ESG reporting standards and their impact on internal audit
ESGCompliance02 August, 2023

ESG reporting standards and their impact on internal audit

Unlike financial reporting standards that have been available to investors for decades, ESG reporting standards remain in relatively early stages of development as priorities, public demand, regulations, and even politics, shift the foundational components of an organization’s approach to the potential depth and complexity of ESG reporting. Each of these foundational components will be looked at and closely evaluated by investors, regulators, and consumers to better understand how an organization is creating long-term value as well as understanding the organization’s broader impact, particularly on matters related to climate and social impact, among others.

The landscape of ESG reporting standards is complex. At the current stage of maturity, multiple global standard setters, each with their own objectives, continue to drive the conversation. At the same time, the regulatory environment is rapidly developing, with an estimated 200 or more ESG-related regulations being considered in countries around the world.

Of note, from a regulatory perspective, is the European Union’s Corporate Sustainability Reporting Directive (CSRD) which creates comprehensive ESG reporting requirements that will impact approximately 50,000 companies. U.S. companies with significant revenue in the EU will need to publish sustainability information that covers their entire operations, including their non-EU operations.

Adding to the complexity in the short-term, but perhaps leading to consolidation and clarity longer term, are the new standards from the International Sustainability Standards Board (ISSB). Created by the International Financial Reporting Standards (IFRS) Foundation, the ISSB is launching a new set of ESG reporting standards with the goal of creating a common foundation for ESG reporting globally. Already, several organizations, including the Climate Disclosures Standards Board (CDSB), the Sustainability Accounting Standards Board (SASB), and the International Integrated Reporting Framework, have merged into the ISSB. More recently, the ISSB has been asked to take over the monitoring of the progress of companies’ climate-related disclosures from the Task Force on Climate-related Financial Disclosures (TCFD). All of this appears to be good progress toward a global, foundational set of ESG reporting standards.

Solutions

TeamMate+ ESG

ESG assurance

Build a strong ESG assurance foundation with a future-ready internal audit solution.

Current state: The most commonly referenced ESG reporting standards

The most commonly used ESG standards at this moment of ESG maturity include the Global Reporting Initiative (GRI), the Sustainability Accounting Standards Board (SASB), and the Task Force on Climate-Related Financial Disclosures (TCFD). And while many began as global non-profit organizations, their end goal has been the same — establish, develop, and distribute a common set of ESG standards:

  • Global Reporting Initiative (GRI) Standards - GRI has been providing the most widely used sustainability reporting standards for more than 25 years, covering topics that include biodiversity, tax, waste, emissions, health, and safety. Their goal is to “…enable any organization – large or small, private or public – to understand and report on their impacts on the economy, environment and people in a comparable and credible way, thereby increasing transparency on their contribution to sustainable development.”
  • Sustainability Accounting Standards Board (SASB) Standards - Available for more than seventy-seven industries, SASB provides a set of ESG standards that assist in the identification of those environmental, social, and governance issues most relevant to financial performance. Founded as a non-profit organization in 2011, SASB focuses on those ESG standards that are “industry-based”, “decision-useful”, and “cost-effective”.
  • The Task Force on Climate-Related Financial Disclosures (TCFD) - TCFD is committed to market transparency. The TCFD was created to “… develop recommendations on the types of information that companies should disclose to support investors, lenders, and insurance underwriters in appropriately assessing and pricing a specific set of risks—risks related to climate change.”

Regulatory considerations

As discussed above, the regulatory landscape for ESG reporting is rapidly developing. Over two hundred regulations are under consideration around the world ranging from ESG Fund Requirements/Disclosures in Singapore, South Korea, and the U.S. to Sustainable Taxonomies in Canada, China, and Australia to broader Corporate ESG disclosures in Hong Kong, India, and Indonesia, among many others. It will be important for organizations to pay particular attention as these regulations continue to develop.

A good example related to the EU CSRD discussed earlier, is the EU Taxonomy. The EU Taxonomy acts as the cornerstone of the EU’s sustainable finance framework and “… helps direct investments to the economic activities most needed for the transition, in line with the European Green Deal objectives.” Its classification system defines criteria for economic activities that have been aligned with their net zero trajectory. This is proving to be a significant undertaking for impacted organizations.

ESG reporting and its implication for internal audit

But what does this mean for internal audit? How will this affect the audit plan? Assurance over ESG reporting represents an important opportunity for internal audit, and assurance requirements are already developing. For example, the EU’s CSRD starts with limited assurance requirements and quickly turns to reasonable assurance over the first couple of years. Picking up from the lessons learned from SOX/ICFR, internal audit can play a key role in supporting the organization’s ESG reporting practices: understanding risks, identifying and rationalizing controls, and helping to control the costs of compliance.

More importantly, with the breadth and depth that ESG entails, it will be challenging for an internal audit department to be everywhere. There is an opportunity for internal audit to take the lead on integrated assurance. By coordinating and collaborating with second line assurance functions, internal audit can help the organization to achieve a more complete picture of the risks, controls, and underlying processes associated with the data and information required for effective reporting.

Getting started

The ESG standards that an auditor’s organization has selected provide the necessary requirements to further identify the controls that are in place to ensure proper reporting and to test and verify that they are designed and operating as expected. Having the right tools in place to better assist with this level of audit detail is sure to make a significant difference.

As a starting point, TeamMate+ has enhanced its already robust offering of internal audit tools to include the above-mentioned standards — GRC, SASB, TCFD, and the EU Taxonomy. Internal auditors are now able to jumpstart their work by leveraging the requirements of the various ESG standard(s) within familiar objects that can be easily integrated into their audit workflow. The standards will be updated as needed and new standards will be added as they are released.

Closing the ESG knowledge gap

In closing, Internal Audit has the skills needed to address ESG reporting. However, there is still likely to be some knowledge gap. Internal auditors will need enough core knowledge to understand enough about ESG issues to assess risk, create an audit plan, and determine a variety of audit approaches. Internal auditors, particularly leaders, need to be able to have informed conversations at the top of the organization. This isn’t anything new. No one is an expert in everything. No one will have specialist knowledge in every area of ESG. Internal audit should be prepared to develop this knowledge, reach out to external resources, or even recruit for it. There is an opportunity to co-source but plan accordingly and be mindful of limited resource availability. Start by building a base level of knowledge and accept when bringing in technical experts to help is needed.

Subscribe below to receive monthly Expert Insights in your inbox

Jim Pelletier Headshot
Senior Product Manager, Wolters Kluwer TeamMate
Jim has over 20 years of internal auditing experience in both the public and private sectors.
Back To Top