Consumer and investor awareness about sustainability is higher than ever, but misleading claims by enterprises to address this can damage an organization’s reputation.
We recently sat down with Ian Beale, VP, Advisory at Gartner, to discuss greenwashing: where organizations intentionally, or not, mislead investors, regulators, and the public about the impact of their products and services on the environment.
Q: Why have concerns about greenwashing risks accelerated in 2022?
A: As a result of the alarming climate changes on our planet, companies are expected to actively and visibly play their part in accelerating their moves to a carbon free world. Hence consumers, investors, regulators, employees, and the media are more focused than ever before on what companies are saying and, even more importantly, what they are doing—whether they are doing enough, whether they are acting on it fast enough, and whether they are accurately telling the whole story in their public announcements.
Q: How might organizations be exposed to greenwashing risks?
A: CEOs may make pronouncements about their companies’ performance and plans; they may sign up to protocols and commit their companies to certain goals, targets and timelines. They may do this because they feel it is the right thing to do or, more cynically, to try and gain a competitive edge. However, unless there is genuine commitment, investment, resources, and the project management process in place to achieve these goals (and to ensure that they are the right goals), there are risks that poor goals are chosen, company strategy is not aligned to the goals, resources are not committed to the right activities and targets will be missed.
If statements are made, and not delivered upon, or inaccurate information is reported (intentionally or through carelessness) there will be a swift and negative impact in today’s world of 24/7 news and immediate social media commentary. Consequences could be more severe in relation to investors and whether a company is considered “investable” by ESG mandates. In addition, moving towards a carbon neutral or carbon negative world, for example, offers enormous business opportunities, but those upsides could also be missed without appropriate strategy, governance, management, and reporting.
Q: What role should internal audit play in identifying and mitigating greenwashing risks?
A: Firstly, audit can challenge the commitments being made by management. For example, is management making genuine and substantive commitments to meet the right protocols and adjusting those commitments as new protocols that are announced e.g. by the UN, or others? Is management aware of the regulations to which they need to comply and making optimal decisions where regulations appear to conflict or overlap?
Internal audit leaders should ensure that the right management teams (in terms of seniority and expertise) are clearly responsible and empowered to deliver the necessary activities quickly enough. They should also check to see that progress and performance are being reported accurately and consistently internally, and that appropriate metrics are being fully, accurately and honestly reported externally with appropriate context.
Q: Can the above be accomplished through enhancing existing internal audit processes, or do organizations need specialized controls for this risk?
A: These approaches use standard audit techniques to understand a process, assess the risks to the satisfactory achievement of stated goals, and to map the controls needed to mitigate those risks within an agreed and defined acceptable tolerance. This approach must also use audit skills to identify and collect data, to challenge management, to robustly critique their plans and statements, to maintain independence (while being a critical friend in this fast-changing area) and to interact professionally with senior management are also all essential.
There is clearly a need for many teams to upskill in specific ESG areas that are most critical to their organizations, to be able to adequately assess management statements, their activity and system data. That is always needed for any new and evolving complex risk area.
Ian Beale is a VP, Advisory with Gartner’s Audit and the Risk Leadership Practice, where he supports leaders of risk and audit functions throughout EMEA.
This Q&A was republished with permission from Gartner
About the Gartner Audit & Risk Practice:
The Gartner Audit & Risk practice equips audit & risk leaders and their teams with insights, advice, and tools to better navigate high-risk growth decisions. Additional information is available at https://www.gartner.com/en/audit-risk.