ESG reporting standards and their impact on internal audit

Current state: The most commonly referenced ESG reporting standards

The most commonly used ESG standards at this moment of ESG maturity include the Global Reporting Initiative (GRI), the Sustainability Accounting Standards Board (SASB), and the Task Force on Climate-Related Financial Disclosures (TCFD). And while many began as global non-profit organizations, their end goal has been the same — establish, develop, and distribute a common set of ESG standards:

• Global Reporting Initiative (GRI) Standards - GRI has been providing the most widely used sustainability reporting standards for more than 25 years, covering topics that include biodiversity, tax, waste, emissions, health, and safety. Their goal is to “…enable any organization – large or small, private or public – to understand and report on their impacts on the economy, environment and people in a comparable and credible way, thereby increasing transparency on their contribution to sustainable development.”
• Sustainability Accounting Standards Board (SASB) Standards - Available for more than seventy-seven industries, SASB provides a set of ESG standards that assist in the identification of those environmental, social, and governance issues most relevant to financial performance. Founded as a non-profit organization in 2011, SASB focuses on those ESG standards that are “industry-based”, “decision-useful”, and “cost-effective”.
• The Task Force on Climate-Related Financial Disclosures (TCFD) - TCFD is committed to market transparency. The TCFD was created to “… develop recommendations on the types of information that companies should disclose to support investors, lenders, and insurance underwriters in appropriately assessing and pricing a specific set of risks—risks related to climate change.”

Regulatory considerations

As discussed above, the regulatory landscape for ESG reporting is rapidly developing. Over two hundred regulations are under consideration around the world ranging from ESG Fund Requirements/Disclosures in Singapore, South Korea, and the U.S. to Sustainable Taxonomies in Canada, China, and Australia to broader Corporate ESG disclosures in Hong Kong, India, and Indonesia, among many others. It will be important for organizations to pay particular attention as these regulations continue to develop.

A good example related to the EU CSRD discussed earlier, is the EU Taxonomy. The EU Taxonomy acts as the cornerstone of the EU’s sustainable finance framework and “… helps direct investments to the economic activities most needed for the transition, in line with the European Green Deal objectives.” Its classification system defines criteria for economic activities that have been aligned with their net zero trajectory. This is proving to be a significant undertaking for impacted organizations.

ESG reporting and its implication for internal audit

But what does this mean for internal audit? How will this affect the audit plan? Assurance over ESG reporting represents an important opportunity for internal audit, and assurance requirements are already developing. For example, the EU’s CSRD starts with limited assurance requirements and quickly turns to reasonable assurance over the first couple of years. Picking up from the lessons learned from SOX/ICFR, internal audit can play a key role in supporting the organization’s ESG reporting practices: understanding risks, identifying and rationalizing controls, and helping to control the costs of compliance.

More importantly, with the breadth and depth that ESG entails, it will be challenging for an internal audit department to be everywhere. There is an opportunity for internal audit to take the lead on integrated assurance. By coordinating and collaborating with second line assurance functions, internal audit can help the organization to achieve a more complete picture of the risks, controls, and underlying processes associated with the data and information required for effective reporting.

Getting started

The ESG standards that an auditor’s organization has selected provide the necessary requirements to further identify the controls that are in place to ensure proper reporting and to test and verify that they are designed and operating as expected. Having the right tools in place to better assist with this level of audit detail is sure to make a significant difference.

As a starting point, TeamMate+ has enhanced its already robust offering of internal audit tools to include the above-mentioned standards — GRC, SASB, TCFD, and the EU Taxonomy. Internal auditors are now able to jumpstart their work by leveraging the requirements of the various ESG standard(s) within familiar objects that can be easily integrated into their audit workflow. The standards will be updated as needed and new standards will be added as they are released.

Closing the ESG knowledge gap

In closing, Internal Audit has the skills needed to address ESG reporting. However, there is still likely to be some knowledge gap. Internal auditors will need enough core knowledge to understand enough about ESG issues to assess risk, create an audit plan, and determine a variety of audit approaches. Internal auditors, particularly leaders, need to be able to have informed conversations at the top of the organization. This isn’t anything new. No one is an expert in everything. No one will have specialist knowledge in every area of ESG. Internal audit should be prepared to develop this knowledge, reach out to external resources, or even recruit for it. There is an opportunity to co-source but plan accordingly and be mindful of limited resource availability. Start by building a base level of knowledge and accept when bringing in technical experts to help is needed.