Unimplemented controls could derail your ESG compliance efforts

Two-thirds of organizations have not implemented environmental, social and governance (ESG) controls, and 60% do not currently perform internal ESG audits, according to a report by AuditBoard.

Lack of ESG program readiness

This lack of ESG program readiness raises the risk of reporting incomplete or incorrect data and leaves organizations unprepared to maintain compliance with future regulations, including the forthcoming ESG rules from the Securities and Exchange Commission (SEC).

The report also indicates that some organizations are more advanced than others in their ESG program readiness. For example, over 75% of respondents said they currently collect evidence for ESG metrics, and 26% reported that they plan to begin performing internal ESG audits in the next year.

In addition, 61% reported having a dedicated ESG team or committee with representatives from audit, compliance, legal, and/or risk management.

Despite progress, readiness gaps remain at many companies. For instance, only one-third of respondents report being in compliance or planning to comply with the proposed SEC ESG rules. For those that do plan to comply, the report findings reveal that 90% currently fall within the bottom half of maturity levels for reports and disclosures.

Resourcing is also a potential issue, as 46% of respondents reported that there is no dedicated budget allocated for ESG technology or headcount. Even among those with an ESG budget, only 9% have a budget allocated for ESG program management technology.

The integration of ESG principles

“The AuditBoard survey on ESG maturity reveals an urgent need to align investment with controls and transparent disclosure. As companies face looming ESG regulations across the globe, the integration of ESG principles cannot remain segmented,” said John A. Wheeler, former Gartner IRM Analyst and Senior Advisor, Risk and Technology at AuditBoard.

“Integrated risk management (IRM) technology offers a pathway to unify these elements, ensuring that businesses are not just compliant, but are leading the way in sustainable practices. By marrying investment with robust controls and clear disclosure, companies can prepare for the regulatory landscape and position themselves as responsible stewards in the global market,” Wheeler continued.

• ESG is not included as a strategic part of enterprise risk management (ERM) at many organizations: 40% of organizations don’t include ESG risks in ERM strategy, and 35% of organizations have not performed a materiality assessment.
• Of four key areas of ESG competency (Investment and Processes; Breadth and Depth; Reporting and Disclosures; and Governance and Controls), survey respondents displayed the highest maturity in Investment and Processes and the lowest maturity in Reporting and Disclosures.
• The most tracked topics in each ESG category were: Climate change and carbon emissions (Environmental, 72%), Gender and diversity (Social, 75%), and Board composition (Governance, 66%).