Is your internal audit function ready for ESG?

Recent proposed climate disclosure guidance from the SEC, as well as growing demands for ESG-related disclosures from investors, may impact an organization’s future reporting requirements. In addition, requests for ESG-related information from upstream or downstream business partners are continuing to hasten the urgency for organizations to develop a strategy to respond to the current ESG environment. As the environmental, social and governance (ESG) landscape evolves, internal audit’s role is adapting to address emerging risk areas within an organization and positioning management and boards to navigate these risk areas. 

Managing ESG risks and implementing ESG initiatives within an organization often falls to multiple stakeholders within various departments. Because of the cross-functional nature and shared responsibility of ESG within an organization can be complex, internal audit is uniquely positioned to partner with various teams, to support development of an ESG strategy based on the data and information requests from key stakeholders. Internal audit’s experience with assessing risk, identifying processes and data sources, understanding the implications of regulatory and reporting requirements, and the keen awareness of an organization’s goals and strategies will be beneficial to an organization as they embark on their ESG journey. Additionally, leveraging the existing lines of communication internal audit has established with management and the audit committee can help the organization be proactive in addressing the ESG risks and opportunities that are relevant to the organization.  

Due to the impending SEC disclosure, climate change risk is a focus for many organizations but there are a variety of additional environmental, social and governance-related risk areas that should be evaluated. Internal audit can facilitate the integration of ESG-related risks within an existing and continuous risk management process and help communicate with relevant leaders regarding the current processes and how ESG risks can be integrated. This continuous evaluation of ESG-related risks within an organization’s overall risk management process can lead to significant efficiencies. Organizations may find it helpful to benchmark across competitors, peers or industry to evaluate their risks and identify emerging risk areas for considerations.   

In addition to leading the ESG-related risks and integration into risk management processes, internal audit can provide guidance and support throughout the ESG journey in the following ways:  

Assist the organization with defining its ESG vision and strategy 

• Provide the board of directors and audit committee with visibility and awareness of the current ESG landscape, and advise on the relevance to the organization 
• Provide training, education and guidance across the organization to embed ESG into the organization’s culture and bring additional awareness to operating units and process owners 
• Integrate ESG into the overall enterprise risk management (ERM) and risk assessment process 

Evaluate the organization’s current-state ESG maturity based on relevant ESG risks and opportunities for value creation 

• Assist with an ESG materiality assessment and related risk assessment, and define the impact of the identified risks to the organization 
• Engage with internal and external stakeholders to understand current ESG trends that may affect the organization  
• Evaluate the organization’s strategic priorities including ESG-related initiatives internal and external, and the potential realizable value of these priorities 
• Develop an understanding of the current processes, document the processes, procedures and controls that are in place to support ESG reporting and communication, and identify potential gaps  
• Review roles and responsibilities to help establish appropriate governance over ESG throughout the organization 
• Evaluate the existing IT systems and applications and their ability to support ESG reporting and communications 

Collaborate with management and key internal stakeholders to develop a plan to support the organization’s ESG strategy 

• Integrate ESG into the internal audit plan and link the identified ESG risks and opportunities into audit programs 
• Work with management and process owners to develop action plans to address gaps and material issues in the current ESG program 
• Assist in ESG framework evaluations and facilitate ESG readiness projects 
• Consider whether your internal audit team needs additional expertise or training related to ESG to help support the organization 

Provide ongoing support for the organization throughout the implementation and execution of the ESG plan and strategy 

• Assist with establishing an internal control environment for ESG, including reviewing relevant ESG policy and procedure documentation 
• Identify the data sources and information, and related controls for ESG metric reporting, and assist with developing processes and controls for monitoring relevant ESG metrics 
• Continue to execute the internal audit plan with consideration for ESG 
• Assist with reviewing the organization’s ESG reporting and communications and provide feedback to management 

Provide continuous monitoring of ESG risks and opportunities 

• Engage with management and the audit committee on the evolving ESG landscape and the potential impact to the organization 
• Perform testing over the internal control activities and related ESG internal control environment 
• Continue to provide education and ongoing training to drive accountability for ESG across the organization 

While an organization’s specific ESG risks and opportunities will vary depending on size, industry and the relevant internal and external stakeholders, internal audit can play a critical role in how the organization responds to its unique ESG risks and opportunities. Proactively engaging with the board, executives and management can help ensure the organization has an effective ESG strategy in place and possibly support an organization’s long-term goals.