It is important to be aware of the changes taking place around ESG reporting. The USA and UK are currently working on laws for sound ESG reporting and governance, and various standard-setting bodies are also working on reporting frameworks to assist with the burden of environmental, social and governance (ESG) reporting.
ESG LANDSCAPE CHANGES
Although South Africa may not be at the forefront of ESG reporting in terms of developing laws and regulations, on 14 June 2022 the JSE launched its own set of voluntary Sustainability Disclosure and Climate Disclosure Guidance documents, which combine relevant global standards on sustainability and climate change to suit the South African context.
As the ESG landscape changes, internal auditors, chief legal officers, CFOs, risk officers and organisations’ boards of directors must closely monitor the latest developments to ensure they are aligning their corporate purpose with their business strategy, as well as identifying and mitigating potential risks. There is an opportunity for internal auditors to assist organisations with regard to transparent, efficient and reliable reporting on ESG.
The Securities and Exchange Commission (SEC) in the US has proposed new climate-related disclosure requirements for public companies. In March 2022, with the ‘issuer rule’, the SEC proposed rule amendments that would require public companies to provide certain climate-related financial data and greenhouse gas emissions insights as a part of public disclosure. In accordance with the rule companies would have to disclose emissions they are directly responsible for as well as emissions from their supply chains and products.
Then, in May 2022, with the ‘investor rule’, the SEC proposed the refining of ESG-related fund-naming requirements to avoid misleading investors.
A wide range of frameworks or matrixes are currently being used, and some economic markets seek to regulate the ESG reporting matrix. This will require policies and procedures to ensure that data reported by the organisation in the annual financial statements (AFS) is accurate, complete and reliable.
The question is how to go about reporting on ESG and ensure that what is reported is accurate, reliable and complete – in other words SMART (specific, measurable, achievable, relevant and time-bound). ESG reporting is about disclosing the impact of your organisation on the people, environment and economy. Data sufficiency challenges creates an assurance challenge for business, which is an opportunity that can be closed by internal auditors.
Because ESG is part of risk management and affects the organisation as whole, there is a need for internal auditors to be incorporated as part of the sustainability reporting is. Locally, Integrated Reporting & Assurance Services (IRAS) has been doing ESG assurance since 2013 and releases a sustainability data transparency index annually. The index indicates that the percentage of JSE-listed companies that have obtained independent third-party assurance over their ESG/sustainability information has only increased from 17,22% to 19,57%, which is a low increase in the number of listed companies that are currently working on complying with ESG reporting requirements.
The role of internal audit teams in ESG strategy lies in governance and teams’ ability to perform testing of internal controls to ensure accuracy in ESG information and integrity in ESG data disclosure and reporting.
The internal audit function must be independent from the ESG governing body and management. This will enable the internal audit function to provide additional assurance that the data collected about ESG and related controls are reliable and also allow the internal audit function to critically analyse the data presented and reported by management in the annual report. It is also important for the various organisational structures responsible for ESG data to interact regularly.
The ESG team, internal auditors and risk officer should work together in providing credible information to be reported to external users. Building on what is currently being done by different business units of the organisation will ensure efficiency and cost-effectiveness.
The internal auditors’ audit strategy needs to consider the following:
- How can the internal audit team improve assurance by working with external auditors?
- The integration of internal audit function in different structures, systems and process for decision-making and reporting.
- Testing of the controls in place to ensure that data is collected, analysed and reported in a reliable manner.
- Does the organisation have policies and processes in place that monitor, review, evaluate and report on ESG-related commitments?
- How can internal auditors influence an organisation to include sustainability reporting as part of the daily operational daily activities of the organisation?
The internal audit function should be seen as a trusted advisor with the responsibility of highlighting emerging risks. This will result in the most effective pathway to influence a positive outcome in a company’s ESG operations.
Internal audit should assist organisations with the ESG process by providing assurance on whether data the (quantitative and qualitative) being reported is accurate, relevant, complete and timely.
In providing assurance on ESG reporting the internal auditors should include the following as part of its mandate / operating tasks: review reporting metrics for relevancy, accuracy, timeliness and consistency; and review reporting for consistency with formal financial disclosure filings.
ESG is an enterprise-wide responsibility. By incorporating the internal audit function in the process it will ensure independence and objectivity considered when considering the different reporting framework and intended massage that the entity wishes to convey to its users of the information to be reported on.
ESG corporate reporting can be used by stakeholders to assess the material sustainability-related risks and opportunities relevant to an organisation. Investors can use ESG data beyond assessing material risks to the organisation in their evaluation of enterprise value, specifically by designing models based on assumptions that the identification, assessment and management of sustainability-related risks and opportunities in respect of all organisational stakeholders leads to higher long-term risk-adjusted return. This is why the role of internal audit in ESG reporting is important.
Angel Sithole CA(SA), SAICA Project Director: Assurance