The following is a guest post from Jack Reagan, managing director at UHY. Opinions are the author’s own.
While finance professionals are no strangers to navigating complex regulatory and compliance frameworks, perhaps nothing is more headache-inducing for chief financial officers and financial teams than trying to make sense of the rapidly shifting ESG oversight landscape.
From trying to thread the needle of the patchwork of state-level guidance requirements in the U.S., to synthesizing the evolving stream of ambitious international expectations, the ESG compliance environment is enough to make even the most experienced financial professionals shudder. But, meeting a patchwork of requirements is easier said than done. As ESG regulations have matured, organizations have begun to realize that the only way to ensure they can meet these expectations is to validate that their own internal audit capabilities are rigorous and watertight.
With that in mind, here are some of the key questions CFOs and financial teams need to ask themselves as they undergo internal audits and look to set themselves up for long-term ESG reporting success.
1. What is our existing ESG strategy and risk landscape?
To ensure that there is organizational alignment and to establish a clear baseline, organizations need to come together to understand exactly where their ESG risks lie, determine their overall exposure and gather a clear view of the ESG challenges and successes they face.
Auditors need to work closely with both internal and external stakeholders to understand the megatrends that exist in their broader external ecosystems that could potentially influence their ESG risk landscapes, such as changes in partner networks that could impact Scope 3 emissions or regulation shifts in international jurisdictions. They also need to conduct intensive materiality assessments to understand priority ESG areas — whether environmental or otherwise — to make sure that significant issues are being addressed appropriately. This will allow businesses to further align on their ESG roadmap, identify areas for better collaboration and growth and tackle any risks most appropriately and effectively.
2. What are our organization’s ESG governance expectations and culture?
With so many various rules and priorities, financial professionals often make the mistake of diving straight in to try and tackle whatever issues seem the most pressing at the time. However, the only way to make a coherent approach to ESG reporting is to first understand exactly how your organization views ESG compliance, the expectations it faces and ultimately what infrastructure exists to help your organization achieve its goals.
Institutions would be well-served to reference frameworks from organizations such as the ISSB, which can inform the way that firms themselves can model their governance structures to ease reporting requirements and establish efficient governance workflows. For example, because the ISSB requires in-depth disclosures on processes, controls and procedures organizations have in place for ESG oversight – including the roles and responsibilities of boards, committees and individuals engaged in these oversight efforts – auditors must work with various stakeholders such as the C-Suite members, investors and others to establish a comprehensive reporting structure.
With this culture in place, auditors alongside key stakeholders can begin integrating governance structures and build plans that help accomplish governance goals. This process will include, among other things:
- Defining your organization’s mandatory or voluntary ESG-related requirements
- Mapping the operating structures, risk owners for ESG-related risks, reporting lines and end-to-end ERM and strategic planning process to identify areas for improved oversight and collaboration
- Creating opportunities for collaboration throughout the organization and boosting executive buy-in.
This may seem like a no-brainer, but by identifying these tentpole elements and facts first, auditors can build a launching pad by which their organizations can then achieve results in a transparent and accountable way.
3. What does our risk mitigation strategy look like?
Because of how interconnected the business world is today, auditors will likely uncover numerous risk vectors. To compound this, it is inevitable that additional ones will crop up as businesses naturally evolve, meaning a well-thought-out and methodical approach to risk mitigation is key for auditors.
Responding to risks effectively requires a comprehensive approach that considers numerous factors. To start, with their materiality assessments in hand, organizations need to weigh-up a variety of risk-specific factors including which stakeholders are directly impacted by a given risk, what is the appetite for this risk, what are the costs for remediating it and where does this risk sit on the broader organizational risk “food chain?”
With these insights in tow, auditors need to then develop a business case for why a given risk should be addressed and what remediation entails, before seeking to obtain the requisite buy-in from decision makers. These responses then need to be repeatedly stress-tested to project exactly how remediation will impact direct stakeholders and the broader organization’s ESG risk profile before ultimately being implemented.
ESG compliance is one of the most trying tasks that financial teams continue to face. And unfortunately, for many financial professionals, it is only going to become more hectic as multi-national companies face phase 2 of CSRD and other new measures on the horizon. However, by keeping these few priority areas in mind, financial teams can ensure their audits are as effective as possible and lay the groundwork to facilitate easier compliance in the years to come as well.
