The role of the external auditor in managing environmental social and governance (ESG) reputation risk

The role of the external auditor in managing environmental, social, and governance (ESG) reputation risk Bright Asante-Appiah
Assistant Professor of Accounting Department of Accounting College of Business Lehigh University PA 18015 Email: bra315@lehigh.edu Tamara A. Lambert*
Associate Professor of Accounting Department of Accounting College of Business Lehigh University PA 18015 Email: tal413@lehigh.edu * Corresponding author
Acknowledgements: We thank Lakshmanan Shivakumar (the editor), the anonymous reviewers, Raluca
Chiorean, Jeffrey Hales, Rani Hoitash, Jae B. Kim, Marietta Peytcheva, Divesh Sharma, Matthew
Sherwood, Mike Wilkins, and workshop participants at the 25th Symposium on Audit Research at the
University of Illinois at Urbana-Champaign and the University of Massachusetts, Amherst for their helpful comments.
Electronic copy available at: https://ssrn.com/abstract=3864175
The role of the external auditor in managing environmental, social, and governance reputation risk
ABSTRACT: Companies are under increasing pressure to manage their reputation on environmental,
social, and governance (ESG) issues. Auditors are a potential source of ESG risk management expertise
and assurance due to a deep understanding of their client’s ESG-related reputation risk (“ESG risk”) and
their assurance reporting expertise. However, provision of nonaudit services by the external auditor is
controversial and public accountants are still defining their role in ESG risk control and reporting. We
explore whether auditors help companies manage heightened ESG risk in times of reputation crisis, using
abnormal negative ESG-related media coverage as a measure of “tainted reputation.” Findings show a
positive association between tainted reputation and nonaudit services and between the interaction of
tainted reputation and nonaudit services with future firm value. The positive interaction persists when we
consider a proxy for other ESG risk management activities in our analyses and for other measures of ESG
risk management effectiveness (future stock returns and future tainted reputation). Subsample analyses
indicate that results are driven by companies audited by ESG industry specialist auditors, that the
association between tainted reputation and nonaudit services is driven by companies owned by
institutional shareholders, and that inferences from our results may not hold when ESG risk is dominated
by its social component. Using restatements as a proxy, we find no evidence to suggest that the
interaction of tainted reputation and nonaudit services is associated with impaired audit quality. Findings
demonstrate an empirical linkage between tainted reputation and nonaudit services that is positively
associated with future firm value measures.
Keywords: ESG; ESG reputation; ESG reporting; ESG assurance; sustainability assurance; auditor ESG expertise.
JEL Classification: G32, G34, M14, M41, M42, Q56
Data Availability: All data used in the study are publicly available from sources cited in the text.
Electronic copy available at: https://ssrn.com/abstract=3864175 1. Introduction
A company’s standing with respect to environmental, social, and corporate governance (ESG)
factors is increasingly a major consideration in its success (Kell 2014; Beard 2019; Whyte 2019).1 ESG
factors reflect business issues that can measurably impact a company’s balance sheet, income statement,
risk profile, and cost of capital, despite not being inherently financial in nature (Hales 2018). Laurence
Fink, chairman and CEO of BlackRock, has repeatedly cautioned that integrating ESG-related reputation
risks into core strategies is key to demonstrating long-term financial performance and value creation,2 and
recent survey evidence suggests investors believe ESG risks have financial implications for their
portfolios (Krueger, Sautner, and Starks 2020). Public accounting firms cultivate client-specific
information and expertise as they try to understand a client’s performance risk, have laid the groundwork
for enterprise risk management (ERM) theory through their involvement with the Committee of
Sponsoring Organizations (COSO), and have decades of expertise in designing, evaluating, and reporting
on systems of internal control (COSO 2004; Baxter et al. 2013). Auditors have experience/expertise
assessing ESG-related risk factors, as they are required to consider any risk factor that might lead to a
material misstatement as part of the financial statement audit. In this study we make predictions grounded
in theory and prior findings and compare them to correlational relationships in archival data to explore
whether external auditors also help companies navigate their ESG reputation risk. We examine whether
companies purchase more non-audit services in times of negative ESG-related media coverage (i.e.,
tainted reputation) and whether these purchases are associated with positive future firm value (future
three-year average operating performance and market value).
We define ESG-related reputation risk (ESG risk) as the risk of loss of firm value due to negative
reputation arising from the company’s handling of ESG factors. The growing investor emphasis on ESG
1 ESG-related reputation differs from corporate social responsibility (CSR) in that CSR describes a company’s
commitment to stakeholders for socially responsible practices, while ESG refers to a concept used by market
participants for evaluating a company’s practices (regardless of what the company sees as its commitment to
stakeholders). See, for example, https://medium.com/@utmccombssii/differences-between-esg-sri-csr-impact-
investing-and-philanthropy-4316033e7198 (accessed Nov. 14, 2019).
2 See, for example, letters dated February 2016 and January 2018 at https://www.blackrock.com/corporate/investor-
relations/larry-fink-ceo-letter. 1
Electronic copy available at: https://ssrn.com/abstract=3864175
risk and ESG-related opportunities has motivated demand for ESG performance data, development of the
Sustainability Accounting Standards Board (SASB), and the marketing of ESG risk services by public
accounting and other professional firms (Morimoto, Ash, and Hope. 2005; Manetti and Becatti 2009;
Huber, Comstock, and Polk 2017; Hales 2018; AICPA 2021a). In recent years, ESG-related reputation
crises have hurt the revenues, brand value, customer confidence, and share price of many corporations.
Recent findings indicate ESG-related disclosures and media attention are associated with market value
decreases and credit risk increases (Matsumura, Prakash, and Vera-Munoz. 2014; Kölbel et al. 2017;
Capelle-Blancard and Petit 2019; Choi, Gao, and Jiang 2020).
Given the potential ramifications of ESG risk, the reputation management literature suggests
companies will increasingly seek avenues for support in dealing with it (Coombs 1998, 2007; McDonnell
and King 2013; Renn 2017). We expect public accounting firms to be a particularly effective source of
help, regardless of whether accounting firms are the only source or are used in combination with other
consultants, due to auditors’ risk management and assurance reporting expertise. Public accounting firms
must understand clients’ business strategies, internal controls, and business risks to assess the risk of
misstatement/fraud and the company’s ability to continue as a going concern (PCAOB 2010; Ballou et al.
2012; Sharma, Sharma, and Litt 2018; Messier, Glover, and Prawitt 2019). To assess these risks
effectively in the current environment, auditors must consider all ESG-related risk factors, and so external
auditors have a great deal of client-specific ESG risk knowledge. Public accountants’ experience with
ERM, which imbeds internal control framework principles beyond the financial reporting system to firm
performance and value, provides them with a theoretical foundation for understanding ESG risk (COSO
2004; Baxter et al. 2013). Importantly, public accounting firms provide third party assurance and pre-
assurance services to enhance the reliability of ESG-related information provided to investors and other
stakeholders (Tysiac 2019; 2020; CAQ 2020; AICPA 2021b), leaving a role for the auditor, even when
advisory services may be provided by other (non-audit) firms. In sum, the external auditor may have a
role in helping companies manage ESG risk, which should be reflected in nonaudit service fees and which
we expect to result in better-managed risk. 2
Electronic copy available at: https://ssrn.com/abstract=3864175