Woman photographer hiking on Makara beach, Wellington, NZ

Five considerations to contemplate in your 2023 audit plan related to ESG

Related topics

We share five key considerations related to ESG which chief audit executives should contemplate in 2023.

In brief

  • As internal audit functions prepare their 2023 audit plan, they should consider how it addresses ESG performance management and emerging regulations.
  • Embedding ESG into internal audit projects can help organizations make progress on their ESG objectives.

Organizations continue to face increasing stakeholder demands for information related to their performance on climate change and other environmental, social and governance (ESG) matters. At the same time, real pressures are emerging from slowing global economic activity, elevated inflation and interest rates, and geopolitical uncertainty.

Against this backdrop, leading organizations are doubling down on how ESG can mitigate these external risks while providing a potential competitive advantage, rather than shifting focus from progress on ESG. Internal audit functions should therefore include ESG in their audit plan in 2023.

Based on our ongoing research and work with clients, the ESG topics within the audit plan vary depending on the maturity level of the organization with their sustainability journey. However, there are five key considerations all chief audit executives should contemplate in 2023:

1. Timely and reliable data is critical to effective ESG performance management.

Moving from an “annual and manual” reporting process to a dynamic and frequent process with reliable and decision-useful information is essential for companies to evaluate if they are on track to meet their goals and targets. This means companies need structured data systems, processes and technologies underpinning their ESG management reporting.

2. ESG disclosures relied upon by investors and other stakeholders must be of high quality.

The CFO and other C-suite executives have a fiduciary responsibility for the information presented in the organization’s sustainability report and website. Further, the chief sustainability officer (CSO) will need to be able to answer questions from investors related to the reliability of this information for investment decisions and to avoid concerns about greenwashing. Today, most data required for accurate ESG reporting is not subject to the same rigor of internal control processes as financial reporting.

3. Developing resilience to ESG risks is no longer optional.

ESG risks continue to rise – whether from physical impacts of extreme weather events to human rights in the supply chain – and they often span across whole organizations. To effectively identify, assess, mitigate and monitor ESG risks, successful organizations are embedding risks associated with their ESG and sustainability strategy into the enterprise risk management (ERM) program. Leveraging the existing structure of the ERM program can help accelerate the formalization of this process rather than managing ESG-related risks in silos.

4. The recently adopted CSRD applies to companies based within and outside the EU.

As part of the European Green Deal, the CSRD includes the mandate to report sustainability information under the reporting framework of the European Sustainability Reporting Standards (ESRS). This is estimated to affect more than 50,000 companies, including large and listed companies (except listed micro-companies) based in the EU, and companies based outside the EU with undertakings within the EU (i.e., subsidiaries or branches) meeting certain activity thresholds. In addition to 80+ qualitative and quantitative disclosure requirements, the CSRD also requires limited assurance to be provided by a third party.

5. The SEC is expected to release new rules in 2023 for climate-related and human capital disclosures.

The SEC’s draft climate-related disclosure proposal was issued in March 2022 and applies to all public companies in the US. The proposal would require, among other things, SEC registrants to disclose qualitative information about climate-related risks as well as various quantitative metrics. As of the date of this article, the final rule is expected in April 2023. The SEC’s 2023 agenda also includes board diversity and human capital disclosure projects.

The views reflected in this article are the views of the author(s) and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.


To address new risks and opportunities for ESG and sustainability in 2023, chief audit executives should ask key questions of business leaders in their organization and incorporate ESG projects into this year’s audit plan. Where needed, chief audit executives should seek to build or supplement their team’s technical capabilities related to ESG matters to execute planned audits.

About this article


Related articles

Sustainability considerations for internal audit

A closer look at current regulations and key projects to consider when performing sustainability internal audits in 2024 and 2025.

2022 in review: the evolution of the ESG reporting landscape

The 2022 in review: the evolution of the ESG reporting landscape article covered the latest reporting developments in the ESG ecosystem.

Seven insights from finance leaders on ESG reporting

The December Think ESG webcast covered the latest reporting developments in the ESG ecosystem.