ESG and the role of

an internal auditor
April 2023
Renewable Energy Sector
 ESG and the role of an internal auditor

Contents
What is Environmental, Social, and Governance (ESG)? 04
A brief history of ESG  05
Evolution of ESG in India  06
Business Responsibility and Sustainability Report (BRSR)  07
Principles of National Guidelines of Responsible Business
Conduct (NGRBC)  08
The three pillars of ESG  11
How does ESG benefit a business?  13
Internal audit’s role in ESG  14
How can internal auditors support in ESG efforts?  15
Key checkpoints for an internal auditor to consider  17
Conclusion  20

03
ESG and the role of an internal auditor

What is Environmental, Social, and

Governance (ESG)?
ESG is a set of standards used to measure a company’s Conversations and a focus on sustainability, which are typically
behaviour. It is used by socially conscious investors to screen grouped into ESG issues, are quickly evolving. It is clear that
potential investments. ESG matters of any business are strong governance over ESG—along with the support and
interlinked with each other. Due to the pandemic and new culture in an organisation to consider ESG issues—will help
regulatory requirements, ESG has gained greater significance companies be socially responsible rather than just being
amongst investors, policymakers, and other key stakeholders regulatory compliant in the long run. To achieve ESG goals, an
globally. It safeguards businesses from future risks and internal auditor is well-positioned to support a company and
focusses on sustainability. its management with objective assurance, insights, and advice
on ESG matters.

04
 ESG and the role of an internal auditor

A brief history of ESG

In 1987, the Brundtland Commission of the United Nations (World Commission on Environment and
Development [WCED]) directed nations towards sustainable development goals.

In 1992, the United Nations Environment Programme (UNEP) issued a statement of commitment by
financial institutions on sustainable development.

In 2004, the term ESG was coined in a milestone report Who Cares Wins, developed by 20 financial
institutions from nine countries, with total assets of >US$6 trillion under management.

The two reports Who Cares Wins along with Innovative Financing for Sustainable reporting (published by
the United Nations Environment Program Finance Initiative, formed the backbone for the launch of ‘The
Principles for Responsible Investment (PRI)’ at the New York Stock Exchange in 2006 and the launch of
the ‘Sustainable Stock Exchange Initiative (SSEI)’ in 2007.

05
ESG and the role of an internal auditor

Evolution of ESG in India

After the pandemic and with the emergence of new guidelines. But a stronger focus has been built in and it is
regulations in India, the adoption of ESG guidelines has now a part of the law through the Business Responsibility and
evolved. Requirements of certain ESG parts were already Sustainability Report (BRSR) in 2022. The overall journey of ESG
captured under the 2009 Corporate Social Responsibility (CSR) includes the following:

In 2009, the CSR guidelines were published and recommended all businesses to formulate CSR centred
01 policies around six core elements.

In 2011, the Ministry of Corporate Affairs (MCA) published the National Voluntary guidelines (NVGs) on
02 the social, environmental, and economic responsibilities of a business.

In 2012, the Securities and Exchange Board of India (SEBI) issued a circular that made it mandatory for
03 the largest 100 listed companies to publish an annual business responsibility report.

In 2018, the Bombay Stock Exchange published a guidance document on ESG disclosures, which served
04 as a comprehensive set of voluntary ESG reporting recommendations.

In 2020, the Nifty ESG Index launched the ‘National Guidelines on Responsible Business Conduct
05 (NGRBC)’ policy to align with Sustainable Development Goals (SDGs) and the ‘respect’ pillar of the
United Nations Guiding Principles (UNGP). BRSR was made mandatory from FY22.
06
 ESG and the role of an internal auditor

Business Responsibility and

Sustainability Report (BRSR)
In line with the global requirements, SEBI, in its continued Guidelines on Responsible Business Conduct (NGRBC),
effort to enhance disclosure requirements on ESG standards, where reporting in each section requires consideration of
introduced a new reporting requirement named BRSR for these principles. In its annual report, SEBI mandated BRSR
listed companies. BRSR aims to link the financial performance applicability for the top 1,000 listed entities (by market
results with its ESG performance. It has also been developed capitalisation) for reporting on a voluntary basis in FY21-22
in accordance with the nine principles developed by the and a mandatory basis from FY22-23.
Ministry of Corporate Affairs (MCA) and stated in the National

The structure of BRSR

The reporting requirements under BRSR are divided into the following three sections:

General disclosures: This section contains details of the listed entity, its products/ services, operations,
Section - A
employees, group companies, CSR, transparency, disclosure requirements, etc.

Section - B Management and process disclosures: It contains questions related to policy and management
processes, governance, leadership, those responsible for oversight of the policy, etc.

Principle-wise performance disclosures: All companies are required to report on Key Performance
Indicators (KPIs). The KPIs are classified into two sub-categories that companies are required to report on:
Section - C • Essential indicators (mandatory): KPIs include data on training, environmental data on energy,
emissions, water and waste, social impact on companies, etc.
• Leadership indicators (voluntary): KPIs include data on Life Cycle Assessments (LCAs), details on
conflict management policy, energy consumption, etc.

07
ESG and the role of an internal auditor

Principles of National Guidelines of

Responsible Business Conduct (NGRBC)
Principle Essential indicator (Mandatory) Leadership indicator (Mandatory)
Principle 1: • Last review of performance on guidelines • Percentage of employees covered by awareness
Ethical, • Percentage of leadership provided with awareness session on the guidelines
transparent, sessions on the guidelines • Percentage of suppliers and distributors provided
and • Percentage of suppliers and distributors (by value) with social and environmental audits
accountable for whom awareness sessions were held and have • Details of the previous report on responsible
governance sustainable business policies in place business conduct on international frameworks,
• Meetings with minority shareholders availability in public, and assurance by a third
• NGRBC-related complaints received from party
stakeholders and their redressal • Details of non-disputed fines and penalties
• Value of non-disputed fines and penalties • Examples of corrective actions for complaints
• Details of unmet obligations arising from any grant received and fines/penalties
• Complaints of corruption and conflict of interest
received during the year and their redressal
Principle 2: • List of the top three goods/services with their • For goods with details, further details on
Sustainable environmental impact disclosed resources used per unit of production, reduction
and safe goods • Details of investments to improve product in resource used, sustainability standards
and services sustainability adhered to, and product life cycle assessment
• Percentage of procurement from suppliers adhering • Whether the impact of products has been
to sustainability standards or codes communicated to stakeholders
• Percentage of raw material consumed that was reused • Feedback received from stakeholders
or recycled supplemented with relevant details
• Process to safely collect, reuse, and recycle products
at the end of their life cycle

08
 ESG and the role of an internal auditor

Principle Essential indicator (Mandatory) Leadership indicator (Mandatory)

Principle 3: • Complaints on discrimination or harassment received • Categories of employees covered by affirmative
Employee well- during the year and their resolution action
being • Percentage of employees who are part of • Percentage of non-permanent employees linked
associations recognised by the company to any standing platform/association
• Percentage of establishment/value chain audited for • Percentage of child/involuntary labour
child and involuntary labour remediated
• Number of cases of forced/child labour identified, • Percentage of suppliers who paid minimum
and action taken during the year wages
• Ratio of highest to the lowest salary paid • Percentage of supply-chain partners (by value)
• Number of delayed payment cases and their who were assessed for adherence to health and
resolution safety practices
• Details of workplace accidents and fatalities/ • Percentage of accident-affected people integrated
disabilities caused back into employment
• Percentage of employees who were provided with • Steps taken to prevent harassment at work
training on health and safety issues and upgraded • Work-life balance issues highlighted by
with skills employees and their resolutions
Principle 4: • List of key stakeholders identified during the year • Frequency of meetings with stakeholders
Responsiveness • Personnel responsible for interaction with • Examples of incorporation of stakeholder
and respect of stakeholders feedback
stakeholders • Details of engagement with stakeholders • List of vulnerable and marginalised groups in
• Percentage of input purchased from local and small each stakeholder group
vendors • Action taken to address concerns of marginalised
groups
Principle 5: • Percentage of employees trained on human rights • Percentage of value chain partners trained on
Promotion of issues human rights issues
human rights • Percentage of employees (permanent/contractual/ • Stakeholders covered by human rights policies
casual) covered under human rights policies of the company and made aware of the human
• Business agreements reviewed to avoid complicity rights issue grievance mechanism
with human rights violation • Details of corrective actions taken to eliminate
• Stakeholder groups governed by a grievance complicity with human rights violations
committee for human rights issues • Details of due diligence related to human rights
• Number of stakeholders that reported human rights- carried out
related grievances and their resolutions • Examples of business process modified to
address human rights concerns/grievances
Principle 6: • Risks of the adverse environmental impact of • Details on environment impact assessment
Protection and company’s operations identified and steps taken to undertaken, its communication, and action taken
restoration of mitigate these risks • Risk management strategy for identified risks
environment • Good practices to reduce, recycle, and reuse natural • New business-products-services created to
resources address material environmental risk
• Examples of collective action taken along with details • Details of good practices cited for the reduction,
of other initiatives, to reduce adverse environmental recycling, and reuse of natural resources
impact • Details of specific contribution to India’s
• Details of any adverse orders received from Central Nationally Determined Contributions (NDC)
or State Pollution Control Board (CPCB/ SPCB)/ (submitted at UNFCCC COP21 in 2015)
National Green Tribunal (NGT)
Principle 7: • Details of review of public policy advocacy positions • Public policy position available in public domain
Responsible of the company • Examples of policy changes because of company’s
and • Details of trade associations and chamber company advocacy
transparent memberships • Details of corrective actions taken to rectify anti-
public and • Details of any adverse order for anti-competitive competitive practices
regulatory practice received
policies • Monetary contribution to political parties

09
ESG and the role of an internal auditor

Principle Essential indicator (Mandatory) Leadership indicator (Mandatory)

Principle 8: • Social impact assessments completed during the • Details on communication of social impact
Promote year assessment results and actions taken
inclusive • Company’s products/ services/ technology that • Numbers benefitting from such beneficial
growth and benefit marginalised/ vulnerable groups products/ services/ technology
equitable • Details of Rehabilitation and Resettlement (R&R) • For R&R projects, if local people were consulted
development activities, people affected, and gross amount paid to • Details of communication of grievances received
such people from community
• Grievances received from local communities and • Examples of social and economic value addition
their redressal to marginalised communities
• Investments in underdeveloped regions • Examples of how a company’s contribution
• Summary of key themes covered by CSR helped in achieving national development
• Goods and services that incorporate local traditional indicators
knowledge • Examples where benefits of practicing local
• Adverse orders or judgements in intellectual traditional knowledge (being used by the
property disputes related to traditional knowledge business), were shared with the community
• Number of beneficiaries covered under your CSR
projects disaggregated by the vulnerable and
marginalised group categories
Principle 9: • Examples where adverse impact of goods and • Corrective actions taken to address adverse
Value to services has been raised in the public domain impact of goods and services
customers • Percentage of goods by value that carry information • List of product labels and certification being used
about their environmental impact by a business
• Complaints received from customers with respect to • Channel platforms where information on goods
data privacy or advertising, and their redressal and services of a business can be accessed
• Details of consumer complaints received related • Steps taken to educate vulnerable and
to the delivery of essential services and their marginalised consumers about safe and
resolutions responsible usage of products
• Corrective actions taken to address data privacy
and advertising complaints
• Process in place to inform customers about
disruption of any essential service

10
 ESG and the role of an internal auditor

The three pillars of ESG

Successful businesses ideally focus on the three core strategy according to a higher-level framework surrounding
essentials: people, process, and product. Today, more the environment, social responsibility, and governance
companies (both large and small) are building their long-term or ESG.

I. The environmental pillar

Within the environmental pillar, companies tend to usage of paper through online services, such as bank
measure environmental efficiencies, such as water statements, change in account holder details, online
usage, energy consumption, greenhouse gas emissions, transactions, e-KYC. The bank saved about 12 million
waste management, as well as implement solutions and A4 size paper sheets in FY21-22.
set goals to minimise their impact on nature. • An Indian multinational steel-making company has
enhanced the usage of steel scrap in making steel,
Today, top companies in India have taken certain steps utilising 100 percent solid waste and enhancing value
towards consciously taking care of the environment. The from the by-products.
following have now become part of their strategy:
• An Indian multinational information technology
• A large Indian consumer goods company uses post- company has initiated ‘energy as a service’ solution.
consumer recycled plastics in packaging. They have The service is designed to address energy efficiency,
installed ‘Smart Fill’ stations to enable consumers embedded generation, sustainable sourcing, grid
to refill their plastic bottles with home care liquid flexibility, and optimisation.
products and reduce the usage of plastics.
• An Indian multinational bank and financial services
company harnesses digitalisation to reduce the

11
ESG and the role of an internal auditor

II. The social pillar

The social pillar deals with providing solutions and • An Indian multinational bank and financial services
enabling opportunities for employees and communities company creates livelihoods in rural areas through
around—not only to better their lives but involve them their rural livelihood programme. They provide job-
to participate in progress for all. oriented training on a pro bono basis in 11 technical
and 4 non-technical areas, across 21 states/union
The social pillar covers social relationships focussing on territories.
management and employee relationships. This includes • An Indian multinational steel-making company is
human rights, worker’s rights, workplace policies, creating an inclusive workspace to attract and retain
employee wellness and training, Diversity, Equity, diverse talent, including Persons with Disabilities
and Inclusivity (DEI), data privacy, access to career (PWDs) and LGBTQ+.
development and wages.
• An Indian multinational information technology
company has reached 4.8 million people in
Some of the top companies in India have worked
FY22 through their digital skilling initiative for
towards defining their social goals, which has become
its employees, clients, students, teachers, and
part of their strategy:
communities.
• A large Indian consumer goods company has
initiated the development of nutritious products. These initiatives empower the community and improve
It targets to double the products sold and deliver a companies’ reputation, creating value and making it
‘positive nutrition’ by 2025. attractive for investors.

III. The governance pillar

The governance pillar refers to a company’s governance Remuneration Committee consist of independent
policies and practices. At the most fundamental level, directors.
this pillar is all about trust. Can investors trust that a • An Indian multinational bank and financial
company will keep up to its promises? Are the goals of services company has a Social and Environmental
the Board and C-Suite in line with those of shareholders, Management Framework (SEMF) to screen new
employees, and customers? Are employees confident project finance proposals. The framework stipulates
of their workplace safety and fairness? This pillar is environmental and social due diligence for projects
important because it sets the tone for how a company above specific thresholds. It has an exclusion list of
will operate. Good governance practices ensure that a industries not permitted for financing and a list of
company is running ethically and with integrity. This can highly polluting sectors that require additional due
lead to increased profits, lowered risks, and improved diligence while taking financing decisions.
relationships with employees, customers, and other
• An Indian multinational steel-making company has
stakeholders.
became a member of ResponsibleSteelTM – the steel
industry’s first global multi-stakeholder standard
Major steps taken by top Indian companies towards the
and certification initiative that helps its members
governance pillar (of ESG) include the following:
achieve their sustainability goals by providing an
• In a large Indian consumer goods company, hundred independent certification standard and programme.
percent of the Audit Committee and Nomination &

12
 ESG and the role of an internal auditor

How does ESG benefit a business?

Today, more businesses are being introduced to multiple For example, companies with lower energy consumption,
benefits of ESG, such as attracting talent, targeting future reduced water intake, and those that reuse waste generated.
consumers, facilitating brand-enhancement and innovation.
Some of the major benefits and why ESG is more important 4. E
 ffective management of regulatory compliances and
now than ever, are: stakeholders
A business with strong ESG measures, especially on
1. Adds to the top-line growth governance, invites less scrutiny from regulators and
Companies that are environmentally and socially responsible tends to have greater operational freedom. For example,
are more likely to get access, approvals, and licenses giving companies with lower fines, penalties, and enforcement
them fresh opportunities for growth. For example, these actions.
companies tend to attract Business-to-Business (B2B)
and Business-to-Consumer (B2C) customers with more 5. Attracts talent and boosts employee’s productivity
sustainable products, and gain better access to resources Strong companies with good ESG scores tend to attract
through stronger community and government relations. better talent and have longer retention. For example, an
ESG compliant company boosts employee morale and
2. Provides increased access to capital attracts talents per a study by Cone Communications on
Several Asset Management Companies (AMC) have launched Millennial Employee Engagement in 20161; 64 percent of
ESG funds, which use ESG performance of a company millennials consider a company’s social and environmental
to make investment decisions. This is reflected through commitments when deciding a place to work.
various green financial products and instruments (equity,
loan bonds) that have evolved and the growing size of their 6. Investment and asset optimisation
market. A strong ESG proposition can enhance investment returns by
allocating capital to more promising and more sustainable
3. Leads to reduction in costs opportunities. For example, companies with renewables and
Companies that switch to more sustainable methods of waste reduction.
production tend to be more efficient and reduce their costs.

1.
Source: https://static1.squarespace.com/static/56b4a7472b8dde3df5b7013f/t/5819e8b303596e3016ca0d9c/1478092981243/2016+Cone+Communicati
ons+Millennial+Employee+Engagement+Study_Press+Release+and+Fact+Sheet.pdf
13
ESG and the role of an internal auditor

Internal audit’s role in ESG

With various companies across multiple stages of maturity, ESG large. Although mandated, ESG reporting is yet to be
is evolving in India. Large multinationals have accommodated applicable for all, with adoption being imminent across
themselves to ESG requirements and included it in their audit large organisations. As a function, internal audit can
plans. However, for small organisations, the ESG standards and consider including ESG checkpoints in their audit given
frameworks are still new. the increasing focus of regulators, investors, customers,
third-party affiliates, and society at large. The benefits
At present, ESG in India is still considered as a regulator y for getting it right may be significant, as ‘high ESG
requirement rather than taking accountability and performance may translate to better access to capital,
responsibility towards the environment and society at talent, and business opportunities. 2 ’

The following are the multi-fold challenges for internal audit functions starting out with their ESG journey:

01 Lack of a uniform framework 02 ESG topics, such as climate 03 Data required to review ESG reporting
can be challenge to internal change, decarbonisation are often minimal, unavailable,
auditors on how to check and have not been a part of or scattered across multiple
report the results of their ESG audit plans earlier and can departments and its collection can be
strategies. be a challenge to review. a challenge for auditors.

Our recommendation to help mitigate some of these challenges is:

01 Internal auditors need to 02 Internal auditors need to 03 Internal auditors need to gain
be familiar with various engage with experts within expertise in testing various IT systems
terms, such as Green House their teams to be able to and reading relevant non-financial
Gas (GSG) calculation better understand and review data to overcome the challenges of
frameworks. the underlying documents. dependency on various departments.

1.
Source: https://corpgov.law.harvard.edu/2020/09/23/the-seven-sins-of-esg-management/

14
 ESG and the role of an internal auditor

How can internal auditors support in

ESG efforts?
Keeping in mind the internal audit skillset, internal company’s strategic objectives, and discussed regularly at
auditor assistance can be useful in developing various Board meetings.
facets of the ESG framework and build-in the necessary
governance and control aspect. However, internal auditors 4. Collaborate with Enterprise Risk Management (ERM)
can be made responsible for review of the following – It is important for enterprise risk management plans
aspects in ESG: to include significant ESG risks for the management
to identify, assess, and manage them throughout an
1. Evaluate an organisation’s current ESG maturity – organisation. Internal audit can assist the management by
Internal audit can assess the current maturity of an mapping risks and incorporating them as part of their risk
organisation’s ESG strategy by comparing it with other registers.
organisations. This will identify the possible improvement
areas/opportunities. Internal audit can begin by raising 5. Ensure documentation of ESG policies and procedures –
awareness about ESG priorities and its implications, at Internal audit can review ESG policies and procedure
the Board and senior leadership levels. This awareness manuals, which helps the company to communicate its
may help the Board to develop its ESG strategy and goals. strategy, goals, and activities to be undertaken to mitigate
ESG risks.
2. Ensure proper governance structure and oversight –
Internal audit can review roles and responsibilities 6. Perform risk assessments – Internal audit can determine
assigned within the organisation to execute their ESG whether ESG measures are significant to an organisation
strategy and monitor ESG issues. and aligned with investors, customers, and other
stakeholder expectations.
3. Validate the ESG risk management goals – When it comes
to measuring progress, internal audit can ensure that 7. Evaluate the ESG risk management framework – Internal
the goals set are realistic, measurable, included in the audit can review a company’s existing frameworks and

15
ESG and the role of an internal auditor

standards to ensure they are reasonable, being followed, review the management’s ESG financial and non-financial
consistent with industry recommended frameworks and reporting data used for public disclosures. This is done to
regulatory expectations, and comparable with similar avoid unsubstantiated claims that could adversely impact
entities. an organisation’s reputation.

8. E
 valuate the design and operating effectiveness of 10. Collaborate with the legal and compliance department
control activities – Internal audit can audit to identify and – Internal audit can work together with the legal and
evaluate key controls needed to mitigate ESG risks and compliance department to validate that ESG reporting
identify gaps or material weaknesses across core business disclosures comply with applicable regulations. For
functions in an organisation. example, internal audit can list down the ESG disclosure
requirements to identify what disclosures are required,
9. R
 eview ESG financial and non-financial reporting metrics by which agencies (e.g., SEC, AM Best, state governments)
– One of the most critical areas for internal audit is to and in filing deadlines.

16
 ESG and the role of an internal auditor

Key checkpoints for an internal auditor

to consider
I. Environmental
S. No Material issues Checkpoints for consideration

1. Regulatory compliance a. Serious incidents/regulatory breach regarding environmental aspects

b. Nature of the incident and improvements made/ lessons learnt
c. Regulatory action (enforcement/prosecution/fine)

2. Natural hazards Is the company subject to flood, seismic, or other natural hazards?

3. Carbon emissions/exposure to Carbon emissions

climate change a. Does the company operate in an energy intensive sector?
b. Does the company monitor GHG emissions (inclusive of non-directly generated,
for example, outsourced logistics, use of final product, etc.)?
c. Is the production (the carbon intensive activities) mainly outsourced?
d. Plans or actions to control and/or reduce emissions

Exposure to climate change

Could operations be at risk from the current/evolving climate change regulation
and/or physical changes associated with climate change (including increased
flooding, drought, or other severe weather events)?

4. Air emissions Can the company operations originate significant emissions to air (for example, oil
& gas, energy, transportation, chemical)?

5. Chemicals/ hazardous a. Are chemicals/hazardous substances used in the production process?

substances handling the supply b. Is the management aware of any potential disruption to the supply of chemical/
chain hazardous substances used in the production process through regulatory
phase-out?
c. Is the company considering the use of more environment friendly and safer
raw materials/ chemicals in the production process?

17
ESG and the role of an internal auditor

S. No Material issues Checkpoints for consideration

6. Waste management/end life of a. Does the production process originate relevant quantities of waste or
the products hazardous waste?
b. Waste management initiatives to minimise or reuse/recycle waste
c. Are the products offered, designed to reduce their end-of-life footprint?

7. Soil and ground water a. Is there a risk of soil contamination resulting from the activities of the target
company?
b. Is the company aware of any former or current soil/groundwater contamination
issues at the site(s)?
C. Is there a need to conduct investigation or remediation activities?

II. Social

S. No Material issues Checkpoints for consideration

1. Human resources a. Workforce composition (employees, self-employed, trainee, seasonal workers)

b. Do all employees have a formal contract of employment?
c. Turnover rates and talent retention
d. Diversity issues (for example, diversity on boards, pay gap)
e. Serious labour related complaints/claims/enforcement actions
f. Freedom of association and collective bargaining
g. Training
h. Benefits provided to employees

2. Health and safety a. Is the company operating in an industry that presents a high risk of health and
safety?
b. Are workers exposed to high incidence or risk of diseases?
c. Has the company been subject to enforcement actions by the regulators for
breaches of relevant health and safety legislation?

3. Community involvement a. Community investments, sponsorships, product donations

b. Formal programmes in place to promote company involvement with the
community (for example, volunteering, stakeholder engagement, etc.)
c. Previous NGO/media negative campaigns, community/workforce unrest

4. Consumer safety/ products a. Product- or sector-specific regulations (for example, food safety, pharma Good
regulations Manufacturing Practices (GMP))
b. Actions taken to ensure the health and safety of consumers

5. Customer privacy a. A company’s data security policy and IT security management system
b. Sensitivity of information in possession of the company
c. Breach in cyber security across the past 2-3 years
d. Substantiated complaints regarding breach of customer privacy and loss of
customer data

6. Fair disclosure and labelling/fair a. Requirements for product and service information and labelling
marketing b. Incidents of non-compliance concerning product and service information and
labelling
c. Incidents of non-compliance concerning marketing communications

7. Innovation R&D investment plans, patents, innovative products and/or services

18
 ESG and the role of an internal auditor

III. Governance

S. No Material issues Checkpoints for consideration

1. ESG systems and processes Roles and responsibilities:

a. Has an ESG committee/steering committee been established?
b. Commitment and responsibilities on sustainability at a senior management
level
c. Has a designated reference person for day-to-day ESG matters been assigned?
Policies and procedures:
a. Are ESG values and principles clearly communicated (for example, on the
website)?
b. Does the company have sustainability or business conduct policies?
c. Do polices cover discrimination, child or forced or compulsory labour, health
and safety and environmental issues?
d. Are there environmental/health and safety procedures or management
systems in place?
e. What is the level of establishment and embedment of procedures?
Monitoring and reporting:
a. What are the arrangements for monitoring and reporting ESG issues and
performance to senior management/the Board?
b. Does the company publish an ESG/CSR/sustainability report or a designated
section in the annual accounts?
c. Is there a sustainability section on the website?

2. Corruption and business ethics a. What does the organisation currently do to safeguard themselves against
illegal practices?
b. Are there any corporate governance and/or ethical related employee claims/
breach/enforcement/litigation actions related to issues, such as anti-bribery
and corruption, cases of unfair labour practices, human rights abuses, and
other unethical business practices?
c. Does the company make financial or in-kind political contributions?
d. Does the company participate in public policy development or lobbying
activities?
e. Are there any anti-trust issues?

3. Supply chain a. Are key suppliers located in the emerging markets with high social, human
labour, and environmental risks?
b. Is the supply chain part of an industry with high social, human labour, and
environmental risks?
c. Does the company have a responsible purchasing policy/code of conduct for
suppliers?
d. Are ESG criteria included in the selection and monitoring of key suppliers?

19
ESG and the role of an internal auditor

Conclusion
Leaders across businesses, government, and regulatory bodies through ESG reporting. Such an ability can be achieved
alike are realising the importance of ESG for an enterprise. through effectiveness of internal controls around accounting,
An organisation’s well-being and long-term value creation are reporting, and communicating ESG information. Applying the
linked with the financial and ESG strategy. same diligence as applied to financial reporting, could lead
to greater corporate and investor confidence, organisational
As a social justice movement, investors and regulators value, and capital market effectiveness.
have challenged organisations to publicly report on ESG
strategies, commitments, and actions. Organisations that can With financial reporting, internal audit can provide
effectively integrate their ESG strategy into their business independent and objective assurance, insights, and advice on
strategy and risk practices can only communicate effectively ESG matters.

20
 ESG and the role of an internal auditor

Connect with us
Anthony Crasto Himanish Chaudhuri
President, Risk Advisory Partner, Risk Advisory
Deloitte India Deloitte India
acrasto@deloitte.com hchaudhuri@deloitte.com

Arup Sen
Partner, Risk Advisory
Deloitte India
arupsen@deloitte.com

Contributors
Ashish Damani
Niraj Agarwal

21
ESG and the role of an internal auditor

22
ESG and the role of an internal auditor

23
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company
limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and
each of its member firms are legally separate and independent entities. DTTL (also referred to as
“Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a
more detailed description of DTTL and its member firms.

This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP). This material
(including any information contained in it) is intended to provide general information on a
particular subject(s) and is not an exhaustive treatment of such subject(s) or a substitute to
obtaining professional services or advice. This material may contain information sourced from
publicly available information or other third party sources. DTTILLP does not independently
verify any such sources and is not responsible for any loss whatsoever caused due to reliance
placed on information sourced from such sources. None of DTTILLP, Deloitte Touche Tohmatsu
Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by
means of this material, rendering any kind of investment, legal or other professional advice
or services. You should seek specific advice of the relevant professional(s) for these kind of
services. This material or information is not intended to be relied upon as the sole basis for any
decision which may affect you or your business. Before making any decision or taking any action
that might affect your personal finances or business, you should consult a qualified professional
adviser.

No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any
person or entity by reason of access to, use of or reliance on, this material. By using this material
or any information contained in it, the user accepts this entire notice and terms of use.

© 2023 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited