Here is how Internal audit can play a noteworthy role in an organization’s ESG journey.
Acronyms give the majority a hard time to figure out what they stand for, and here I am using one. As used in the title for this article, you may be wondering what “ESG” stands for or what it is.
It is an acronym for Environmental, Social, and Governance. This was first coined in 2005, but the concept goes back much further. It refers to criteria that characterize an organization’s operations as sustainable, responsible, or ethical.
Although there can be some overlap, ESG-related topics generally fall under one of the three main categories represented in its acronym:
E: “Environmental” considers how an organization performs as a steward of nature. This can include issues related to carbon emissions, waste management, water management, raw material sourcing, and climate change vulnerability.
S: “Social” examines how organizations manage relationships with employees, customers, and the greater community. Risks that fall under this category can include corporate social responsibility, labor management, data privacy, general security, and health and safety. With the recent rise of high-profile movements related to addressing racial injustice, social ESG-related subjects such as diversity, equity, and inclusion have taken prominence.
G: “Governance” refers to variables such as business ethics, leadership, executive pay, audits, internal controls, intellectual property protection, and shareholder rights. Diversity risks, while social in nature, also can fall under the governance umbrella, such as actions to improve board diversity.
Conversations and focus on sustainability, typically grouped into environmental, social, and governance (ESG) issues, are quickly evolving from activist investor groups and inquisitive regulators pushing for change to governing bodies and C-suite executives struggling to understand and embrace the concept.
At the forefront of this new risk, the area is pressure for organizations to make public commitments to sustainability and provide routine updates to ESG-related strategies, goals, and metrics that are accurate and relevant.
Just as financial reporting is prioritized in organizations, ESG reporting should be treated with the same care as financial reporting because ESG reporting can contain a wide variety of metrics, organizations must establish policies, processes, and internal controls that generate reliable information for decision-making and ensure the quality of data being produced and reported.
Note: ESG reporting is still immature, and there is not a lot of definitive guidance for organizations in this space. For example, there is no single standard for what should be reported.
Organizations need to recognize that ESG reporting must be built on a strategically crafted system of internal controls and accurately reflect how an organization’s ESG efforts relate to each other, the organization’s finances, and value creation. This is because ESG-focused businesses thrive, and are resilient.
So, as risks associated with ESG become more evident and prevalent in decision-making by the governing body and executive management, the board of directors must have reliable assurance on the effectiveness of ESG risk management, including ESG reporting and that assurance should come from the Internal Audit function.
How then can internal audit play a significant role in an organization’s ESG journey?
For internal audit to add value to ESG implementation, the following can be considered;
- Advise senior management to ensure that the ESG strategy is embedded in the overall business strategy.
- Internal audit can provide assurance and advice over all aspects of ESG risk management. For example; ensure that ESG is added in the organization’s risk universe.
- Define ESG clearly to help managers understand how ESG affects business operations.
- Internal audit can add value in an advisory capacity by helping to identify and establish a functional ESG control environment, and credible internal control frameworks to their ESG efforts.
- Internal Audit can offer critical assurance support by providing an independent and objective review of the effectiveness of ESG risk assessments, responses, and controls.
- Internal Audit should ensure timely and consistent reporting on ESG activities.
- Internal audit can also provide assurance on whether data (quantitative and qualitative) being reported is accurate, relevant, complete, and timely. This is particularly important as regulatory oversight increases.
- Internal audit can review and verify whether proper control activities must be re-designed and are operating effectively from the operational steps to the collection and analysis of the data that will be used in reporting.
- Internal audit can play an advisory role in building an ESG control environment i.e. competent internal audit functions are familiar with the building blocks of effective control environments.
- Although ESG reporting is still immature, and no single standard for what should be reported, Internal Audit can recommend related frameworks and standards for ESG risk management or can advise on developing specific internal controls over ESG reporting, and recommend reporting metrics.
- Internal Audit can advise on ESG governance because of its holistic understanding of risk across the organization. It can use its unique perspective to help identify roles and responsibilities, as well as provide training on internal controls.
Conclusion: Just like any other project, for the ESG strategy to be successfully implemented and for it to be effective, senior management buy-in is crucial. Therefore, internal audit functions should ensure that senior management’s commitment to ESG is prioritized in the organization.
Since there are no standards specific to ESG currently, Auditors may not have the finer details of the ESG implementation but may choose to apply their “Best thinking, fresh thinking or professional judgment” while providing advisory services.
Ultimately, a focus on ESG means we all win and benefit from living in a fair, forward-thinking, and sustainable world.
Acknowledgment: https://global.theiia.org/about/about-internal-auditing/Public%20Documents/White-Paper-Internal-Audits-Role-in-ESG-Reporting.pdf
Originally published here https://www.linkedin.com/pulse/how-internal-audit-can-play-noteworthy-role-esg-rose-cisa-cdpse%3FtrackingId=oQINgUE4TnKfmphjQiao%252BA%253D%253D/?trackingId=oQINgUE4TnKfmphjQiao%2BA%3D%3D