Investors increasingly rank environmental, social and governance issues among their top priorities for companies.
For example, in the "Global Investor Survey 2022" from professional services firm PwC, effective corporate governance ranked fourth on a list of 10 priorities, at 49%, while reducing greenhouse gas emissions was fifth at 44%. Admittedly, both were far behind developing innovative products, services and ways of operating (89%) and profitable financial performance (69%), but other top-10 priorities speak to investor interest in ESG, including minimizing impact on nature and biodiversity; protecting worker health and safety; and improving workforce and executive diversity, equity and inclusion.
Despite the attention paid to ESG topics, investors say they aren't seeing effective action on ESG or adequate information about corporate ESG scores. The PwC report called on companies to "raise their game."
One way to do that, according to experts, is through an ESG audit.
What is an ESG audit?
Companies generally undertake an ESG materiality assessment to identify and prioritize issues that are most critical -- or material -- to their operations, products and services. Then, they determine how to quantify these ESG risks, opportunities and impacts, as well as how to report their findings.
Companies can use an ESG audit to verify that the risks, opportunities and impacts, as well as how they're measured and reported, are accurate and aligned with accepted standards -- a process commonly known as ESG assurance.
"An [auditor] comes in and looks at controls over the information being disseminated, tests those controls and opines on it," said Joe Holman, principal and practice leader for ESG services at Withum, an advisory and accounting firm.
Holman and others said the ESG audit essentially mirrors the financial audit, a longstanding business practice in which auditors review financial data, business records and controls to validate that financial statements prepared by the business are accurate and complete as defined by international accounting and financial reporting standards.
Why are ESG audits important for organizations?
According to a 2022 survey by Morning Consult commissioned by IBM, 60% of global business leaders said their companies plan to increase or prioritize spending toward ESG goals in 2023 -- up slightly from 57% the prior year.
ESG reporting, however, remains an evolving discipline, and the regulatory requirements are limited. When and how companies report ESG information is mostly voluntary, and what to include in ESG disclosures is determined by the individual enterprise.
The "2022 Global ESG Survey: Top Opportunities and Challenges of ESG Reporting" from Workiva, a maker of reporting software, highlighted the current state of ESG reporting. The survey found that 58% of responding companies only started formally reporting ESG data in the past three years, while 14% have yet to release a formal report.
ESG reporting frameworks are available to guide organizations, but the survey found that most executives still face challenges in reporting. In fact, 63% of decision-makers said they felt unprepared to meet their ESG goals and government reporting mandates.
The levels of assurance that auditors offer for ESG audits reflect those findings.
Ami Beers, senior director of assurance and the advisory innovation team at the Association of International Certified Professional Accountants & Chartered Institute of Management Accountants, an association of CPAs, said her organization's research has found that 80% of the ESG audits done today end with a "limited assurance" in the ESG reporting versus the higher-level "reasonable assurance."
Beers explained that limited assurance is similar to a review, while reasonable assurance is more equivalent to an endorsement of the information in financial statements.
Still, ESG experts and auditors said there are strong incentives for organizations to seek an ESG audit. The process can confirm that they accurately understand, track, measure and report on the ESG issues that are most material to their operations, performance and objectives.
"It's making sure the ESG topics that you report align with your enterprise risk management program and that they integrate with your overall company strategy," said Dennis McGowan, vice president of professional practice and anti-fraud initiatives at the Center for Audit Quality.
ESG audits also confirm for organizations that they're collecting and measuring the right data for the ESG risks and objectives they've identified. Furthermore, audits can demonstrate to external stakeholders -- investors, customers, regulators and others -- that the data collection, measurement, analytics and reporting practices of an ESG program meet certain standards.
The Workiva survey also addressed the benefits of ESG reporting, with just over two-thirds of respondents reporting that it did the following:
- Generated a positive impact across customer retention and recruitment.
- Produced cost savings.
- Reduced long-term risk.
- Improved employee morale.
- Boosted investor and stakeholder relationships.
- Helped employee recruitment efforts.
An ESG audit not only helps organizations gain more visibility into their ability to manage ESG issues, but also provides insights into stakeholders' views and issues in the supply chain and among business partners.
Who conducts an ESG audit?
Corporate executives often conduct an ESG materiality assessment on their own or in conjunction with consultants. It is also common for them to conduct their own audit of the ESG-related information the organization gathers, analyzes and reports.
The Workiva survey found that ESG reporting and strategy are led most often by the ESG or chief sustainability officer or by operations and facilities (both at 35%), while finance follows at 30% and HR at 28%. Investor relations, marketing and communications, procurement and legal and compliance also play significant roles in ESG activities.
However, like with financial audits, organizations looking to demonstrate that their information gathering, measurement and reporting practices meet industry standards can bring in accounting firms or CPAs that specialize in auditing and offer ESG assurance services.
IT's role in ESG audits
Although CIOs typically don't lead ESG reporting, they play an essential role in ESG initiatives and the audit process in particular. Besides collaborating with their C-suite colleagues to identify ESG issues, risks and opportunities, CIOs are the enterprise leaders most capable of doing the following, according to experts:
- Identifying the enterprise systems that collect the data required for an ESG audit.
- Determining whether new systems are required to support ESG reporting requirements.
- Leading efforts to ensure the data required for an audit is accurate and can be validated as accurate through strong governance practices.
Checklist of key steps for an ESG audit
Choosing ESG objectives, performing an ESG materiality assessment and undergoing an ESG audit require the involvement of numerous executives and departments in an organization. It's a multistep process. Key steps include the following:
- Complete an ESG materiality assessment to identify, understand and prioritize the issues that create the most critical risks and opportunities that impact the organization's operations and performance.
- Determine which framework or standards the enterprise will use for ESG assessment, reporting and auditing. "All that will impact the audit because what's material to the company is what will be audited," Beers said.
- Detail the metrics needed for reporting the organization's ESG risks and strategy, including metrics required by regulators and stakeholders.
- Implement effective controls to ensure that the data used to measure and report on ESG issues is accurate and complete and that its accuracy and completeness are documented and can be demonstrated to auditors. "Establish really good governance over the reporting of that information," McGowan advised.
- Implement board oversight of the information being reported, given the attention ESG information is getting from investors and regulators. "Board oversight brings rigor and discipline," McGowan said.
- Perform an audit readiness assessment to review processes, procedures and governance to ensure they're being followed and to test controls.