Skip to main content

Empowering your company: Elevating your internal controls environment for ESG Success

An overview of strategies for aligning your people, processes, and technology to the company’s ESG strategy.

The growing interest in sustainable business practices, including decarbonization and human capital, has led to the development of various environmental, social, and governance (ESG) standards, frameworks, and regulatory reporting requirements all over the world. In this article, we will delve into strategies for aligning your people, processes, and technology to maximize the benefits of your company’s ESG strategy.

 

ESG discussions in board rooms have predominantly focused on the “E” (environmental) aspect, the ESG reporting landscape continues to evolve along with stakeholder expectations. Given the legal requirements and regulatory pressure including increasing Assurance requirements, companies should now focus on deliberate organization and consider implementing comprehensive mechanisms to effectively address all aspects of ESG, including associated risks and opportunities. It is a crucial aspect for companies to collect complete and accurate data to be able to make informed decision. This topic is especially important since the data collected now, sets the direction for the coming next years.

An effective internal controls and robust processes can drive mindset shifts, identify efficiency opportunities, and facilitate transformation throughout an organization. With the recent release of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) 2023 interpretive report on internal control over sustainability reporting (ICSR), it is time for companies to expand their focus beyond traditional internal controls over financial reporting (ICFR) and start establishing a control environment where it substantiates the firm’s commitment to ESG.

This publication offers essential insights and strategies for aligning governance, people, process, and technology; during the transformation of your internal control framework to integrate ESG-related processes and internal controls.

Why should you focus on your company’s ESG processes and internal controls when defining your ESG strategy?

 

In today's business landscape, prioritizing Environmental, Social, and Governance (ESG) processes and internal controls is essential for companies aiming to achieve long-term success and sustainability. As stakeholder expectations and regulatory requirements evolve, businesses must adopt robust ESG strategies to stay competitive, mitigate risks, and build a resilient, responsible reputation. Here’s why focusing on ESG processes and internal controls is crucial when defining an ESG strategy:

  • Transparency and Consistency of Data: Accurate and complete data enable governance and management to make informed decisions. Defining how companies source, transform, and report sustainability data is crucial from the outset, as the data collected now will shape the direction for future years.
  • Risk Management: Integrating climate-related disclosure risks into enterprise risk management (ERM) processes better equips companies to prevent and mitigate potential issues such as fines, reputational damage, and legal liabilities. Proactively addressing these risks safeguards long-term financial performance.
  • Regulatory Compliance: The market increasingly demands comparable non-financial reporting, and governments and regulatory bodies are introducing stricter sustainability regulations. Many Swiss companies with significant operations in neighbouring countries will need to comply with new European reporting standards, such as the Corporate Sustainability Reporting Directive (CSRD), which is applicable in 2025 for the reports published in 2026. Proactive compliance with these requirements reduces the likelihood of facing legal and regulatory challenges.
  • Investor Expectations: Pension funds and asset managers are increasingly incorporating ESG factors into their investment decisions. Companies with strong ESG performance attract more investment and secure favourable terms from lenders and investors.
  • Reputation: Consumer awareness and concern regarding the environmental impact of products and services are rising. Addressing these concerns enhances a company's reputation.
  • Talent Acquisition: Employees, particularly younger generations, seek employers whose values align with their own. Companies with strong ESG policies and practices are better positioned to attract and retain top talent.
    In conclusion, focusing on ESG processes and internal controls is not just about regulatory compliance; it also drives long-term value creation, enhances reputation, and meets stakeholder expectations for sustainable practices.

How to actively manage your ESG-related internal control framework

 

  • Governance and Leadership: Establishing effective governance lays the foundation for sustainable success, emphasizing clear leadership and stakeholder alignment. Leveraging the company’s existing framework to create a robust governance structure ensures alignment with overarching objectives. International standards mandate direct involvement of governing bodies and executive management in roadmap creation and regular progress tracking.
  • Change Management and Framework Development: Attention turns to implementing change management strategies and crafting frameworks aligned with sustainable objectives. Incorporating ESG-related internal controls requires comprehensive communication, training, and a human-centred approach to inspire organizational buy-in. Key steps include defining reporting scopes, assessing current control environments, identifying gaps, and implementing remediation plans, alongside ongoing monitoring for transparency and effectiveness.
  • Technology Integration: Technology plays a crucial role in sourcing, transforming, and reporting sustainability data. Considerations within data management policies are essential to alleviate the increased reporting burden associated with ESG disclosures. A holistic approach encompassing governance, people, processes, and technology is critical for organizations committed to sustainable business practices.
  • Process Documentation: Document ESG-related disclosure processes comprehensively, identifying synergies with the existing Internal Control over Financial Reporting (ICFR) framework. Determine relevant data sources, systems, and process owners to streamline operations and ensure accuracy.
  • Risk Assessment and Control Design: Conduct thorough risk assessments to identify potential risks impacting climate-related reporting objectives. Evaluate the maturity of existing controls to enhance data accuracy and completeness. Define internal process controls and General IT Controls (GITCs), meticulously documenting methodologies for data collection, measurement, and estimation.
  • Monitoring and Continuous Improvement: Implement a structured process to regularly assess the design, implementation, and operating effectiveness of controls. Swiftly remediate control gaps and deficiencies, fostering a culture of continuous improvement. Regular monitoring ensures transparency and effectiveness of the implemented controls.
  • Integration with Enterprise Risk Management (ERM): Seamlessly integrate controls over climate-related disclosure into existing Enterprise Risk Management processes. This holistic approach ensures alignment with broader organizational objectives and enhances risk management capabilities.
  • Audit Readiness: Proactively engage with external assurance providers to prepare for audits. This collaborative approach ensures compliance with regulatory requirements and demonstrates commitment to transparency and accountability.

Closing Remarks
 

The time has arrived for organizations to seize the opportunity and invest in ESG-related internal controls. While not all companies are presently mandated to report on their sustainability practices, the landscape is swiftly evolving, with stakeholders increasingly emphasizing sustainability factors. Proposed regulatory reporting requirements are expanding, underscoring the urgency for proactive measures.

Today, being a responsible business is more than a mere aspiration; it's an expectation. A robust internal control environment serves as a cornerstone, ensuring the completeness and accuracy of ESG reporting. Moreover, it goes beyond compliance, offering a compelling value proposition. By demonstrating unwavering commitment to sustainability practices, organizations can cultivate trust and confidence among stakeholders. Embracing ESG-related internal controls isn't just about doing things right; it's about doing the right thing, propelling businesses toward a future of responsible and ethical practices.

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey