Page 390 - Ebook HTKH 2024
P. 390
Figure 4. ESG matters integrated three-line model
Source: Author-based IIA guidance
4.2. The process of ESG engagement performed by internal audit function.
The overall objectives of internal auditing ESG information focus on evaluating
and improving the effectiveness of EGS matters - related governance, risk management
and controls process. Specific objectives that company management might wish to
satisfy include:
(i) Compliance objectives focus on the way in which the company’s response to
relevant compliance requirements.
(ii) Performance objectives focus on the way in which the companies
communicate operational and resource efficiency targets and plans in response to ESG-
related risks and opportunities.
(iii) Reporting objectives focus on the way in which companies integrate ESG
factors into their strategies and manage ESG risks and opportunities to support
resilience, growth, and long-term value creation.
Internal audit strives to confirm and assess the relevance, completeness, and
accuracy of ESG risk and reporting data. These figures below describe each phase of
risk-based approach to audit ESG including risk assessment, risk response, and reporting
and follow-up.
ESG Risk Assessments and Responses
The auditors must understand the entity and its environment (including internal
control) to assess ESG matters related risk of material misstatements (RoMMs). Some
serious concerns when understanding the entity include characteristics of high-level
oversight and execution; client’s mission, vision, values & strategy; periodic review by
382
