Keeping up with ESG can be a daunting task. It’s a fast-moving topic with information coming at us from all directions. This can leave us wondering whether we are focusing on the right things to stay informed and prepared.
There remains a proliferation of standards and frameworks without cast-iron agreement on definitions. There are unregulated ESG rating agencies making assessments using different criteria and all this is taking place within an evolving regulatory framework. No wonder many of us are busy trying to understand what it all means for our business and compliance risks.
Yet, despite the challenges accurate ESG reporting may present, now is the time for organisations to step up. According to a recent global PwC report, 44% of investors say that tackling climate change should be a top-five priority for companies, while 78% of investors believe that greenwashing is prevalent in corporate reporting.
As internal auditors, we can help senior leadership focus on what is important. This article offers some practical advice for getting up to speed on recent developments and upcoming requirements, as well as key ESG resources for internal auditors.
The UK ESG Regulatory Framework: Recent Developments and Upcoming Requirements
The UK is certainly at the forefront of ESG although the approach taken has created a somewhat fragmentary framework comprising multiple standalone regulations and laws, many of which draw on EU directives. The most important ones to be aware of are:
- UK Corporate Governance Code 2018.
- Designed to help restore trust through greater transparency, the Code provides investors with information about how governance contributes to managing environmental and social impacts.
- Companies Act 2006 (directors’ duties).
- A company must report how it is managing environmental and social performance with a focus that includes civil rights, waste management, sustainability, and gender diversity.
- Disclosure Guidance and Transparency Rules.
- New climate-related disclosures for asset owners and asset managers with a schedule for requirements being introduced according to company size (largest first).
Responsibility for compliance rests principally with the board although in many cases this is delegated to individuals or committees and in some instances is even outsourced. However, companies should be aware that although these requirements are often issued on a “comply or explain” basis, regulators are ready to enforce the provisions. For example, the Environmental Regulators have issued 1000 penalties since 2010 and imposed fines totalling £350m.
Two important recent developments are worthy of attention:
- Disclosures derived from TCFD recommendations will be mandated for more than 1,300 of the largest UK-registered companies and financial institutions. These include many of the UK’s largest traded companies, banks, and insurers, with large private companies caught by new rules as well.
- The International Sustainability Standards Board (ISSB) exposure drafts released in March 2022 for requirements for climate and general ESG reporting are expected to become part of UK law by 2024 or 2025. The move toward convergence will be welcomed by everyone. The proliferation of different standards has long been an obstacle to wider adoption. Now we have seen concrete proposals that will likely be quickly adopted in the EU and the UK. While final details and timelines have yet to be confirmed, this move will be a major accelerator.
In terms of what is coming next, we should expect there to be continued uncertainty coupled with rapid evolution. Recent political changes have delayed the long-anticipated change of regulator as ARGA takes over from the FRC and no firm date has been announced.
What we do know is that starting in 2023, ESG reporting in the UK will be further formalized via Sustainability Disclosure Requirements designed to keep companies accountable. In particular, this provides a framework for companies to help them manage sustainability-related threats, opportunities, and impacts, and to set relevant metrics and targets. One key aspect will be the UK Green Taxonomy, which will help determine whether an activity can be classified as “green” or not. We anticipate it will continue to evolve, becoming full mandatory disclosures by 2025.
ESG Resources for Internal Audit
The good news is there are some excellent ESG resources to help internal auditors add real value.
New guidance from The IIA focuses on both the assurance and advisory roles. For assurance, internal auditors can conduct materiality or risk assessments on ESG reporting and incorporate ESG into their plans. For advice, auditors can support the development of the ESG control environment, recommending relevant metrics and advising on appropriate structures and processes for governance.
AuditBoard’s Step-by-Step Guide to Building Your ESG Program shares leading practices to help you create a coherent programme aligned with your organisation’s priorities and risks, including:
- Understand which ESG topics and metrics are important to your organisation.
- Select frameworks, if needed.
- Collect ESG data needed to report against selected frameworks.
- Analyze data, identify initiatives, and set goals.
- Audit data and publish reports and disclosures.
- Operationalise programme, initiatives, goals, and action plans.
- Continue to monitor progress and update reporting.
There is also guidance from AuditBoard and Deloitte on How to Audit ESG Risk and Reporting that breaks down common approaches to integrating ESG risk and reporting in internal audit plans, as well as key questions to ask for a risk-based approach to auditing ESG.
Whatever stage your organisation is at on its ESG journey, there is plenty internal audit can do to smooth the way.
Aaron Wright is a Director of Product Solutions, UK&I at AuditBoard. Before joining AuditBoard, Aaron was an Internal IT Audit Advisor at Cardinal Health, where he managed a risk-based audit plan and led internal audit projects focused on infrastructure, cybersecurity, and applications. Connect with Aaron on LinkedIn.
Claire Feeney is a Senior Product Marketing Manager at AuditBoard focused on ESG and RiskOversight. In her role, she helps support organizations in transforming their enterprise risk management and sustainability programs. Prior to joining AuditBoard, Claire worked in product marketing at OneTrust, VMware, and Infor. Connect with Claire on LinkedIn.