ESG Audits in India: Issues and Challenges

Communicating the organisation’s ESG objectives is critical to its long-term growth. Therefore, it is always beneficial if the organization continues to report on its non-financial parameters.

Materiality assessment is crucial for the identification and prioritisation of Environment, Social and Governance (ESG) issues that are critical to any organisation. It is meant to help a company to identify and understand the relative importance of specific ESG and sustainability aspects related to it. This involves an assessment of the factors based on two aspects - potential impact on the organization and its importance to the stakeholders. Companies need to also convey the risks and opportunities to the Board. There is a need to also inform various stakeholders about the pertinent issues and the efforts being made to address them.

Selection of ESG framework that aligns with the company’s goals, industry standards and geography or jurisdiction is equally important. There are several accepted frameworks like BRSR, GRI, SASB etc. that help assess the company’s risks. In India BRSR is the framework mandated by Securities and Exchange Board of India (SEBI). Companies need to identify their priorities relating to the nature of their business and the environmental, social and governance aspects of ESG. Each organization needs to select the most appropriate KPIs according to the materiality assessment and report accordingly.

The key to a conclusive ESG report lies in the quality of its data collection. Companies need to provide credible information regarding their ESG goals and performance in order to ensure that there are no claims of greenwashing. Similarly, there is a responsibility on the auditors as well to ensure that they review the data received and check its authenticity before publishing it in the public domain. Assurances are important as without them, the report loses its credibility and harms the company’s reputation.

The most critical aspect of the audit is to publish the ESG report in the public domain for the perusal of its stakeholders. Communicating the organisation’s goals and objectives towards ESG plays a pivotal role in the long-term growth of the entity. Therefore, it is always appreciated if the organization continues to report on its non-financial parameters as well.

With the regulatory authorities providing special attention to ESG disclosures in light of the increasing suspicion about greenwashing, the impetus is on companies to provide a reasonable assurance that the disclosures by them are accurate and verified. An ESG audit supports an organization’s ESG disclosures, substantiates the accuracy of any ESG data an organization discloses and informs stakeholders and leadership if reporting standards are not upheld, or a company’s ESG efforts are missing the mark. In the absence of a formal third party ESG audit, it could be difficult to obtain even a limited assurance with respect to the reported information.

In this light it is also important to look at the SEBI circular pertaining to third party assurance providers. It states that assurance of BRSR Core is profession agnostic and need not necessarily be undertaken by a Chartered Accountant. The Board of the listed entity needs to ensure that the assurance provider appointed for assuring the BRSR Core has the necessary expertise for undertaking reasonable assurance in the area of sustainability. In case an assurance provider sells its products or offers any non-audit or non-assurance services to a listed entity or its group entities, irrespective of whether the nature of the product / service is financial or non-financial, it will not be eligible to undertake assurance of the BRSR Core. The circular also lists activities which are permitted and prohibited.

In so far as internal audits are concerned, planning an effective audit of ESG requires an increased focus on data quality, as internal audit strives to validate and assess the relevance, completeness and accuracy of ESG risk and reporting data. Internal governance could help in consolidation of quality data for reporting and disclosing the actual performance of the entity on ESG parameters rather than doing it as publicity stunt and falling in the traps of greenwashing. Assurance over ESG reporting is crucial. There is a need to review reporting metrics for relevance, accuracy, timeliness and consistency in order to complete the tasks at hand in a timely manner. The formal financial disclosure filings also need to be reviewed, with inconsistencies highlighted and relevant information provided to the Board. There is a need to conduct materiality or risk assessments on ESG reporting as materiality plays a pivotal role in mitigating ESG risks and related threats. It also gives the management a sense of the emerging opportunities.

Companies need an ESG control environment and framework to govern all the ESG programs and activities. There is a need to recommend reporting metrics and frameworks to entities that have suitable operational structure and adhere to the regulatory norms. Advisory could also be given on ESG governance to the Board in case any risk is identified during the process of assessment. It is important to note that in India the internal auditor of a listed entity or its group entities, cannot be appointed as the assurance provider for the BRSR Core. In short, third-party/external auditors help the companies that need to assure their stakeholders that their ESG claims are accurate and do not involve greenwashing. Meanwhile, internal auditor’s role includes validating the effectiveness of ESG-related controls and activities to help organizations manage those risks and foster resilience. Both internal and external audit functions play a pivotal role in providing ESG assurance.

There are several challenges for the external and internal auditors as well. For example, not engaging with the right stakeholders could lead to incomplete risk assessment and missed opportunities for improvement. Organizations need to start conducting thorough stakeholder interviews and involving cross-functional teams in the audit process. Organizations cannot effectively measure and communicate their ESG performance without clear metrics and reporting frameworks. They need to start adopting recognized ESG frameworks and start disclosing non-financial information for all the stakeholders. Collection of data is a cumbersome process and relying on manual execution of data collection and audit reporting could result in missed opportunities to identify, capture and mitigate ESG risk.

ESG data should be collected from across the organization. When data access is limited, the organization may not fully understand the ESG risks it faces. This hampers the risk mitigation strategies and hinders the growth of the organization. It has been noted that most of the organizations still remain doubtful in adopting ESG parameters in assessing their company’s overall performance. In such cases the management of the company needs to set the expectations right for the investors and adopt global ESG best practices in order to survive or rather thrive in the industry.

Disclaimer – The views expressed in this article are the personal views of the authors and are purely informative in nature.