ESG audits: A 6-step checklist for internal auditors
The question of how to audit ESG disclosures is a hot topic. ESG audit is essential to your environmental, social and governance strategy; CAEs and internal auditors need to assure stakeholders that their disclosures are accurate and that the organization is progressing toward ESG goals.
In our actionable guide, we explore the meaning of ESG audit and provide an ESG audit checklist with practical guidance for internal audit teams tasked with ESG auditing.
Internal Audit and ESG
ESG audit is a growing focus for chief audit executives and internal audit managers. But what exactly is it, and how can internal audit teams optimize their approach to ESG audit management?
What is an ESG Audit?
An ESG audit evaluates the environmental, social and governance risks of your organization’s operations. It also assesses the effectiveness of your ESG program; the progress you are making toward your corporate ESG commitments.
The Internal Audit Team’s Role in ESG Reporting
Financial Management magazine recently reported that ESG reporting is seeing a “huge evolution.” In response to sustainability reporting requirements, it’s increasingly important that auditors are “able to provide assurance over the material sustainability information” organizations report.
Current Responsibilities of Internal Auditors in ESG Auditing
Auditors play a crucial role in ensuring that ESG disclosures are complete and accurate, even if ESG progress can be difficult to tie down to tangible metrics.
As Kristen Sullivan, Partner, US Sustainability and ESG Services Leader, Deloitte & Touche LLP noted at Diligent’s 2022 Modern Governance Summit, “ESG may not be quantifiable in the short term, but even if it’s not understood and anticipated, it will become financially material.”
This growing connectivity between ESG metrics and companies’ financial performance drives the importance of ESG audit standards and the increasingly vital role of CAEs and internal audit managers in auditing ESG. A 2021 Center for Audit Quality report found that while the number of organizations seeking external audit assurance of their ESG data is increasing, nearly 40% still seek no external validation. Against this backdrop, the role of internal audit is crucial.
Future Responsibilities for Internal Auditors in ESG Audit
As ESG standards, regulations and frameworks become more prevalent and investor pressure ramps up, the role of internal auditors in ESG auditing is set only to grow.
Internal audit is central to companies’ ability to provide assurances regarding their ESG reporting and progress. When data-driven ESG is the goal, internal audit is a “critical collaborator” in organizations’ ESG programs, as a paper published by the Institute of Internal Auditors notes.
Businesses recognize that they need to tackle reporting on issues like greenhouse gas emissions and other ESG metrics as rigorously as they have traditionally approached financial disclosures — and that puts internal audit teams firmly in the frame of ESG audit.
ESG Audit Standards
So, where do things currently stand? What standards exist to bring rigor and consistency to ESG audit programs?
The CAQ report found that even where companies seek outside assurance of ESG reporting, this can be limited in scope. Only 9%, for instance, conducted an external audit of their GHG emissions data. Overall, the CAQ found little consistency in standards or reporting for ESG initiatives.
External frameworks can bring this consistency. Are there any ESG reporting standards? Increasingly, yes. And some of these are becoming mandatory in some jurisdictions: TCFD in the U.K., for instance.
A few of the most commonly referenced ESG audit templates are:
The Global Reporting Initiative (GRI) is a global standard for impact reporting. Discover more in our blog on the subject.
Sustainability Accounting Standards Board
The SASB sets standards for sustainability accounting which can be a valuable framework for auditors looking to structure their ESG internal audit.
UN Sustainable Development Goals (SDGs)
The UN has developed a set of 17 goals to help organizations build ESG objectives and as a result, to guide ESG audit programs.
Task Force on Climate-Related Financial Disclosures (TCFD)
The TCFD provides a framework for reporting the financial impacts of climate-related risks.
How to Audit ESG Disclosures
How do you go about auditing your ESG program and disclosures? Are there best practices around ESG audits?
Taking an integrated risk management (IRM) approach can help a top-down strategy that looks across all your ESG risks and enables you to track them in aggregate. Internal audit teams can add value here by building a comprehensive ESG controls framework that aligns with best practices and external frameworks like those listed above.
This allows internal audit managers and CAEs to independently and objectively measure the effectiveness of your ESG risk assessments, providing analysis that will ultimately serve as assurance to investors, external auditors and regulatory boards.
The ESG disclosure audit process will involve reviewing your data’s accuracy, relevance, completeness and timeliness. Your team will also need to check your organization’s ESG reporting within the context of its formal financial disclosure filings, to ensure consistency with these reports so that you can provide assurance to investors.
Your internal audit team should also conduct periodic risk assessments on your ESG reporting, enabling you to identify new risks that might be material for potential investors.
Importantly, ESG audits should be accorded sufficient attention as part of your organization’s broader audit plan — which isn’t always the case. ESG audit needs to jump up the priority list.
ESG Audit Checklist
Follow our environmental audit checklist to ensure you’ve covered all aspects of your ESG internal audit.
1. Seek Stakeholder Views
Your ESG program overall should be shaped to the priorities of your stakeholders, and your ESG audit is no different. Where do stakeholders see your most significant risks and greatest opportunities? What do they care about most? This will help to inform your ESG audit priorities.
2. Integrate ESG Audit into Your Wider Audit Program
As we noted above, an integrated approach is key. And making ESG audit an inherent part of the wider internal audit strategy will give it the focus it needs.
As Tom Keaton, Director of Internal Audit, Crown Castle said at Diligent’s 2022 Modern Governance Summit, ESG risks are among “mission-critical risks outside of internal audit’s typical scope.” And while “You can’t fill your audit plan with these risks…you have to incorporate them into your planning.”
3. Align Your Various Audit and Control Requirements
ESG disclosures are covered by numerous standards, as we’ve seen, and also overlap with other compliance obligations, SOX reporting, for instance. Make the most of these synergies to reduce duplication and streamline your ESG audit process.
4. Make Use of Existing Frameworks
Make use of the growing number of external frameworks to bring consistency and rigor to your approach and standardize your ESG auditing.
5. Explore the Potential for Automation
Tom Keaton sums it up well: “You need to swap your resource allocation so you can focus the majority of your resources on strategic and operational risk. Automate financial and compliance assurance, and use data and human insights for strategic and operational risks.”
The more of your ESG data gathering and audit you can automate, the more consistent, efficient and accurate your ESG audit program will be - and you will free time for those strategic and operational risks. And should reduce the need for audit intervention, as your entire ESG measurement approach should be more accurate.
6. Align Your ESG Auditing With Your Reporting
ESG reporting is the end goal of ESG measurement and auditing; audit teams should remember this and ensure their ESG audit program supports the disclosures you need to make. Align the data you gather and the way it’s presented with your reporting requirements, and you will save time and resources in re-slicing ESG data for reporting requirements like TCFD, or D&I reporting, such as the EEO-1 Report.
ESG Audit Certification
Understanding responsibilities around ESG — especially ESG audit — is essential for today’s internal audit leaders and their teams. Ensuring audit can play the required role in your organization’s ESG program will become increasingly important.
Diligent’s Climate Leadership Certificate has been created in partnership with and endorsed by Glass Lewis. It equips directors — including CAEs and audit leaders — to understand and manage their role in the organization’s climate strategy. Comprehensive, engaging and efficient, the certificate can be completed in as little as six weeks.
Find out more about how the Climate Leadership Certificate can enable your audit team to deliver best practices in ESG audit.