Professional Documents
Culture Documents
Integrating ESG Into Internal Audit v2
Integrating ESG Into Internal Audit v2
Internal Audits
From compliance to commitment..
Gaurav Bhatia
Executive Partner – Risk Advisory
ASA & Associates LLP
09 March 2024
Private & Confidential - Not for external circulation
Resource Scarcity
Earth Overshoot Day marks the date when humanity’s demand for ecological resources and services each year exceeds
what Earth can regenerate in that year.
• Over 2 Billion people live in countries experiencing high water stress. (UN, 2018)
• Today, 31 Countries face chronic freshwater shortages. Among the countries likely to run short of water in the next 25
years are Ethiopia, India, Kenya, Nigeria and Peru
05 Practical insights
What is ESG?
Environmental, social and governance (ESG) are factors used to
evaluate company's sustainability and ethical impact (People-Planet-Purpose).
• Most widely used sustainability • Aims to provide a holistic view • Focuses on industry-specific • Provides recommendations for
reporting frameworks globally. of an organization's strategy, standards, helping companies disclosing climate-related
governance, performance, and disclose financially material financial risks and
• Provides a comprehensive set prospects. ESG information to investors. opportunities.
of standards that cover
economic, environmental, and • Encourages organizations to • Industry-specific standards • Encourages organizations to
social aspects. connect financial and non- designed to be relevant to the disclose information related to
financial information in a financial performance of governance, strategy, risk
cohesive narrative. companies within each sector. management, and metrics and
targets.
SEBI introduced
Business
National Voluntary Business
Responsibility and
Guidelines for ‘Social, Responsibility
Sustainability
Environmental and Report (BRR) was
Report (BRSR)
Economic extended by SEBI to
along with the BRSR
Responsibility of the top 500 listed
template in May
Business' issued by companies by market
2021.
MCA capitalisation.
Ministry of Corporate SEBI mandates filing MCA released the SEBI introduced
Affairs (“MCA”) of Business National Guidelines on BRSR Core
issued the National Responsibility Responsible Business. framework to
Voluntary Report (BRR) based Conduct (NGBRC). mandate listed
Guidelines on the NVGs by top companies to obtain
(“NGVs”) on CSR. 100 listed BRR was extended by reasonable
companies SEBI to the top 1000 listed assurance on
companies by market selected KPIs
CSR was mandated capitalisation.
and CSR Rules came
into force.
▪ To be stretched to several unlisted companies that meet specified thresholds of turnover and/or
paid-up capital.
Comprehensive
BRSR ▪ This approach consists of 3 sections and 9 principles
• Developed for unlisted companies unfamiliar with the groundwork of sustainability reporting.
• Format to encourage more companies to begin sustainability reporting as it is easier for all
companies to adopt this format.
BRSR Lite
• Adoption of BRSR Lite is voluntary for such companies.
Currently sector-agnostic;
Industry sector specificity.. Sector program underway
Provision for future
P-9: Businesses should engage with and provide value to their Anti-competitive Behaviour, Customer Health & Safety,
consumers in a responsible manner. Marketing & Labelling, Customer Privacy
Multiple ESG Evolving ESG Since data lies at the Laws and
Frameworks - regulations - heart of BRSR regulations
absence of uniform requirement for reporting, adjusting with the
global standards is disclosures are greenwashing poses paradigm shift
challenging for MNCs complex and ever a real risk for
and investors changing corporates.
Component Application
An effective control environment for sustainability reporting, akin to financial controls, relies on all 17 principles
from the Integrated Framework, ensuring a robust foundation in design and implementation.
Assurance
Advisory
Familiarise with various terms, Engage with experts within their Gain expertise in testing various IT
such as Green House Gas (GHG) teams to be able to better systems and reading relevant non-
calculation frameworks understand and review the financial data to overcome dependency on
underlying documents various departments
Internal audit can assess the current maturity of an organisation’s ESG strategy by comparing it
with other organisations - benchmarking
Internal audit can review roles and responsibilities assigned within the organisation to execute
their ESG strategy and monitor ESG issues
Internal audit can ensure that the goals set are realistic, measurable, included in the company’s
strategic objectives
Internal audit can assist the management by mapping risks and incorporating them as part of
their risk registers
Internal audit can review ESG policies and procedure manuals, which helps the company to
communicate its strategy, goals, and activities to be undertaken to mitigate ESG risks.
Internal audit can determine whether ESG measures are significant to an organisation and
aligned with investors, customers, and other stakeholder expectations.
Internal audit can review the management’s ESG financial and non-financial reporting data used
for public disclosures.
Internal audit can work together with the legal and compliance department to validate that ESG
reporting disclosures comply with applicable regulations.
Checkpoints for
breach w.r.t other natural in an energy emissions to air (for quantities of waste
environmental hazards intensive sector example, oil & gas, or hazardous waste?
aspects • GHG emissions energy,
consideration • Nature of the
incident and
monitoring transportation,
chemical)
• Waste management
initiatives to
Exposure to climate
improvements made change minimise or
• Regulatory action • Business risk from reuse/recycle waste
(enforcement/prosec the current/evolving
ution/fine) climate change
regulation
Fair disclosure
Material issues Human resources Health and safety
Consumer safety/
products regulations and labelling/fair Customer privacy
marketing
• Workforce • Company’s • Product- or sector- • Incidents of non- • Company’s data
composition operations in an specific regulations compliance security policy and
• Diversity issues industry that (for example, food concerning product IT security
Checkpoints for • Serious labour presents a high risk safety, pharma Good and service management system
related of health and safety? Manufacturing information and • Sensitivity of
• Company’s workers Practices (GMP)) labelling information in
consideration
complaints/claims/en
forcement actions exposed to high possession of the
• Benefits provided to incidence or risk of • Actions taken to • Incidents of non- company
employees diseases ensure the health compliance • Breach in cyber
• Training • Company been and safety of concerning security across the
subject to consumers marketing past 2-3 years
enforcement actions communications
by the regulators
ESG systems and processes Corruption and business ethics Supply Chain
Material issues
Roles and responsibilities • Financial or in-kind political • High social, human labour, and
•ESG committee/steering committee been contributions by the company environmental risks in company’s
established or not supply chain
•Designated reference person for day-to- • Company internal controls to safeguard
Checkpoints for day ESG matters been assigned?
Policies & Procedures
themselves against illegal practices • Responsible purchasing policy/code of
conduct for suppliers by company
consideration •ESG values and principles clearly
communicated (for example, on the
• Corporate governance and/or ethical
related employee claims/ • ESG criteria included in the selection
website) breach/enforcement/litigation actions and monitoring of key suppliers by
•Company have sustainability or business related to issues, such as anti-bribery company
conduct policies and corruption
•Environmental/health and safety
procedures in place
Monitoring & reporting
•Sustainability section on the website?
•Company publish an
ESG/CSR/sustainability report
Due Diligence
ESG ESG Reporting ESG Strategy and BRSR Core
and investment BRSR Reporting
implementation and Assurance Transformation Assurance
analysis
Approach
Approach
The internal auditor evaluates systems, ensures compliance,
assesses the carbon footprint, suggests reductions, and
establishes monitoring for a manufacturing company's
environmental impact.
Approach
The internal auditor ensures the financial institution's commitment
to strong corporate governance and ethical leadership by
evaluating structures, adherence to ethical standards, and codes
of conduct, fostering a culture of integrity and ethical decision-
making.