The world of environmental, social, and governance (ESG) compliance is moving from nice-to-have to need-to-have. Organizations that fail to understand ESG risks and that don’t provide clear ESG reporting face potential consequences, like falling behind competitors and losing stakeholder trust. Meanwhile, regulators are moving toward making ESG disclosures mandatory.
For example, the Securities and Exchange Commission (SEC) proposed new rules in March 2022 that would mandate climate-related disclosures, for example, a company’s governance of climate-related risks.
“Until now, most environmental, social, and governance disclosures have been voluntary. The SEC proposal has put internal audit functions on alert at the prospect of the biggest change in reporting requirements since the Sarbanes-Oxley Act was passed in 2002,” notes an Internal Audit 360 article.
Meanwhile, other stakeholders like customers and employees have come to expect more ESG commitments, around diversity, equity, and inclusion (DEI), and sustainability topics like emissions reductions. Organizations that falter could face employee and customer turnover, as they instead turn to competitors that excel in these areas.
“Three-quarters of U.S. adults care about a company's impact on the environment when making purchase decisions, and 68% say the same of efforts to promote diversity and inclusion in a company's workforce and customer base,” finds Gallup.
So, even if ESG compliance is not required yet, there’s good reason to adopt best practices as early as possible. And given how many areas of a company ESG issues touch — and that governance is literally in the name — it makes sense for internal audit to incorporate ESG into its overall assurance responsibilities.
Not sure where to start? In this article, we’ll look at three easy steps your internal audit team can take regarding ESG risk management and ESG compliance when developing an audit plan.