Internal audit teams play an essential role in compliance, disclosure and oversight. They oversee reporting requirements, assess the performance of underlying controls, help an organization monitor and address risk and more.
These activities have traditionally focused on operations like finance and accounting, HR and health and safety. With mandatory sustainability disclosures and DEI reporting on the rise, is environmental, social and governance (ESG) oversight joining the mix? Should future activities involve increased collaboration with their colleagues in sustainability and ESG?
“[Internal audit] is uniquely posed to tackle ESG,” writes accounting firm EisnerAmper. Organizations aren’t seizing upon these synergies, however. According to a survey by Ernst & Young LLP and the Institute of Internal Auditors, many organizations are not yet involving their internal audit teams in their ESG programs in a meaningful way.
As ESG reporting increasingly moves from a “nice-to-have” to a “must-have”, this situation needs to change. Collaboration between internal audit and ESG can help both teams address common challenges and empower auditors to step into a broader advisory role. On the flip side, ESG teams need audit's oversight and accountability to stay ahead of risk and drive performance.
Read on for why audit-ESG collaboration is the way of the future and steps audit teams can take to get ahead of the trend.
Whether your company’s ESG program is non-existent to nascent, or robust and mature, when assessing a company’s risk, chief auditors should incorporate ESG risks into their enterprise risk assessment and into their annual internal audit planning process.
– EY Singapore
In the changing world described above, both audit and ESG teams have several critical challenges they need to consider in their day-to-day operations.
Evolving Regulatory Requirements
With the Global Reporting Initiative (GRI), the United Nations Global Compact (UNGC), the Task Force for Climate-related Financial Disclosures (TCFD), the Sustainable Accounting Standards Board (SASB) and beyond, ESG teams have long navigated a complex and growing array of frameworks for their corporate social responsibility (CSR) reports and other sustainability communications. As ESG disclosures increasingly move from voluntary to mandatory, these frameworks become internal audit’s responsibility as well.
And there’s much to keep up with. ESG policies in the Asia-Pacific region have increased two-fold in the past five years, according to EY. In the United States, the Securities and Exchange Commission is expected to soon make ESG disclosures mandatory for publicly traded companies. As the alphabet soup thickens, ESG-audit collaboration can help both teams stay ahead of the game and keep their organizations compliant.
Increasing Demands for Transparency
Regulators are just one stakeholder group interested in carbon footprints, labor standards, deforestation policies and other ESG issues. Increasingly, parties such as investors, underwriters, creditors, top executives and board members seek this data as well, as it helps them better gauge challenges and opportunities.
With ESG being a rising feature in the risk universe, “boards and investors want to know how ESG issues will impact an institution’s long-term strategy, performance and value creation,” writes EY Singapore. “Some of the region’s institutions are not ready to meet the risk management and disclosure expectations.”
This puts the pressure on ESG teams and audit teams alike.
Accurate and Comprehensive Reporting
Meeting these disclosure demands, demonstrating compliance and staying ahead of risk requires reliable, consistent reporting. However, the raw material and systems which many audit and ESG teams work with are often not up to the challenge.
While CSR, ESG and sustainability reports have become more common, their formats and the data within may vary — especially since many of these reports have been voluntary up until now. The informal processes and manual data collection used by many organizations will likely fall short in the face of ever-increasing demands and scrutiny. Finally, even as more and more organizations publicly disclose information about greenhouse gas emissions and workforce diversity, often this data has not been validated and assured (compared with financial data, for example).
Staying accountable and compliant requires both the right data sources and the right controls over how this information flows through and out of the organization — and here’s where an internal audit team shines. They have the expertise to evaluate the frameworks, approaches and effectiveness of controls used in voluntary sustainability communications (like a CSR report), which may lack the rigor required for new regulatory requirements, disclosure requests or risk management demands. They’re also well-positioned to provide objective guidance on how to reshape or craft new processes and formalize internal controls.
How Audit Teams Can Help Drive ESG Forward
Internal audit teams can help their colleagues in ESG — and their organization’s leadership — address these challenges in many ways.
Directly related to disclosures, reporting and compliance, they can:
- Validate that the organization is collecting all of the relevant information it needs — for example, greenhouse gas emissions across all applicable business activities, locations, subsidiaries and joint ventures for Scope 1, 2 and 3 reporting
- Assess alignment with industry standards and protocols
- Ensure proper governance structures for data integrity
- Review the accuracy of ESG reports and disclosures
- Evaluate reporting processes and controls and identify potential risks — for example, those related to information gaps, process issues or data accuracy
As ESG advisors, they can help:
- Review how the organization tracks ESG goals and measures performance
- Review the implementation of ESG programs and related policy documents
- Identify gaps in ESG programs, goals and metrics and find ways to address these gaps
- Oversee how the organization monitors legal, financial and reputational risks related to ESG
All of these activities add up to forward-thinking risk management and performance.
ESG and Audit’s Increasingly Entwined Future
Does an organization have the right roles, responsibilities and processes in place to execute on ESG strategy and manage risk? How are ESG issues impacting traditional risk areas like credit risk, investment risk and underwriting?
With their expertise in regulatory expectations, internal audit teams have a solid foundation for helping ESG departments and executive leadership answer these questions and more. What’s needed is a joint and evolving understanding of ESG’s impact on other aspects of the business, supported by the right resources, processes, technologies, data and metrics.
It will be a shared and increasingly interconnected journey. As EY Singapore points out, “Effectively responding to accelerating ESG-related risks and opportunities will require institutions to integrate ESG into business strategy and enterprise risk management (ERM) in a coordinated, strategic approach with strong oversight.”