February 2022

SGV thought leadership on pressing issues faced by chief executives in today’s economic landscape. Articles are published every Monday in the Economy section of the BusinessWorld newspaper.
28 February 2022 Katrina F. Francisco

Can ESG data and insights deliver long-term value?

Environmental, social and governance (ESG) driven approaches are rapidly becoming mainstream in the investor and corporate communities, according to the 2021 EY Global Institutional Investor Survey. This is an annual survey that the EY Global Climate Change and Sustainability services team commissioned from a third party with the main objective of examining the views of institutional investors on the use of nonfinancial information in investment decision-making.The survey notes three important themes that stand out: (1) the COVID-19 pandemic has been a powerful ESG catalyst; (2) there is a growing focus on the transition to a net zero economy, and climate change is increasingly central to investment decision-making; and (3) better quality nonfinancial disclosures and a clearer regulatory landscape, coupled with sophisticated data analytics capabilities, will enable ESG to realize its potential.THE COVID-19 PANDEMIC ACTING AS A POWERFUL CATALYSTInvestor attitudes towards ESG have undergone a rapid evolution under the pandemic. Now it’s seen as a central element to the investor decision-making process.The survey data shows that, since the pandemic started, 90% of investors are attaching greater importance to corporates’ ESG performance when making investment decisions, and 86% of those surveyed said that a robust ESG program impacts analysts’ recommendations.In addition, COVID-19 has made investors more likely to divest based on poor ESG performance with 74% saying so, while around 86% said that having a strong ESG performance impacts their decision to hold on to an investment.The way the pandemic has highlighted past and current issues on social inequality has also magnified the importance of social considerations, with consumers mobilized on social issues and investors placing a greater focus on the “S” element of ESG. The top 5 social concerns taking center stage, based on the survey, are: (1) consumer satisfaction, (2) diversity and inclusion, (3) impact on local communities, such as job creation, (4) workplace and public safety, and (5) labor standards and human rights across the value chain.Because of this, the investment industry faces a major challenge moving forward on how to access and analyze the data required to link social impact to financial performance. Without this information, it will be difficult to achieve a comprehensive inclusion of these factors into portfolio decision-making processes.CLIMATE CHANGE AT THE HEART OF DECISION-MAKINGWhen the pandemic struck, many feared that it might put an end to the growing interest of investors on climate change. This fear did not materialize.The significant progress that happened within the investment industry stems from the fact that the pandemic provided a stark and tangible example of what can happen when we fail to tackle systemic risks in our society. Investors could see what might happen to the economy if efforts to address climate change fail. This was further compounded by the results of the Intergovernmental Panel on Climate Change’s (IPCC’s) Sixth Assessment Report (AR6), which found that without “immediate, rapid and large-scale reductions” in emissions, curbing global warming to either 1.5˚C or even 2˚C above pre-industrial levels by 2100 would be “beyond reach.”Investors have become increasingly aware of the risks posed by climate change, and they want their investments to reflect their preferences. Since there is an increased pressure to address the impact of climate change, investors surveyed said that they are placing a significant focus on their portfolios’ exposure to climate risk, with 77% indicating that they are devoting time to evaluate the impact of physical risks, while 79% saying that they will devote time to evaluate the implications of transition risks, into their asset allocation and selection decisions.As decarbonization is crucial to investment decision-making, and with the goal of making progress towards net zero, it is crucial that companies and investors undertake robust scenario planning. This translates the theories related to climate change impact into practice and helps ground the discussion about incorporating decarbonization factors into an organization’s strategies so that it is not just an afterthought when considering the investment opportunities or the risks involved with operations.PERFORMANCE TRANSPARENCY AND ANALYSIS CAPABILITY IS THE FUTURE OF ESG INVESTINGWhile investors are considering ESG performance as central to their decision-making, there are two priorities that could help to realize its full potential.First is the better-quality ESG data from companies and clearer regulatory landscape. These two factors allow investors to conduct a more structured and methodical evaluation of disclosures.This is crucial as there has been an increasing concern of investors about the usefulness of key aspects of companies’ ESG disclosures, with 51% of investors saying that current nonfinancial disclosures are not able to provide insight into how companies create long-term value, which was only 41% in 2020. In addition, despite the importance of ESG performance reporting to the industry, the transparency and quality of ESG disclosures, mainly around materiality, have been an ongoing concern, where 50% of investors surveyed said that they are concerned about a lack of focus on material issues — an increase from 37% in 2020.Moreover, investor and corporate communities are broadly aligned on the importance of uniform standards and they believe that it would be helpful if risk transparency, reporting and assurance of disclosures were mandated by policy. As much as 89% of investors surveyed said they would like to see the reporting of ESG performance measures against a set of globally consistent standards become a mandatory requirement.What this will lead to will be higher quality disclosures around ESG performance, which in turn can underpin good business management to help build and preserve stakeholder trust. The actions relating to the formation and the formal launch of the International Sustainability Standards Board (ISSB) during COP26 is a step in the right direction to more globally consistent standards.Second, building data analytics capabilities and improving data management would be key to helping corporates produce trusted ESG performance reporting, with investors to incorporate that insight into their investment decision-making process.Technology and data innovation can help corporates improve the way they collect, aggregate and own their data and help investors integrate ESG data into the investment analysis.ACTIONS FOR CORPORATES AND INVESTORSAs ESG factors play an important role in economic health and recovery, there are a number of important actions for both the corporates issuing ESG reporting and the investors that will utilize that information.Corporates should consider (1) having a better understanding of the climate risk disclosure element of ESG reporting, since there is growing pressure for companies to do more, (2) making strategic use of the sustainability and finance functions to help inject rigor and factor in materiality into ESG reporting, mainly because investors are concerned about the veracity and credibility of companies’ ESG performance data, and (3) deepening engagement with investors and understand how nonfinancial disclosures help differentiate an entity from its competitors.Investors should consider (1) updating investment policies and frameworks for ESG investments along-side building an ESG-driven culture, (2) updating approaches to climate risk management to understand the potential consequences of climate risks over different time horizons, and (3) putting in place a bold and forward-looking data analytics strategy.With the increasing expectation that businesses create, protect and measure value across a broad group of its stakeholders, they can fully embrace ESG by ensuring that the risks it brings are managed and by fully taking advantage of the opportunities that come with it. This way, companies can better articulate how they are creating long-term value for all stakeholders. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the author and do not necessarily represent the views of SGV & Co.Katrina F. Francisco is a senior director from the Climate Change and Sustainability Services of SGV & Co.

Read More
21 February 2022 John N. Panes

Shifting to a zero-trust mindset

As the world continues to operate under remotely while grappling with the pandemic, the danger of cyberattack remains a constant threat. The current situation has resulted in people using their own devices and networks to ensure business continuity from anywhere, but these are not as secure as corporate systems and connections, and cybercriminals are not letting these easy opportunities pass.Data security is more critical than ever, with traditional data protection techniques functioning under a “trust but verify” strategy. This perimeter-driven paradigm entrusts its internal users with unobstructed network access and provides security controls only for external or untrusted networks. However, this introduces the issue of misplaced trust that can lead to the IT landscape of an organization being exposed to vulnerabilities.With organizations dramatically accelerating their transformation journey, effective cybersecurity that expands beyond the organizations’ territories becomes even more significant — and this is where the concept of zero trust comes in.Zero trust is a security model based on the principle of maintaining strict access controls without trusting anyone by default, including internal users. Everyone is trusted by default in a traditional IT network, and once an attacker gets inside the network, they are free to move and gain access to protected customer data, intellectual property, or network controls. Zero-trust application security understands that attackers can be present both within and outside of a network, which is why zero-trust policy enforcement dictates that no user should be trusted automatically.With effective zero-trust frameworks in place, organizations can enforce several critical steps as part of their arsenal to reduce cyber risk while establishing access and identity controls.THE NEED TO ADAPT ZERO TRUSTNewer organizations are now adapting this model as it requires a simpler approach but at the same time yields ever stronger security controls.The “trust but verify” strategy is no longer an option as targeted, more advanced threats are now capable of moving inside the corporate perimeter. Because of the nature of remote working, accessing applications from multiple devices outside of the business perimeter has become even more prolific. This results in the increasing risk of exposure to data breaches, malware and ransomware attacks.The zero-trust paradigm requires organizations to continuously analyze and evaluate the risks that involve their business functions and internal IT assets, then form strategies to mitigate them. The zero-trust model also restricts access by only providing access to users who need it while depending on whether they successfully authenticate each access request. The purpose of this process is to help eliminate unauthorized access to services and data while employing a positive security enforcement model. Because it uses a different lens to view data protection, the zero-trust model allows certain criteria that govern access and restrictions. STEPS TO START THE ZERO-TRUST JOURNEYThe looming challenge for these organizations actually involves where to start. They can begin their zero-trust journey with three simple steps, starting with building a zero-trust center of excellence. This entails creating a cross-functional working group of all the teams that will be working together on a zero-trust architecture. This includes cybersecurity and IT teams that will handle actual deployment, as well as business leaders who will help define the necessary business objectives to ensure successful implementation.Second, the center of excellence will need to engage in workshops to ensure that everyone is aligned and understands the basic concepts of this model, the business objectives of the organization, and what to protect — data, applications, assets, and services (DAAS). The prototype zero-trust network can be planned during the workshop to allow IT and security practitioners in the organization to better move to a more formal design phase.Third, start with something low-risk, instead of proceeding ahead with the “crown jewels” of the organization. Deploy zero trust first in an environment where implementation teams can get hands-on experience and develop confidence as they build this simpler but more secure network.MAXIMIZING DATA SECURITY WITH ZERO TRUSTWhile there are many misconceptions surrounding the zero-trust architecture model, from its overall functionality to implementation, organizations can focus on five major aspects identified by Murali Rao, EY India Cybersecurity Consulting Leader, to better maximize their data security.Prioritize top risks. Organizations must understand the attack surface and threat landscape to qualify risks, before prioritizing the ones that will need the most focus.Enterprise-wide policy. Organizations will need to set policies according to the sensitivity of services, assets and data housed. The potential of zero-trust architecture relies on the access policies that organizations define.More granular network enforcement. Organizations must always assume that the network is hostile, and that they cannot trust any user or incident. This will mean removing implicit trust from the network and building trust into devices and services.Implement the zero-trust network based on an inside-out view. Organizations need to include zero-trust architecture as part of their overall transformation strategy. They will also need to implement technologies that help achieve zero trust as their transformation moves them more to the cloud and retires old legacy systems.A strong Identity and Access Management. Organizations need to work on the authentications of their workloads, devices and users. Technologies such as privilege ID management, multifactor authentication, behavioral analytics and file system permissions must be enforced based on defined rules to minimize the compromise of trust.THE KEY TO SUCCESSFUL ZERO-TRUST ARCHITECTURE ADOPTIONBreaches that result in lost or stolen data cost organizations significant financial and reputational damage. The zero-trust model aids in both simplification and standardization of access control enforcement across an enterprise with improved compliance and the continuity of critical business processes, and it is most effective when integrated across the entire digital IT estate.In an era where customers, partners and the supplier ecosystem access data and services from literally anywhere, applying a zero-trust model reduces the risks of security issues that arise due to how organizations often lean on perimeter-based approaches.This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the author and do not necessarily represent the views of SGV & Co.John N. Panes is a manager from the Technology Consulting practice of SGV & Co.

Read More
14 February 2022 Leonardo J. Matignas Jr.

The CEO as the overall risk executive

We all understand the critical role played by the Chief Executive Officer (CEO) in protecting and enhancing the company’s value, but we should consider that the CEO is also responsible for managing significant uncertainties that may become obstacles to the achievement of the company’s objectives or desired outcomes. These uncertainties are referred to as business risks. This makes the CEO the Overall Risk Executive (ORE), being technically the owner of all the critical risks of the company.With this enhanced risk management responsibility given to the CEO, it is imperative that he or she is very much familiar with the framework, principles and process of risk management, particularly enterprise risk management (ERM), which has been recommended by the Philippine Securities and Exchange Commission (SEC) in its various codes of corporate governance. ERM has also been mentioned in the guidelines for well-governed companies released by the Philippine Stock Exchange (PSE).THE RISK MANAGEMENT EXECUTIVE TEAMThe CEO as the ORE should be assisted by his executive team, usually composed of executives who are co-risk owners in the organization. This is usually referred to as their Risk Management Executive Team (RMET). In most companies, this could be the management committee or executive committee. Oftentimes, the RMET is composed of the following:• Chief Financial Officer — for financial risk;• Chief Operating Officer — for operational risk;• Chief Information Officer — for information risk;• Chief Legal Officer — for legal risk;• Compliance Officers — for regulatory risk;• Chief Innovation Officer — for new and emerging risk related to markets and competition; and• Other key executives who are critical in identifying and managing uncertaintyAnother role which is critical is that of the Chief Risk Officer (CRO) or its equivalent. The CRO is usually part of the RMET unless the board requires the CRO to functionally report to the Board Risk Oversight Committee (BROC) directly and to the CEO for administrative support (similar to that of the internal auditors). Another factor to consider is the sector to which the company belongs as there can be some regulations in the area of reporting protocols.There is a common misconception that the CRO, which should ideally be a full-time role, is the owner of all the risks in the organization. The reality is that the CRO (again in a full-time capacity) does not own any risk except for the failure of the risk management process, making the CRO the owner of this process. It is important to note that the function/process owners (i.e., CFO, CIO, CLO, among others) are actually the respective owners of the risks within their purview.The CRO’s primarily role is to make sure that all the members of the RMET, who are co-owners of the risks, are working together as a highly integrated, collaborative, cross-functional team. Let us liken the CRO to a conductor of an orchestra, whose job it is to ensure that all the different instruments and performers come together into a harmonious whole. As most of the risks are interrelated and have interdependencies, business risks should not be managed in silos to better maximize the resources needed to manage them. This also ensures that no critical risks fall between the cracks.The CRO (or its equivalent) is the face of the CEO in the risk management activities of the company. But the tone from the top is the responsibility of the CEO supported by the leadership team.THE CEO AT THE FOREFRONT OF IDENTIFYING AND MANAGING BUSINESS RISKSIn most of the board sessions that I have attended, the CRO reports to the BROC on behalf of the CEO. However, for questions on decisions made about how risks are prioritized and managed, the CEO provides his insights to the BROC and also solicits from the latter additional insights to further strengthen their risk management strategies. This emphasizes that the CEO is given the responsibility to ensure that critical risks that will significantly impact the company are identified and managed at acceptable levels.A layman’s definition of business risk is “anything that keeps management awake at night.” That is why the CEO is also referred to as the chief paranoia officer in some circles. Of course, that is just to emphasize the critical role they play in risk management.I would like to share an anecdote about a presentation I made to the board of one listed company. I showed a slide presenting the layman’s definition of business risk. The CEO immediately made a comment that he can sleep well at night. His colleagues in the board room said jokingly that this made the CEO their biggest risk, since he did not know they had risks to manage. At an event after that session, the CEO approached me and said, “You know, Leo, after your session with us, I can no longer sleep well at night.”We had a good laugh but that said it all. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the author and do not necessarily represent the views of SGV & Co.Leonardo J. Matignas is the EY ASEAN risk management leader and a business consulting partner of SGV & Co.

Read More
07 February 2022 Anna Maria Rubi B. Diaz

How can accounting relate to climate change?

There has been an increased public focus on the harmful effects of climate change, with practices and reforms continuously being developed and implemented globally to reduce its negative impact. Because of this, some industry players are taking steps to address climate change, such as utility companies focusing on renewable energy investment, financial institutions expanding their portfolios to include green bonds, and private entities investing in technologies to conserve resources.Regulators have also been taking steps to address climate change. For instance, the Philippine Securities and Exchange Commission (SEC) issued Sustainability Reporting Guidelines for Publicly Listed Companies (PLCs) in 2019 to help PLCs better assess and manage their non-financial performance across the economic, environmental, social and governance (ESG) aspects of their organizations. Similarly, the International Financial Reporting Standards (IFRS) Foundation also established the International Sustainability Standards Board (ISSB) to develop sustainability reporting standards that will provide a high-quality, comprehensive baseline of ESG information.It is to be expected that in the years to come, climate change will have an even more significant impact on the way entities do business. Because of the potential impact of climate change and the continuing drive to manage it, various entities are facing the challenge of adopting these new practices and reforms in anticipation of how they will eventually impact their financial statements.CONSIDERING CLIMATE CHANGE IN FINANCIAL STATEMENTSCurrently, there is no specific accounting standard or guidance in the Philippines that deals directly with climate change matters. However, entities are still expected by regulators and stakeholders to explain how climate change is considered in their financial statements in a way where its impact is material or significant from a qualitative perspective. They need to disclose how climate change may impact the significant assumptions, judgments and estimates used in preparing their financial statements. Entities also need to ensure that the information from the financial statements agrees with the information provided to the stakeholders and general public through publications and press releases.Given these, we cite some accounting standards that entities may revisit in preparing their financial statement in consideration of the impact of climate change.GOING CONCERNThe Philippine Accounting Standard (PAS) 1, Presentation of Financial Statements, provides that an entity shall prepare financial statements on a going concern basis unless management either intends to liquidate the entity, to cease trading or has no realistic alternative but to do so. When management is aware of material uncertainties related to events or conditions that may cast significant doubt upon the entity’s ability to continue as a going concern, the entity is required to disclose those uncertainties.Risks coming from climate change may be a source of material uncertainty to some entities due to its potential impact on their future business activities, such as bank financing restrictions. Accordingly, entities need to revisit the impact of climate change on their financial statements particularly on their judgment to continue as a going concern and related disclosures pertaining to material uncertainties.Furthermore, entities will need to consider how natural resources issues that are necessary for their operations, such as waste management, water, and energy, will affect their ability to continue as a going concern.INVENTORYAccording to PAS 2, Inventories, inventory shall be measured at the lower of cost and net realizable value. Given the developments brought by climate change, entities need to assess whether inventory has become less profitable or obsolete as the cost may not be recoverable if the inventory is damaged by climate disturbances, if it has become wholly or partially obsolete, or if selling prices have declined.PROPERTY, PLANT AND EQUIPMENTPAS 16, Property, Plant and Equipment discusses how entities should measure, recognize and disclose information on property plant and equipment. Changes in the economic and legal environment coming from the societal pressures and legislation may affect how entities measure, recognize and disclose information on property plant and equipment. This is due to the potential impacts on the useful life, residual value, designs, technology and decommissioning of property, plant and equipment.Given the uncertainty, entities need to consider how the measurement and recognition principles in accounting for the entities’ transactions, events and conditions will be impacted by these changes and how disclosures can be enhanced to allow the users of financial statements to better understand the judgments made by entities on their property, plant and equipment.IMPAIRMENT OF ASSETSPAS 36, Impairment of Assets requires an entity to assess at the end of each reporting period whether there is any indication that an asset may be impaired. If any such indication exists, the entity is required to estimate the recoverable amount of the asset. Action from governments and public awareness on climate change may drive impairment indicators.For example, a government may require entities to focus on new products and technologies that will conserve resources, potentially resulting in a significant decline in the value of the entity’s existing assets. If the public has already been consciously investing in entities with climate change initiatives, investors may withdraw their support from entities who are not concerned with such initiatives. It can also result in adverse changes to the technological environment of an entity, which may result in the obsolescence of its assets. These may also affect forward-looking information, such as cash flow projections in estimating the recoverable amount of an entity’s assets.Due to this, entities may need to consider how the impairment indicators will affect the measurement of their assets, including relevant disclosures on assumptions, judgments and estimates.PROVISIONSPAS 37, Provisions, Contingent Liabilities and Contingent Assets requires that provisions need to be recognized when: (1) an entity has a present obligation (legal or constructive) as a result of a past event; (2) it is probable that an outflow of resources embodying economic benefits will be required to settle the obligation; and (3) a reliable estimate can be made of the obligation.New legal requirements and laws, decommissioning and asset retirement obligations and legal claims in response to climate change may give rise to new obligations that may lead to a potential significant impact on the recognition and measurement of provisions. Due to the significant uncertainty, entities need to consider the adequacy of the disclosures in how they incorporate climate change risks in recognizing and measuring their provisions.ASSESSING THE IMPACT OF CLIMATE CHANGEThe items cited in the foregoing are based on general accounting considerations and are not inclusive of everything that entities should consider. Since each entity’s business, operations and situation are unique, each entity will need to apply significant judgment and analysis of relevant facts and circumstances to reasonably assess the impact of climate change.As the global conversation between and among businesses, consumers and regulators grows increasingly dynamic, entities will need to proactively consider how the risks from climate change may affect not only their operations but also their financial statements. More importantly, they will also need to consider potential solutions to the climate change disruptions that are happening now and those that are emerging — before it’s too late. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the author and do not necessarily represent the views of SGV & Co.Anna Maria Rubi B. Diaz is a senior director from the Financial Accounting Advisory Services (FAAS) service line of SGV & Co

Read More
Leading the way in business

Other SGV News and Publications