A new survey found that two-thirds of organizations have an ESG program in place and another 24 percent have plans to implement one. However, only half (51 percent) of organizations that report on ESG obtain some level of assurance from their internal audit functions. So while companies may be listening to investors and other stakeholders, who’ve been sounding the ESG alarm thanks to climate change, diversity, equity, and inclusion (DEI) issues, they still have some work to do to get internal audit involved in the effort. “Increasingly, boards, employees, and investors want to know how companies are driving long-term value through ESG management in the organization’s strategy, performance, and value creation,” say the report’s authors.
The study, Prioritizing Environmental, Social, and Governance (ESG) – Exploring Internal Audit’s Role as a Critical Collaborator, produced by the Institute of Internal Auditors’ Internal Audit Foundation in collaboration with Ernst & Young summarizes findings from a survey that examined how organizations are using their internal audit functions to support ESG initiatives and build confidence in these increasingly relied upon disclosures.
“Internal audit functions are a critical pillar supporting an organization’s processes and data for ESG performance and reporting,” said Brad J. Monterio, The IIA’s executive vice president of member competency and learning and also a sustainability expert and member of the International Integrated Reporting Council. “Internal auditors provide the independent internal assurance needed for trustworthy ESG disclosures, and help ensure the effectiveness of continuous monitoring processes and internal controls across the organization. Their role complements that of the external auditors and builds confidence among users of ESG information for investment or other decision making.”
Impending regulation and market shifts are also driving greater focus on ESG. The U.S. Securities and Exchange Commission (SEC) indicated it is on the path toward regulating climate and ESG disclosures. The SEC also created a Climate and ESG Task Force to identify ESG-related misconduct, and shared example letters regarding climate change disclosures. At the 26th United Nations (UN) Climate Change Conference (COP26), the International Financial Reporting Standards Foundation (IFRS) announced the new International Sustainability Standards Board (ISSB), which will set recommendations for ESG reporting.
“As the ESG market and regulatory landscape continues to rapidly accelerate, internal audit functions have a key role to play in supporting its organization’s risk management and performance with controls assurance,” said Shannon Sullivan Roberts, principal for climate change and sustainability services at EY. “This report begins to investigate the current state of internal audit’s role and how it may advance in years to come as ESG becomes an integrated part of business to drive long-term value.”
The internal audit function’s contribution to ESG efforts is influenced by, and dependent on, the organization’s ambition, strategy, programs, and reporting in ESG:
- 62 percent of chief audit executives (CAEs) said boards of directors are driving the organization’s focus and integration of ESG strategy and reporting.
- 65 percent of CAEs indicated their internal audit functions have some involvement.
The survey also identified barriers to internal audit involvement in ESG efforts, including a lack of available data to support ESG engagements and the need to make ESG part of an organization’s culture.
For their part, CAEs outlined two steps that would help address these issues:
- More than half of CAEs said their organizations need greater focus on ESG-related risks on the enterprise-wide risk assessment and that boards and C-suites should mandate that their internal audit function participate in ESG efforts.
- 44 percent stated that regulations and regulatory compliance requirements are needed.
The report can be downloaded on the IIA’s website.