The future of SOX and internal controls: incorporating ESG

Baker Tilly proudly presented at Workiva Amplify 2022, discussing the ever-evolving environmental, social and governance (ESG) landscape. As the U.S. Securities and Exchange Commission (SEC) moves forward with rulemaking to enhance and standardize registrants’ climate-related disclosures for investors, organizations are left wondering what this means for their Sarbanes-Oxley (SOX)-related disclosure controls and internal controls to support external reporting.  

In this session, Mallory Thomas, risk advisory partner, and Matt Mikulay, risk advisory senior manager, discussed the important role of internal audit in advancing the evolution of risk assessments, information aggregation, and reporting management in response to the evolving ESG landscape.

Key takeaways for internal audit teams

1. Evaluate and assess the key internal and external stakeholders for your organization, and the relevant ESG information and data that these stakeholders are requesting
2. Internal audit should have a seat at the table in developing the organization’s strategy and response to the current ESG landscape, and can leverage their existing relationships with other teams and departments throughout the organization to further support the ESG strategy
3. Internal audit can assist with facilitating a current state ESG assessment to further understand the ESG topics and metrics that are relevant to the organization, and begin to identify any potential gaps in the organization’s ESG strategy and plan
4. Embed ESG into the organization’s enterprise risk management (ERM) program and the internal audit plan
5. Provide continuous learning and knowledge sharing across the organization including sustainability teams, operations, process owners ERM committees and leaders on the evolving ESG risk landscape to bring awareness