It’s no secret how ESG is deemed a continuously evolving landscape. From increasing sustainability reporting requirements to heightened compliance pressures, organizations all over the globe are facing greater expectations. This is not only from regulatory bodies, but also from different stakeholders: clients, investors, employees, suppliers, and lenders.

With the rising profile of ESG and increasing regulatory scrutiny, conducting an internal audit review is more important than ever. In this article, we will explore why ESG internal audits are necessary, who are the ones involved in the process, and how can you conduct a successful audit.

The Importance of ESG Internal Audits to Companies

An internal audit review provides an independent and comprehensive assessment of a company’s ESG performance. It can help your organization identify areas of non-compliance and mitigate environmental, social, or governance risks, ensuring alignment with sustainability goals.

According to The Institute of Internal Auditors (Singapore) as published in the Objectives of Internal Review, Guide to Internal Review of Sustainability Report:

The risks associated with inaccurate disclosures can result in severe repercussions, such as financial and nonfinancial penalties and/or sanctions for non-compliance with disclosure obligations under the Securities and Futures Act. Therefore, the internal review serves as a safeguard to provide an independent and objective view of the robustness of internal controls on ESG information disclosed by the Issuer.”

As part of the best practices in sustainability reporting, disclosures should be relevant, complete, consistent, comparable, and verifiable. Given the increased focus on ESG, organizations must ensure accuracy when disclosing ESG information. Conducting a proper internal audit review can help assess the level of sustainability within your operations, as well as leverage ESG practices.

The Role of an ESG Internal Audit Team

An ESG internal audit team plays a critical role in evaluating and monitoring the company’s ESG performance and practices. This specialized team conducts thorough assessments, audits, and verifications to ensure compliance with sustainability standards and regulations.

A team without prior ESG internal review functions can transform its existing oversight infrastructure. This allows seamless integration of ESG practices into the company’s overall corporate governance. During this transformation phase, the team can gain a level of understanding of high-level ESG strategy and sustainability reporting workflows and processes.

Additionally, your internal audit team must be aware of the existing and upcoming regulatory frameworks. This helps your organization to better navigate the regulatory landscape and even educate other teams on ESG topics. For more information and guidance, you may refer to the Institute of Internal Auditors’ (IIA) Three Lines Model.

Book Free Demo with ConveneESG

The Role of Senior Management in the Internal Audit Process

No matter which stage you are in your ESG journey, senior management must be engaged in the internal audit review. They have the responsibility to provide leadership, set strategic direction, and ensure ESG considerations are integrated into the organization’s operations.

With key executives present in annual reviews, your internal audit team must extend its oversight function to create internal mechanisms that align with the company’s business strategy and targets. This enables the effective incorporation of ESG internal controls into the visibility of senior management and the organization’s day-to-day.

The Process of ESG Internal Audit

An internal audit is a crucial mechanism for organizations to evaluate and improve their ESG practices. In this section, we will explore the key steps involved and their significance.

Before: What Should You Prepare

Before the Internal Review: What Should You Prepare

Before the internal review, it is critical to first conduct a preliminary risk analysis. This sets the scope and aligns expectations with the board, the management, and other stakeholders. Hence, covering all the regulatory requirements and internal expectations from within the organization.

Next, prepare the supporting documents and information needed for the internal audit review. Most of these are already available or included in the organization’s sustainability report. Here’s an ESG audit checklist of the information you need:

  • Key process owners involved in sustainability reporting — This includes the defined responsibilities of the sustainability team, business process owners, and the ESG internal audit team.
  • General information about the organization — This should provide you with the background to understand the scope of review that needs to be done. The internal ESG audit team must have extensive knowledge about the organization’s ownership structure, and all entities within the group, etc.
  • Policies and procedures on sustainability reporting — This includes information on the organization’s governance structure, the process for industry benchmarking, and the procedures for identifying the company’s material topics and stakeholders.
  • Governance and reporting structure documentation — This outlines the different governing bodies and their roles and responsibilities in the organization. It should clearly identify who’s responsible for what, specifically the decision-making bodies and the process involved.

An organization’s governance structure is usually evidenced in the following documents:

    • Job Descriptions
    • Employee/Business Code of Conduct
    • Meeting Minutes
    • Committee Documents (composition and charters)
    • Bylaws, Articles of Incorporation, and/or Shareholder Agreements

The following policies are also required in their most updated versions:

    • Board Diversity Policy
    • Data Governance Policy
  • Evidence of Material Topics and stakeholders — This involves the checking of policies and procedures related to the organization’s Material ESG Topics, such as why and how they are determined. It’s also vital to know the Stakeholder Engagement process applied to identify the material topics.
  • Sustainability targets and initiatives — This includes evidence of approval of the targets and periodic performance monitoring. If documentation is not available, this should be clarified during the internal review process through interviews conducted with pertinent stakeholders.
    Inventory of data sources and data owners — For the key metrics identified in the ESG report, the organization should have the information on who’s in charge of collecting, monitoring, and submitting the data.
  • Data collection templates — This is useful for easy collection of the necessary data for sustainability reporting. It should cover data for environmental (e.g. climate-related data), social, and governance factors, which depend on the identified material topics. To get an idea of what kind of data is needed, start with the list of 27 Core ESG Metrics published by the SGX.
  • Supporting calculations — This includes the list of emission and conversion factors used to calculate GHG emissions. This is aligned with the disclosure requirement for organizations to calculate emissions with internationally recognized methodologies. Hence having the information on what emissions factors have been used.
  • Other lists and information include:
    • List of incidents of data loss during the review period, if any.
    • List of training and certifications provided to the organization’s directors, management, and employees.

During: What Happens During the Review

During the Internal Review: What Happens During the Review

Once you’re done preparing all the necessary data, it’s now time to proceed with the actual internal audit review. Here’s an overview of the tasks involved to ensure a successful review:

  • Inventory and interview of stakeholders — Part of the internal review process is to confirm that the organization has identified material ESG factors. The rationale and process for selecting the topics and stakeholders must be determined. Conduct interviews to ensure sufficient measures are in place, in terms of sustainability reporting. A proper review and approval must be conducted before publishing a report.
  • Site or field visits — In some cases, site or field visits might be required. Not only to interview stakeholders involved in the ESG reporting process, but also to confirm the processes outlined by the organization (e.g. for production facilities, or organizations using estimates in calculating data). This must be conducted by the internal audit review or by an external audit provider.
  • Reconciliation process — This process is where transactions and activities are compared against the supporting documentation and audit evidence. There should also be a comparison of source data vs. submitted data vs. published data. Identifying and resolving any discrepancies found must also be implemented.

After: What to Do with Report Findings and Conclusion

After the Internal Review: What to Do with Report Findings and Conclusion

Once the ESG internal audit review is complete, organizations must take appropriate actions based on the report findings. Here’s a list of the findings and what your team should do with them:

  • Summary of good practices and gaps — The internal review process should provide organizations with a summary of:
    1. the positive aspects and “good practices” present in the reporting practices
    2. observations on gaps identified, and the potential risk implications of these gaps.

With the gaps identified, it is crucial to identify where potential improvements can be done. Does it cover improvements in processes? Or employee development? Or company policies in general?

  • Review of findings by the management — The findings should be reviewed by the management. There should also be a facility to give responses and subsequently sign-off on the final report upon presentation to the board and the audit committee (or equivalent function).
  • Submit a summary of internal review findings — The board and the audit committee must then confirm that an internal review of the process for financial and non-financial (i.e. ESG) reporting has been conducted. While disclosure of all findings is not yet required, it is a good governance practice to include a summary of findings and identified areas for improvement. The goal is to have a “healthier” set of internal measures for a more consistent, understandable, and reliable sustainability report.

Some key tips and notes:

  • Clear communication is important. Set clear expectations at the beginning of the process (i.e. internal review plan) then communicate this with your internal teams. As the IIA Singapore has noted in its Sustainability Auditing – The Evolving Trend document dated 14 April 2022: “Communication is vital”. This helps the team address potential challenges when undergoing internal review.
  • The internal review should be aligned with the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors. (Source: SGX Practice Note 7.6)

The internal review process may seem like a duplicated effort at first. But with the right planning and tools, organizations can make this process more efficient year after year. If you want to streamline this process internally, Convene ESG can help you. Find out how below.

Convene ESG: Streamlining Your Internal Audit Process

Our ESG reporting software, Convene ESG, is designed to offer invaluable assistance to internal audit teams by streamlining the review process and guaranteeing internal assurance on your reports. The platform’s centralized data management can help your team manage all ESG data, including documentation, policies, and reports.

Discover below the Convene ESG features that will be useful for your internal audit review:

Convene ESG features for internal audit review process

  • Audit Trail and Workflow Management — This feature shows different activities performed in the system, including data or information changes. It also shows trails of how data has been collected and reviewed in a report. This covers the step where processes are reviewed to ensure data accuracy and completeness.
  • Auditor View and Evidence Trails — This feature provides the internal audit team with access to review all relevant ESG data. Auditors can check the data source and any accompanying evidence. Files can be directly opened from the screen.
  • Framework/Metric Selection Documentation — This Convene ESG feature can generate a summary of the metrics selected and applicable to the company.
  • Report Generation and Template — This allows your team to generate a summary of all information subject to internal review. Such data are already available as part of the sustainability reporting process:
    • General Information from the contents of the company’s sustainability report (e.g. as part of the GRI questionnaire or SGX Primary Component)
    • Material Topics identified from the Framework and Metrics Selection module
    • Data Providers and Data Owners
    • Sustainability Targets set (if applicable)
    • Evidence and Data Inventory
    • Data Collection Templates and Sources/Information used for calculation e.g. emission factors (readily available)

Convene ESG offers expert guidance and tools to streamline the internal audit review process. Better navigate the complexities of ESG audits and reach out to our expert team today!