Assuring ESG numbers is coming, but for now internal audit is stepping lightly.
Members of NeuGroup’s Internal Auditors’ Peer Group (IAPG) agreed that their companies’ environmental, social and governance efforts (ESG) often felt like marketing campaigns. Internal audit (IA) has so far provided little assurance regarding the validity of reported ESG numbers, but that likely is about to change.
- One member said his technology company’s investor relations team had for the first time reported out ESG numbers according to frameworks established by organizations including the Global Reporting Initiative, the Sustainability Accounting Standards Board, and the Institutional Shareholder Servicers group.
- “As you can imagine, we didn’t score well on some, and we identified a number of areas where we need to improve our metrics and reporting,” he said, adding, “I see a lot of alignment with ESG and what we’re doing around enterprise risk management (ERM).”
IA’s role? Another member said that marketing had engaged an external auditor to provide assurance, and for now his team would let them “stick their necks out on that.” Nevertheless, he queried, “Am I missing something? Have other folks gotten more involved?”
- The general feedback was that IA has yet to take a deep dive into ESG but that some members will soon test the waters, especially for important and measurable ESG metrics such as greenhouse gas emissions, and water use and management.
- “We may take a look at that this year, and at least review the process of how those numbers are being reported,” he said, adding the ever-increasing importance of ESG reporting calls for some level of IA participation, if not for the whole report.
Missing data. Another member expressed concern about what’s not being reported. This, he said, is “the other side of the coin where we probably don’t look so good, but that hasn’t been included to provide the full picture.”
- A fellow member said her team recently stepped in that direction and found missing greenhouse-emission data according to current standards and guidelines. She noted that it is not yet mandatory for companies to be at a “mature level” in terms of meeting those guidelines and standards, “But we don’t have good data now and we need to get there.”
- Another member said his team is mapping out the ESG numbers his company has external assurance on, such as those related to the supply chains or conflict minerals. It is also differentiating more reliable numbers, such as factory-emitted gasses, from more judgmental ones such as employee generated community-service hours.
- “And one I’m curious about that has come up in our audit plan discussions for 2021 is some of the [ESG-related] funds we’ve created,” he said, noting a $100 million diversity-initiative fund. “We haven’t done that type of audit yet, but have others?” he asked, receiving no responses.
Sustaining ESG measures. Should IA take on establishing criteria for ESG programs and how to measure them, it will also be held accountable for ensuring their sustainability, since their performance inevitably will be compared year over year. One member said her team is in discussions about how to do that operationally and is talking to investors to gauge what they look for.
- “We’re treading lightly to make sure we don’t get into something and then it disappears in our next disclosure,” she said.