Internal Audit‘s response to the challenges and opportunities of sustainability will have a significant impact on how much influence the function has in the coming years.
Summary: Challenges related to climate change have taken their spot on the corporate agenda. Supply chain, energy costs, shareholder activism and changing markets will have a material effect on all organizations in the future. Internal Audit is playing a key role in developing and implementing an organization’s climate change agenda.
To date, the focus of climate change initiatives fall narrowly on a few functions:
- The board for setting sustainability policy
- Procurement for greening the supply chain and improving energy purchasing
- Facilities management for runs operations efficiently
| 10 ways to show Internal Audit’s value in tackling climate change risks |
The following represent 10 actions Internal Audit can take to demonstrate its important place in the effort to tackle the risks associated with climate change: - Embed climate change and sustainability as part of the IA risk assessment.
- Understand and assess key climate change and sustainability risks including: regulatory, financial, reputational, strategic and physical/operational.
- Validate that key climate change and sustainability risks are appropriately identified, prioritized and controlled within each audit project.
- Review processes for climate change and sustainability reporting, including evaluation of the integrity and alignment of data across all reporting channels.
- Share insights with management and the board so they have a clear understanding of the regulatory environment complexit.
- Coordinate climate change and sustainability risk assessment with other key risk functions.
- Review the corporate risk register and risk management policies for appropriate inclusion of climate change risks.
- Review and refresh the assessment of climate change and sustainability risk impact on a regular basis.
- Monitor and assess impact of existing or potential government regulations.
- Report on climate change and sustainability risks regularly to the board.
|
| 5 risks for Internal Audit |
The risks for Internal Audit can be broken down into five categories: - Strategic risks: Changing customer preferences, strategic investments, new market entry and stakeholder communications and investor relations will demand attention.
- Regulations and legislation: More than 250 climate change-related government actions were implemented globally in the last two years. In addition, there is a significant body of new regulation and international standards relating to health and safety, human rights and employment laws, anti-bribery and disclosure. As a consequence, many will have an audit dimension.
- Financial implications of an organization’s climate change policy: Climate change and sustainability is now part of analysts’ rankings and indices. It will affect access to/cost of capital once banks start factoring climate change risk into lending and due diligence procedures.
- Trade and marketplace risks and cost of compliance: You must consider the potential loss of customers and market share if your company is slow to respond. Cost of compliance may include purchase of offsets and legal liabilities, as well as rising energy, transportation and insurance costs, and adaptation costs in response to climate impacts, such as extreme weather events.
- Reputation risks: Organizations must now manage the expectations of all key stakeholders to reduce risk — including investors, employees, customers, suppliers, local communities, non-governmental organizations (NGOs) and the media.
The value of a brand is inextricably linked to sustainability performance, with greater scrutiny than ever before falling on this area. This is reflected by the 40% increase in reported shareholder action in this area since 2009. |
Increased Internal Audit involvement in operations
These five risks sit alongside the physical and operational risks presented by climate change such as:
- Business interruption due to extreme weather
- The pressure to reduce environmental impacts of products and processes
- Greening the supply chain
Internal audit and risk functions as a whole are beginning to engage in this area far more.
Governance, risk and compliance (GRC)
The GRC function should also discuss the uncertain nature of the effects of climate change.
Whether it is better management of energy use or developing new products to meet changing customer expectations, the next ten years will see some real strategic investments which have a whole host of uncertainties and risks associated with them.
Those risks are heightened by the uncertainty over what the future regulated environment will look like.
Risk assessments must include sustainability
Any organization’s strategic risk assessment must now include a clear sustainability element. For example, an organization’s GRC functions could be asking the following questions:
- To what extent is sustainable supply chain risk included within the strategic risk register, or the potential physical effects associated with changing climate?
- Does the organization, which has extensive operations in Africa, have a plan for the severe water shortage its plants may face in five years’ time?
Internal Audit’s focus
Encouragingly, anecdotal evidence suggests Internal Audit understands its role when it comes to climate change and sustainability.
Some Internal Audit functions are concentrating on the issue of disclosure.
Others are developing frameworks for audit and assurance around energy use.
One senior internal auditor recently worked on a “CO2 governance audit,” which was driven by the need to audit the many different touch points into the company of the carbon agenda.
The CO2 governance audit encompassed issues such as trading, operations and product development. It soon became clear many areas of the business were working to address these issues. However, there was no champion to coordinate the response. To better manage the organization’s effort, Internal Audit is implementing a more holistic approach.
« Previous | Next »
