Person holding a globe made of grass in his hands


ESG and the role of Internal Audit

Developing expertise in ESG issues within IA (Internal Audit)

The regulatory landscape is changing with developments such as Art. 964 of the Swiss Code of Obligations, mandatory TCFD disclosures and the upcoming CSRD. Companies are required to report sustainability impact in their annual reporting. Moreover, companies are facing pressure from regulators, investors, customers, third-party affiliates, and society in general to establish credible reporting frameworks and review their environmental, social and governance key performance indicators (KPIs). IA can have a key role in ensuring these advancements.

As a function, internal audit should consider including ESG checkpoints in their audits. Companies are increasingly developing and applying strategies for their ESG policies which involves setting measurable performance targets and monitoring actual performance. These involve voluntary as well as mandatory disclosures. Including ESG considerations in internal audit is therefore vital to advance the overall business strategy.

How can IA contribute to ESG policies and practices?

An IA function with suitable expertise in ESG matters could assess and assure various aspects of their company’s ESG framework, including:

  • Evaluate an organisation’s current ESG maturity
    IA can assess the current maturity of their company’s ESG strategy by comparing it with other organisations and identifying possible areas/opportunities for improvement.
  • Ensure proper governance structure and oversight
    Internal audit can review roles and responsibilities assigned within the organisation to execute ESG strategy and monitor ESG issues.
  • Validate the ESG risk management goals
    When it comes to measuring progress, internal audit can ensure that the goals set are realistic, measurable, included in the company’s strategic objectives, and discussed regularly at Board meetings.
  • Collaborate with Enterprise Risk Management (ERM)
    It is important for enterprise risk management plans to include measures to identify and assess significant ESG risks and to manage them throughout the organisation. Internal audit can assist management by mapping ESG risks and incorporating them into risk registers.
  • Ensure documentation of ESG policies and procedures
    Internal audit can review ESG policies and procedure manuals, which helps the company to communicate its strategy, goals, and activities to be undertaken to mitigate ESG risks.
  • Perform risk assessments
    Internal audit can determine whether ESG measures are significant to an organisation and aligned with investors, customers, and other stakeholder expectations.
  • Evaluate the ESG risk management framework
    Internal audit can review a company’s existing frameworks and standards to ensure they are reasonable, implemented properly, consistent with industry-recommended frameworks and regulatory expectations.
  • Evaluate the design and operating effectiveness of controls
    Internal audit can audit key controls for mitigating ESG risks and identifying gaps or material weaknesses.
  • Review ESG financial and non-financial reporting metrics
    One of the most critical areas for internal audit is to review the ESG financial and non-financial reporting data used by their company for public disclosure.
  • Collaborate with the legal and compliance department
    Internal audit can work with the legal and compliance department to check that ESG reporting disclosures comply with applicable regulations.


There are many ways in which Deloitte can help your Business on its ESG journey. Feel free to connect with our team to understand more about this changing environment.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?