By Roy Snell
In March of 2021, the Institute of Internal Auditors (IIA) issued a bulletin entitled “New regulatory focus on Environmental, Social and Governance (ESG) reporting.” The bulletin notifies the Internal Audit profession that ESG regulations have been written in several countries and will need to be addressed. It also discusses the Securities and Exchange Commission new Climate and ESG Taskforce established within the division of enforcement; this indicates possible future US based ESG regulations. Organizations like the IIA, the American Institute of Certified Public Accountants, the Global Reporting Initiative, etc. are setting up ESG standards to help internal and external auditors evaluate organization’s ESG efforts. In addition to collaboration announcements between SASB and GRI, the recent SASB and IIRC merger is a strong indicator that standards and framework providers will continue to collaborate and consolidate in response to market demand for ESG disclosure.
Organizational leadership can better understand what the future will likely bring regarding the impact of ESG by reviewing the IIA March ESG Bulletin. It is rare to have such information summarized so beautifully into a two page document. Take advantage of it. In short, the first page of the bulletin covers the ‘why’ and the second page covers the ‘how’ of what every leader should know about ESG.
The second page of the IIA ESG document gives internal auditors questions to ask to evaluate where their organization currently stands in their ESG program development. This list of questions might be reviewed with leadership as-is. You might consider adding a short explanation regarding your organization’s status after each question. Many departments such as legal, audit, risk, compliance, sustainability, communications, etc. should be familiar with those questions relevant to their department. Ultimately departments that are significantly impacted will have to identify and prioritize potential risks and gaps.
This bulletin is a great place to start or further your current ESG discussions with leadership.
From the March 2021 IIA ESG Bulletin to Internal Auditors…
Starter questions for assessing ESG reporting
- Is the organization subject to any regulatory requirements related to ESG reporting?
- What is the direction from the board regarding ESG reporting?
- What ESG reporting does the organization currently perform?
- What standards (e.g., GRI, SASB, TCFD) are used by the organization to determine their ESG reporting, if any?
- Does the board have oversight of ESG reporting?
- Who has operational responsibility in the organization for ESG reporting?
- How is the determination made as to what to include in ESG reporting?
- How are ESG reports disseminated?
- What controls are in place to ensure the quality (completeness, accuracy, timeliness, and relevance) of ESG reporting?
- How does management and the board receive assurance as to the quality of ESG reporting?
- Has internal audit provided any level of assurance related to ESG reporting?
The bulleting is available via the link below: