3 Key Considerations for Incorporating ESG into Your Internal Audit Plan

ESG Risk and reporting programs should not be restricted to audit agencies; they need to become part of a more extensive strategy. Internal audits play a critical role as the final safeguard in this strategy, incorporating ESG risk and compliance considerations into the audit plan. They also establish discipline and controls concerning significant ESG risk. Moreover, internal audits advise the organization on its overall risk management capabilities and proactively align with emerging ESG risks, strategies, and organizational goals.

You can integrate ESG into your audit planning and activities. Internal audits should ensure that ESG is a part of the risk conversation. The goal is to extend what you are already doing to incorporate ESG. As organizations focus on effective ESG audit planning, the most effective strategy is to ensure that you are asking all the right questions.

Here are the three key things you need to consider in your planning stage -

1. Data Quality: Process Control and Governance.

To plan a successful ESG audit, it’s crucial to prioritize data quality. Internal audits need to ensure that the ESG risk and reporting data are relevant, complete, and accurate.

• What ESG data is your organization currently reporting, and who is the audience?
• How complex are these data and metrics, and where are they stored?
• What controls and processes are in place to support the data being reported?
• How does this align with the internal audit plan? If it doesn’t, what changes are necessary?

2. Key ESG Forces Impacting the Traditional Approach –

To begin shaping your internal audit plan, start by identifying key questions that address the unique ESG assertions impacting your traditional audit approach. Tailor your plan to the nature, extent, and timing of your audit activities. In addition to the usual financial reporting assertions like completeness, accuracy, timeliness, cutoff, and clarity, consider these unique ESG assertions:

• Balance: Are you presenting a comprehensive and balanced view of your ESG activities? Are you highlighting not only achievements and progress but also limitations, weaknesses, and areas needing improvement?
• Stakeholder Inclusivity: Who are your priority ESG stakeholders? Are you considering their perspectives when assessing ESG impacts? Remember, ESG stakeholders include not just investors but also employees, customers, consumers, and communities.
• Sustainability Context: Are you providing ESG reporting within a framework that makes sense for your business, industry, and the specific ESG impacts?
• Prioritization: What ESG topics are most crucial for your organization? How are you evaluating potential ESG risks? How does this evaluation shape your ESG declarations?

3. A Risk-Based Approach for ESG Risk and Reporting

With limited resources and tight reporting deadlines, it’s essential to use a risk-based approach grounded in meaningful criteria for your ESG focus. This approach helps in selecting and prioritizing the key ESG areas. Start by evaluating ESG topics through the lens of stakeholder engagement, industry trends, and benchmarking. The higher-risk areas for your audit should be those where:

• The impacts are most significant if ESG objectives aren’t met.
• The influence on stakeholder assessments is highest.

Essentially, what matters most to your stakeholders, and where does that overlap with your most significant impacts? Many companies conduct a “materiality assessment” to determine these critical ESG focus areas for strategy and disclosure.

Internal audit is crucial in helping organizations manage ESG risk. This involves testing risks, discussing on ESG reporting, and introducing risk mitigation activities.

By focusing on the abovementioned considerations, an internal audit can effectively set up ESG risk management activities for success.

To learn more about these approaches to incorporating ESG risk and reporting into audit plans, feel free to contact us at hello@47billion.com. Discover how to audit ESG risk and reporting effectively.

Originally published at https://47billion.com on July 15, 2024.