Internal Audit's role in ESG
Internal audit is in a unique position to provide an efficient approach to ESG.
With the impending finalization of the SEC Climate-Related Disclosures rule, the pressure is on to address the biggest challenge in voluntary ESG reporting: consistency and comparability of data. As companies are reevaluating their current ESG data controls and revising their reporting processes to work toward compliance, the demand for effective tools and guidance keeps growing.
Companies have used the COSO Internal Control—Integrated Framework (ICIF) to successfully create controls for their financial information for 30 years, and nonfinancial information for the past decade. Their 130-page, 2023 interpretive publication reinterprets the framework specifically for sustainability information. It can be used by companies that are just beginning as well as companies that are years into ESG reporting—there is no need to start over. We believe it is the best tool for creating and implementing a strong control structure to support ESG reporting requirements.
In this paper, we walk through each principle and discuss how it can be applied to ESG data, and at the end of each component, list some key considerations.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed the Internal Control—Integrated Framework (ICIF) as an infinitely adjustable control infrastructure, applicable across sectors and industries, that companies can adapt to their individual needs.
