The recent hype and concern raised by various stakeholder groups on this topic is putting more pressure on members of the Board and business leaders to review their Environmental, Social and Governance (ESG) framework and practices. As Internal Auditors provide assurance on a myriad of strategic, operational and governance matters, it is inevitable that the risks and controls management surrounding ESG ought to be appraised and included as part of the annual IA Plan.
Similar to any new area to be covered and audit opinion rendered, the internal auditors would likely face the following challenges:
1. Knowledge on ESG
Within a short timeframe, the internal auditors are required to learn and demonstrate strong grasp on the guidance and best practices within the 3 main components of ESG and its specific requirements.
2. Availability of Resources
Besides knowledge and competency on the ESG subject, the resources within the IAD will certainly be stretched thin to accommodate review on this new area. Compromises and even sacrifices may be needed to other equally demanding audit scope.
3. ESG Risk Assessment
Being a new scope, some internal auditors will face challenges in assessing the company’s risks and procedures that ensure their relevancy, integrity and reliability in generating material disclosure data in accordance with the company’s chosen ESG disclosure framework.
4. ESG Data Availability
For companies that have just begun embarking on the ESG journey, availability and adequacy of ESG data management process may not be in place or at its infancy stage. This potentially will be a major hindrance for effective review and analysis by the internal auditors.
The silver lining to the above is there are heaps of standards, guidance, article and survey reports that are available including references targeted for assurance teams from the IIA. inc (https://iaonline.theiia.org/blogs/Jim-Pelletier/2019/Pages/Internal-Audit-Are-You-ESG-Ready.aspx) and COSO (https://www.coso.org/news/Pages/new-guidance-addresses-resiliency-against-esg-risks.aspx).
Equally important at the initial stage is the formation of an ESG Subject Matter Expert (SME) team to formulate the audit review strategies and to guide the execution team in carrying out the review besides engaging and speaking the same lingo with the relevant internal stakeholders.
The clock is ticking! We are calling out to all the leadership teams in the Internal Audit function to swiftly strategize your ESG audit approach and actions to provide the much needed assurance to the Board and Management before it’s too late.