Investors and regulators are pushing for more comprehensive and uniform reporting on environmental, social, and governance (ESG) efforts. Some organizations are even tying incentive compensation metrics to ESG goals.
In March, the Securities and Exchange Commission said it would be looking more closely at ESG disclosures and also announced the creation of a Climate and ESG Task Force in the Division of Enforcement. The initial focus will be to identify any material gaps or misstatements in issuers’ disclosure of climate risks under existing rules.
In response, many organizations are likely to commence a review of their climate and ESG disclosures and many internal audit functions might be considering audits of the ESG reporting process.
To provide internal auditors with some guidance on ESG disclosures and practices, the Institute of Internal Auditors issued a new report, Internal Audit’s Role in ESG Reporting: Independent Assurance Is Critical to Effective Sustainability Reporting. “As environmental groups, activists, and asset managers step up pressure on major companies to make public commitments to sustainability, leaders in business and government are realizing the urgency and importance of environmental, social and governance (ESG) as an enterprise imperative,” the IIA said in a statement.
The IIA report explains the risks, opportunities, and how internal audit can help identify and establish a functional ESG control environment. Internal audit’s unique, enterprise-wide view allows it to provide crucial assurance on the effectiveness of ESG assessments, responses, and controls.
Achieving Consistency
Assurance over ESG disclosure should include the following components: a review of reporting for consistency with formal financial disclosure filings, materiality or risk assessments on ESG reporting, the incorporation of ESG into audit plans, and a review of reporting metrics for relevancy, accuracy, timeliness, and consistency, the report states.
“It is good news so many organizations are focusing on ESG,” said IIA president and CEO Anthony Pugliese. “But many more are struggling or are ill-equipped to determine exactly what should be reported. A key reason for this is a lack of a single set of standards and uniformity in reporting.”
While the IIA stopped short of offering a set of standards, it hopes the report will aid internal auditors in carving out their role in ESG reporting. The guide also offers some much-needed assistance on playing an advisory role on ESG at their organizations. Once the necessary assurances have been made, advisory steps include building an ESG control environment, recommending reporting metrics, and offering advice on ESG governance, says the IIA report.
“Business performance is no longer judged purely on short-term financial returns,” Pugliese, wrote in the letter to the SEC. “ESG issues represent a broad range of risks, including to external supply chains, internal operations, third parties, general control weaknesses, data accuracy, human capital, and more.”
The report is available for download on the IIA’s website. 