No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Internal Audit

Why ESG Programs Should Make Internal Audit an Ally

The current ESG environment demands collective attention across lines of defense

by Kapish Vanvaria
November 30, 2022
in Internal Audit, Opinion
joining forces

Recent research shows internal audit functions are rarely involved in setting strategy for ESG or even in reviewing how goals are tracked and monitored. EY’s Kapish Vanvaria argues that ESG leaders should make friends with their internal audit colleagues — for everyone’s sake.

Companies are wrestling with the most urgent and complex issues our world faces today — environmental, social and governance (ESG). Internal audit (IA), internal controls (IC) and risk management should be at the hub, navigating the evolving regulatory requirements. At the same time, companies must meet the rapidly changing expectations of consumers, shareholders, employees and regulators — and show that they are a force multiplier for positive societal and environmental impact. 

Managing ESG risks requires organizations to take a connected risk approach, while working closely with the third line of defense to assess specific key ESG controls.

Although most companies involve IA in some way with their ESG initiatives, a recent national survey also found that less than 30% of chief audit executives (CAEs) report that they are involved in one or more of the following: 

  • Providing advice on setting up ESG program goals and metrics
  • Reviewing how the ESG goals and metrics are tracked and monitored
  • Reviewing the implementation of the ESG program and related policy documents
  • Reviewing the accuracy of the ESG reports provided to stakeholders

IA’s involvement in these activities needs to increase as ESG risk strategy becomes a business imperative. Looking across today’s landscape, the survey shows:

  • 54% of companies have ESG reporting measures in place.
  • 52% of companies have an ESG strategy.
  • 49% of companies have established ESG goals and targets.
  • 24% of companies don’t have an ESG program, but plan to implement one.

ESG-related requirements are driven from the top down, and their corporate ESG programs are diverse, with the most frequently included being diversity, equity and inclusion (66%) and environmental, health and safety (58%). Only 38% included climate risk — perhaps the most material across the ESG spectrum. 

To navigate those challenges at speed, IA, IC and risk management need a dynamic capability that can provide timely information to avert or mitigate risks, embrace flexible people models that give businesses access to new skills and de-risk transformation programs. Those that embrace digital can gain a bird’s-eye view of information that may be invaluable to the business.  


ron desantis
Governance

Federal ESG Rulemaking Appears Set to Trigger Clashes With State Laws

by John Peiserich
November 16, 2022

As federal rulemakers continue to shape guidance around ESG, corporate leaders have eagerly awaited the hint of clarity the rules are expected to bring. Too bad there’s the small matter of state lawmakers. ESG columnist John Peiserich sets the stage for the upcoming clash between federal and state rules.

Read moreDetails


As employing an ESG strategy becomes the norm, IA teams can, and should, help establish risk management programs; identify what the company needs to do to accurately identify and quantify environmental-related risks; track the organization’s progress to mitigate those risks, including appropriate escalations in real time when the organization is falling behind; and design a reporting system to update stakeholders on that progress. 

As the second line of defense, risk management teams have much to gain from actively cultivating an alliance with IA, the third line. Why isn’t this happening? According to the survey, the obstacles to IA involvement most frequently include:

  • Data to support ESG engagements is minimal or not readily available. 
  • ESG is not considered a priority in annual audit planning.
  • ESG is not part of the organization’s culture.
  • ESG is not included in enterprise risk management efforts.
  • The IA function doesn’t have the resources to support involvement.

Additionally, many organizations still use informal processes and manual data collection for key ESG metrics, which will need to be enhanced as it comes under scrutiny in the market and from regulators. Fifty-four percent of CAEs provide some type of ESG reporting. That most often takes the form of a sustainability report. Only 25% include ESG metrics in their annual report.  

When all three lines of defense work together with strong communication, an understanding of their shared ESG objectives and access to verifiable data, the whole organization benefits.

Four reasons why you should engage risk management in your ESG strategy 

They read the fine print

Risk managers can help make sure your ESG strategy is aligned with the definitions, targets and evolving policy requirements of various external regulatory bodies and accrediting organizations. They can also assess whether your business units are operationalizing your strategy and, ultimately, meeting the requirements as defined both by your organization and those outside of it. Risk managers can be instrumental in evaluating whether environmental-related risk mitigation programs have been implemented and are operating effectively. 

They understand adoption and know how to measure it

Claiming organization-wide adherence to changing ESG rules, policies, regulations and expectations is a major success metric for the C-suite. Risk managers and internal auditors can help establish the controls, tracking functions and analyses necessary to establish trust and reliability in the risk and value quantification.

They bring validity

The IA function is understood as the last frontier for company data, so IA professionals add the depth and confidence to build stakeholder and investor trust in your ESG strategy and risk mitigation plans by helping the organization build confidence in the data used to measure risk and progress. 

They affirm a single source of truth

Because the first line of defense is often working across decentralized functions, it can be challenging for an organization to maintain a shared ESG strategy. Risk managers can help connect functions to enable communication and define ESG measures so that they are properly reported from valid data sources, quantified metrics or defined estimating methodologies.

Every organization, regardless of its size or industry, will feel the impact of the environmental, market and societal forces advancing sustainability. Companies that fail to adapt may suffer reputational damage and an investor backlash, including the loss of access to capital investment and commercial opportunities with sustainability-conscious stakeholders. But those that proactively manage ESG risks and opportunities, in concert with risk management, can create a sustainable long-term impact and financial value for all stakeholders. 

Call it an opportunity to reimagine the way you do business and its role in your community, your industry and the world.


Tags: ESGInternal Controls
Previous Post

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

Next Post

Compliance Lessons From the World Series

Kapish Vanvaria

Kapish Vanvaria

Kapish Vanvaria is risk markets leader at Ernst & Young. He brings cross-industry expertise across financial services, health & consumer products and technology, media & entertainment and telecommunications. Kapish has deep experience in internal audit, cybersecurity, compliance, third party risk, technology implementations and automation/analytics.

Related Posts

green sprint racers on a track

‘Green Sprint’ Your Way Past ESG Backlash

by Marga Hoek
May 21, 2025

As ESG programs face growing critique, organizations need practical approaches that deliver measurable results. Business sustainability expert Marga Hoek introduces...

eu flags brussels

EU’s Regulatory Retreat? The Omnibus Package’s Impact on Sustainability Reporting

by Jon Solorzano, Kelly Rondinelli and Jacob Baltzegar
April 28, 2025

Extended timelines and reduced requirements offer relief as substantial reforms remain under consideration

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

tree cover

Sustainability Belongs Everywhere

by Alekhya Reddy
April 2, 2025

Climate-related compliance extends beyond reporting mandates to address strategic business continuity challenges

Next Post
Fox_World Series_fnew

Compliance Lessons From the World Series

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights