The refreshed UK Corporate Governance Code is ramping up expectations around the material controls that large and listed organisations have in place for their sustainability claims. Within those organisations, strong coordination between the Three Lines model as devised by the Chartered Institute of Internal Auditors is needed to properly mitigate risks, experts warn.

The Economic Crime and Corporate Transparency Act makes it a criminal corporate offence to fail to prevent greenwashing with inaccurate or misleading claims about a company’s environmental, social, and governance (ESG) credentials. Guidance on the Code makes clear that organisations should first ensure they have adequate internal assurance over the effectiveness of their internal controls and whether they are fit for purpose to mitigate the risks. 

Materiality and scope considerations

Carolyn Clarke, Founding Partner of Brave Within, who contributed many of the resources on ICAEW’s sustainability assurance hub, says: “You need to be confident that the things you’re saying about sustainability are founded in truth: in processes; in behaviours in the organisation. Do you understand the materiality and scope considerations in the context of whichever corporate governance code or principles you’re applying, and where you are getting that assurance from within the organisation?” 

However, there may be specific areas where an external view – through either limited or reasonable assurance – is required. “External stakeholders may oblige you to have an external opinion over certain aspects of your reporting and sustainability commitments. For example, the investor community is interested in a certain specific data point. 

“Or perhaps you work with third parties and, as part of your contractual obligations, there is a requirement for you to get external assurance over specific metrics. There’s also a regulatory obligation in Europe for certain environmental measures to be externally assured.”

Clarke says it’s important to be clear on what that external validation is giving you. “Sometimes it’s mapping one data point within the organisation to an externally published report, rather than asking whether that data point itself is accurate, balanced, and founded in meaningful information. Understanding that end-to-end piece is important.”

Coming together of two disciplines

Internal auditors are used to dealing with non-financial risks and working with technical specialists and scientists, Clarke says. However, the combination of scientific knowledge overlayed with experience in following assurance standards remains in short supply. “There’s no shortage of auditors, and there’s no shortage of scientists,” Clarke says. “The challenge is the coming together of those two disciplines in a meaningful regulatory context. The external audit standards and frameworks have yet to catch up and to provide the mechanism for applying that approach with methodology beyond limited and reasonable assurance.” 

Internal audit is well placed to coordinate the overarching view of controls and identify areas where external validation might be needed. “There needs to be closer dialogue between internal audit, senior management and board members so that it”s clear what roles individuals play,” Steve Brown, Brave Within Co-Founder says. 

Clarity on sustainability commitments

Clarke says being clear on the sustainability commitments your organisation is making, and to whom, is the starting point for success. “The alphabet soup of different reporting requirements does make it more difficult, because you’ve got to work out that whole picture. Secondly, be clear about what assurance you have internally and who’s responsible for it. And thirdly, understand stakeholder expectations in respect of the need for an external perspective and where you need to go for external assurance.” 

Finally, Clarke says organisations must be clear on who is driving sustainability assurance programmes internally, where that sits in the governance structure – for example, the audit committee or a sustainability committee – and where the resource and budget to coordinate programmes comes from. “Without that clarity, you’ll have multiple people trying to do the right thing, but there’ll be a risk of excess cost and duplication, or things falling between the cracks,” she warns.

Access ICAEW’s online resources on climate assurance and sustainability assurance.