ICAEW.com works better with JavaScript enabled.

Is your sustainability assurance house in order?

Author: ICAEW Insights

Published: 23 Oct 2024

Sustainability claims made by businesses are increasingly under the spotlight. How should internal audit work with external providers of assurance to ensure material controls are fit for purpose?

The refreshed UK Corporate Governance Code is ramping up expectations around the material controls that large and listed organisations have in place for their sustainability claims. Within those organisations, strong coordination between the Three Lines model as devised by the Chartered Institute of Internal Auditors is needed to properly mitigate risks, experts warn.

The Economic Crime and Corporate Transparency Act makes it a criminal corporate offence to fail to prevent greenwashing with inaccurate or misleading claims about a company’s environmental, social, and governance (ESG) credentials. Guidance on the Code makes clear that organisations should first ensure they have adequate internal assurance over the effectiveness of their internal controls and whether they are fit for purpose to mitigate the risks. 

Materiality and scope considerations

Carolyn Clarke, Founding Partner of Brave Within, who contributed many of the resources on ICAEW’s sustainability assurance hub, says: “You need to be confident that the things you’re saying about sustainability are founded in truth: in processes; in behaviours in the organisation. Do you understand the materiality and scope considerations in the context of whichever corporate governance code or principles you’re applying, and where you are getting that assurance from within the organisation?” 

However, there may be specific areas where an external view – through either limited or reasonable assurance – is required. “External stakeholders may oblige you to have an external opinion over certain aspects of your reporting and sustainability commitments. For example, the investor community is interested in a certain specific data point. 

“Or perhaps you work with third parties and, as part of your contractual obligations, there is a requirement for you to get external assurance over specific metrics. There’s also a regulatory obligation in Europe for certain environmental measures to be externally assured.”

Clarke says it’s important to be clear on what that external validation is giving you. “Sometimes it’s mapping one data point within the organisation to an externally published report, rather than asking whether that data point itself is accurate, balanced, and founded in meaningful information. Understanding that end-to-end piece is important.”

Coming together of two disciplines

Internal auditors are used to dealing with non-financial risks and working with technical specialists and scientists, Clarke says. However, the combination of scientific knowledge overlayed with experience in following assurance standards remains in short supply. “There’s no shortage of auditors, and there’s no shortage of scientists,” Clarke says. “The challenge is the coming together of those two disciplines in a meaningful regulatory context. The external audit standards and frameworks have yet to catch up and to provide the mechanism for applying that approach with methodology beyond limited and reasonable assurance.” 

Internal audit is well placed to coordinate the overarching view of controls and identify areas where external validation might be needed. “There needs to be closer dialogue between internal audit, senior management and board members so that it”s clear what roles individuals play,” Steve Brown, Brave Within Co-Founder says. 

Clarity on sustainability commitments

Clarke says being clear on the sustainability commitments your organisation is making, and to whom, is the starting point for success. “The alphabet soup of different reporting requirements does make it more difficult, because you’ve got to work out that whole picture. Secondly, be clear about what assurance you have internally and who’s responsible for it. And thirdly, understand stakeholder expectations in respect of the need for an external perspective and where you need to go for external assurance.” 

Finally, Clarke says organisations must be clear on who is driving sustainability assurance programmes internally, where that sits in the governance structure – for example, the audit committee or a sustainability committee – and where the resource and budget to coordinate programmes comes from. “Without that clarity, you’ll have multiple people trying to do the right thing, but there’ll be a risk of excess cost and duplication, or things falling between the cracks,” she warns.

Access ICAEW’s online resources on climate assurance and sustainability assurance.

Audit reform

The long-awaited legislation to establish ARGA was put back on the agenda in 2024. ICAEW unpacks the key issues around audit and corporate governance reform.

A person working at a desk covered in papers, a notepad and a calculator

More audit and assurance resources

ICAEW Faculty
ICAEW's Audit and Assurance Faculty can help you stay ahead of the curve with its essential guidance and technical advice.
Audit and Assurance

An internationally recognised network of professionals focused on keeping ahead of the changes to the audit and assurance landscape.

Find out more
Latest support
lego pieces building blocks red blue green yellow on a blue background
Audit and Beyond

Audit & Beyond provides topical features and opinion pieces on audit and assurance, plus all the latest news and developments.

Read more See the archive
ICAEW support
A hand holding a magnifying glass looking at some papers
Training and events

Browse upcoming and on-demand ICAEW events, webinars and training on audit and assurance. Don't miss the latest developments in practice and regulation.

Events and webinars CPD courses and more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250