Green impact: navigating the challenges and opportunities of ESG

As organisations face mounting pressure to demonstrate their commitment to environmental, social and governance (ESG) principles, the role of internal audit is becoming increasingly critical. With new regulations, rising stakeholder expectations, and complex data collection processes, internal auditors are at the forefront of the ESG landscape.

According to the Chartered IIA’s Risk in Focus 2024, “Climate change, biodiversity and environmental sustainability” is consistently ranked in the top ten risks facing organisations today. This creates a huge opportunity for internal auditors because their skills are badly needed. IIA Global has recognised this and created a Knowledge Centre for Environmental, Social, and Governance to empower internal auditors to meet the evolving practices and rising expectations of stakeholders.

However, it also presents a challenge. Internal auditors must seize this opportunity and use their skills to provide what businesses need. And they must be bold about telling management what they can do and how they can help. If they do not, executives are likely to look elsewhere. Many third-party organisations are keen to fill this space and are putting considerable advertising and PR power behind the message to boards. Managers may not be fully aware of the expertise already available to them in their internal audit team, so internal auditors who can offer their skills in this area must be prepared to publicise this fact.

The ESG landscape is evolving rapidly, driven by increasingly stringent regulatory requirements and growing stakeholder expectations. Governments are using regulations such as The Transition Plan Taskforce (TPT), launched by HM Treasury in 2022 to develop robust transition plan disclosure practices, and the EU Green Deal directives, including the Corporate Sustainability Reporting Directive (CSRD) and the Sustainable Finance Disclosure Regulation (SFDR).

However, despite 80% of UK listed firms pledging to reach net zero, only 5% of FTSE 100 companies have disclosed their transition plans, sparking allegations of greenwashing.

Meanwhile, consumers and investors are increasingly demanding sustainable practices. Frameworks such as the “Red Flag Indicators” assess the integrity of net zero transition plans and mitigate greenwashing risks, underscoring the growing importance of transition planning.

So what can internal audit offer organisations – and, just as importantly, how can internal audit teams position themselves to add value in this area?


Position internal audit strategically

To provide ESG assurance and advisory services effectively, internal audit needs to position itself strategically within the organisation. This has a number of elements.

1. Educate stakeholders. Proactively engage with boards, audit committees and senior management to raise awareness of the value internal audit can add around ESG issues and commitments. This may involve presenting at meetings, sharing thought leadership and highlighting success stories from other organisations.

2. Build ESG expertise. Develop a deep understanding of ESG topics, regulations and best practices. This may involve attending training sessions, participating in industry forums and collaborating with external experts. The institute offers a range of relevant resources, including the upcoming Sustainability Audit Risk Assurance Virtual Conference.

3. Secure resources. As the demand for ESG assurance and advisory services grows, internal audit teams may need additional resources to deliver these services effectively. Chief audit executives (CAEs) should be proactive in making the case for increased resources, highlighting the potential risks and opportunities associated with ESG.

4. Collaborate with other functions:
ESG is a cross-functional issue that requires collaboration between internal audit, risk management, supply chain management, the ESG reporting team and relevant stakeholders. Internal auditors should seek to build strong relationships with these functions, sharing knowledge and coordinating efforts to ensure a consistent approach to ESG across the organisation.

Example: A global consumer goods company established a dedicated ESG internal audit team to provide assurance over its sustainability governance and reporting. The team developed an ESG programme that covered ESG internal audit strategy and an ESG risk-based audit plan, focusing on high-risk areas such as carbon emissions and supply chain labour practices. Through this work, the team identified several gaps in data collection processes and worked with management to implement stronger controls. As a result, the company improved the accuracy and reliability of its ESG disclosures, enhancing its credibility with investors and other stakeholders.


Communicate the value proposition

It is no use being able to offer great insights and support if no one asks you for it. It’s therefore essential to communicate the internal audit value proposition to key stakeholders, particularly the audit committee, senior management and middle management.

A potential pitch statement could be as follows:

“In a world where stakeholder expectations regarding ESG performance are higher than ever, we can help our organisation to build trust and credibility. By providing objective assurance on the integrity of ESG data and the effectiveness of ESG risk-management processes, we can support the way our organisation demonstrates its commitment to sustainability and maintains the confidence of key stakeholders. Our advisory services can also support the continuous improvement of ESG performance by identifying opportunities for innovation and efficiency gains. By partnering with us, businesses can not only meet the demands of the evolving ESG landscape, but also unlock the value creation potential of sustainable business practices.”


How internal audit can add value

Given the challenges surrounding ESG data collection and assurance, internal audit has a crucial role to play in providing assurance and advisory services related to ESG – particularly in areas of risk management, data analysis and process improvement.

1. Assurance services

Internal audit can provide independent assurance on the accuracy, completeness and reliability of ESG data. By testing controls, validating data sources and reviewing reporting processes, internal auditors can help organisations to improve the quality of their ESG disclosures. This assurance is particularly valuable for organisations subject to external ESG assurance or seeking to obtain ESG certifications.

2. Advisory services

Internal audit can also provide advisory services to help organisations strengthen their ESG performance. These may include:

- Advising on the development of a robust ESG data governance framework.

- Recommending appropriate ESG reporting metrics and KPIs.

- Reviewing processes for ESG data collection, aggregation and reporting to ensure accuracy, relevance, completeness and timeliness.

- Providing assurance on the effectiveness of controls over ESG data management.

- Advising on the development of ESG strategies and policies.

- Identifying gaps in ESG data collection and reporting processes.

- Recommending improvements to the ESG risk-management framework.

- Providing training and awareness sessions on ESG topics.

- Advising on ESG integration in business operations by advising on how to embed ESG considerations into day-to-day business operations.

- Recommending a stakeholder engagement initiative by developing strategies for engaging with important stakeholders on ESG issues.

3. Insights and foresights

Internal auditors can offer valuable insights into an organisation’s ESG performance by analysing trends, assessing maturity and identifying best practices. They can also provide foresight by stress-testing ESG scenarios, scanning the horizon for emerging ESG risks and opportunities and helping organisations to stay ahead of the curve.

By offering ESG assurance, advisory, insight and foresight services, internal audit can help organisations to proactively address ESG risks and opportunities, rather than reacting to issues as they arise. By asking probing questions and challenging assumptions, internal audit can identify risks and trade-offs that may not be immediately apparent, helping the organisation to make more informed and balanced decisions.

4. ESG internal audit programmes

It is crucial for internal audit functions to establish dedicated ESG audit programmes. The role of internal audit in ESG varies depending on the organisation’s maturity. In less mature environments, internal audit can play a more advisory role, helping to promote corporate culture and behaviour changes that encourage sustainability. As the organisation becomes more mature, internal audit should transition to a more independent assurance role. Some large organisations have established dedicated ESG teams within the internal audit function.

 

An ESG internal audit programme may include:

- Assessing ESG governance and strategy.

- Evaluating the ESG control environment.

- Reviewing ESG data governance, collection and reporting.

- Assessing ESG risk-management processes.

- Reviewing ESG disclosures and reporting for accuracy and compliance.

- Assessing the organisation’s ESG culture.

- Evaluating sustainability transactions, eg, human rights policy implementation.

5. ESG data assurance

Collecting and assuring ESG data throws up many challenges – from the technical problems of collecting and using a mix of quantitative and qualitative data in various formats to the lack of standardised metrics and reporting frameworks.

However, ESG data is often subject to scrutiny. Stakeholders expect ESG information to be accurate, reliable and transparent, and errors or inconsistencies can lead to reputational damage and loss of trust. Accusations of greenwashing can have significant consequences for both market value and reputation, so internal audit’s advice and assurance on this data is vital.

 

Key questions for internal audit

How well prepared is our organisation to meet evolving ESG regulatory requirements?

What are the expectations of our key stakeholders regarding our ESG performance, and how effectively are we communicating our ESG efforts to them?

How can internal audit support the organisation in navigating the complexities of ESG regulations and stakeholder expectations?

What are the most significant ESG risks facing our organisation, and how are they identified, assessed and managed?

Have we conducted a materiality assessment to determine which ESG issues are most relevant to our business and stakeholders?

How does the board of directors oversee ESG matters, and what mechanisms are in place to ensure accountability and transparency?

How engaged are employees in ESG initiatives and do they have the necessary knowledge and skills to contribute effectively?

How do we assess the ESG performance of our suppliers, vendors and business partners?

 

Questions for reflection:

How can we, as internal auditors, develop a roadmap for building ESG capabilities?

What metrics should we use to demonstrate the value we add in ESG?

How can we effectively collaborate with other functions, such as sustainability and risk management, to drive a consistent approach to ESG across the organisation?

What skills and competencies will be most important for us in the ESG era, and how can we acquire them?

 

Resources:

Chartered IIA: “Harnessing internal audit against climate change risk”.

Chartered IIA: “Organisations’ preparedness for climate change; an internal audit perspective.”

Chartered IIA training course: “ESG: environmental, social and governance”.

IIA Global ESG Hub: Knowledge Centers Environmental, Social and Governance.

IIA Global’s Internal Audit’s Role In ESG Reporting

ECIIA: The role of Internal Audit in ESG in industrial and commercial companies

Sustainability Audit Risk Assurance Virtual Conference.

DNV paper “Beyond the pledge: making net-zero pledges a reality in the UK”.

Dr Ahmed Shawky Mohammed is the Managing Director of LevelUp ESG Ltd: www.levelupesg.co and a member of the Global Committee of Research and Education Advisors for the Global Foundation for Internal Audit. His LinkedIn page.

This article was published in May 2024.