Environmental, social, and governance (ESG) assurance is increasingly becoming a focus of global organizations—and audit teams need to be ready to respond.
Investors, boards, employees, customers, and global society at large all have a surging interest in corporate sustainability and ethical business practices. And that’s a great thing—we all want organizations, especially big ones, to be better corporate citizens.
The challenge for risk assurance teams is how to measure a company’s “ESG” (environmental, social, governance) posture, when that acronym can include everything from climate change to fair labor standards and workforce diversity (and lots more!). We barely have consensus on what ESG should encompass, let alone a universal set of standards to measure ESG risk and develop improvement plans.
So how do audit teams proceed? How can you help the rest of the enterprise move forward on something that on the one hand is so imprecise, yet on the other, is so important?
Understand who’s driving the agenda for ESG assurance
First, understand where the demand for ESG disclosure is coming from. Regulators might be edging toward more disclosure from companies—but the real pressure is actually coming from other stakeholders.
For example, BlackRock, the largest investment fund in the world ($7 trillion under management) said in January that investment decisions will be made with climate change and sustainable growth at the forefront. Worldwide, socially responsible investment funds are believed to have had more than $30 trillion in assets under management in 2018, a 34% increase in two years. So, BlackRock isn’t alone in wanting to make ESG a priority.
In our age of social media transparency, consumers, employees, and non-government organizations can swiftly roast a company’s reputation for perceived ESG failures. (And the word “perceived” is crucial, because it’s easy for some social media groups and online activists to convince themselves of some alleged offense that hasn’t actually occurred.)
So there is a desire for ESG reporting—but from a diverse range of audiences who might each have their own interpretation of what “ESG” really is. That gives organizations an opportunity to set the direction of the conversation. But to achieve this, the organization must present a clear, defendable set of ESG goals, and then back that up with evidence that its business processes are working to achieve those goals.
“The actual practice of auditing ESG issues isn’t any new invention for an audit or risk management team. The usual steps—gap analysis, remediation, action plans, tools to track progress—all still apply.”
Consider the available ESG frameworks
The good news for audit teams is that numerous ESG frameworks and standards exist. So if the executive team wants an assessment of its ESG posture, and wants to advance a plan for ESG improvement to placate various stakeholders, you have some choices.
- Sustainability Accounting Standards Board, which publishes sustainability standards for 11 major industries and dozens of subsectors, focusing on items that are materially financial to businesses.
- Due Diligence Guidance for Responsible Business Conduct, published in May 2018.
- Global Reporting Initiative, which has published ESG standards since 1997.
- ISO 26000, a standard that offers guidelines for ESG issues but isn’t certifiable like other ISO standards.
- Corporate Human Rights Benchmark, an annual ranking of companies’ ESG efforts based on disclosures those companies make to investors.
All of the above publications (and others) address the same broad issues: climate change, environmental damage, fair labor standards, pay equity across gender and racial lines, and so forth. Some, like SASB or ISO 26000, are frameworks and standards in the traditional sense.
Others, like the Human Rights Benchmark, aren’t standards per se, but do let stakeholders exert pressure on ESG issues. So, audit teams can use those as a roadmap of issues where investors might ask about corporate performance, and anticipate the evidence stakeholders will want to see.
Think about technology and achieving your objectives
The practice of auditing ESG issues isn’t any new invention for an audit or risk management team. The usual steps—gap analysis, remediation, action plans, tools to track progress—all still apply.
That said, audit management technology becomes essential here. Consider ESG assurance for fair labor standards in your supply chain: this might involve analyzing hundreds of supplier contracts to assure that appropriate ESG clauses are included. That’s far too many suppliers, probably scattered across numerous operating units and business areas, for manual audit processes.
To ensure assurance and provide management and the board with confidence, your technology solution needs the following capabilities:
- A single data repository
- Collaboration tools to communicate effectively among different locations and business areas
- Data analytics for bulk analysis of ESG performance
- Versatile reporting, so audit leaders can confidently discuss risk and remediation with business leaders.
One challenge involves defining ESG objectives, as well as their priority relative to other business objectives. Some will blend well with other objectives, like ethical supply chain management. Others might be a harder sell, like setting targets to reduce greenhouse gas emissions or developing strategies to hit those targets.
So, audit leaders will need to work with other business leaders in procurement, operations, finance, and even investor relations to understand where ESG objectives fit in the priority list.
That’s not a technology issue; it’s a leadership issue. But with effective technology, audit leaders can introduce data-driven precision to decision-making. When the C-suite sees that ESG issues can be brought into sharper focus, and therefore they can have better conversations with their stakeholders about those issues—that’s yet another way audit teams can deliver more value.
How the board can drive ESG improvement
Read how to:
- Define roles and ownership of ESG issues
- Set objectives and adopt frameworks with a risk-based approach
- Track, report on, and improve ESG strategy.