Professional Documents
Culture Documents
The Role of Internal Audit in ESG 1685369906
The Role of Internal Audit in ESG 1685369906
The Role
of Internal
Audit in ESG
Getting started 5
Summing it up 7
Kevin is a Chartered Accountant with a strong background in Internal Audit and a recent
focus on ESG. He has 25 years of experience as a consultant, adviser and auditor. Kevin
has a long-held interest in sustainability and a Masters in Sustainability & Environmental
Management. He is now an independent consultant, as well as being a non-executive
director and audit committee chair on several boards.
3
Introduction
Regulators, investors, stakeholders, and even the public expect more from companies beyond
short-term profits. With a recent focus on issues such as diversity and climate change, it has
become increasingly urgent for organizations to understand and manage Environmental, Social,
and Governance (ESG) risks.
This heightened awareness of socio-economic and critical assurance support by providing an independent
environmental factors has created an opportunity for and objective review of the effectiveness of ESG risk
internal auditors to position themselves as trusted assessments, responses, and controls.”
business advisors while supporting change within their
organizations. Additionally, internal auditors possess the But as with any new initiative, sometimes getting started
necessary skillsets to better identify areas of potential is the hardest part. The Touchstone Insights for Internal
risk and growth opportunities. A recent white paper Audit, conducted by Wolters Kluwer TeamMate, found
from the Institute of Internal Auditors (IIA) stated, that 55% of respondents do not currently include ESG
“Internal audit can and should play a significant role in the audit plan. The encouraging news is that of these
in an organization’s ESG journey. It can add value in an respondents, about half expect to do so in the next two
advisory capacity by helping to identify and establish years. This clearly indicates a building momentum toward
a functional ESG control environment. It also can offer increased audit work on ESG issues.
4
When it comes to ESG risk, it is not as straightforward approach. Operational risks could be anywhere in your
as internal auditors might like. There are overarching organization where activities touch an ESG issue. Often,
strategic risks around ESG that include how your they’re part of broader risk in a business unit or process
organization is perceived and whether or not it is acting rather than something wholly unrelated or new.
responsibly and transparently. People remember how
leaders respond to crises, especially the speed and Internal Audit must consider, and ultimately, understand
honesty around resolving issues. Reputations are easily the organization’s appetite for ESG risks. Organizations
damaged and much harder to repair. are likely to have different risk appetites for the various
ESG issues. But as internal auditors, you need flexibility
There are also operational risks relating to ESG at play. To in evaluating how that is expressed. It may be part of a
assess these risks, an organization needs to understand broader approach to risk appetite or simply implied in the
it’s material impacts. In other words, what are the key strategic approach. What’s important is that it is clear and
ESG issues for the organization? This will be different for consistently understood.
each organization and likely derive from your strategic
5
Getting started
While the need for core ESG knowledge is critical, internal Understand your business
auditors must also have a solid understanding of both the
business landscape they operate in and internal drivers. A keen knowledge of your internal ESG factors is just as
critical as having a clear understanding of your external
Understand the landscape environment. Here are a few questions you should ask
your internal audit team.
It’s essential to have a solid understanding of the
significant ESG issues in your sector. You can do this by: •
How is ESG aligned to strategy?
•
Talking to audit colleagues and reading industry press •
Is it an add-on or integrated within the core strategy?
•
Staying up to date on all frameworks, pending •
If it is separate, is it consistent? Does it
legislation, and evolving government policy take the broader strategy into account?
enables you to anticipate what is in the pipeline,
so you have time to react •
Do you understand the ownership process and risk
over key ESG issues throughout your organization?
•
Watching the competition to see
what you can learn from them •
Is the ESG risk appetite clear and
consistently understood?
•
Paying attention to key stakeholders
and their agendas •
What reporting is in place for both
internal and external stakeholders?
Without understanding the external landscape you
operate in, you won’t be as effective in assessing risk •
What assurance is there over these reports?
and managing your audit priorities.
6
As you move toward incorporating ESG into your audit plan, Another challenge can be getting senior management
it can be helpful to consider how to make it part of your risk on board in understanding the risks and how internal
assessment. How you go about this will depend on various audit can help. Internal auditors have a responsibility to
factors, especially how your organization approaches ESG highlight both emerging risks and risks not being mitigated
and its level of maturity. To start, keep it simple and think or addressed by the organization. Although the best
about whether ESG could be an overlay to your existing risk approach to ESG will depend on the organization’s culture,
assessment. You can go back and integrate it in more detail taking small steps is often an excellent way to get senior
later. Focus on larger issues that will deliver quick wins to management buy-in.
maximize the impact and value of assurance. You might
want to look at your current audit work for ESG elements
that you might not have considered.
7
Summing it up
McKinsey & Company, a global management consulting Overall, ESG presents a tremendous opportunity for
firm, believes ESG should be an “inextricable part of how Internal Audit to make an impact. And momentum is
you do business.” The firm asserts that while implementing building from stakeholders and other external parties
an ESG framework is necessary, it can also lead to a more for organizations to become more proactive in their
sustainable business and better value creation. stewardship. ESG enables internal auditors to raise their
profile as trusted advisors by using their expertise and
There is no right or wrong way to get started. As internal influence to ensure organizations identify and mitigate
auditors, you can do standalone work AND work where risk around this important area.
ESG factors integrate into your existing audit planning,
so do what is best for your organization.
Contact information: Please visit tm.wolterskluwer.com
for more information.
Americas
4221 W Boy Scout Blvd #500
Tampa, FL 33607
U.S.A.
Phone: +1 800 449 8112
Asia Pacific
5 Shenton Way,
#20-01/03 UIC Building,
Singapore 068808
Phone: +65 6380 8000