Auditing the ESG Process



Why you should attend

  • Sustainable business practices and Environmental, Social and Governance reporting are getting an increasingly high profile.
  • A growing number of organisations are recognizing that adopting ESG best practices can be an important business differentiator.
  • In addition, more and more stakeholders are imposing sustainability-related requirements on organisations seeking financing.
  • This course provides an overview of the role of Internal Audit in reviewing these crucial activities
  • The potential impact and implications of environmental, social and governance (ESG) developments, and value creation through ESG will be explored and discussed during the course.

After completing this course you will be able to

  • Audit Environment, Social responsibility and Governance with confidence
  • Review the effectiveness of the overall ESG environment
  • Meet stakeholder expectations regarding ESG
  • Help the business deliver benefits from environmental, social and governance management
  • Ensure that ethics and sustainability receive more attention
  • Assist the Board in their ESG oversight

Who should attend

Who should attend

  • Heads of Internal Audit
  • Audit Managers and those about to be appointed to that role
  • Lead Auditors
  • Senior auditors
  • Other assurance professionals that need a greater understanding of ESG assessment techniques

Course Details

Course Level

  • This is an intermediate level course and delegates should ideally have at least 12 months experience in Internal Audit (or other assurance roles) to attend.
  • Delegates should have a good educational standard and ideally a professional qualification
  • No advance preparation is required
  • Delivery method – On-line-live (with exercises and case studies to provide practical application of the tools and techniques)

CPE credits

Participants will earn 9 CPE credits ( 6 in the Auditing field of study and 3 in the Management Advisory Services field of study)


The Pillars of ESG

  • Environmental, Social and Governance responsibility
  • The need to demonstrate responsible business processes
  • The ESG cycle
  • The benefits of ESG
  • Improved environmental performance
  • Improved employee health and wellbeing
  • Increased stakeholder engagement
  • Access to additional funding
  • Improved transparency of supply chain risks
  • Attracting ‘ethical consumers’

The Internal Audit role in ESG

  • Raising ESG risk awareness with audit committees and boards.
  • Promoting opportunities to improve efficiency and effectiveness.
  • Assisting the organisation to achieve its strategic ESG goals
  • Assisting delivery of risk management solutions in the ESG arena
  • Promoting awareness of transition risk to assist the organisation to beat the curve as ESG policy implications become more apparent.
  • Ensuring climate-related risks receive attention
  • Meeting with functional management to discuss the ESG audit
  • Determining sources of information
  • An ESG audit checklist will be shared
  • Exercise 1 – Pre-Meeting with management: Role Play

The Environmental audit

  • Overview of current environmental thinking
  • Structure and requirements of ISO 14001
  • Key environmental concepts and essential terminology
  • Key focus areas for auditing core environmental processes
  • Overview of current environmental legislative requirements and relevance to auditing
  • Objectives and types of environmental audits
  • Processes and techniques for planning, conducting & reporting audits
  • Ensuring consistency
  • Is there a Departmental Environmental Policy?
  • Has a Department Environmental Coordinator been formally appointed?
  • Exercise 2 –Challenges of environmental audit

Energy and Water management

  • Are there defined maintenance programmes to ensure all equipment is operating at optimum efficiency?
  • Is there a written commitment to reduce energy use?
  • Are there formal arrangements to replace energy inefficient equipment/fixtures?
  • Are there formal procedures to consider energy efficiency when purchasing new equipment?
  • Are there records of energy use for the Department’s premises (e.g. break down by floor)?
  • Have there been reviews undertaken to identify energy use and minimisation opportunities?
  • Water management and economy of use
  • Is any wastewater recycled? If so, describe briefly (i.e. treatment and use).
  • Licences or applications on file pertaining to water pollution control regulations
  • Criteria for reviewing the premises discharge strategies
  • Exercise 3 –The energy/water management audit

Waste management

  • Dangerous waste
  • Chemical waste
  • Biological/infectious waste
  • Solid waste (including obsolete equipment)
  • Radioactive waste
  • On-site waste or disposal systems
  • Waste recycling programmes
  • Off-site facilities used for waste treatment and storage

Ethical and sustainable purchasing

  • Are key suppliers located in emerging markets with high social, human labour, environmental risks?
  • Is the supply chain part of an industry with high social and, environmental responsibility?
  • Does the business have a responsible purchasing policy/Code of Conduct for suppliers?
  • Are ESG criteria included in the selection and monitoring of key suppliers?
  • Compliance with health and safety regulations and/or Departmental guidelines
  • Packaging materials (quantity, biodegradability, recyclability etc.)
  • Exercise 4 –Ethical and sustainable procurement

Other key environmental topics

  • Air emissions and indoor air quality
  • Noise Control
  • Transportation and travelling practices
  • Environmental information publicity
  • Dangerous goods
  • Environmental site audit
  • Sustainability audit
  • Environmental emergency prevention and preparedness
  • Exercise 5 – Select a topic and brainstorm the issues

Auditing Reputation

  • The rise of reputation as a key risk
  • The increasing importance of a positive image – the need to be admired
  • Where does reputation come from?
  • How do you measure it?
  • The magnifying effect on reputation of business failures
  • How to judge reputation
  • Identifying Reputational Risks
  • A checklist for reviewing reputational risk will be provided to all delegates

Day 2    Social responsibility and Governance

Social Responsibility and ethics

  • The increasing importance of Corporate Social Responsibility (CSR)
  • IIA standard 2110 re auditing of ethics
  • What constitutes CSR
  • The wider aspects of CSR and the implications for IA
  • Doing responsible things responsibly
  • A paper on auditing ethics will be provided
  • Redefining IA role with CSR in mind
  • An audit framework
  • How to audit CSR – key steps
  • Is communication with main stakeholders taken seriously?
  • Are the expectations of these stakeholders accurately understood, and what are the risks that these will not be met?
  • Are opportunities taken to develop the ethical reputation of the business?
  • How do we ensure that staff have and display the right attitudes?
  • Has the business assessed its reputation for social responsibility and its impact on our business prosperity?
  • Is the Board, and in particular the Chief Executive, sensitive and responsive to the concerns of customers
  • Exercise 6 – CSR the audit challenges

Social Responsibility evaluation

  • How are social responsibility issues identified and incorporated into the organization?
  • Review current applications/systems used, including spreadsheets, data files and automated controls
  • Determine how management oversight is incorporated into the process
  • Determine what controls (manual & system) are in place to avoid unauthorized purchases and spending limit workarounds
  • Determine if internal controls are in place throughout the process
  • Determine if proper segregation of duties exists
  • Meet with the third-party charitable organization receiving the funds, resources or actions to determine the impact.
  • Evaluate the impact of the company’s social efforts with recipients, local news organizations and the charitable community (trade publications).
  • Ensuring social responsibility considerations incorporated into the corporate code of conduct
  • Ensure public relations have effective procedures to respond to social responsibility issues.
  • 2 CSR checklists will be provided
  • Exercise 7 – CSR key aspects (Moonshot)

The key aspects of Corporate Governance    

  • The key aspects of  Corporate Governance
  • 6 core principles of governance
  • Governance warning signs
  • New corporate governance insights paper will be shared
  • How the organisation is managed on behalf of the stakeholders
  • Governance statements highlighting ESG maturity
  • The key parties within Governance
  • Audit Committee
  • The Board
  • Regulators
  • Customers
  • Suppliers
  • A Governance toolkit will be shared
  • Exercise 8 – Corporate Governance challenges

Corporate Governance and the Internal Audit Role

  • Meeting Stakeholder requirements
  • How the organisation is managed on behalf of the stakeholders
  • Developments in CG – new paper
  • The audit role in the CG process
  • The risk focus of the function (and the relative roles of other assurance providers)
  • Coordination with other assurance providers
  • A guidance paper on assessing organisational governance will be provided
  • ESG Trigger events Exercise 9 – Determining the Governance ESG issues

Analysing and assessing the effectiveness of Governance

  • Business process analysis techniques
  • Process objectives and risk
  • The need to understand the business objectives
  • Developing a programme to reflect these objectives
  • Defining and measuring strategic objectives
  • Determining process components
  • The link between ESG objectives and risk
  • The link between risks and controls
  • Process and business system controls
  • The link between inputs and outputs

Meeting Stakeholder expectations

  • Who are the stakeholders?
  • Are stakeholders’ expectations known?
  • Are the expectations clear?
  • How can you meet the widely differing expectations?
  • Are there any areas where expectations could be exceeded?
  • Are there any quick wins?
  • What reports should IA provide to stakeholders?
  • A new paper on working with stakeholders will be shared
  • New advice on auditing ESG strategy
  • Exercise 10 – Meeting the ever expanding needs of stakeholders – what should the IA role be?

About Phil Griffiths

Phil Griffiths, FCA

Phil Grifffiths

Phil Griffiths is founder and Managing Director of Business Risk Management Ltd.

A Chartered Accountant, he has over 30 years experience in risk management, Corporate Governance, internal audit and fraud prevention as practitioner, professional adviser, facilitator and trainer.

His areas of specialism are:


  • Assisting Senior Management to identify, manage and then exploit the risks within their business via facilitated business risk management programmes
  • Helping Internal Audit functions to implement world class standards.
  • Developing fraud prevention, detection and investigation programmes
  • Training both private and public sector organisations in all the above disciplines.

He has extensive experience of the European, Asian, Middle Eastern, and African markets having trained professionals from over 1000 organisations in these regions during the past 15 years

He has extensive experience of managing and auditing major International projects. He has also direct experience of negotiating major contracts (including the largest mobile telecommunications contract in the world at the time)

Phil has developed strategic alliances with professional bodies and world renowned training companies, to deliver training and consultancy services across Europe, Asia, the Middle East and Africa.

He has developed over 300 training courses on all aspects of internal audit, risk management and fraud and delivered them across the globe.

He has led risk management programmes for more than 120 private and public sector clients tailored specifically to include facilitated workshops, development of risk strategies and assistance with implementation

He is an accomplished author. His book ‘Risk Based Auditing’ is an international best seller and his new book ‘Enterprise Risk Management – the key to business success’ is receiving much acclaim

Phil has published research into many aspects of internal audit and risk management best practice, including “Strategic Risk management” “The Need to Co-ordinate Assurance Providers” and “The Expectations of Chief Executives towards Internal Audit and its future”

He is recognised as an accomplished and charismatic facilitator, trainer and lecturer and is in continual demand to speak at the most prestigious events on risk management, internal audit and fraud.

Schedule Overview

Course Fee and Timings

The fee for the 2-day course is GBP 450 (US$ 570) which includes comprehensive course materials. The course will consist of three 1.5 hour sessions each day.

The course will consist of three 1.5 hour sessions with the following UK timings

  • 9.00 – 10.30 Session 1
  • 10.30 – 10.45 Break
  • 10.45 – 12.15 Session 2
  • 12.15 – 13.00 Break
  • 13.00 – 14.30 Session 3


Back to Top

Enter your email and subscribe for regular updates from Innoverto