Skip to main content

The role of internal audit in supporting sustainability and resilience within the supply chain

There are multiple risks affecting sustainability and resilience within the supply chain including; geopolitical instability, lack of quality data, cyber threats, negative environmental impact, and non-compliance with current and upcoming regulatory requirements. This blog explores some of the specific topics internal audit should consider to address these challenges and mitigate risks.

Embedding sustainability and resilience into the supply chain is complex due to the need for collaboration, transparency, and alignment across multiple stakeholders and processes. Not only must an organisation embed and maintain effective controls within their own organisational perimeter, but it also needs to be an active and continuous dialogue with suppliers to ensure access to appropriate data, and to influence supplier behaviour. Having a clear environmental, social and governance (ESG) strategy can help a business navigate supply chain challenges by providing a clear long-term objective against which competing priorities can be balanced.

How can internal audit support sustainability and resilience efforts?

Understanding supply chain governance

Many organisations are still in the early stages of identifying sustainability and resilience risks across their supply chain, and those responsible for the delivery of an organisation’s ESG strategy may not be involved in these conversations. Internal audit can support in identifying risks within the supply chain and ensure those responsible for ESG strategy are involved in conversations to effectively monitor and mitigate these risks.

Internal audit has a unique visibility across the organisation and can play a role in understanding how the business is embedding ESG considerations in its approach to the supply chain including how roles and responsibilities have been embedded and how the business ensures proactive two-way communication with suppliers, particularly regarding the identification and escalation of risks. Similarly, internal audit can provide assurance on diversification strategies and contingency plans to identify critical points of failure and ensure continuity of supply.

Navigating geopolitical instability and building supply chain resilience

In recent years, unprecedented events have caused organisations to consider their geopolitical risk exposure. In 2024, we have already seen disruption to shipping, escalating tension and conflict in the Middle East, continuation of Russian action in Ukraine, and military coups in Africa. Elections covering over half of the world's population in 2024 add another dynamic to consider. Businesses should be proactively monitoring their geopolitical risks, and how these may impact their supply chain as well as their own operations. Response plans should be in place for breakdowns in the supply chain.

Internal audit can:

  • assist by reviewing an organisation’s operational resilience and/or business continuity plans to give assurance that these are robust.
  • perform a review of business continuity planning over a wide variety of scenarios and scenario combinations, one of which may involve the loss of one or more key suppliers. 

Ensuring cross-supply chain compliance

ESG related regulations and the impact of an organisation setting its ESG strategy mean procurement teams have had a lot to consider when ensuring suppliers are compliant, both at the point of onboarding and on an ongoing basis. As a result, many organisations will have had to enhance their initial due diligence and ongoing monitoring processes.

Internal audit should:

  • consider providing assurance over the controls its business has in place to ensure suppliers are compliant with both regulatory requirements as well as organisational expectations.
  • consider the planned actions and escalation points required when a supplier is found to be non-compliant or is consistently failing to meet expectations. More mature organisations may be working closely with some suppliers to help them adopt more sustainable practices.
  • provide assurance over audits of key suppliers, or assisting the business to do so, particularly where a business has less capacity in first- and second-line functions.

Unlocking ESG data and facilitating reporting

New ESG disclosure frameworks increasingly require organisations to report on their entire supply chain. This will be a big undertaking for many organisations. A challenge for many will be access to timely and accurate data, which is often reliant on the operating effectiveness of systems and non-systems-based controls. Also, once data is available within the organisation it needs to be appropriately interpreted and consolidated before it is reported, and in some cases, prepared for external disclosure.

Internal audit can support in a variety of ways:

  • assessing data controls designed to ensure accurate data receipt and consolidation. For example, internal audit can test compliance with recognised greenhouse gas (GHG) measurement and accounting frameworks, leading to accurate and auditable GHG emissions data.
  • reviewing governance controls around reporting. For example, internal audit can review the policies and procedures for supplier engagement and assess the effectiveness of internal controls around supplier performance monitoring.
  • testing the design and operating effectiveness of controls relating to ongoing supply chain management. For instance, the audit team can leverage technology to review supplier contracts to ensure they include ESG requirements, assess supplier performance against ESG criteria, and identify areas for improvement in supplier management processes.
  • test and advise on the design and effectiveness of controls over ESG data capture and reporting. For example, data capture processes for supplier emissions data and assess the accuracy and completeness of the data captured.

Get in touch

Embedding sustainability and resilience considerations in the supply chain is an important undertaking for organisations - from a regulatory compliance perspective, to delivering on an ESG strategy, and in setting and meeting ESG targets. Internal audit plays a vital role in providing assurance in what is often seen as a complex area, spanning departments, businesses and geographies. 

Deloitte can support Heads of Internal Audit to develop an approach and deliver assurance over their organisation’s supply chains. This includes readiness and maturity assessments, prioritised assurance roadmaps, and the delivery of sustainable supply chain audits focused on any of the topics mentioned above. 

For more information on the role of internal audit across the ESG agenda, please don’t hesitate to get in touch with us.