How to navigate regulatory demands and stakeholder expectations

We are seeing three regulations related to sustainability reporting which chief audit executives should contemplate in 2024 and 2025.

In brief

• Internal audit’s perspective is key to empowering organizations in navigating the evolving sustainability landscape.
• As internal audit functions prepare their 2024 and 2025 audit plans, they should consider how it addresses sustainability reporting, including emerging regulations.
• Embedding ESG into internal audit projects can help organizations make progress on their sustainability reporting compliance.

According to recent sustainability trends, companies are facing a dilemma between urgency and inaction with evolving ESG attitudes and geopolitical uncertainties. Despite the wait-and-see approach on certain key actions, there continues to be growing global sustainability reporting regulatory requirements and increasing expectations by key stakeholders over sustainability reporting.

With the growing prominence of regulations such as the European Union’s Corporate Sustainability Reporting Directive (CSRD), California’s Climate Disclosure Laws, and the Securities and Exchange Commission (SEC) Climate Rules, it is critical for chief audit executives to engage business leaders in their organization and pose key questions to relevant stakeholders regarding readiness. We are increasingly seeing that 2024 internal audit plans consider these evolving regulatory and sustainability reporting risks, and we anticipate this will continue into 2025.

Adopting these unfolding regulations demands ramped-up data efforts, an understanding of the organization’s greenhouse gas (GHG) emissions quantification processes, and precision in disclosures and related controls. Building effective compliance measures involves resource allocation, readiness assessments, and careful strategizing to prevent the risk of penalties. Enhancing stakeholder trust becomes a priority with the demand for heightened transparency. The task is cut out for organizations to navigate these challenges, safeguard their reputation, and future-proof their reporting processes in 2024 and beyond.

While uncertainty persists around the implementation of some of these current regulations, organizations’ risk and internal audit functions should consider what actions they can take now to set their organization up for success. What proactive steps can be taken for a particular regulation that may help address other requirements and enhance the company’s current sustainability reporting? A readiness assessment can help to identify the efforts necessary for efficient compliance. Additionally, an ESG program maturity assessment or GHG emissions reporting assessment can enhance any organization’s resilience and compliance in sustainability reporting, whether voluntary or regulatory.

Sustainability reporting readiness

While uncertainty remains around the implementation and enforcement of recent regulations, particularly in the US, organizations in any geographical location can benefit from the following two internal audit projects to improve overall sustainability reporting maturity.

GHG emissions reporting assessment

The measurement and disclosure of GHG emissions forms the foundation of many existing voluntary initiatives and ESG reporting regulations. Legislative changes, such as those proposed under the EU’s CSRD and US SEC’s climate-related disclosure, are a few examples of recent regulatory changes driving the focus on GHG emissions reporting. Companies can perform a GHG emissions reporting assessment to gain a comprehensive understanding of their emissions quantification processes. This audit can provide actionable insights for process improvement while identifying and managing related risks effectively.

What activities are typically performed in a GHG emissions reporting assessment?

What are the anticipated outcomes of a GHG emissions reporting assessment?

• Highlights clear insights into the current GHG emissions performance of the organization
• Provides in-depth observations of the organization’s current state of GHG accounting, identifying areas that could be strengthened to achieve limited and eventually reasonable assurance
• Develops standardized global process and control documentation and remediation plans for associated gaps

ESG program maturity assessment

The demand for an ESG program maturity assessment is driven by the need to stay competitive, prepare for uncertainties, strategically allocate efforts and unlock hidden value. Companies can undertake a comprehensive ESG program maturity assessment to gain essential insights into their ESG reporting practices. It serves as a transparent tool to gauge the present status, facilitate sustainable growth, and design action plans conducive for long-term advantages in an ever-evolving environment.

What activities are typically performed in an ESG program maturity assessment?

What are the anticipated outcomes of an ESG program maturity assessment?

• Detailed insights into the organization’s current ESG performance, benchmarked against industry standards
• Comprehensive evaluation of existing ESG practices and identification of areas for enhancement, thereby paving the way for improved sustainability and assurance levels

Current regulations

Corporate Sustainability Reporting Directive (CSRD)

The European Sustainability Reporting Standards (ESRS) is a set of detailed disclosure requirements developed by the European Financial Reporting Advisory Group (EFRAG) as mandated by the European Commission under the Corporate Sustainability Reporting Directive (CSRD). An ESRS gap assessment can be performed to assess the organization’s alignment with the detailed reporting requirements in the ESRS.  Acting as a strategic compass, this assessment uncovers an organization’s strengths and identifies potential vulnerabilities in their strategic planning, thereby unlocking numerous opportunities. The assessment is not just a process evaluation. It also empowers organizations to align their sustainability performance and reporting with the ESRS framework.

What activities are typically performed in a CSRD/ESRS readiness assessment?

What are the anticipated outcomes of a CSRD/ESRS readiness assessment?

• Delivers critical insights into the organization’s readiness to comply with CSRD/ESRS reporting requirements
• Identifies areas that require more robust policies, processes, including controls for complying with CSRD/ESRS reporting requirements

California’s Climate Disclosure Laws

In October 2023, California enacted the Climate Accountability Package, requiring entities to disclose greenhouse gas emissions comprehensively, in alignment with the Greenhouse Gas Protocol, and disclose its climate-related financial risk and measures adopted to reduce and adapt to climate-related financial risk, in alignment with TCFD recommendations. The California Climate Corporate Data Accountability Act (Senate Bill 253) requires both public and private companies doing business in California and generating over $1 billion in gross annual revenue to disclose their Scope 1, Scope 2, and Scope 3 greenhouse gas emissions to a California emissions reporting organization on an annual basis, as well as to obtain third-party assurance. The California Greenhouse Gases: Climate-Related Financial Risk Act (Senate Bill 261) requires both public and private companies doing business in California and generating over $500 million in gross annual revenue to disclose on a biennial basis on its website its climate-related financial risk and measures adopted to reduce and adapt to climate-related financial risk, in alignment with the TCFD recommendations.

What activities are typically performed in a California Climate Disclosure readiness assessment?

• Assessment questionnaire: Develop a questionnaire based on a screening of California’s climate disclosure regulations.
• Interviews: Conduct stakeholder interview sessions to determine the company’s preparedness to report against California climate disclosure requirements.
• Document review: Obtain and analyze relevant processes, policies and procedures.
• Readiness determination: Analyze data gathered to gauge the company’s present readiness level for each law.
• Gap identification: Document current processes and identify gaps against climate disclosure requirements.
• Preliminary observations: Develop and share initial findings and recommendations with management stakeholders.
• Reporting: Prepare educational materials, assessment report, and executive summary of gaps for stakeholders.

What are the anticipated outcomes of a California Climate Disclosure readiness assessment?

• A comprehensive understanding of the organization’s status in terms of compliance with California’s climate disclosure regulations
• An in-depth readiness assessment report along with an executive summary highlighting critical gaps in policies and disclosures

SEC climate disclosure rules

The U.S. Securities and Exchange Commission (SEC) newly minted climate regulation mandates companies to disclose climate-related information in their annual reports and registration statements. This regulation, which came into effect on March 6, 2024, is a significant stride toward transparency and accountability in the corporate world’s approach to climate change. The new rules require companies to disclose material climate-related risks, including their impact on the company’s strategy, business model and outlook. This includes both physical and transition risks, and companies are required to explain how these risks are likely to affect them in the short term (i.e., the next 12 months) and long term (i.e., beyond the next 12 months). Furthermore, companies must disclose any climate-related targets or goals that have a material impact on their operations.

The climate regulation also requires large accelerated and accelerated filers to disclose material Scope 1 and Scope 2 greenhouse gas emissions, subject to third-party assurance. However, smaller reporting companies and emerging growth companies are exempt from this requirement. No companies are required to disclose Scope 3 GHG emissions.

While the regulation provides a grace period for compliance, it undoubtedly increases the degree of transparency required in financial reporting. Compliance with this regulation will demand a synergistic integration across a variety of corporate functions, making it crucial for companies to foster cross-functional collaborations.

What activities are typically performed in a SEC Climate Rule readiness assessment?

• Document review: Analyze relevant processes, policies, and procedures.
• Process and controls review: Assess existing reporting controls and processes, as they may need to be reassessed, and potentially restructured, to effectively capture and control this new regulatory requirement.
• Gap identification: Document current processes and identify gaps against SEC Climate Rule requirements.

What are the anticipated outcomes of a SEC Climate Rule readiness assessment?

• A comprehensive understanding of the organization’s status in terms of compliance with SEC Climate Rule regulations
• An in-depth readiness assessment report along with an executive summary highlighting critical gaps in policies and disclosures
• A cross-functional collaborative environment, spanning across Legal, Risk, Compliance, Finance, Information Technology (IT), and Internal Audit, necessary to ensure accurate and complete representation of climate-related data in the assessment report.

In conclusion:

Chief audit executives should consider enhancing their teams’ capabilities related to sustainability to effectively manage these emerging sustainability reporting risks. Whether through professional development or bringing in new team members with specialized knowledge, these projects can further equip audit teams to handle the complexities of ESG auditing. This approach will position companies at the forefront of sustainability reporting practices and drive compliance in 2024 and beyond.

The views reflected in this article are the views of the author(s) and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.