By: Jim Pelletier, Senior Product Manager at Wolters Kluwer TeamMate

Environmental, Social, and Governance (ESG) data remains a fragmented challenge for most organizations. The breadth and depth of information required to support ESG reporting is commonly spread across multiple departments and maintained in different systems from simple documents and spreadsheets through databases and cloud-based solutions.

These ‘data silos’ challenge even the most mature organizations to consolidate, analyze, and assure this critical information. However, addressing this fragmentation is crucial not only to comply with increasing regulatory demands but also to leverage ESG data in existing risk management practices and ultimately to support strategic decision-making. Recently, the European Commission underscored the importance of this issue by publishing the Corporate Sustainability Reporting Directive (CSRD) FAQs for auditors, highlighting the critical role of audit and assurance in successfully leveraging ESG data.

Like the cost and resource challenges organizations faced in complying with regulations pushing stronger internal control over financial reporting (ICFR), organizations will need an effective approach to internal control over sustainability reporting (ICSR). To do this well, organizations will need to turn to internal audit and other internal assurance providers.

The Role of Internal Audit in the Context of Increasing External Audit Requirements

As regulatory requirements around ESG data intensify, internal audit functions are increasingly being called upon to ensure that organizations are not only compliant but also proactive in their approach to ESG reporting. The CSRD emphasizes the necessity for robust audit and assurance practices, setting a high bar for both external and internal auditors.

Internal auditors are uniquely positioned to provide objective assessments independent of management for their organization’s ESG data management and reporting practices. By evaluating the processes and controls in place for collecting, processing, and reporting ESG data, internal auditors can identify gaps and weaknesses that may expose the organization to risks. Additionally, internal auditors can provide assurance that ESG data is complete, accurate, reliable, and timely, which is essential for external auditors who can rely upon this information to meet their responsibilities.

The involvement of internal audit in ESG data management also supports the organization’s broader risk management framework. ESG risks, such as those related to climate change, social responsibility, and governance practices, can have significant financial, operational, and reputational impacts. Internal auditors can help organizations understand these risks, providing assurance to stakeholders that the organization is effectively managing its ESG responsibilities.

The Importance of Integrated Assurance in Addressing ESG and Sustainability

Integrated assurance is an approach that combines various assurance activities (often referred to as second- and third-line functions) within an organization to provide a holistic view of risk management and control effectiveness. In the context of ESG and sustainability, integrated assurance involves the coordination of internal audit, compliance, risk management, and external audit functions to ensure that ESG data is accurate, complete, and consistent.

Integrated assurance is particularly important for ESG data because the data spans multiple functions and departments within an organization. For example, environmental data may be managed by the facilities department, social data by human resources, and governance data by the legal or compliance departments. Without a coordinated approach, there is a risk of duplication of efforts, inconsistent data, gaps in assurance coverage, and ultimately, incomplete and/or misaligned reporting to senior management and the board.

By adopting an integrated assurance approach, where second- and third-line functions coordinate their activities, organizations can streamline their assurance activities, reduce duplication, and ensure that all relevant ESG data is covered. This approach also facilitates better communication and collaboration between assurance providers, leading to more comprehensive and reliable assurance outcomes and reporting.

Bringing the Same Scrutiny and Rigor to ESG Data as to Financial Data

One of the key challenges in ESG reporting is the lack of standardization and consistency in data collection and reporting. Unlike financial data, which is governed by well-established accounting standards and regulations, ESG data is often subject to varying definitions, methodologies, and reporting frameworks. This lack of consistency makes it difficult to compare ESG performance across organizations and industries.

To address this challenge, organizations must bring the same level of scrutiny and rigor to ESG data as they do to financial data. This involves establishing clear policies and procedures for data collection, validation, and reporting, as well as implementing robust internal controls to ensure data accuracy and completeness. Like ICFR, ICSR will be key.

The Strategic Importance of ESG Data

The importance of ESG data extends beyond regulatory compliance. For many organizations, ESG data is a critical component of their risk management and strategic planning processes. ESG risks, such as those related to climate change, social inequality, and governance failures, can have significant financial and reputational impacts. By integrating ESG data into their risk management frameworks, organizations can better identify and mitigate these risks.

ESG data can also provide valuable insights into emerging trends and opportunities. For example, organizations that proactively manage their environmental impact may be better positioned to take advantage of regulatory incentives or market opportunities related to sustainability. Similarly, organizations with strong social and governance practices may be more attractive to investors, customers, and employees.

Beyond Compliance: Driving Strategic Value Creation

Effective assurance over ESG data is not simply about compliance and ‘checking the box’, it ensures that ESG data is reliable, accurate, and fit for purpose. By leveraging internal assurance providers to bring the same level of scrutiny and rigor to ESG data as they do to financial data, organizations can work more effectively with their external auditors controlling costs and maximizing the impact of their internal resources.

By adopting an Integrated Assurance approach, organizations can streamline their assurance activities, reduce duplication, and ensure that all relevant ESG data is covered. This approach facilitates better communication and collaboration between assurance providers, leading to more comprehensive and reliable assurance outcomes.

Ultimately, the importance of ESG data extends beyond regulatory compliance. It is a critical component of an organization’s risk management and strategic planning processes, providing valuable insights into emerging trends and opportunities. By leveraging the expertise of internal auditors and adopting an Integrated Assurance approach, organizations can not only meet regulatory requirements but also drive strategic value creation based on their ESG performance.

About the Author

Jim Pelletier is Senior Product Manager at Wolters Kluwer TeamMate. Jim has over 20 years of internal auditing experience in both the public and private sectors.

Wolters Kluwer TeamMate is part of Wolters Kluwer’s Corporate Performance & ESG (CP & ESG) division, headed by CEO Karen Abramson. The division is the world’s leading provider of integrated software solutions for EHS, Environmental, Social, and Governance (ESG), and Governance, Risk and Compliance (GRC). Through innovative technology and unique expertise, Wolters Kluwer CP & ESG enables business leaders to make informed, strategic decisions driving transformation, performance and risk management for a sustainable and resilient world.