skip to main content

Internal Audit's Role in ESG

Internal Audit's Role in ESG

“ESG” stands for environmental, social, and governance and refers to the three most critical factors that stakeholders use to measure an organization’s impact on society. When defining ESG, there are various issues within each category and it’s important to have a clear understanding of each of those so that you can focus on the issues that matter to your stakeholders.

  • Environmental: carbon emissions, water and waste management, raw material sourcing, climate change vulnerability
  • Social: diversity, equity and inclusion, labor management, data privacy and security, community relations
  • Governance: board governance, business ethics, intellectual property protection

There is a widespread belief that companies that are mindful of their impact as it relates to the criteria will also perform better, making them attractive candidates for investors and employees.

Why is ESG important?

ESG criteria will help companies in identifying some of their most important non-financial business issues which account for 80% of that company’s risk.

In the age of information, stakeholders require more transparency than ever, demanding to know more about the companies they choose to support, and in 2022 and beyond… word travels fast. In a creator economy, potential customers turn to “influencers” whom they have grown to respect and trust for where they receive their information. All it takes is one misstep on the part of a billion-dollar company and Instagram, Snapchat and TikTok will be abuzz and that story will spread like wildfire, resulting in negative financial impact or worse.

Some of these issues a company may never have seen coming, and some of them may not even be true, but a company must be prepared to address any issue related to ESG criteria at a moment’s notice. Developing a broader ESG strategy is a good first step.

ESG reporting requirements on the horizon

Currently, there are no “official” ESG standards, but we are not far off. Currently, 90% of public companies publish some sort of ESG reporting, and soon it will not be optional. Companies that embrace ESG reporting requirements will transition more smoothly and be better prepared to address any associated ESG risks.

The information is out there, ESG and sustainability information is now available on any public company at the click of your mouse regardless of if the company has published that information.

Internal auditors will be a critical component of ESG strategy

Internal audit professionals will become key players in ESG programs, their experience with internal controls, business risks, and professional skepticism will allow them to add important insight and value to a company preparing to launch an ESG program.

The skill set of an internal audit professional lends itself well to many of the needs of an ESG program including:

  • Assess the current maturity of the company’s ESG strategies
  • Review ESG policies and procedures to help communicate the company’s strategy, goals, and specific processes
  • Validating the accuracy, completeness, and relevancy of the company’s ESG financial and non-financial reporting metrics

Looking within your company is a foundational step for building out your ESG strategy, and internal auditors can evaluate existing capabilities, address risks and help identify key metrics.

Starting your ESG journey

  1. Understand the ESG landscape

Identify key stakeholders and the issues that matter most to them, and analyze your industry and how it fits within the context of the ESG landscape. Consider where your company is located, reporting requirements can vary by country or region. What reporting framework do your key customers utilize? Finally, assess your company’s ability to develop, implement and maintain an ESG program.

As you begin to answer some of these questions and address these concerns, the basic principles of your ESG program will be established.

  1. Choose a standard or framework to evaluate your company

Without one clear governing framework, choosing a reporting framework is at the discretion of each individual company and will be dependent upon your company’s values and the values of your stakeholders.

  1. Identify key gaps

Alignment with your stakeholders’ values can be the difference between success and failure for your ESG strategy, so it is important to make sure you are reporting on what matters, or else it a just a massive waste of resources.

  1. Clarify your goals

Once you identify the key gaps and determine the issues that matter most to your stakeholders, setting clear and measurable goals will allow you to demonstrate the progress/success of your ESG program. Goal setting in ESG (like in any area of business) provides the roadmap for your strategy, identifying roadblocks, celebrating milestones, and improving overall transparency with your stakeholders.

  1. Quantify your baseline

Once you’ve established your goals, you must identify material topics, designate subject matter experts for addressing those topics, and appoint one person to collect data.

  1. Develop a strategy roadmap

Setting reasonable key performance indicators (KPIs) will assist in developing a more substantial strategy. These KPIs, though self-governed, should still align with key stakeholders. Thorough and detailed documentation should be kept as part of your reporting structure and can be used to prove your company’s efforts in implementing a measurable and detailed ESG strategy.

  1. Implement and monitor

While most of the intensive work lies within the development of your ESG strategy it will be imperative to monitor the strategy to ensure goals are being met. The solutions for monitoring can range from manual processes to automated functions made possible by software and technology.

Data should be evaluated on a regular basis (on a cadence determined by your company) and there are tools available to make it a part of day-to-day operations by rolling it into an existing reporting procedure.

  1. Reporting

As it stands, ESG reports are like snowflakes, no two are alike. At their core, ESG reports identify the material topics and report on progress made to address them.

ESG strategy and reporting are still very much in their infancy and will evolve over time, but even now there is so much information out there that it can be overwhelming.

A sound ESG strategy starts from within your company by identifying which material topics your company would like to address, ideally, those topics will also matter to your key stakeholders.

No matter how you choose to start your ESG journey, we recommend starting sooner rather than later, and our internal audit professionals have advised clients on all stages of ESG strategy implementation, and we will help you sort through the myriad of information available to find the right solution for your company.



Have a Question?

Fill out the form to speak with one of our ESG specialists

Hide Firm Disclaimer


UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc., and its subsidiary entities. UHY Advisors, Inc.’s subsidiaries, including UHY Consulting, Inc., provide tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors” and “UHY Consulting”. UHY Advisors, Inc., and its subsidiary entities are not licensed CPA firms. UHY LLP, UHY Advisors, Inc. and UHY Consulting are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. “UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY LLP, UHY Advisors and/or UHY Consulting (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.