As companies come under increasing pressure to deal with climate change and diversity, their internal auditors are putting more emphasis on making sure environmental, social and governance reports are reliable.
A new
More organizations are facing pressure from environmental groups, activist shareholders and asset managers to make public commitments to sustainability and provide regular updates on their ESG strategies, goals and measurements, while making sure they’re accurate and relevant. However, the report points out that ESG reporting is still at an immature stage, and there’s no single authoritative set of standards for what should be reported, although a number of groups have been moving in recent months to align their standards and frameworks. The internal audit function can help management by providing assurance, insights and advice on ESG matters, as some outside auditing firms like the Big Four have also begun to do.
The IIA is looking at ESG through the filter of its Three Lines of Defense model. “It’s the role of governance at the board, and then the role of management to make sure these things are being prioritized in terms of these models and frameworks, and then internal audit is in a very valuable position,” said IIA president and CEO Anthony Pugliese. “It’s probably one of the few enterprise functions that can actually look at how risks are identified, how the controls are put into place whether you’re using something like a COSO model, and then reporting back, whether it’s in a consultative or an assurance way to governance and management as to the effectiveness of all of it.”
Some internal audit departments are helping corporate management determine which ESG risks should be a particular focus, and that will often vary by industry. “Management takes responsibility for that, but we’re seeing a lot of activity on that front across the board,” said Pugliese.
ESG standard-setters have been coming under pressure from financial regulators to harmonize their standards and frameworks so investors can rely more on the reports. The Sustainability Accounting Standards Board and the International Integrated Reporting Council have announced plans to merge together later this year to form a group called the Value Reporting Foundation. They have begun working with the Global Reporting Initiative, the Climate Disclosure Standards Board and the Carbon Disclosure Project to align their standards. Meanwhile, the International Financial Reporting Standards Foundation is also preparing to set up a proposed International Sustainability Standards Board that it would oversee alongside the International Accounting Standards Board, with input from the existing ESG standard-setters, and it’s in the process of looking for a chair and vice-chair to run the board (
“The real question right now is which one do we use and how do we do it?” said Pugliese. “It’s almost entirely nonfinancial. There are a lot of questions on how to do it, and there’s further consolidation taking place in a space where standards are being set on these topics, and identifying which ones are important.”
The IIA is a member of the IIRC and recently wrote a letter to the Securities and Exchange Commission, which has been asking for comments about ESG disclosures. In its letter, the IIA called for uniform climate disclosure by corporations and recognition of the role played by internal auditors in providing assurance around accurate, reliable information.
Increasingly, in response to the Black Lives Matter protests last year, companies are focusing more on diversity, which fits into the social part of ESG reporting. ESG standard-setters generally haven’t developed standards for that as much as their environmental standards, perhaps out of fear of being accused of setting up racial quotas.
“There are some concepts that have not yet found their way into standards yet, like diversity, equity and inclusion,” said Pugliese. “How do you measure that? It’s such a subjective term. Companies are looking for ways to report on it. You’ve got big investment management firms like BlackRock who are talking about it a lot, and companies are struggling with what they need to produce and monitor. You certainly don’t want DE&I to be a kind of checklist for saying, ‘Yeah, we’ve hired all the right people,’ and this is a thing that’s done. It’s a lot more detailed than that and subjective. They’re turning to internal audit to assist in that. We’re seeing things like culture audits beginning to happen to make sure things like DE&I are firmly embedded in culture so companies can report on that. It’s becoming a more prevalent topic, and that’s just one part of the overall ESG spectrum.”
The IIA plans to continue working on ESG issues with the IIRC as well as the International Federation of Accountants and other global groups that have long been involved with ESG reporting, whose urgency has been given greater impetus by climate change, racial protests and the pandemic.
“It’s not like the Wild, Wild West,” said Pugliese. “It’s been around for a while around the world. But these things get triggered by something like what happened last year, and all of a sudden they’re just being propelled forward at lightspeed. We want to make sure there are no adverse effects so companies can be ready to do this work. We’re keeping an eye on it for sure and want to be part of these new groups and the calls for members to be in these groups.”