When asked to reflect on the COVID-19 pandemic during on a recent interview on CNBC, Salesforce CEO Marc Benioff remarked, “the business of business can no longer just be business.” Rather, he said, it must be to improve the state of the entire world.
What might have been a controversial assertion not long ago is becoming more accepted. In the past, the prevailing view of the role of business has been to maximize shareholder returns. That sentiment, however, is shifting to a “stakeholder value” approach, which contends that the role of business is to generate value for all the stakeholders it serves, including its customers, employees, suppliers, shareholders, and the wider community.
Never has this been more true than during the current crisis as we have seen countless companies shift to producing needed medical equipment, donating medicine and protective gear, and prioritizing the safety of employees and customers by voluntarily closing shops and factories or adopting new policies. Often these measures have come at the expense of profits and returns. The COVID-19 crisis demonstrates that there are deeper ties that bind us all together, especially when we face a problem that dramatically impacts us all.
The same can be said for climate change. Severe weather events will continue to wreak havoc more frequently and will impact businesses across the globe in many ways. The climate problem is too big for governments, non-governmental organizations (NGOs), activist organizations, and others to solve on their own. Companies simply must play a major role in addressing it, and internal audit can be a catalyst for sparking that needed involvement.
Climate related financial risks are also becoming a major focus area for global regulators. The Bank of England, for example, recently outlined supervisory guidance for banks and insurers on climate change and the strategic approach needed to manage financial risks from climate change. The guidance has forced financial institutions to consider their initial plans for putting climate change frameworks in place. The guidance also urges them to nominate a senior manager who will be accountable for climate risk management.
Climate-related risks are already impacting many organizations. Internal audit can add significant value by providing assurance over identification, mitigation, and management of such risks. Internal audit can also provide assurance over climate related threats and opportunities in four ways: strategy, risk analysis, meeting green finance principles, and reviewing sustainability metrics.
Climate Governance and Strategy
Internal audit is in a unique position to assess the effectiveness of board oversight of climate related risks and opportunities and determine management’s role in assessing and managing such risks. Given the less established nature of the topic, a review of climate governance is not going to be a simple endeavor. A review of climate governance will require auditor courage, an innovative mindset, and agility, and will also require stakeholder buy-in. In certain sectors, however, there is clear expectation from regulators for a third line of defense, such as internal audit, to provide assurance on climate related risks.
Guidance on climate governance, such as the one from the World Economic Forum, can also provide insights and ideas for internal audit on the effective execution and delivery of a climate audit. The WEF guiding principles outline eight components of effective climate governance, including four directly related to board responsibilities.
They are:
1. Board accountability and responsibilities for stewardship;
2. Board diversity in knowledge and experiences and command of the subject of climate;
3. Board participation and advocacy with industry peers and policy makers to share approaches and stay connected;
4. And board’s challenge on management’s assessment of short, medium and long-term materiality of climate-related risks and opportunities.
The WEF also suggests auditors to:
5. Ensure integration of climate in strategic initiatives and investment;
6. Ensure that executive incentives are aligned to climate change and sustainability related targets;
7. Ensure consistent and transparent disclosure to all stakeholders;
8. And finally, ensure effectiveness of the approach to integrate climate consideration in committee structure.
An effective internal audit approach can also be to assess the maturity of an organization’s climate governance journey, a technique I often apply. A simple climate governance maturity model on whether an organization is unprepared, compliant, proactive, or leading could provide valuable insight to the board and management.
Like effective climate governance structure, it is equally important for organizations to incorporate climate risks into strategic planning. The regulators in banking and insurance sector expect significant financial institutions to consider this as a matter of urgency.
Internal audit can play an important role by providing independent views on how climate change will impact the demand for the organization’s products and services; how climate change will affect the organization’s operations, including throughout the supply chain; and the impact of the strategy on the environment and society. A review of strategy would allow internal audit to verify if green and sustainability factors are central to the organization’s strategy or not and determine any presence of the risk of “greenwashing,” the illusion of supporting green and sustainable principles while not fundamentally adapting or making any tangible impact to support such an agenda. The risk of greenwashing inevitably will have an impact on an institution’s reputational risk.
Climate-Related Risks and Opportunities
Institutions can have a “blind spot” when it comes to the impact of climate change, and internal audit can help organizations assess how effectively climate-related risks are embedded in the enterprise risk management framework.
The physical risks that come with climate change include flooding and droughts, impairment of assets related to transition from carbon intensive assets such as gas-fueled cars to low carbon assets like electric cars, and liability risks from loss or damage from climate change.
By ensuring that climate risks are incorporated into a company’s risk register and management programs, internal audit can ensure that management identifies optimal responses and opportunities to improve corporate resiliency and sustainability. An internal audit review of risk framework could also include incorporation of climate change into the risk appetite and scenario analysis to ensure corporate strategies and plans are robust and viable under different plausible outcomes.
It’s important to include an assessment of opportunities along with risks. Such analyses can help secure “buy in” on climate change initiatives, as senior management and the board see the potential for positive outcomes on climate change initiatives as well.
Meeting Green Finance Principles and Standards
Climate change can have a significant impact on financial systems. While we have seen regulatory intervention in certain jurisdictions for mitigation of climate risk, we have also seen development of voluntary guiding principles and standards in order to promote integrity and transparency in green finance. Guidance such as Task Force on Climate Related Financial disclosures, Principles for Responsible Banking, Principles for Responsible Investments, Green Bond Principles, and Principles for Sustainable Insurance, all encourage financial institutions to independently verify green finance activities and ensure transparency in reporting and disclosure.
As an independent function, internal audit is certainly in an advantageous position to undertake such verification activities and make sure institutions meet the commitment they made to industry standards and not engage in greenwashing.
Review of Environmental and Sustainability Metrics
Climate-related disclosures are a good tool to enhance transparency when it comes to monitoring climate risk. Metrics can also help management and the board to identify and prioritize measures to allocate investments most effectively, and in turn build resilience to climate change.
Internal audit is best positioned to independently validate the effectiveness of disclosures and completeness of climate-related metrics. This is particularly important given the general lack of availability and quality of environmental data, as the topic of climate change or environment, social, and governance issues are still fairly recent to many firms.
To achieve sustainability and unlock long-term value, climate change must be embedded into the management framework of an institution. These include identifying and mitigating climate change risk drivers, understanding exposure to such risks, building capacity to mitigate such exposures, and seizing new opportunities from climate change. Indeed, internal audit can be a key part of an institution’s effort to build organizational resiliency for climate change, shift culture, and unlock new business opportunities. 
Imtiaz Hussain is a Managing Director at BNY Mellon Internal Audit based in London, United Kingdom
There are known areas of risk for weather related activities. There is a tornado alley extending from Oklahoma through Illinois. The entire east coast and Gulf region is at risk fdr hurricanes and flooding almost 6 months of the year. This pre-dates the current obsession with “climate change”