Recent proposed climate disclosure guidance from the SEC, as well as growing demands for ESG-related disclosures from investors, may impact an organization’s future reporting requirements. In addition, requests for ESG-related information from upstream or downstream business partners are continuing to hasten the urgency for organizations to develop a strategy to respond to the current ESG environment. As the environmental, social and governance (ESG) landscape evolves, internal audit’s role is adapting to address emerging risk areas within an organization and positioning management and boards to navigate these risk areas.
Managing ESG risks and implementing ESG initiatives within an organization often falls to multiple stakeholders within various departments. Because of the cross-functional nature and shared responsibility of ESG within an organization can be complex, internal audit is uniquely positioned to partner with various teams, to support development of an ESG strategy based on the data and information requests from key stakeholders. Internal audit’s experience with assessing risk, identifying processes and data sources, understanding the implications of regulatory and reporting requirements, and the keen awareness of an organization’s goals and strategies will be beneficial to an organization as they embark on their ESG journey. Additionally, leveraging the existing lines of communication internal audit has established with management and the audit committee can help the organization be proactive in addressing the ESG risks and opportunities that are relevant to the organization.
Due to the impending SEC disclosure, climate change risk is a focus for many organizations but there are a variety of additional environmental, social and governance-related risk areas that should be evaluated. Internal audit can facilitate the integration of ESG-related risks within an existing and continuous risk management process and help communicate with relevant leaders regarding the current processes and how ESG risks can be integrated. This continuous evaluation of ESG-related risks within an organization’s overall risk management process can lead to significant efficiencies. Organizations may find it helpful to benchmark across competitors, peers or industry to evaluate their risks and identify emerging risk areas for considerations.
In addition to leading the ESG-related risks and integration into risk management processes, internal audit can provide guidance and support throughout the ESG journey in the following ways:
Assist the organization with defining its ESG vision and strategy
Evaluate the organization’s current-state ESG maturity based on relevant ESG risks and opportunities for value creation
Collaborate with management and key internal stakeholders to develop a plan to support the organization’s ESG strategy
Provide ongoing support for the organization throughout the implementation and execution of the ESG plan and strategy
Provide continuous monitoring of ESG risks and opportunities
While an organization’s specific ESG risks and opportunities will vary depending on size, industry and the relevant internal and external stakeholders, internal audit can play a critical role in how the organization responds to its unique ESG risks and opportunities. Proactively engaging with the board, executives and management can help ensure the organization has an effective ESG strategy in place and possibly support an organization’s long-term goals.