Environmental, Social and Governance (ESG) expectations are evolving faster than ever. Organisations across all sectors are facing pressure from regulators, investors, customers and communities to demonstrate responsible, transparent and sustainable practices. What once existed as a peripheral reporting area has now become a central part of strategy, governance and long-term value creation.
Despite this shift, many organisations still treat ESG as an isolated initiative rather than a multi-dimensional framework that shapes culture, decision making, resilience and risk. This is where Internal Audit plays a critical role.
ESG is not a standalone audit topic, it is interconnected with operational performance, data governance, ethics, culture, supply chain management and risk management. This article explores the challenges organisations face, how Internal Audit can support ESG integration, and how a structured review scope can be designed to provide meaningful assurance.
ESG: A Rapidly Evolving Landscape
Globally, ESG expectations continue to expand through new disclosure frameworks, sustainability reporting standards, supply chain transparency requirements, climate risk expectations, and increasing scrutiny from regulators. Organisations are expected to demonstrate:
credible climate governance
transparent non-financial reporting
ethical practices across the supply chain
meaningful stakeholder engagement
controls that ensure accuracy and prevent greenwashing
As these expectations strengthen, organisations must ensure their governance structures, controls, data systems and reporting processes are built to support ESG commitments.
Key Challenges Organisations Face in ESG Compliance
1. Limited Supply Chain Visibility
Many ESG obligations require organisations to understand impacts well beyond their direct operations. Supplier risk assessments, third party due diligence and continuous monitoring are essential, but often underdeveloped.
2. Balancing Diverse Stakeholder Expectations
ESG expectations vary widely among investors, communities, employees, customers and regulators. Organisations need governance mechanisms that translate these expectations into clear, actionable priorities.
3. Establishing Effective Climate and ESG Governance
Boards and executives must oversee ESG strategy, assess progress, and understand climate related risks. Many organisations are still building maturity in this area.
4. Ensuring Accuracy of Sustainability Claims
Greenwashing has become a global regulatory concern. Organisations must ensure sustainability statements are evidence based, consistent and verifiable.
How Internal Audit Can Strengthen ESG Integration
Internal Audit is uniquely positioned to provide independent insight into how well ESG is embedded across the organisation. Beyond compliance, Internal Audit adds value by supporting strong governance, reliable reporting and resilient operations.
1. Materiality and Focus
Internal Audit can evaluate whether the organisation’s ESG priorities reflect stakeholder expectations and strategic objectives. A well-designed materiality assessment ensures focus on the most relevant issues.
2. Integrating ESG Into the Risk Management Framework
ESG risks should be embedded into enterprise risk management (ERM), not treated as a separate category. Internal Audit can assess risk identification, assessment, monitoring and mitigation practices.
3. Data Quality and Reporting Systems
ESG disclosures rely heavily on data from multiple operational sources. Internal Audit can review:
data lineage
system controls
manual processes
reporting accuracy
verification mechanisms
Reliable ESG reporting is impossible without strong data governance.
4. Governance and Accountability
Internal Audit can assess whether roles, responsibilities, and oversight mechanisms for ESG are clearly defined and supported by leadership.
5. Reviewing Sustainability Claims
Internal Audit can test whether sustainability statements align with internal practices and are supported by evidence. This minimises greenwashing risk and strengthens stakeholder trust.
6. Assessing ESG Culture
Internal Audit can evaluate how sustainability values are embedded across the organisation, through leadership behaviour, training, incentives and operational practices.
Structuring an Internal Audit ESG Review
Given the broad nature of ESG, Internal Audit needs a structured and repeatable approach. Below is a suggested scope outline practitioners can use or adapt.
1. Audit Objective
Provide independent assurance over governance, risk management, data integrity, reporting processes and compliance related to ESG commitments.
2. Scope Areas
Governance: oversight structures, decision making pathways, reporting lines, committee effectiveness.
Strategy & Materiality: alignment of ESG priorities with organisational strategy and stakeholder expectations.
Risk Management: integration of ESG risks into ERM, including climate risk, ethical sourcing, social risks, environmental impacts and supply chain considerations.
Policies & Controls: adequacy of ESG policies, internal standards, control mechanisms and escalation processes.
Data & Reporting: reliability of ESG data, system controls, disclosure processes, and verification.
Regulatory & Framework Alignment: adherence to global or regional ESG requirements and voluntary frameworks as applicable.
Culture & Behaviour: employee awareness, leadership commitment, training and operational alignment.
3. Audit Methodology
Interviews with management and key stakeholders
Review of board and committee materials
Testing of ESG data and system controls
Supplier due diligence assessments
Analysis of risk registers, policies, and sustainability reports
Evaluation of sustainability claims and disclosures
4. Audit Deliverables
Clear findings and control observations
Gap analysis against best practice ESG governance
Risk ranked recommendations
A maturity roadmap to support ongoing ESG capability development
This structure allows Internal Audit to provide balanced, value adding insight without overextending the scope.
Conclusion
ESG is no longer a secondary reporting topic, it is an essential component of organisational resilience, risk management and long-term value creation. As expectations increase and scrutiny intensifies, Internal Audit has a critical opportunity to shape the organisation’s ESG journey.
By integrating ESG considerations across the audit plan, applying a structured methodology and strengthening data and governance maturity, Internal Audit can help organisations navigate complexity, avoid regulatory pitfalls, and build sustainable performance.
ESG is a business imperative. Internal Audit must be at the forefront of guiding organisations through this transformation.
Endnotes
Climate related disclosure frameworks.
Sustainability reporting standards and guidance.
Global modern slavery and supply chain transparency regulations.
Emissions reduction frameworks and climate risk expectations.
Regulatory guidance on greenwashing and sustainability claims.
