Strange Bedfellows? Internal Audit Function Needs to Make Friends With ESG Metrics

Internal audit plays a crucial role in compliance, disclosure and oversight of organizations. Audit teams are responsible for overseeing reporting requirements, assessing the performance of underlying controls and helping an organization monitor and address risk.

Historically, internal audit oversight has focused on areas like finance and accounting, HR and health and safety. However, with mandatory sustainability disclosures on the rise, ESG issues have evolved from a sort of “alphabet soup” to matching International Sustainability Standards Board (ISSB) criteria, and now there is a growing need to tie ESG to international financial reporting. The board of directors needs to see that not only has ESG data been assured but that it has been connected to the organization’s strategy and to its financials.

Compounding this, regulators are now demanding more transparency on a company’s ESG initiatives. Just two examples are the Corporate Sustainability Reporting Directive (CSRD) that has already begun its rollout in Europe, and the SEC’s anticipated climate disclosure rules, which are soon to come into play in the U.S. The regulatory landscape is still rapidly developing, with more than 200 climate-related regulations currently under consideration around the world.

As a result, corporate directors are acknowledging the importance of ensuring ESG disclosures are audit-ready. According to a survey from Diligent Institute and Spencer Stuart, conducted with nearly 1,000 board directors globally, directors are actively preparing for climate regulations, with 55% saying they’ll take extra care to ensure their ESG strategies are adequately reflected in annual reports and filings. At the same time, 46% of directors plan to enhance their ESG disclosure methods.

Claim a seat at the table

What does this mean for internal audit? For one, the role of the internal auditor has become more critical. An increasing and evolving number of risks, including not only ESG but cybersecurity, digital transformation and others, means internal audit has moved from a reactive compliance function to a strategic partner of the board — providing valuable insights into risks, revenue opportunities and overall business performance. And as ESG standards, regulations and frameworks become more prevalent and investor pressure ramps up, the role of internal auditors in ESG auditing is only going to grow.

Internal audit is central to a company’s ability to provide assurances regarding ESG reporting and progress. When data-driven ESG is the goal, internal audit is a critical collaborator in organizations’ ESG programs. Businesses recognize that they need to tackle reporting on issues like greenhouse gas emissions and other ESG metrics as rigorously as they have traditionally approached financial disclosures — and that puts internal audit teams firmly in the frame of ESG programs.

However, this increasingly strategic role also presents new challenges. Internal auditors must cover a broader set of risks and stay ahead of rapidly shifting needs, all while doing more with less.

Put a governance structure in place

The first step of getting your ESG program audit-ready should be conducting a materiality assessment. That means identifying the most pressing ESG priorities for your business and understanding relative importance to other strategic initiatives. Frameworks around how we assess materiality for SOX compliance, for example, are important aspects that should be applied to ESG disclosures.

For internal auditors, the concept of double materiality is also crucial. This takes into account the financial and wider impacts of a business’s social and environmental performance, and is particularly important for organizations that have exposure to European ESG disclosure requirements, which are more mature than those currently in place in the U.S.

Once priorities have been identified, auditors can put the right target=”_blank” rel=”noopener”data governance structure in place to conduct effective audits. Start by identifying which data you need to assemble, determine rights and responsibilities, then prepare to begin reporting. Be careful not to overlook data sources. Even in HR and marketing materials, your organization could be saying something you as an auditor may not be comfortable with.

Get the board on board

In today’s risk landscape, there is a deluge of data coming at directors. Knowing what’s important and what’s not, and managing that information flow, can be challenging for them, so presenting ESG audit data in a way that paints an easily digestible picture will help them make decisions faster.

Internal audit teams play an essential role in driving compliance, disclosure and oversight of ESG programs. They are uniquely poised to tackle ESG with the same rigor and thoroughness as financial reporting. But to be successful, ESG needs to be integrated into the wider business strategy under a strong governance structure with designated oversight — supported by the right resources, processes, technologies, data and metrics.