The SEC’s recent proposal for climate disclosure guidance has ignited a surge in demand for ESG-related disclosures from investors. This has the potential to profoundly impact an organization’s future reporting obligations. As the realm of environmental, social, and governance (ESG) continues to change, the role of internal audit must adapt to navigate emerging risk areas within an organization, harmonizing management and boards with effective risk navigation.
The Importance of Collaboration
The Need for a Comprehensive Approach
With the imminent SEC disclosure requirements, climate change risk takes center stage for many organizations. However, a plethora of other environmental, social, and governance-related risk areas warrant comprehensive evaluation. Internal audit can seamlessly integrate ESG-related risks into the existing continuous risk management process, facilitating communication with pertinent leaders about current processes and avenues for ESG risk integration. This ongoing assessment of ESG-related risks within an organization’s holistic risk management process can yield remarkable efficiencies. Organizations may unearth value in benchmarking against competitors, peers, or industry standards to assess risks and identify emerging areas of concern.
The Role of Internal Audit
In addition to spearheading the integration of ESG-related risks into risk management processes, internal audit can offer guidance and support throughout the ESG journey through the following means:
Assisting the organization in formulating its ESG vision and strategy.
Providing the board of directors and audit committee with insights into the current ESG landscape and advising on its relevance to the organization.
- Delivering training, education, and guidance across the organization to instill
- ESG values into the organizational culture and heighten awareness among operational units and process owners.
- Embedding ESG into the broader enterprise risk management (ERM) and risk assessment process.
- Assessing the organization’s existing ESG maturity in light of pertinent ESG risks and value creation opportunities.
- Assisting with ESG materiality and associated risk assessments, delineating the impact of identified risks on the organization.
- Engaging with internal and external stakeholders to discern prevailing ESG trends that could reverberate through the organization.
- Appraising the organization’s strategic priorities, encompassing both internal and external ESG initiatives, and gauging the potential achievable value of these priorities.
- Gaining insight into current processes, documenting procedures and controls in place for ESG reporting and communication and identifying potential gaps.
- Reviewing roles and responsibilities to establish suitable governance over ESG across the organization.
- Evaluating existing IT systems and applications for their capacity to support ESG reporting and communication.
Integrating ESG Considerations into Internal Audit Plan
In collaboration with management and key internal stakeholders, internal audit contributes to the development of a plan that fortifies the organization’s ESG strategy.
This collaboration includes:
- Integrating ESG considerations into the internal audit plan.
- Linking identified ESG risks and opportunities to audit programs.
- Working closely with management and process owners to craft action plans for addressing gaps and material ESG issues.
- Participating in ESG framework evaluations and facilitating readiness projects.
- Assessing whether additional ESG-related expertise or training is required to bolster organizational support.
Providing Ongoing Assistance
Internal audit provides ongoing assistance during the implementation and execution of the ESG plan and strategy by:
- Establishing an internal control framework for ESG.
- Identifying data sources, information, and related controls for ESG metric reporting.
- Assisting in the formulation of processes and controls for monitoring relevant ESG metrics.
- Sustaining execution of the internal audit plan while taking ESG considerations into account.
- Reviewing the organization’s ESG reporting and communications and providing feedback to management.