[wpseo_breadcrumb]

What is the Role of Audit in ESG?

Over the past several years, there has been growing pressure on companies to demonstrate not only their progress on environmental, social, and governance (ESG) goals but also their effective management of climate risk across their entire organisation.

What role should internal and third-party auditors play in reviewing and providing assurance for an organisation’s climate risk data? What happens now that auditors in more and more jurisdictions are legally required to provide assurance on that data?

Here, we’ll explore the trends, issues and challenges facing audit teams as regulators and stakeholders continue to demand greater ESG transparency and assurance.

Investors are not the only ones demanding more from organisations today. Recent U.S. and European regulations reflect a growing focus on climate risk management. For example, the SEC’s recently passed climate risk disclosure rules require large, publicly listed U.S. companies to outline any material Scope 1 and Scope 2 emissions and also obtain external assurance for those disclosures.

What does this mean for auditors?

“Look at what’s happening internationally,” says Kristen Sullivan, Partner, U.S. Sustainability and ESG Services Leader at Deloitte & Touche LLP. “The EU is moving fast, furious, and comprehensively on ESG. The SEC is focused on climate. Many of the organisations [auditors] work for and engage with are going to be required to audit [ESG data].”

Renee Murphy, Distinguished Evangelist at Diligent and former auditor, says it’s time for audit teams to act.

“Auditors must establish a clear governance structure for their ESG audits if they want to help their organisations withstand scrutiny from regulators and external auditors,” she explains. “But to do that, they must be able to trust the data they collect. And you can’t get there with spreadsheets and all your data hidden across disparate sources.”

She says, “But it’s also important to note that auditors are positioned nicely to make strategic recommendations as long as they develop an understanding of ESG metrics and leverage the GRI’s standards for assurance, particularly for testing climate-related data.”

As Sullivan notes, there’s immense diversity in climate risk management practices among organisations. Even many of the most sophisticated organisations don’t have an enterprise resource planning (ERP) system for reporting ESG data. Additionally, auditors access sustainability data (if they currently access it at all), apply methodologies, and handle that data differently from how they audit traditional financial data. Consequently, auditors frequently need to build the processes that allow them to provide assurance over ESG initiatives from the ground up.

How is the role of the auditor becoming more critical for ESG?

As increased disclosure becomes the norm, how companies approach climate risk will change. “Businesses are about to invest more than ever before in sustainability. Offsets are going to become insurance instruments, and there will be real financial consequences for misguided strategy or executions,” says Murphy. “For auditors, only one part is getting and trusting information and ensuring the company meets their goals. The second part, strategy, will be just as important and even more costly. Offsets are evolving into insurance instruments, and any misguided strategies or executions will have significant financial implications.”

Murphy continues, “Climate-related impacts have already been appearing on a voluntary basis in financial reports. And now, with the SEC’s rules, we’ll see even more climate risks being disclosed, with auditors evaluating how those impacts are generated, how they’re captured, the risks they create and, perhaps even more importantly, whether the organisation is making the right judgments around climate risk and materiality.”

In doing so, auditors can help drive trust and build the board’s confidence in data, which allows boards to make better choices and build value. However, Helle Bank Jorgensen, CEO of Competent Boards and former auditor, explains that auditors must first know which questions to ask.

“We don’t have the debit/credit for this data,” Jorgensen says. “How do we ensure we have the info we need? I don’t want to be accused of greenwashing. What are the questions I need to ask? How do I know if I can sign off on this data?”

Indeed, ensuring the accuracy and relevancy of data is key to avoiding accusations of greenwashing. And, increasingly, auditors will be called on to provide assurance on an organisation’s judgments around risk and materiality.

“The role of the auditor is to enhance confidence in the data and to improve the board’s confidence that they’re being stewards of responsibility and making the right choices,” says Sullivan. “If they’re making decisions on incomplete data, that’s fuel for inefficiency and risk. That’s the critical role that assurance plays.”

According to Jorgensen, CFOs also take an increasingly proactive approach, asking auditors, “How do we ensure we have the [right] systems in place? How do we apply the same rigour to all this [non-financial] data?”

“No one wants the sudden message that ‘We need to do a restatement,’” says Jorgensen.

A banner showing trending content: the diligent audit analytic capability model

Aligning your climate risk strategy to established frameworks

Sullivan and Jorgensen highlight the importance of aligning audit strategies to specific ESG frameworks, such as the Task Force on Climate-related Financial Disclosures (TCFD).

The International Sustainability Standards Board (ISSB) takes the TCFD further by providing more specific criteria for what needs to be disclosed. The ISSB serves as a foundation and helps create a global standards baseline. This is important for all businesses because even those without a global presence still engage with global suppliers and other key stakeholders.

“The TCFD is a framework, a guide,” says Sullivan. “It doesn’t provide the criteria to follow from a data perspective. The ISSB takes the TCFD framework and puts meat on the bones about what needs to be disclosed.”

4 steps that audit teams can ensure climate risk disclosures

Sullivan and Jorgensen offer several practical tips for organisations to create a successful audit strategy when it comes to reporting on climate risk mitigation efforts:

1. Start with a materiality assessment: Materiality is the foundation for understanding how to prioritise your approach and tie it to your business strategy. Use either a double materiality assessment (aligning with CSRD guidance) or a single materiality assessment (as outlined by the SEC rules and the ISSB), and follow the metrics that align with that approach.

“It’s a false narrative that ESG is ‘non-financial info’ because it is financial, and it will eventually manifest itself financially,” says Sullivan.

2. Establish a governance structure: Once priorities have been identified through a materiality assessment, auditors can establish the right data governance structure to conduct effective audits.

Start by identifying which data you need to assemble, determine rights and responsibilities, and prepare for reporting.

Be careful not to overlook data sources. Jorgensen advises, “Look at your company’s communication and marketing materials. Do you have the underlying documentation you need for that? Even in marketing materials, companies are saying something you may not be comfortable with as an auditor.”

3. Bring the board on board: Murphy recommends involving the board as auditors begin the reporting process. “You need the right tools to streamline climate data collection, categorise your climate risk, and systemise reporting to feed insights right up to executives and the board because that information is essential in their decision-making process,” she says.

“Identify for the board what’s material now and what’s going to be material three, four or five years from now,” adds Jorgensen. “It’s a lot of risk — not just financial risk, but reputational risk. ESG is a risk for the board of directors.”

Similarly, benchmarking your disclosures against those of your peers and competitors and delivering that information to directors with the appropriate context will help your board provide the appropriate level of oversight.

4. Begin preparing for where the organisation wants to go: Focusing only on current climate risk programs without looking ahead can leave organisations unprepared for what’s coming. “What does your organisation’s transition plan look like?” Jorgensen asked. “Are you trying to get to net zero? Do you have the right competencies on the board and in the C-suite to get there? Do you have the right auditors who feel they can sign off on these things?”

Sullivan added, “As organisations get more proactive and intentional [about climate risk], it’s about, ‘How do we intentionally take these market indicators and regulations to make the pivot and capture value, to tap into a new market, to tap into new research and development?’”

How the right solutions can help auditors with ESG

Today’s audit teams face increased responsibility regarding an organisation’s climate-related data and reporting, but the right technology can make their jobs easier and less prone to errors.

The Diligent One Platform combines best-in-class carbon accounting with risk and audit management solutions to comprehensively assess your organisation’s climate risk posture. Automated workflows and dashboards offer real-time insights and standardised, auditable reports so your team can build executive confidence and ensure they have data that is defensible to regulators and external auditors.

With all your climate risk data in one place, Murphy says, “You can stay ahead of the regulations and market shifts that impact sustainability and supply chains while also benchmarking your progress and surfacing critical information for the board.”

Additionally, the Diligent Institute’s Climate Leadership Certification helps leaders prepare for new climate risk requirements and challenges at every level.

“It’s very clear the direction of travel,” Sullivan says. “Establish the governance structure you will need. Align your strategic objectives to these areas of impact. Institute policies and controls to withstand market scrutiny. The time to act is now.”

Are you interested in how the Diligent platform can bring your organisation to the next level of compliance?