Validation and credibility of reported data

How does the PRI ensure reported data is credible?

The PRI has several steps in place to reduce reporting errors and enhance the credibility of PRI data: 

• Transparency Reports are made public. 

• The PRI uses various validation mechanisms in the Reporting Tool, depending on the question type, which reduces misreporting.  

• The Reporting Framework contains gateway questions to prevent signatories seeing questions that do not apply to them, hence reducing conflicting responses.  

• When the data is comparable with the previous year, some indicators containing key AUM figures are checked.  

How can signatories increase the credibility of their reported data? 

Signatories can demonstrate or improve the credibility of the information they report through any of the following measures: 

• soliciting independent third-party assurance of selected processes and/or data related to their responsible investment processes, resulting in a formal assurance conclusion.  

• undergoing a third-party readiness review and making changes to internal controls or governance processes in preparation for an independent third-party assurance review.  

• conducting an internal audit of selected processes and/or data related to the responsible investment processes reported to the PRI.  

• having the board, trustees (or equivalent), senior executive-level staff (or equivalent), and/or investment committee (or equivalent) signing off on the PRI report.  

• some or all funds undergoing an audit as part of the certification process against a sustainable investment/responsible investment label. 

• undergoing an external ESG audit of their ESG/sustainability marketed funds or products (excluding ESG/responsible investment-certified or labelled assets). undergoing an external ESG audit of holdings: 

• undergoing an external ESG audit of holdings:
  • to verify compliance with responsible investment policies (e.g., exclusion lists, ESG ratings or thresholds).   
  • as part of risk management, engagement identification or investment decision-making.  
  • reviewing PRI reporting responses internally before submission.  

These measures span two areas: governance and internal controls; internal audit and external assurance, with the latter representing advanced practice (see below). Therefore, we do not expect signatories to undertake all these measures and understand that their capacity to undertake any of them will depend on various factors, including organisational structure, resources, and location. 

Governance and internal controls 

Developing robust internal controls is the first step for signatories wanting to improve the credibility of their reported information. An organisation’s confidence in its reporting is a direct result of the quality of its internal control environment. 

Internal audit and external assurance 

Signatories can use internal audit to verify that their internal control mechanisms on ESG reporting, and those specific to responsible investment processes are working as intended. This helps organisations prepare for external third-party assurance of ESG information and should result in a more efficient assurance process. External assurers can provide guidance on best practices. 

Processes typically audited/assured  

Based on 2017 analysis, signatories that reported they conduct third-party assurance of their internal controls did so for the following responsible investment processes:  

• Strategy and governance: policies and main overarching responsible investment processes  

• Active ownership: voting policy and processes, engagement processes  

• ESG incorporation strategies: screening processes (e.g., to prevent breaches)   

Assurance standards for the review of ESG information and processes are an emerging field. ISAE 3000 is the most widely used standard for information, while ISAE 3402 can be used for ESG processes (overlaps with SSAE 18) by service organisations.