Conversations and focus on sustainability, typically grouped into environmental, social and governance (ESG) issues, are quickly evolving — from activist investor groups and inquisitive regulators pushing for change to governing bodies and C-suite executives struggling to understand and embrace the concept. At the forefront of this new risk area is pressure for organizations to make public commitments to sustainability and provide routine updates to ESG-related strategies, goals, and metrics that are accurate and relevant. However, ESG reporting is still immature, and there is not a lot of definitive guidance for organizations in this space. For example, there is no single standard for what should be reported.
What is clear is that strong governance over ESG — as with effective governance overall — requires alignment among the principal players as outlined in The IIA Three Lines Model. As with any risk area, internal audit should be well-positioned to support the governing body and management with objective assurance, insights, and advice on ESG matters.
The following provides an overview of risks related to ESG reporting along with context on the growing sustainability movement. It also outlines internal audit’s role in ESG reporting and how internal audit can support ESG objectives and add value.