ESG Audit Checklist and Best Practices for 2022

Emily Villanueva headshot
Emily Villanueva
ESG Audit Checklist and Best Practices for 2022

Environment, Social, and Governance (ESG) is a framework for assessing risks to a company’s operations related to large-scale, long-term environmental, social, and governance issues. ESG covers a wide range of issues, from environmental threats like climate change, to social issues related to diversity, equity, and inclusion, to social responsibility in investing and production, to governance issues related to executive pay and financial reporting. These risks, however, are also opportunities for growth – to become the ethical, inclusive, and sustainable workplaces that not only manage risk, but proactively increase their stakeholders’ quality of life. An ESG audit will also substantiate the accuracy of any ESG-related data your organization discloses to employees, stakeholders, and regulatory entities. Read on to learn more about what an ESG audit entails, and download our preliminary ESG audit checklist below. 

What Is an ESG Audit?

An ESG audit is an assessment of the risks an organization faces related to environmental, social, and governance domains. ESG audits can be internal or external; KPMG suggests that third-party auditors and assurance specialists who are well-versed in ESG assessments will become increasingly important for companies who wish to assure their stakeholders that their ESG claims are accurate. An ESG audit will likely align with other dimensions of your risk management plan and compliance requirements, as well, and can prepare you to file reports with regulatory agencies. As Deloitte notes, internal audit’s “role includes validating the effectiveness of ESG-related controls and activities to help organizations manage those risks and foster resilience.”

What Is an ESG Risk?

ESG risks are exactly what the acronym lists – environmental, social, and governance risks. While some argue that the “G” in ESG should be considered separately, these three risk categories are interdependent. We may well see the acronym for ESG evolve in the future, but the SEC’s move to prioritize climate-related disclosures may be a precursor to regulations that codify ESG to law. Most ESG specialists see governance issues, which include board quality and executive pay transparency, as important to managing both environmental and social risk. Here’s a bit more detail about each category: 

  1. Environmental risk includes potential for pollution of the air, water, or soil due to production or distribution of goods, climate impact, carbon footprint, and energy use. 
  2. Social risk includes risk to the well-being, reputation, or privacy of one’s customers, employees, or supply providers, including accessibility in the design and distribution of goods, employee welfare, human capital, and issues related to diversity, equity, and inclusion (DEI). 
  3. Governance risk includes issues related to financial reporting, fraud prevention, executive pay, and organization of the company. 

Top Four ESG Issues in 2022

ESG is a hot topic and the top ESG issues in 2022 include the following four categories: 

#1: Climate Change and Sustainability 

Climate issues pervade corporate operations, from the sustainability of production choices and mining of raw materials to companies’ investments. Climate change is one of the biggest concerns for consumers, especially Gen Z. And the SEC is concerned as well – when the U.S. Securities and Exchange Commission solicited public input early in 2022, 75% of 550 individual responses supported mandatory climate disclosures in financial reporting. Sustainability audits are often separate from ESG audits, but they overlap significantly – the main difference is that sustainability audits are often internal and organizations are left to create their own definitions, while ESG frameworks are more specific and standardized. 

#2: Diversity, Equity, and Inclusion 

DEI initiatives have gained momentum in recent years, along with an increasing consumer focus on the social responsibility of the companies they support. Companies are increasingly held accountable for their actions to attract, recruit, and retain employees from diverse backgrounds. There have also been imperatives for transparency in pay structures to expose pay gaps, and a push for human resources and internal communications specialists to explicitly address how systemic inequality impacts hiring decisions and the employment history of industries. Stakeholders have increasing concerns that the organizations they support and work for are socially responsible both internally and externally. 

#3: Supply Chain Issues 

In 2022, supply chain issues became part of the daily news in ways we have rarely seen, with impacts rippling across industries. Supply chain issues not only halt the rotation and manufacturing of goods for consumers, they also impact those working in production facilities and transportation. A good ESG audit will help to predict the relationship between future catastrophes — natural or human-made — and supply chain problems. 

#4: International Conflict

Whether stakeholders are concerned about the volatility of war or human-rights issues in various parts of the world, international conflict can exacerbate markets and make stakeholders wary of investing in a company’s assets. ESG auditing will examine risks related to expansion into international markets, either through business acquisitions or outsourcing. Europe- and US-based companies have faced pressure to pull their business operations out of Russia in light of the war in Ukraine, for example. ESG audits consider the risks of running business operations in parts of the world that could become volatile. 

ESG Audit Checklist

ESG audits are dependent on the maturity of the organization putting them into practice, the type of product manufactured or service rendered, and the social context of your organization. An ESG audit will help to determine the specific moves your company needs to take to shut down risks and capture opportunities most relevant to its goals. An ESG audit will also verify the accuracy of your ESG-related disclosures. Download our ESG Audit Checklist are some best practices to help you identify ESG risks and establish ESG controls. 

#1: Inventory and Interview Your Stakeholders

Preparation for an ESG audit includes informing stakeholders and getting a grasp of what they care about. For example, say your company is interested in branching into NFTs, but your employees and customers are concerned about the energy expenditure. In collecting and analyzing stakeholder perspectives, your organization will be better informed about ESG risks, as well as the potential benefits and detriments of your company’s investment decisions. 

#2: Incorporate ESG Into Your Overarching Risk Management Plan

As you develop or revise your organization’s risk management plan, you’ll want to consider how ESG risks and opportunities intersect with other types of risks. Take stock of your risks and opportunities and use your stakeholders’ answers to help you keep track of ESG risks that may not have shown up in your initial drafting; a report from Deloitte Ireland promotes full integration of ESG into risk management plans, concluding that “future developments in regulation, an increase in ESG expertise in the industry and resulting improvements in available data should lead to the ongoing maturity of firm’s ESG risk management capabilities.”

#3: Determine Which Compliance Requirements Overlap With ESG

Depending on the scope and maturity of your company, you will likely already have numerous compliance requirements related to ESG. For example, if your company is seeking compliance with Sarbanes-Oxley (SOX), you’ll already have a plan for financial reporting in place and will already be reporting to the SEC; integrating climate-related disclosures into that report will save you time and energy. The International Organization for Standardization (ISO) also has numerous ESG-related standards, like ISO 14001 for Environmental Management Systems and ISO 45001 for Occupational Health and Safety, which provide strategies for protecting the environment and human capital. ISO recently created a committee (ISO/TC 322) to focus solely on ESG in the coming years. 

#4 Choose Your ESG Guidance Frameworks

Whether you’re doing an internal audit or selecting a third-party auditor to evaluate your ESG risks, you will need to choose one or more ESG frameworks that work well for your company and its goals. Two of the most popular frameworks are put out by the Sustainability Accounting Standards Board (SASB) and the Task Force on Climate-Related Financial Disclosures (TCFD), with the Global Reporting Initiative (GRI) coming up as a close third. SASB provides broader sector-specific guidelines on a range of ESG risks, while TCFD is more specifically geared towards climate issues. The framework you choose should fit your specific industry and align with your overarching risk management strategy.

#5: Prepare for ESG Reporting 

ESG reporting may already be familiar to your organization since the SEC requires that publicly-traded companies submit annual reports on human capital resources (HCR). The SEC is in the process of implementing stronger regulations regarding climate-related disclosures in financial reporting. Companies should expect ESG reporting to become increasingly complex in the future. Your ESG audit should include a plan for reporting your ESG risks and strategies to your stakeholders and any regulatory entities. Those reports, in turn, will substantiate that the data you are reporting is accurate, complete, and transparent and that your company’s core values and commitments are authentic. 

Overcoming Top ESG Program Challenges

Whether you are driven by your company’s core values or you aim to streamline reporting to the SEC, your ESG strategy should be well aligned with your risk management plan and designed to take the best advantage of your sector’s opportunities for growth. Leading organizations have found that their biggest challenges with managing an effective ESG program include:

  • Centralizing all ESG initiatives, claims, and metrics in one system of record.
  • Evidence collection to substantiate the organization’s progress towards those public claims and metrics.
  • Mapping ESG metrics relevant framework(s) such as SASB, TCFD, and GRI.
  • Aggregating data from disparate systems such as carbon emission calculators, HR systems, and Finance systems to improve auditability.
  • Responding to Rating Agency questionnaires (MSCI, S&P Global, CDP, ISS). 
  • Consolidating results for ESG reporting purposes, whether into stand-alone ESG reports or as part of broader annual disclosures.

If your organization is looking to start or accelerate your ESG journey, implementing connected risk management software can help your organization get on the right footing going forward to manage and track the ESG life cycle from end to end.

Emily Villanueva

Emily Villanueva, MBA, is a Senior Manager of Product Solutions at AuditBoard. Emily joined AuditBoard from Grant Thornton, where she provided consulting services specializing in SOX compliance, internal audit, and risk management. She also spent 5 years in the insurance industry specializing in SOX/ICFR, internal audits, and operational compliance. Connect with Emily on LinkedIn.

Related Articles