflict of interest standards

when engaging in decision-making or do not vet

conflict of interest relationships before engaging

in decision-making.

• Capital expenditure misclassification: An

organization misclassifies capital expenditures

as ESG-related for the purposes of company

reputation, or to meet executive compensation

incentives.

• Illegal tax shelters and underreporting: An

investment management firm unlawfully hides

assets and income in overseas tax shelters and

sanctioned jurisdictions to generate a higher

return and embezzle funds without disclosing to

the organization that is investing.

GOVERNANCE MISREPRESENTATION/UNDERREPORTING OF SUSPICIOUS ACTIVITY AND THE FRAUD TRIANGLE

Opportunity: Money transfer companies might have a reckless disregard for illicit transactions at a heavily trafficked transfer location.

Pressure: A pressure exists at money transfer locations, specifically those that are heavily trafficked, to provide or receive timely support to individuals in need. Money transfers also have cash flow needs they have to maintain.

Rationalization: Money transfer companies might justify ignoring potentially suspicious transactions by rationalizing they are providing opportunities to individuals in other countries who may need the support.

21MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

IMPACT

Discussions of fraud most often focus on the

financial losses that result. ESG fraud certainly

carries financial risks. But the impact of ESG fraud

also carries additional compliance, reputational,

and other risks. When creating a program to

monitor and manage ESG fraud risk, it is important

to consider all the risk factors.

With the enormous pressure brought on by ESG

programs, executives might be tempted to avoid

inspecting their supply chain and internal programs

for fear of finding something undesirable. Whether

this qualifies as willful blindness, sticking their head

in the sand, or turning a blind eye, the problem is

unlikely to resolve itself. Unfortunately, in cases

where a reasonable person should have known

about these factors, the consequences can be

magnified.

FINANCIAL RISKS

ESG frauds may result in typical financial losses.

If, for example, a carbon-offset provider charges

for services not rendered, those dollars would be

considered a fraud loss. In an internal scheme, if an

intentional material misstatement is made during

ESG reporting and subsequently discovered, the

financial impacts to the organization could be

enormous.

As noted in the following discussions, there are

additional risk factors to consider. These risk

factors may combine to create a vicious cycle that

causes the financial loss to multiply.

REPUTATIONAL RISKS

Perhaps a larger risk for many organizations is

reputational risk. If a company is thought to have

intentionally misled or “looked the other way,” it

can suffer significant reputational consequences.

Investors lose confidence and call into question

the accuracy of all company reporting. Customers

boycott the brand. High-performing employees

abandon the company for an employer that

better aligns with their values. These reputational

consequences will soon translate into negative

financial impacts.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISK22 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | DEFINING ESG FRAUD RISK

COMPLIANCE RISKS

While regulatory frameworks relating to ESG are

still being formed, several types of ESG fraud

schemes covered in the ESG fraud taxonomy carry

their own compliance risks. For example, some

fraud schemes may involve bribery or extortion, the

discovery of which can expose the organization to

anti-bribery and anti-corruption (ABAC) compliance

violations. Such violations carry financial penalties

and may invite additional regulatory action and

requirements for costly remediation programs.

These findings also carry a negative connotation,

further exacerbating the reputational costs.

The combined effect of these risks shows that

it pays to be proactive. Organizations that

preemptively identify ESG fraud risk issues,

establish appropriate controls, and take swift

remedial action when necessary will fare much

better than those who take a more reactive stance.

Organizations that preemptively identify ESG fraud risk issues, establish appropriate controls, and take swift remedial action when necessary will fare much better than those

that take a more reactive stance.

23MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISK

MIT IGAT ING ESG FRAUD RISK

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISKMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISK24

As stakeholders demand increased ESG

accountability, they must develop tailored

ESG frameworks with fraud risk management

components that withstand scrutiny. Incorporating

proper checks and balances to mitigate the risk of

ESG fraud and misconduct is vital.

Despite the lure of misstating ESG reporting, fraud

is not inevitable. The key is to install and maintain

guardrails; ask hard questions; and consistently

enhance reporting, controls, and approaches to

integrate ESG reporting into other reporting that

undergoes scrutiny. To do this, companies must

conduct ESG program activities and reporting with

oversight and accountability; ESG reporting should

adhere to the same rigor applied to financial

reporting.

Rigorous ESG guidance should consider policies,

procedures, data governance, and reporting

controls. Additionally, an ESG framework should

address the traditional management assertions of

accuracy, completeness, rights and obligations,

existence, and comparability, which are reflective

of the principles that auditors rely upon for the

assessment of financial audits.

• Accuracy: ESG reporting disclosures should have

the same rigor as financial statement reporting.

The data must be authentic and free from

misrepresentation.

• Completeness: Organizations should disclose

the full picture with thorough information

regardless of the weight. This includes reporting

all ESG information and disclosures.

• Rights and obligations: Organizations should

only disclose information that legally belongs

to the organization and is permitted for use.

This information includes obligations that

organizations will have to settle in the future.

• Existence and occurrence: Organizations should

only report ESG matters that have occurred

during the period(s) or that relate to conditions

that exist at the time of reporting.

• Comparability: Organizations should seek a

standardized reporting framework appropriate

for their industry to allow for comparability from

one reporting period to the next and across

organizations within their industry.

INCREASING ACCOUNTABIL ITY

Despite the power and lure of misstating ESG reporting, fraud is not inevitable. The key is to install and maintain

guardrails; ask hard questions; and consistently enhance reporting, controls, and approaches to integrate ESG

reporting into other reporting that undergoes scrutiny.

25MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISK

MATERIAL ITY CONSIDERAT IONS

Materiality is a key part of protecting organizations

from ESG fraud risks. Something is considered

material if it would affect the judgment of

an informed stakeholder. For example, if an

organization’s executives know that one of their

most important products has a design flaw, that

knowledge is material information the executives

must disclose accurately, completely, and without

delay. The question of what constitutes material

information when it comes to ESG is still largely

unanswered; however, organizations can rely on

this question: Would this affect a stakeholder’s decision-making?

In the ESG and sustainability context, materiality

is separate and distinct from the understanding

of materiality under state and federal securities

laws and under Generally Accepted Accounting

Principles (GAAP). Items thought to be material

in ESG programs are not necessarily material for

securities law and GAAP purposes. Nonetheless,

in the absence of standardized frameworks and

definitions for ESG reporting, organizations should

apply a consistent process for deciding what is

material and what is not. When setting up an ESG

framework, considering the following types of

questions could prove beneficial in determining

materiality:

• Are my company’s ESG disclosures subject to the

same rigor as our financial disclosures?

• What are our management assertions about

ESG, and are controls in place to make faithful

assertions?

• Have we considered the risks posed by our

suppliers and vendors?

• Have we conducted adequate due diligence with

our suppliers and vendors to confirm that their

practices align with our ESG objectives?

• What is the plan to disclose and correct any ESG

reporting problems?

While such questions provide a helpful starting

point, organizations should refine the process for

establishing materiality in the coming years as the

ESG landscape evolves.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISKMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISK26

RECOMMENDATIONS FOR MITIGATING ESG FRAUD RISK

It can be difficult for companies to structure

an ESG anti-fraud program when they are just

starting out, especially with the ESG landscape

evolving so rapidly. While there may be

challenges, traditional fraud risk management

guidance can help. In collaboration with the

ACFE, Grant Thornton published the Anti- Fraud Playbook17 to provide organizations with

actionable guidance on how to develop and

mature a fraud risk management program in

alignment with the five key fraud risk management

principles outlined in the COSO/ACFE Fraud Risk

Management Guide. This methodology provides

a strong foundation upon which organizations can

build a holistic fraud risk management program.

While ESG introduces new fraud risks and may

require new controls and reporting mechanisms,

a strong ESG fraud risk management program

should still align to these core principles.

With this approach in mind, the following are

recommendations for organizations to consider

when building an ESG-informed fraud risk

management program, aligned to these five

principles.

17 www.grantthornton.com/services/advisory-services/risk-compliance-and-controls/ACFE-global-fraudcon-and-playbook.aspx

FIG. 4 COSO/ACFE FRAUD RISK MANAGEMENT PRINCIPLES

FRAUD RISK GOVERNANCE: The organization establishes and communicates a

Fraud Risk Management program.

FRAUD RISK ASSESSMENT: The organization performs comprehensive fraud risk

assessments.

FRAUD CONTROL ACTIVITY: The organization selects, develops, and deploys

preventive and detective fraud control activities.

FRAUD INVESTIGATION AND CORRECTIVE ACTION: The organization establishes

a communication process to obtain information about potential fraud and deploys

a coordinated approach to investigation and corrective action.

FRAUD RISK MANAGEMENT MONITORING ACTIVITIES: The organization selects,

develops, and performs ongoing evaluations.

27MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | MIT IGATING ESG FRAUD RISK

FIG. 5 ESG FRAUD RISK MANAGEMENT RECOMMENDATIONS

COSO/ACFE Fraud Risk Management Principle ESG Fraud Risk Management Recommendations

Fraud risk governance

• Define ESG materiality thresholds.

• Identify and apply relevant ESG frameworks (see Appendix).

• Establish the “tone at the top” by communicating the importance of an ESG-related control and reporting program.

• Incorporate ESG-related risks into the organization’s risk appetite.

• Prepare internal ESG-related policies and procedures to measure employee and vendor actions against objectives.

• Define roles and responsibilities related to ESG programs and disclosures.

• Advance a culture of integrity, reinforcing the importance of accuracy and transparency.

Fraud risk assessment

• Conduct recurring, targeted ESG-focused fraud risk assessments or incorporate ESG components into the current fraud risk assessment methodology. This should include an ESG-focused supply chain risk assessment.

• Solicit feedback from key stakeholders using questionnaires and interviews.

• Leverage existing guidance including the ESG fraud taxonomy.

• Conduct interactive workshops with key stakeholders to review controls and specific areas of opportunity for risk mitigation.

• Tailor the ESG fraud taxonomy for organization-specific risks.

Fraud control activity

• Establish or ensure a strong supply chain control environment.

• Establish or ensure strong ESG disclosure reporting controls.

• Conduct supply chain mapping and integrate into third-party risk management programs.

• Leverage analytics and automation to enhance control systems for evolving ESG fraud risks.

Fraud investigation and corrective action

• Confirm whistleblower reporting and investigation capabilities are in place for ESG-related fraud schemes.

• Provide ESG-related anti-fraud training.

• Revisit anti-bribery and anti-corruption programs to ensure coverage of ESG-related fraud risks.

• Establish partnerships with collaborative organizations to support ESG- related fraud investigations.

Fraud risk management monitoring activities

• Establish Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the ESG fraud risk program.

• Build management reporting around ESG fraud risks.

• Establish ESG fraud risk board/commission-level reporting.

• Build advanced/predictive analytics to monitor the program.

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | AbOUT ThE ACFEMANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | CONCLUSION28

For corporations, ESG factors have quickly become

as important as financial metrics. With this rapid

rise to prominence comes increased pressure and

wide opportunity for exploitation. Organizations

need to take stock of their ESG programs, update

their reporting standards, enhance their controls,

and establish capabilities to mitigate ESG-related

fraud risk.

The COSO/ACFE Fraud Risk Management Guide

provides a useful framework to ensure a holistic

approach to addressing these risks. Begin by

setting the right tone for your ESG anti-fraud

program by assessing new internal and external

risks. Use the findings from that assessment to

drive your prioritization of enhanced controls and

investigations procedures. And finally, establish

the right reporting metrics to monitor your program

over time.

Organizations that quickly adopt these

recommendations will be ahead of their peers,

resulting in an important advantage. As new risks

appear, they will be better prepared to address

these challenges.

Environmental, social, and governance fraud

issues will be faced by most organizations. While

these risks may be inevitable, fraud losses and

reputational damage are not. Anti-fraud and risk

management practitioners can help protect against

these new vulnerabilities, and they can establish a

strong foundation for navigating the complex ESG

environment for years to come.

CONCLUSION

29MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | AbOUT ThE ACFE

Founded in 1988 by Dr. Joseph T. Wells, CFE,

CPA, the ACFE is the world’s largest anti-fraud

organization and premier provider of anti-fraud

training and education. Together with more than

90,000 members in more than 180 countries, the

ACFE is reducing business fraud worldwide and

providing the training and resources needed to

fight fraud more effectively.

The positive effects of anti-fraud training are far-

reaching. Clearly, the best way to combat fraud is

to educate anyone engaged in fighting fraud on

how to effectively prevent, detect, and investigate

it. By educating, uniting, and supporting the global

anti-fraud community with the tools to fight fraud

more effectively, the ACFE is reducing business

fraud worldwide and inspiring public confidence in

the integrity and objectivity of the profession.

The ACFE offers its members the opportunity

for professional certification. The Certified

Fraud Examiner (CFE) credential is preferred by

businesses and government entities around the

world and indicates expertise in fraud prevention

and detection. CFEs are anti-fraud experts who

have demonstrated knowledge in four critical

areas: financial transactions and fraud schemes,

law, investigation, and fraud prevention and

deterrence.

Members of the ACFE include accountants, internal

auditors, fraud investigators, law enforcement

officers, lawyers, business leaders, risk/compliance

professionals, and educators, all of whom have

access to expert training, educational tools,

and resources. Whether their career is focused

exclusively on preventing and detecting fraudulent

activities or they just want to learn more about

fraud, the ACFE provides the essential tools and

resources necessary for anti-fraud professionals to

accomplish their objectives.

ABOUT THE ACFE

MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | APPENDIx30 MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | AbOUT GRANT ThORNTON

ABOUT GRANT THORNTON

Grant Thornton LLP (Grant Thornton) is the U.S.

member firm of Grant Thornton International

Ltd, one of the world’s leading organizations of

independent audit, tax, and advisory firms. Grant

Thornton, which operates more than 50 offices in

the United States and operates in more than 135

countries, works with a broad range of dynamic

publicly and privately held companies, government

agencies, and organizations.

Grant Thornton is a leader in fraud risk

management. Our fraud risk professionals are

progressive thinkers with a wealth of experience

developing robust anti-fraud programs across a

wide range of industries and across organizations

of varying missions and sizes. Our proven

fraud risk management solutions are based on

proprietary methodologies. We have developed

industry-leading benchmarking tools, maturity

models, and customizable, scalable fraud risk

assessment methodologies to address the evolving

risk landscape. Further, Grant Thornton was

instrumental in the development of the fraud risk

frameworks used both in government and in the

private sector. This insight into leading guidance

combined with our deep pool of expertise provide

insights that we bring to our clients to help them

combat fraud and focus mitigation efforts where

it matters most. With the scale to meet evolving

needs, Grant Thornton specializes in personalizing

solutions to help address today’s problems and

anticipate tomorrow’s challenges.

31MANAGING FRAUD RISKS IN AN EVOLVING ESG ENVIRONMENT | APPENDIx

ORGANIZATION URL

American Institute of Certified Public Accountants (AICPA) www.aicpa.org

CDP Worldwide www.cdp.net

European Commission (EC) www.ec.europa.eu

Financial Accounting Standards Board (FASB) www.fasb.org

Global Reporting Initiative (GRI) www.globalreporting.org

International Auditing and Assurance Standards Board (IAASB) www.iaasb.org

International Sustainability Standards Board (ISSB) www.ifrs.org/groups/international-

sustainability-standards-board

International Financial Reporting Standards (IFRS) Foundation www.ifrs.org

Value Reporting Foundation (VRF) www.valuereportingfoundation.org

Sustainability Accounting Standards Board (SASB) www.sasb.org

International Integrated Reporting Council (IIRC) www.integratedreporting.org

U.S. Securities and Exchange Commission (SEC) www.sec.gov

APPENDIX: EXAMPLES OF ESG GUIDANCE AND FRAMEWORKS

A variety of organizations have issued guidance or are developing frameworks for ESG programs and

disclosures. These frameworks and guidance are intended to promote continuity by advocating for

consistent, transparent, repeatable, and accurate ESG reporting.

Listed below are examples of organizations that have issued relevant guidance or published ESG reporting

guidelines as of the time of publication of this guide. This list is not intended to be comprehensive, and

changes are anticipated as the ESG landscape evolves. Check with these organizations directly to obtain

their most up-to-date guidance.

©️ 2022 Association of Certified Fraud Examiners, Inc. All rights reserved. “ACFE,” “CFE,” “Certified

Fraud Examiner,” “Association of Certified Fraud Examiners,” the ACFE seal, the ACFE logo and related

trademarks, names and logos are the property of the Association of Certified Fraud Examiners, Inc., and

are registered and/or used in the U.S. and countries around the world.

“Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd

(GTIL), and/or refers to the brand under which the independent network of GTIL member firms provide

services to their clients, as the context requires. GTIL and each of its member firms are not a worldwide

partnership and are not liable for one another’s acts or omissions. GTIL and each member firm of GTIL is a

separate legal entity. In the United States, visit Grant Thornton LLP at www.grantthornton.com.

Managing Fraud Risks in an Evolving ESG Environment

ENVIRONMENTAL | SOCIAL | GOVERNANCE