There is increased pressure on organisations to feature environmental, social and governance aspects (“ESG”) in their strategies and objectives, to manage ESG-related risks and to report ESG matters in a transparent manner. Although regulation is still evolving and not all companies are directly impacted by ESG obligatory disclosure rules, there is a general expectation for companies to commit themselves to the relevant ESG efforts. Rightly so, companies want to be ahead of the curve on ESG, particularly from a governance perspective and how they are responding to ESG aspects. Failure to do so may pose reputational, financial, regulatory and other risks.
Whilst there is no doubt that it is time for companies to invest in their ESG strategies, it is equally important that such strategies are executed in a structured manner. Firstly, companies need to carry out an ESG gap analysis to obtain an understanding of existing efforts that fall under the ESG framework. This would subsequently enable them to consider additional factors as part of the ESG risk assessment for the future-state operating model and develop a practical transformation roadmap and supporting plan to achieve its objectives in an efficient and structured manner. This also provides the platform to those charged with governance and executive teams to obtain a clear understanding of ESG implications and the manner with which ESG dovetails with the organisation, allowing for the appropriate level of challenge and Board oversight.
As the third line within organisations, the Internal Auditor is well-positioned to support companies in their ESG efforts in providing objective insights, assurance and advice and can play an integral part to their ESG response. The Institute of Internal Auditors (“IIA”) in its White Paper published in 2021 ‘Internal Audit’s Role in ESG Reporting’, also noted that “Internal audit can and should play a significant role in an organisation’s ESG journey. It can add value in an advisory capacity by helping to identify and establish a functional ESG control environment. It also can offer critical assurance support by providing an independent and objective review of the effectiveness of ESG risk assessments, responses, and controls. Additionally, internal audit functions that operate in conformance with the IIA’s globally recognized standards are well-positioned to help their organizations apply established, credible internal control frameworks to their ESG efforts.”
In fact, support from the Internal Auditor can take various forms, including:
- Incorporating ESG in internal audit plans based on the ESG risks identified in the Risk Registers. The Internal Auditor can either perform ESG-specific Internal Audit cycles focusing on the key ESG risks identified by the company and the procedures and controls in place to address such risks or adopt an integrated approach and assess ESG risk areas across the various internal audit cycles of the company such as, Governance and Culture, Strategy, Risk Management, Compliance, Human Resources, Information Technology and others.
- Assisting with the identification of ESG risks, related severity through likelihood and impact and the development of risk mitigation procedures and specific ESG internal controls to reduce such risks to a level that conforms to the risk appetite.
- Providing insights into reporting metrics that adequately reflect ESG efforts within the company and provide guidance on ESG governance, having regard to evolving guidance and pronouncements being issued by Regulators in this respect.
- Providing assurance on reporting for relevance, accuracy, timeliness and consistency, in ensuring that ESG reports accurately depict ESG efforts.
Internal Audit can play a pivotal role in this exciting ESG journey to support those charged with governance in embracing ESG principles within the company’s strategy and related initiatives. This would well-position companies in their respective markets and, in turn, instil trust among investors, the wider public and other stakeholders. ESG efforts need to be clearly outlined in assessing whether there is:
- A clear view on ESG risks
- A culture to support ESG initiatives
- Robust metrics in place such as Key Performance and Key Risk Indicators linked to the company’s ESG strategy to measure and monitor ESG activities
- The foundation for ESG reporting
Now is really the time to back up thoughts and strategies with concrete measurable actions that facilitate the transformation of a company into a sustainable one. Understanding ESG risks and opportunities across the company and throughout the life cycle of business transactions while applying a practical approach are critical elements of an ESG strategy. There is also a clear ask and interest from the market to understand the regulatory trends that are shaping the ESG landscape, the challenges and common issues that are being faced and how these can be addressed.
KPMG considers ESG as a global priority. We are committed to bringing together the passion, expertise and knowledge of our people to support clients across different sectors, wherever they are in their ESG journey, for a more sustainable and resilient future.
Connect with us
Director, Insurance Advisory Services
KPMG in Malta
Director, Advisory Services
KPMG in Malta