Skip to Content

On the Frontlines: Acting on ESG Risk

Blogs Jeffrey Ridley, PHD, CIA, FIIA, FCG Jun 15, 2022

In my many years as a professional internal auditor, I learned the value of acting promptly with both insight and foresight, as so many of our thought leaders have done since our Institute was formed in 1941. I've witnessed this forward-thinking approach not just in the U.S. but across all our global affiliations and organizations with which The IIA collaborates. Our national and global networks and their thought leadership are the jewels in our many crowns. The most recent of these jewels is The IIA Bulletin – IISB Issues Proposed Global Climate and Sustainability Disclosure Standards and the questions it suggests all internal auditors should be addressing and seeking answers for today.

These include:  

  1. What is my organization's environmental, social, and governance (ESG) control environment? Are roles for key participants, including internal audit, clearly delineated as outlined in The IIA's Three Lines Model?
  2. Does my organization have in place established ESG reporting internal control processes?
  3. What is my organization's ESG governance structure (ESG committee, center of excellence), and how is it operating?
  4. How are sustainability-related data points identified, collected, classified, and managed and by whom?
  5. What metrics, including RPIs and PRIs, are in place or proposed to monitor sustainability data points and reporting?
  6. What activities have been (or will be) implemented to map new sustainability requirements against current sustainability activities?
  7. Does my organization's current ESG reporting efforts meet the "faithful presentation" threshold identified in the proposed standards? Does internal audit currently provide necessary "verification" (assurance and validation) on information used in existing reporting?

These questions involve seeking answers and changing our practices for the better to address sustainability risks for our organizations and civil societies, nationally and globally. They are questions I am sure many of us have been asking for some time. But "many of us" is not enough. We must all act before it is too late. But not act alone. Today's environmental, social, and governance-related risks, their assessment, mitigation, and management in all our organizations requires a collaborative effort with others.

Internal audit must start collaborating with ESG specialists in all their assurance, consulting, and teaching assignments. Past and present coordination and cooperation are no longer sufficient to address answers to the above questions. Many of the answers are in the United Nations' 2021 publication, Our Common Agenda: Report of the Secretary-General. Start your collaboration there.  

During my days, if not years, as a professional internal auditor, I incorporated the acronym "ACT" (assurance, consulting, and teaching) in my training to ensure I was providing the best assurance, consulting and teaching in risk management, controls, and governance audits in the areas of planning, practice, reporting, and follow-up. No coincidence it is part of the word, "proACTive." I recommend that every professional internal auditor addressing the ESG questions asked in the bulletin to regularly consider the importance of what it means to "ACT."

Jeffrey Ridley, PHD, CIA, FIIA, FCG

Jeffrey Ridley is a visiting professor for the University of Lincoln, London South Bank University, and Birmingham City University.


Access the Digital Edition

Read Now