Five considerations to contemplate in your 2023 audit plan related to ESG

We share five key considerations related to ESG which chief audit executives should contemplate in 2023.

In brief

• As internal audit functions prepare their 2023 audit plan, they should consider how it addresses ESG performance management and emerging regulations.
• Embedding ESG into internal audit projects can help organizations make progress on their ESG objectives.

Organizations continue to face increasing stakeholder demands for information related to their performance on climate change and other environmental, social and governance (ESG) matters. At the same time, real pressures are emerging from slowing global economic activity, elevated inflation and interest rates, and geopolitical uncertainty.

Against this backdrop, leading organizations are doubling down on how ESG can mitigate these external risks while providing a potential competitive advantage, rather than shifting focus from progress on ESG. Internal audit functions should therefore include ESG in their audit plan in 2023.

Based on our ongoing research and work with clients, the ESG topics within the audit plan vary depending on the maturity level of the organization with their sustainability journey. However, there are five key considerations all chief audit executives should contemplate in 2023:

2. ESG disclosures relied upon by investors and other stakeholders must be of high quality.

The CFO and other C-suite executives have a fiduciary responsibility for the information presented in the organization’s sustainability report and website. Further, the chief sustainability officer (CSO) will need to be able to answer questions from investors related to the reliability of this information for investment decisions and to avoid concerns about greenwashing. Today, most data required for accurate ESG reporting is not subject to the same rigor of internal control processes as financial reporting.

3. Developing resilience to ESG risks is no longer optional.

ESG risks continue to rise – whether from physical impacts of extreme weather events to human rights in the supply chain – and they often span across whole organizations. To effectively identify, assess, mitigate and monitor ESG risks, successful organizations are embedding risks associated with their ESG and sustainability strategy into the enterprise risk management (ERM) program. Leveraging the existing structure of the ERM program can help accelerate the formalization of this process rather than managing ESG-related risks in silos.

4. The recently adopted CSRD applies to companies based within and outside the EU.

As part of the European Green Deal, the CSRD includes the mandate to report sustainability information under the reporting framework of the European Sustainability Reporting Standards (ESRS). This is estimated to affect more than 50,000 companies, including large and listed companies (except listed micro-companies) based in the EU, and companies based outside the EU with undertakings within the EU (i.e., subsidiaries or branches) meeting certain activity thresholds. In addition to 80+ qualitative and quantitative disclosure requirements, the CSRD also requires limited assurance to be provided by a third party.

5. The SEC is expected to release new rules in 2023 for climate-related and human capital disclosures.

The SEC’s draft climate-related disclosure proposal was issued in March 2022 and applies to all public companies in the US. The proposal would require, among other things, SEC registrants to disclose qualitative information about climate-related risks as well as various quantitative metrics. As of the date of this article, the final rule is expected in April 2023. The SEC’s 2023 agenda also includes board diversity and human capital disclosure projects.

The views reflected in this article are the views of the author(s) and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.