Internal Audit as a Critical Component of ESG Strategy

Auditing | August 12, 2024

Internal Audit as a Critical Component of ESG Strategy

Internal auditors are able to assess processes to ensure that they are efficient and contain appropriate internal controls to mitigate relevant risks while ensuring regulatory compliance.

Isaac M. O'Bannon

By David Plajstek, Principal, UHY.

Forming an environmental, social, and governance (ESG) strategy can be a resource intensive task given all the areas that it could impact. Luckily, companies with internal audit resources already have in place a valuable contributor to ensuring ESG success.  These professionals have many of the requisite technical skills to assist in the formalization of processes and internal controls. Our ESG Solutions Practice recently spoke on the role of internal audit in ESG strategy.  These were the key roles and use cases for internal audit resources in an ESG strategy.

The value of internal audit in ESG strategy

Topics like ethics, community relations, cybersecurity, governance, supply chain, environmental impacts, safety, and sustainability that are ESG-related are also areas that internal auditors have already been focused on historically due to the risks they present for many organizations. ESG strategies often combine these topics under a single umbrella with a heightened element of stakeholder interest.

Internal auditors are able to assess processes to ensure that they are efficient and contain appropriate internal controls to mitigate relevant risks while ensuring regulatory compliance. Internal audit will also be vital in assessing the quality of the data that is collected, addressing one of the significant pain points within ESG strategy and reporting. Finally, these professionals will be able to independently confirm that ESG strategy aligns with the strategic goals of the organization and its stakeholders.

Common sense approach to ESG for internal auditors

ESG related risks and opportunities are not reserved for large multi-national corporations and government, they are just as relevant for smaller entities. Since internal audit resources are limited, challenges exist to assess and respond to all ESG-related risks. However, internal auditors can utilize existing frameworks, guidance, and tools that are available for risk management and sustainability such as COSO’s Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks and COSO’s Achieving Effective Internal Control Over Sustainability Reporting (ICSR).

Specific internal audit functions in ESG

Internal auditors are key players in an ESG strategy.  Let’s examine some specific areas where they may be able to assist management and add value.

Risk and Internal Controls Assessment

Risk identification and assessment are core functions of internal audit, and though identifying ESG risks can be more challenging than traditional risks, it should be treated in the same way as any other entity risk. It should include not only the risks, but the opportunities to create, preserve, and realize real value for the organization. Sources of ESG risks can be identified through already existing tools like previous external/internal audits, surveys, media monitoring or existing risk inventory. If your organization does not already have an existing risk inventory, this is a great time for internal audit to create one. ESG risks can be difficult to predict but they can have potentially significant impacts or a longer lead time for those impacts to materialize.

Internal control assessments help to identify what ESG controls exist or may need to exist to mitigate the risks identified above.  Internal controls for ESG purposes can be related to reporting, information and data collection, the achievement of specific ESG goals and commitments, etc. An internal controls assessment of ESG controls can include an evaluation of the effectiveness of the control environment in achieving organizational goals and stakeholder interests.

Benchmarking

Internal audit often plays a valuable role in the benchmarking of data being captured across an organization or externally, across a common industry.  The benchmarking of and ESG program against an accepted maturity model will help define the organizations current state of ESG objectives versus a desired future state.

Regulatory Assessment

Where does your organization stand in relation to the evolving ESG regulatory landscape? Understanding the global state of play is a regular exercise for those with responsibilities in ESG reporting and compliance. A collaborative internal audit team can quickly help assess and report on ESG requirements across the globe, as well as local requirements that may be state specific within the U.S.

Assessment of data quality

Typically, an organization has a strong grasp on recurring financial data, but ESG reporting and strategy will require a great deal of non-financial (and much non-quantitative!) data that might not be as readily available and is likely unstructured.  Although internal audit may not own the financial and non-financial data used in many ESG metrics and disclosures, once the data collection process is evaluated, internal auditors can ensure that the data is both relevant and reliable.  The well-known concepts of accuracy and completeness apply to both financial and non-financial metrics.  Additional focus should be on whether data is replicable in a timely, consistent manner. Data quality should be assessed for and inclusive of both positive and negative metrics that need to be reported. What is the level of assurance on that data? How often is it collected? Who is collecting it and what is the process to collect the data?

Establishing governance and oversight for ESG

Governance in an organization provides the structures, oversight and culture needed to establish strategies and objectives related to ESG. Internal auditors can help map or define mandatory and voluntary ESG requirements and increase board awareness of any ESG related risks. They can provide recommendations to leadership to help embed and incorporate ESG ambitions into the culture and mission of the organization and recommend implementation of these priorities into hiring and talent acquisition.

Thanks for reading CPA Practice Advisor!

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more…

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...

Tags: Auditing

Leave a Reply

SEC OKs PCAOB Budget for 2025

SEC December 18, 2024 

SEC OKs PCAOB Budget for 2025

The 2025 PCAOB budget totals $399.7 million, and the accounting support fee totals $374.9 million, of which $346.1 million will be assessed on public company issuers and $28.8 million will be assessed on registered broker-dealers.

Jason Bramwell