Regulators worldwide are actively working to boost corporate transparency when it comes to companies’ environment, social, and governance performance. In Singapore, more and more organisations are urged to disclose their ESG performance and impact.
The Singapore Exchange (SGX) introduced the comply-or-explain sustainability reporting that mandates companies to exhibit how they manage their material ESG risks and opportunities. But as guidelines and standards for ESG reports continue to enhance, internal audits are advised for critical assurance support of the company’s ESG efforts and risk management.
Find out more about the increasing pressure towards ESG disclosure and transparency, and the importance of internal audit in the following sections.
What is ESG Audit?
Given the hyper-focus on ESG today, many companies still overlook such issues leading to loss of investors or legal liabilities. To prevent missteps, auditing becomes an essential tool to assess how ESG factors impact an organisation.
An ESG audit is a systematic evaluation done to verify the accuracy of sustainability-related data that an organisation discloses — to its stakeholders and regulatory bodies. It is used to assess the organisation’s performance and practices across the three key areas: Environmental, Social, and Governance. The audits can be internal or external with organisations working with third-party assurance auditors.
Why is ESG audit important?
An ESG audit can help companies proactively identify risks, allowing for early intervention and mitigation strategies. The audit process can reveal areas where sustainability practices can be strengthened, and even provide valuable data for well-informed decision-making.
Such assessment is also a critical tool for investors to understand the company’s approach towards ESG issues, their risk management strategies, and long-term sustainability opportunities. Additionally, it allows investors to compare different companies’ sustainability performance using standardised metrics, and make more informed investment decisions based on a company’s ESG track record.
And as consumers are becoming more eco-conscious, a positive ESG audit can help businesses appeal to such customers and enhance their brand. Such audits can demonstrate the company’s commitment to environmental and social responsibility, strengthening stakeholder relationships. Overall, ESG audits can help build trust with all parties involved.
Who performs an ESG audit?
In general, Certified Public Accountants (CPAs) and auditors are best fit to conduct ESG audits given their experience and knowledge in analysing ESG. Find out below the two types of ESG audits and who performs them.
ESG Internal Audit
ESG internal audits focus on measuring and improving the company’s current ESG performance. This is also conducted to ensure the relevant internal controls and processes align with the company’s ESG goals.
Objectives of an ESG Internal Audit
- Evaluation of design and operating effectiveness, including the company’s ESG policies, processes, and internal controls.
- Auditing of reporting metrics, which involves verification of ESG data’s accuracy, completeness, and consistency.
- Assistance with materiality assessments or identifying the most significant ESG factors impacting the company based on industry best practices and regulatory requirements.
Internal Audit Team Composition
An internal audit team with a diverse skillset is vital for a comprehensive ESG audit. It may include:
- Sustainability specialists: Have in-depth knowledge of the company’s ESG policies, programs, and data collection methods.
- EHS (Environment, Health & Safety) experts: Bring expertise in environmental regulations, employee safety practices, waste management, and other critical aspects of ESG.
- Human Resources (HR) specialists: Ensure social factors like labour practices, diversity, and inclusion are taken into account.
- Legal department representatives: Helps identify legal compliance risks related to ESG audit standards.
ESG External Audit
External ESG audits involve an independent third-party evaluator assessing the organisation’s ESG performance. Such audits are typically required to provide investors, stakeholders, and the public, with unbiased evaluation. Besides the general auditing experience, external auditors should have ESG audit certifications relevant to established frameworks, such as GRI (Global Reporting Initiative) and SASB (Sustainability Accounting Standards Board).
What is ESG assurance?
ESG assurance is the submission of ESG audits and other data for third-party assessment. This also refers to the independent verification of a company’s ESG performance, reporting, and compliance. The scope of assurance can range from a limited review of specific ESG metrics to a comprehensive examination of an entire sustainability report.
Furthermore, ESG assurance may involve the review of company policies, data collection procedures, and internal controls related to ESG. It can also bring several benefits, including enhanced transparency and credibility, reduced risks of greenwashing, and improved sustainability performance.
ESG Assurance vs. External ESG Audits
While it also involves independent evaluation like external audits, ESG assurance is about providing an assurance statement or opinion on the accuracy and completeness of reported ESG information. External audit, on the other hand, is a more comprehensive assessment of ESG performance — involving detailed reports of findings and risks.
The scope of ESG assurance varies; can range from a limited review of specific metrics to an extensive report review. External ESG audits’ scope is typically tailored to company needs (full ESG or specific areas).
Three Key Elements of an ESG Audit
A thorough ESG audit requires careful planning and execution. Here are the three key elements that form a successful audit:
1. Scope
- What aspects of ESG performance will be evaluated?
- How will you determine the most significant ESG factors (materiality) for our company and stakeholders? Stakeholder engagement, data analysis, industry trends?
- What level of assurance (limited review, reasonable assurance) is desired for the audit?
2. Timeline
- What is the realistic timeframe for completing the audit?
- What are the key stages of the ESG audit process and how much time should be allocated to each stage (planning, data gathering, risk assessment, verification, and reporting)?
3. Methodology
- Which established ESG frameworks (e.g., GRI, SASB) will guide the audit methodology?
- What data collection techniques will be employed to gather comprehensive ESG data?
- What format and content should the final ESG report adopt to best present findings and recommendations?
Common Challenges of ESG Auditing
Despite the growing importance of ESG auditing, there are some challenges that can hinder its effectiveness. Here are four key challenges of ESG auditing.
1. Lack of standardised metrics and frameworks
The absence of universally standardised ESG metrics and reporting frameworks creates difficulty in benchmarking or identifying best practices for reporting. This can hinder a company’s ability to demonstrate its sustainability efforts and attract ESG-focused investors. Companies can consider using a combination of established frameworks like ISSB, and advocate for greater standardisation in ESG reporting.
2. Siloed ESG data
ESG data is often scattered across different departments and systems, making it difficult to collect, consolidate, and analyse. Inconsistent or incomplete data can lead to inaccurate reporting. Prevent this by implementing a standardised data collection procedure and format to ensure accuracy and consistency.
3. Limited internal expertise and resources
Inadequate internal knowledge of ESG frameworks or risk assessment techniques can lead to a superficial audit. This is why it’s imperative to provide capacity-building programs for personnel involved in ESG data collection and reporting. You can also consider partnering with external sustainability advisors to gain access to specialised knowledge and resources.
4. Omitted stakeholder perspectives
Failing to engage the relevant stakeholders in the audit process can lead to an incomplete understanding of ESG risks and opportunities. Prevent this by discussing with stakeholders (e.g. investors, suppliers, regulators, customers, NGOs) their priorities and concerns. To ensure a holistic perspective, involve cross-functional teams representing different departments in the audit process.
ESG Audit Best Practices to Follow
A well-executed ESG audit can be a valuable tool for identifying strengths and weaknesses in your sustainability practices. Below are five best practices when conducting an ESG audit:
- Leverage technology and data analytics — Utilise specialised ESG software for data collection, management, and analysis. Doing so helps ensure data accuracy through automated data entry and validation. Plus, this provides real-time insights and facilitates proactive risk management.
- Conduct proper materiality assessment — Perform a comprehensive materiality assessment to identify the most significant ESG factors impacting your company and stakeholders. This helps enhance the ESG audit report’s credibility and improve resource allocation by prioritising efforts on the most critical ESG areas.
- Perform an audit readiness assessment — Have a pre-audit assessment to evaluate your company’s preparedness for the ESG audit process. This allows for identifying gaps in data collection and internal controls before the audit commences.
- Drive continuous improvement — ESG audit is not a one-time task. Hence, continuous monitoring of ESG performance and audit procedures is vital. This also provides a basis for setting improvement goals and tracking progress over time.
- Maintain stakeholder engagement — Communicate openly and transparently with stakeholders throughout the ESG audit process. By doing this, you can build trust and strengthen relationships with stakeholders. Thus, allowing them to give input to shape the audit focus and reporting.
ESG Audit Checklist for Reporting Companies
This checklist outlines the key steps to follow when conducting an ESG audit. Take note that this ESG audit checklist must be tailored to your specific company and audit requirements.
1. Understand your current ESG goals
- Review existing policies and documents
- Sustainability reports
- Corporate Social Responsibility (CSR) policies
- Environmental management systems (EMS) documentation
- Social impact assessments (SIAs)
- Diversity and inclusion (D&I) policies
- Conduct stakeholder interviews
- Engage with key personnel from different departments (sustainability, HR, legal, etc.) to better understand your ESG priorities and risks.
- Interview external stakeholders (investors, NGOs, and community representatives) to know their expectations regarding your company’s ESG performance.
2. Identify ESG-related compliance requirements
- Identify relevant local, national, and international regulations that apply to your operations (e.g. Long-Range Transboundary Air Pollution Convention (LRTAP), Basel Convention for Hazardous Wastes and Disposal)
- Review labour laws, human rights standards, and anti-discrimination legislation applicable to your workforce and supply chain (e.g. International Labour Organization (ILO) core labour standards, United Nations Guiding Principles on Business and Human Rights)
- Determine corporate governance codes, anti-corruption laws, and disclosure regulations relevant to your company structure and operations (e.g. The International Corporate Governance Network (ICGN), The Organisation for Economic Co-operation and Development (OECD) Guidelines for Multinational Enterprises)
3. Choose your ESG guidance frameworks
- Evaluate industry-specific frameworks (e.g. Sustainability Accounting Standards Board (SASB) industry classification system, GRI Standards, TCFD), which provide sector-specific ESG reporting guidance.
- Conduct a preliminary gap analysis to identify areas where your current practices or data collection methods fall short of the reporting requirements.
4. Prepare for ESG reporting
- Establish clear procedures for collecting accurate ESG data across different departments. Use an ESG software like Convene ESG with data management features to streamline data collection and analysis.
- Implement internal controls to ensure data quality, accuracy, and consistency in ESG reporting.
- Pilot-test your ESG reporting process before full-scale implementation. This helps identify areas for improvement like data quality issues and reporting inconsistencies.
5. Incorporate ESG into the annual audit plan
- Establish internal audit procedures for evaluating ESG performance, data accuracy, and internal controls.
- Integrate periodic ESG reviews into your internal audit schedule alongside the annual audit.
- Have communication channels for disseminating ESG audit findings to relevant stakeholders (board of directors, management, and investors)
The Role of Internal Audit in ESG Disclosures
Internal auditing plays a critical part in an organisation’s ESG journey. This objective assurance activity brings a systematic, disciplined approach to evaluating and improving the effectiveness of a company’s risk management control and governance processes. It is also found to be beneficial for adding value to the organisation’s operations.
According to The IIAs material on the Internal Audit’s Role in Tackling Climate Change, Internal Audit has three main functions: the assurance function, the advisory function, and the compliance function.
So, what pushes ESG internal audit? Find the common drivers below:
- Growing demand from stakeholders on how organisations are affecting society.
- Increasing reporting standards and regulatory requirements, which makes reporting complex and prone to misinformation.
- Greenwashing, that includes false advertising of ESG-related information often leading to reputational risks as well.
Considering such challenges, corporates need assurance to ensure that they are on track to get the best returns from their ESG efforts. In fact, the SGX Listing Rule suggests that the sustainability reporting process should be subject to internal review starting this 2022 reporting period.
In the SGX Listing Rule’s Practice Note, it says that “an internal review of the sustainability reporting process builds on the issuer’s existing governance structure, supported by adequate and effective internal controls and risk management systems.”.
As internal reviews are mandatory and conducted by the Internal Audit function, SGX notes that this must be implemented in line with the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors (The IIA).
The ESG Reporting Principles to Consider During Internal Review
Convene ESG’s webinar, “Coping with Increasing Requirements for Internal Audit“, addressed the growing trend and importance of internal review for ESG reporting. SustainableSG’s Founder Chan Mun Wei, and CEO of Elixir Technology Pte Ltd Shih Hor Lau discussed the challenges and best practices in implementing internal audits.
To help internal auditors get started in reviewing sustainability reports, Mun Wei shared seven ESG principles, which are recommended by The IIA and consistent with globally accepted reporting frameworks:
- Do the disclosures present relevant information?
- Are the disclosures specific and complete?
- Are the disclosures clear, balanced, and understandable?
- Are the disclosures consistent over time?
- Are the disclosures comparable with other companies within a sector, industry, or portfolio?
- Are the disclosures reliable, verifiable, and objective?
- Are the disclosures provided on a timely basis?
In relation to the principles, Mun Wei gave simple advice to companies, “I always tell my clients to strike a balance between clarity and exhaustiveness. Some reports are just too long, which makes the key messages hard to digest. You’d want your sustainability report to not just present all the ESG relevant information but is also easy to read and understand”.
How to Prepare for Internal Audit of ESG Data
Every organisation now understands the risks and opportunities that come with ESG. As with sustainability reporting, an internal audit can provide the independent and objective assurance necessary to create an effective ESG response. The process will involve identifying risks, as well as the potential risk management strategies to take into account.
But before putting out an ESG disclosure for internal audit, Mun Wei left a few tips on how to prepare the actual report:
- Document the process and timeline of creating the sustainability report
- Set clear responsibilities and division of work involved in the reporting process
- Engage with stakeholders and get their inputs
- Identify the materiality sustainability issues and strategise how to manage them
- Manage the collection, verification, and analysis of data for the report
- Store the ESG data centrally and securely
- Create the narrative of the report, considering your audience’s expectations and needs
According to Mun Wei, “The narrative, the messages, and the outline are the starting point that guides how the full report flows. We must always get that part right, so we can have a smoother journey to put the report together”.
Using Technology in Internal Audit of Sustainability Reports
Speaking of technology for sustainability reporting, panellist Shih Hor Lau of Elixir Technology Ltd shared companies should first consider the increasing scrutiny to be a journey in itself. He stated, “We should find a way to continually improve and address all the ever-changing requirements for ESG disclosures, and even other kinds of disclosures”.
Pointing out how capturing all information is the main challenge in reporting, Shih Hor believes that technology can help. Through the right technology and automation, collating and organising unstructured data can be done faster, and ensure information is accurate and traceable.
Shih Hor noted that technology is used to augment humans and not replace them, “I think one of the biggest crimes of technology is we tend to overhype what it can do. The AI you got is not going to replace everybody out there, and that’s not going to happen for a while. I look at technology as a way of augmentation while humans do the high value-added work”.
Mun Wei also shared his thoughts regarding the subject stating, “Having a platform only ensures that the different people involved can focus on the more challenging and highly value-adding tasks. Say, improving the quality of the writing rather than struggling over the formatting of the GRI Content Index and so on”.
Convene ESG: Your Go-To ESG Reporting Software for Easier Internal Audits
Here at Convene ESG, we understand the struggle of conducting fast and accurate internal audits to produce quality sustainability disclosures. Our ESG reporting software supports an evidence or audit trail to suit your ESG assurance requirements. Plus, we also have a team of experts and partners to provide credible consultations and assurance. Convene ESG is the perfect tool to consolidate, centralise, and monitor data with evidence trails.
Reach out to our team to earn more about how Convene ESG can help on your ESG journey