ESG fraud risk: Understanding Internal Audit's role
ESGCompliance08 August, 2023

ESG fraud risk: Understanding Internal Audit's role

With increased scrutiny over Environmental, Social, and Governance (ESG) reporting and disclosures, internal auditors have a duty to their organizations to understand ESG fraud risks and to assess the effectiveness of ESG fraud risk management. As ESG reporting becomes more prevalent, more factors that contribute to the risk of ESG fraud are coming into play, including:

  • Investment pressure when organizational value is linked to ESG metrics
  • Compliance complexity increases internal costs and resource burdens
  • Reputational risk associated with pressure to demonstrate sustainability program progress
  • Manipulation of reporting when executive compensation is tied to ESG performance
  • Third-party risk from exchanging data and information to support reporting requirements

Since ESG fraud is likely to increase, internal audit leaders must be prepared to assess the organization's management of ESG fraud risks. This article will dive into internal audit's role in supporting the organization's management of ESG fraud through independent assurance.

Solutions

TeamMate+ ESG

ESG assurance

Build a strong ESG assurance foundation with a future-ready internal audit solution.

Upskill ESG fraud awareness

As with all fraud knowledge, not every auditor needs to be an expert, but all auditors should have a baseline knowledge of what ESG fraud is, as well as the various indicators. This means understanding ESG fraud risk factors in context with the classic fraud triangle and the occupational fraud tree. By upskilling the audit team they will be better prepared when red flags arise during assessments and testing.

Include ESG fraud risk in assessments

Internal audit teams need to include ESG fraud risk management in their risk assessment and consider the outcome for audit planning. ESG fraud risk assessments can consist of several internal and external factors. When conducting ESG fraud risk assessments, questions for internal factors include:

  • Who is responsible for determining the metrics for disclosure?
  • Is there a proper separation of duties between metric gathering and reporting?
  • How is this information collected, automated or manually?
  • Are your organization's ESG claims fully supported with accurate and reliable data? How do you provide assurance against “greenwashing”?
  • Is the control environment related to ESG fraud risks effective?
  • Are incentives (both explicit and implicit) driving the right behaviors and attitudes or increasing pressure for fraudulent reporting?
  • Are proper data governance policies and practices in place?

Likewise, the assessment should consider external factors such as relationships with third parties. Questions to consider for external fraud risks include:

  • Are key third-party relationships related to your organization's ESG activities identified?
  • How are these relationships managed and evaluated for viability?
  • Are "right to audit" clauses included in contracts and exercised?
  • How is data flowing from third parties evaluated and monitored?
  • What is the process for provisioning and de-provisioning third-party access to internal systems?

Evaluate internal controls for fraud risks

The answers to the fraud risk management assessment will drive your team's audit plan. For example, you may find executive compensation plans are directly tied to ESG initiatives, and the data used in ESG disclosure reporting is compiled manually. This would represent a high-risk scenario for ESG fraud risks and should be audited. During the audit, the team will evaluate whether internal controls are designed to prevent or detect fraud sufficiently. They would test to verify the fraud prevention and detection controls are operating effectively. Finally, if fraud occurs, internal auditors should only conduct a fraud investigation if they are qualified. Otherwise, they should delegate the investigation to trained fraud examiners.

Internal Audit's role in fraud risk management

As with any fraud, internal audit plays a vital role in addressing ESG frauds. Building knowledge in this area, assessing the organization's ESG fraud risk management, and pulling in experts when needed will be critical to a solid assurance program. Leverage the tools you already have and keep your antenna up as the ESG reporting landscape evolves.

Subscribe below to receive monthly Expert Insights in your inbox

For auditors who are challenged to improve audit productivity while delivering strategic insights, TeamMate provides expert solutions, delivered with premium professional services, to auditors around the globe and in every industry.
Back To Top