hands and a piece of paper over a laptop

Internal Audit Considerations: The new urgency of environmental, social, and governance and internal audit’s role in driving progress

Internal Audit Considerations: The new urgency of environmental, social, and governance and internal audit’s role in driving progress

Synopsis
10 Minute Read

Today’s businesses face increased pressure to be more sustainable, equitable, and accountable. Internal audit will play a critical role in identifying ESG gaps and related risks — and charting a path to greater maturity.

Partner, Enterprise Risk Services & Leader, Environmental, Social & Governance

Contents

 


The pandemic has aimed a spotlight at the center of corporate sustainability and driven greater awareness around the importance of environmental, social and governance (ESG) issues. As governments rescued battered businesses and investors zeroed in on the companies best able to carry through the crisis, COVID-19 exposed weaknesses in corporate priorities and values.

There’s a growing consensus the role of business within society has changed. Corporate leaders are being held accountable for their performance related to ESG matters — all of which link directly to long-term value creation.

Top

ESG Factors: Drivers of business value

Environmental

  • Energy efficiency
  • Carbon footprint
  • Water consumption
  • Waste management
  • Packaging
  • Biodiversity management

Social

  • Employee attraction and retention
  • Diversity and inclusion
  • Pay equity
  • Customer data privacy
  • Social acceptability of projects / business
  • Organizational culture

Governance

  • Climate change
  • Cyber security
  • Corruption and bribery
  • Responsible taxes
  • Compensation
  • Reliable financial disclosure

Investors and financial institutions are shifting their focus regarding how they operate and with whom they do business — whether through lending and investment decisions or within their respective supply chains. These investors and financial institutions are also seeking companies which actively integrate sustainability and ESG criteria into strategy, operations, and culture. The focus has expanded from not only furthering the interests of shareholders, but also considering the behaviour of companies in relation to their employees, customers, communities, and governments.

ESG was historically utilized as a symbolic gesture of priorities embraced by business to effect positive outcomes in the communities in which they operated. However, actual delivery of meaningful outcomes lacked substance and ultimately resulted in corporate inaction. Today, the number of ESG drivers are growing rapidly and propelling companies to act quickly to strengthen performance. As corporate ESG integration upsurges, the risks for less ESG-mature businesses grow.

  • Securities commissions are studying minimum thresholds for mandatory integrated reporting on ESG. ESG draws on existing sustainability reporting — as well as financial reporting (i.e. financial statements, management discussion, and analysis) and governance disclosures — to holistically communicate to investors and other stakeholders how a company is performing and planning to create value (beyond financial results) over time for itself and others.
  • Accounting standard-setting bodies are developing international corporate reporting requirements on sustainability issues.
  • Governments are weighing in on desired ESG-related disclosures; the United Kingdom is the first to mandate climate-related financial disclosures across the entire economy by 2025.
  • More investors are using ESG information to inform their decisions.
  • Regulators are beginning to embed sustainability measures into decisions, rate structures and new capital-intensive infrastructure projects.

Internal audit will play a pivotal role in evolving ESG efforts as the heightened focus on sustainability continues to reshape the corporate landscape. Boards and executives will increasingly rely on Internal audit to determine the organization’s ESG maturity level, identify opportunities to improve it, and understand how ESG can enhance organizational performance and value.

Top

The real risk is hesitating

Considering their implications for shaping organizational priorities and a sustainable business model, boards, executives, and auditors need to serve a strategic and proactive role related to financially and reputationally material ESG criteria and associated company disclosures.

A growing body of evidence suggests the long-term benefits of ESG initiatives far outweigh the initial costs. These become clear when considered in the context of long-term value creation and sustainability rather than required compliance. Since many of the advantages accumulate as ESG initiatives mature, the real risk is not getting initiatives underway as soon as possible.

Benefits of ESG initiatives

Competitive advantage

Provides a distinctive value proposition for investors, lenders, employees, suppliers, customers, and consumers.

Resilience

Absorbs the costs of socio-environmental changes over the company’s preferred timeline, rather than being compelled by regulatory requirements.

Decommodification

Delivers cultural, social, and economic value that extends beyond product or service offerings.

Sustainability

Creates long-term value within environmental, social, and economic environments.

More value for stakeholders

Reduces risk and provide a more reliable return on investment.

Reshape value chain

Contributes to enhancing ESG efforts throughout the value chain.

Produce surplus

Reduces dependence on finite resources and increase the company’s ability to do more with less.

Respected brand

Builds strong relationships with stakeholders who observe, appreciate, and reward the company’s purpose and values.

Top

The role of Internal Audit in advancing ESG maturity

Interestingly, while the pressure for companies to provide more ESG disclosure and reporting grows, in many cases internal audit departments are slow to address this escalating area of risk. A poll1  of 400 internal auditors across Canada in February 2021 revealed the following results related to the current state of ESG maturity within their companies.

Considering the pressing impetus for change, the chief audit executive or senior internal auditor need to quickly bring these critical issues to the attention of management and the board of directors. They should also be prepared to advise how internal audit can provide both advisory and auditing support for strategic ESG priorities.

Internal audit has an opportunity to advance ESG maturity and drive positive organizational change by undertaking the following:

  • Emerging trends: Raise awareness at the board and senior leadership levels about ESG priorities and implications.
  • Strategy: Link ESG issues and factors to strategy, showing the risks related to inadequately addressing short- term and long-term priorities.
  • ESG materiality matters: Materiality is linked to stakeholders and what they deem to be decision-worthy information. ESG issues are plentiful — but not all constitute the level of criticality required for corporate disclosure. Internal auditors can play a key role in evaluating decisions for disclosure including prudent application of materiality thresholds.
  • Management system: Map current data input, collection, management, and output for ESG decision making and reporting to ensure rigor of data quality (i.e. completeness and accuracy). Data quality is essential for adequate assurance of public disclosures and, by association, the company’s reputation. 
  • Controls: Validate key controls for management system effectiveness and robustness of data used to support reporting and disclosures.
  • Inventory ESG disclosures requirements: Know what disclosures are required and by whom for those who want to pursue a compliance-only strategy (e.g. government, securities commissions, accounting guidelines, industry standards, etc.). This is non-negotiable if your securities commission requires sustainability disclosures (e.g. diversity among the board / senior leadership teams).
  • Competition: Conduct industry benchmarking for leading ESG practices and trends.
  • Reporting: Establish disclosure controls and procedures; ensure reporting is not “greenwashing”.
Top

MNP’s model serves as a guide to sustainability maturity

ESG is not a destination, but an ongoing process throughout the business lifecycle. Realizing advantages requires a commitment to continuously investing in, managing, monitoring, and improving ESG efforts.

Targeting a desired ESG maturity level and embedding ESG pillars into strategic and operational priorities requires a meaningful dialogue between management and the board of directors. A baseline maturity assessment of the organization’s current approach to sustainability is an ideal starting point. This will help internal audit teams gather the data necessary to work with the board and management to establish the desired future state — or, in other words, the intended maturity level that will facilitate corporate objectives.

A sustainability maturity model demonstrates the stages of ESG integration and common features of each stage. This model breaks down ESG frameworks into meaningful components — operations, stakeholders, governance, strategy, and reporting — which drive a successful sustainability program.

MNP's Sustainability Maturity Model
MNP's Sustainability Maturity Model: Ad Hoc, Initial, Defined, Integrated, Optimized. Organizations must decide how far up the curve they seek to go.

Cloud Terms

Cloud isn’t a new term. It originated in the 1960s when cloud symbols were used in flow charts and diagrams to symbolize the Internet network.


 Cloud:

 Metaphor for a global network; now commonly used to represent the Internet 

Cloud service provider:

Company that provides a cloud-based platform, infrastructure, application or storage services; usually for a fee

Cloud storage:

A service that lets you store data by transferring it over the Internet or another network to an offsite storage system maintained by a third party

Hardware as a Service (HaaS) / Infrastructure as a Service (IaaS):

A computer environment delivered as a service over the Internet by a provider. Infrastructure can include servers, network equipment and software

Platform as a Service (PaaS):

A computing platform (operating system and other services) delivered as a service over the Internet by a provider

Private cloud:

Services offered over the Internet or over a private internal network to select users, not the general public

Public cloud:

Services offered over the public Internet and available to anyone who wants to purchase them

It’s also helpful to keep in mind that meeting stakeholder expectations for meaningful and reliable ESG disclosures requires both a robust governance structure encompassing the board and internal audit, as well as third-party, independent assurance of ESG disclosures and reporting.

Top

Higher ESG maturity, greater competitive advantage

The global focus and expectations around ESG will rapidly intensify in the years ahead. chief audit executives and internal audit departments are ideally positioned to influence and support your company’s transition to an ESG-mature model. The key to sustainability success is leveraging the power of culture to drive change across the entire organization. And the discipline involved with linking ESG from strategy to operations requires clarity across the Three Lines (of Defense) Model, including the board’s role in effective oversight: “All roles working together collectively contribute to the creation and protection of value when they are aligned with each other and with the prioritized interests of stakeholders.”

Internal audit has the right independent perspective, position, and ponderance to understand strategy, observe operations, identify risks and assess controls to communicate on the effectiveness and maturation of their company’s adoption of ESG. Bringing both lenses of assurance and advisory services will serve to raise awareness of critical ESG issues as well as to evaluate management’s response to these same issues. Internal audit must also work with the other lines of defense to understand the holistic implications of risks on ESG strategy to ensure long-term success for their company.

An article by the Harvard Law School Forum on Corporate Governance on the strategic imperative of culture and ESG effectiveness found “… [social] practices [among businesses] are a barometer for corporate culture. Where companies have a strong and shared culture across the organisation, practices tend to be strong. Where a culture is poor, or considered ‘toxic’, [social practices] [tend] to follow the same pattern.” Understanding the interrelated risks and drivers of ESG success will need to be clearly identified and articulated to both senior leadership teams and the board of directors.

It’s the right time for internal audit to assume a strategic advisory role and bring ESG progress into focus for boards, executives, and management teams. The real risk is not starting the sustainability journey to realize the vital benefits. Now is the time to build a respected brand, value for stakeholders and greater resilience, sustainability, and competitive advantage.

1.Internal Auditors Role in ESG, Edward Olson, MNP, National IIA Roundtable, Institute of Internal Auditors Canada, February 23

Insights

  • February 29, 2024

    Is your Credit Union Prepared for the Future

    Digitization and evolving membership preferences are dramatically changing the financial services space. In this first part of our whitepaper series, we focus on three.

  • Performance

    February 29, 2024

    Create a Long-term Practice Plan and Protect What You’ve Built

    Explore the three areas where SMARTPro can help you plan for the future.

  • Progress

    February 29, 2024

    Purchasing a professional practice during a global pandemic

    Tips for navigating the changing world of professional practices from our experienced advisors.