Environment, Social, and Governance (ESG) reporting has emerged in recent years as an area of attention and progress in the public disclosure landscape. ESG committees have arisen to assess risks to a company’s operations related to environmental, social, and governance issues.
ESG encompasses a wide range of issues, from environmental risks like climate change, to social risks related to diversity, equity, and inclusion (DEI), to social responsibility in investing and production, to governance risks related to executive pay and financial reporting. These risks, however, are also opportunities for growth — to become the ethical, inclusive, and sustainable companies that not only manage risk, but proactively increase their stakeholders’ quality of life.
Currently, international standards for ESG disclosures vary, and in the U.S., they’re not yet required. However, almost all of the S&P 500 publish ESG reports that compare their companies’ ESG performance against their goals. With regulatory bodies paying special attention to ESG disclosures and against rising suspicions about greenwashing, the impetus is on companies to provide reasonable assurance they are disclosing accurate and verified ESG information.
An ESG audit supports an organization’s ESG disclosures, substantiates the accuracy of any ESG data your organization discloses, and informs stakeholders and leadership if reporting standards are not upheld, or a company’s ESG efforts are missing the mark.
What Is an ESG Audit?
An ESG audit is an assessment of the risks an organization faces related to environmental, social, and governance domains, and can provide a level of assurance over the integrity of a company’s ESG statements. Without a formal ESG audit, it can be hard to obtain even limited assurance over the validity of ESG reporting. ESG audits can be internal or external. KPMG, LLP predicts that third-party auditors and specialists who are well-versed in ESG assessments will become increasingly important for companies who wish to assure their stakeholders their ESG claims are accurate.
Meanwhile, Deloitte notes, internal audit’s “role includes validating the effectiveness of ESG-related controls and activities to help organizations manage those risks and foster resilience.”
Both internal and external audit functions play a role in ESG assurance.
During an ESG audit, companies should prepare to be asked questions about their ESG-related business processes, what reporting frameworks they use (if any), and how they obtain, analyze, and report on their ESG data. They may need to provide evidence or artifacts for audit processes and validation. Auditors may also offer recommendations on addressing gaps, improving internal controls, and benchmarking.
An ESG audit will likely align with other dimensions of your risk management plan, financial statements, and compliance requirements, and can prepare you to file reports with regulatory agencies. It’s important to note that ESG disclosures are used by investors to make informed financial decisions, and by other external stakeholders to understand an organization’s environmental, social, and corporate governance positioning. The format and method for reporting on ESG topics should take the target audience into account.
What Is an ESG Risk?
ESG risks are exactly what the acronym lists – environmental, social, and governance risks. While some argue that the “G” in ESG should be considered separately, these three risk categories are interdependent. We may well see the acronym for ESG evolve in the future, but the SEC’s move to prioritize climate-related disclosures may be a precursor to regulations that codify ESG reporting into law. Most ESG specialists see governance issues, which include board quality and executive pay transparency, as important to managing both environmental and social risk.
Here’s a bit more detail about each category:
Environmental risk includes potential for pollution of the air, water, or soil due to production or distribution of goods, climate risk, carbon footprint, greenhouse gas emissions, and energy use.
Social risk includes risk to the well-being, reputation, or privacy of one’s customers, employees, or suppliers, including accessibility in the design and distribution of goods, employee welfare, human capital, and issues related to diversity, equity, and inclusion (DEI).
Governance risk includes issues related to financial reporting, fraud prevention, executive pay, and organization of the company.
The types of risks that fall into each category are broad as yet, with countries and standards bodies looking to create taxonomies that define which economic activities are eligible for ESG reporting.
Next blog: What are the Top Four ESG Issues in 2023?
Spencer-SHE has been providing Safety, Health, and Environmental Compliance Guidance since 1980. We embrace the principles of ESG and can assist with risk analysis and reporting.
Contact us here to help you to develop and maintain a safe and healthy workforce.