In this issue we tackle the many facets of environmental, social, and governance (ESG). That's no small feat given all ESG encompasses, but with increased attention — investor, regulatory, and social — it's not something organizations, or internal auditors, can afford to ignore.
A blog post from Jim Clifton, chairman and CEO of Gallup, proposes beginning the company's ESG effort with its employees. Gallup has identified metrics to benchmark an organization's current ESG state from the employees' perspectives. "In short, if your external communications say your organization is doing great things for the environment, but your employees strongly disagree, something is not working," the Gallup website says. "Recent corporate scandals have proven that major ethical, social, and environmental risks can hide behind 'good news.'"
Gallup, along with Chief Executives for a Corporate Purpose, recommends organizations begin the journey now, start with what they can measure, benchmark employees first, and "build a higher purpose around people and the planet."
In this issue, we consider internal audit's role in that journey. The IIA's Internal Audit's Role in ESG Reporting: Independent Assurance Is Critical to Effective Reporting says internal audit has both an advisory and an assurance role. The paper suggests that while ESG reporting is not required in annual reports, regulatory filings, and proxy disclosures, it should be treated with the same care as financial reporting, which raises the question,
"Is ESG the New Sarbanes Oxley?"
From an assurance standpoint, The IIA says internal audit should incorporate ESG into audit plans and:
- Review reporting metrics for relevancy, accuracy, timeliness, and consistency.
- Review reporting for consistency with formal financial disclosure filings.
- Conduct materiality or risk assessments on reporting.
From an advisory perspective, internal audit should recommend:
- Frameworks to mitigate and manage risks.
- Reporting metrics — data that accurately reflects relevant sustainability efforts within the organization.
- Where ESG risk should be managed.
In our deep dive into ESG, we consider reporting and how the topic is being addressed globally as well as the risks that make ESG challenging to manage. We also interview Jeffrey Hales, Standards Board chairman of the Sustainability Accounting Standards Board, about the importance of adopting sustainability standards.
From social justice movements to the mandate for net zero emissions, how does one measure a company's impact on the world? Today's organizations are being challenged to do just that, and internal audit will be an integral part of the journey.