Skip to main navigation

5 categories of risk: Internal audit: Reputational - Ernst & Young - United States

  • Share

Five highly charged risk areas for Internal Audit

Click the area to see risk details
 

4. Reputational

Risk areas | Strategic | Compliance | Financial | Reputational | Operational 

One of the key drivers that many companies face is managing the expectations of a range of stakeholders to reduce risk including:

  • Investors
  • Employees
  • Customers
  • Suppliers
  • Local communities
  • The media

Analysts are also starting to value companies based on their sustainability performance, creating new reputational risks. In Action amid uncertainty,4 more than 40% of the respondents believe that equity analysts currently include climate change-related factors in company valuations.

Climate change and sustainability performance is also linked to customer satisfaction and loyalty, strong supplier relationships and attracting and retaining top talent. Given the multitude of stakeholders exerting pressure on companies to manage risk and seize opportunities in this area, there has been a significant increase in external reporting.

More than 1,200 companies worldwide now issue sustainability reports based on the Global Reporting Initiative (GRI).

Momentum is building for more integrated reporting of financial and non-financial information related to climate change and sustainability. Being prepared for this shifting environment will be very important. Managing stakeholder expectations is an area where risk can become an opportunity to increase brand and shareholder value.

 

What this means for Internal Audit
Internal Audit needs to assure management as to the integrity, consistency and timeliness of externally reported information. Executives and boards are acutely aware of the growing demand for more transparent reporting of climate change and sustainability business strategies, initiatives and performance.

Companies are now using many voluntary reporting channels, including:

  • External sustainability reports
  • Annual reports
  • External websites
  • Carbon Disclosure Project
  • Climate Registry.

Internal Audit can assist in evaluating the accuracy and credibility of the sustainability reporting in advance of the increasing scrutiny this information is getting from external stakeholders.

In the Ernst & Young survey previously cited,5 64% of respondents currently communicate data on greenhouse gas or carbon emissions in an annual corporate social responsibility report or a sustainability report. Nearly a third state that their organization has not yet communicated this data publicly. The risk for those not communicating their climate change data is that stakeholders will seek this information from potentially less-reliable third-party sources.

For those companies that do report, there are challenges in ensuring that the report is an effective communication tool. The information needs to be relevant, complete and in line with the expectations of stakeholders.

Done well, it provides a company with the opportunity to present a clear picture of the measures it is taking to meet the challenges and opportunities of climate change.

Some leading organizations are beginning to integrate financial and non-financial data in a single report, which helps readers to get a better understanding of the full financial implications of the organization’s business strategy.

In our survey, 62% of respondents who report have their data verified by an independent third party. The publication of an assurance statement with the sustainability report is an increasingly common approach to enhance a company’s credibility and to meet growing stakeholder demand for transparency.

 
Questions Internal Audit should ask
  • What is the current perception of the organization’s stakeholders — investors, customers, employees — of the eco-friendliness of the company?
  • Is reputational risk top of mind when climate change policy is instituted?
  • Has management fully evaluated the ripple effects of negative customer satisfaction, shareholder activism or ineffective public disclosures and communications?
  • Is the organization’s reported data assured by an independent third party?
  • Is Internal Audit working with the organization’s external auditors to create transparent reporting of non-financial data?
  • Does the company currently have adequate controls and processes in place in anticipation of the possibility that the SEC might require the inclusion of climate change information in registration statements?
Click here to download the complete pdf  
Back to top