ICAEW.com works better with JavaScript enabled.

Climate assurance:

Embedding governance and accountability

View the Climate assurance hub
Contents
Back to top

Previous

Climate assurance: Meeting stakeholder expectations

Next

Climate assurance: Considering your organisation's assurance needs

Explore the board's responsibilities, audit committee obligations and the role of internal systems of management and control in delivering appropriate and effective climate assurance.

The board’s responsibilities

Typically, climate is owned as a risk and strategic issue by the board. Directors are on a steep learning curve in determining what they consider to be important. Establishing their assurance strategy follows on from this.

Demand for assurance is often driven by regulatory needs rather than by standing back and thinking about what the organisation really needs to deliver on its strategy and achieve its goals. For example, because there is no regulatory requirement for assurance on Modern Slavery Act statements, assurance activities (both internal and external) may not be undertaken or externally reported. Directors must take greater accountability for deciding what’s important. 

The board is pushing for assurance, but they are still trying to define their strategy. As that clarity emerges, it will generate new assurance priorities, but there is a vacuum at present.

Chief Audit Executive of a global mining group

There is also a question of how the board’s accountabilities are delivered and managed in practice. In Deloitte’s 2021 report, The Audit Committee Frontier – Addressing Climate Change,  61% of audit committee members surveyed believe the board has responsibility for oversight of climate risks. Beyond this, 12% say it is the responsibility of the risk committee and 8% say it is the audit committee. Another 13% suggest it would be owned by another committee, which might include ESG committees. However, 48% of audit committee chairs recognise they are responsible for the effectiveness, independence and objectivity of assurance obtained over climate-related information and disclosure.

Although this research points to only 13% of those surveyed establishing a separate board and/or executive committee for issues associated with ESG, this is a growing number, and we expect more companies to use the opportunity to have a separate forum for discussions. We believe that this provides additional prominence and time to discuss these issues, recognising also that major assurance implications and recommendations will need to be discussed with the audit committee and then, as appropriate, with the full board.

Critical to fulfilling these responsibilities is ensuring the board has the right experience and capabilities to constructively challenge the information and assurance it receives. One non-executive director (NED) told us: “To deliver on expectations, boards need more climate competence. Competence should be assessed by going beyond a desktop exercise to review experience and qualifications. In addition, it’s critical to meet specialists within the company in person and ‘kick the tyres.’”

In Deloitte’s report, 48% of audit committee members surveyed believe they were not equipped to fulfil their climate responsibilities and 34% describe a lack of climate literate talent. In addition, 87% of audit committee members suggested they need more education and 79% improved management information to support their decision processes. Strong assurance should provide a mechanism for building confidence at board level.

Audit committee obligations

Audit committee chairs interviewed for ICAEW’s guidance indicated that they are searching for solutions to the questions about how to get the assurance they feel they need.

Housing Association audit committee chair: “We need assurance providers to come with us on this journey and help us to understand whether we are delivering on our obligations.  While there are many assurance practitioners, it is not yet an established profession like financial auditing. It’s going to take many years to reach that maturity, and in the meantime the focus should be on doing the basics well: having effective controls over the quality of data.”  
Audit committee chair: “My personal view is that if we agree that we have an obligation as the audit committee to oversee management and to ensure good governance, then it is fundamental that we understand the strategy of the company. And fundamental to any strategy are the questions: Are we sustainable? Do we understand the risks, the obligations, and the opportunities that climate change brings? What does this mean for our business? Every audit committee must understand and see how these risks, obligations and opportunities are clearly embedded in the strategy of the organisation.”
Group CAE of a FTSE 100 industrial conglomerate: “A year ago this was an interesting subject, now it is firmly on the agenda. The external auditors are driving the discussion within the audit committee. Our directors are leaning on internal audit to help them ensure the right processes are in place and to support the sustainability team as they gather the necessary information. However, these issues must be owned by the business first.”

Internal systems of risk management and control

Alongside clarity at board level, there is a need to identify which executive is responsible for representing climate-related risks to the board. Authority should be delegated to executives with appropriate experience and capability, but there are challenges from the top down with how this is structured. There must be clear ownership to ensure responsibilities are understood in relation to risk management, reporting, policy setting, monitoring and independent assurance.

A portfolio NED suggested to us: “Sustainability can sit outside of finance, but the CFO has to be responsible for oversight of the annual report. However, finance people rarely have sufficient lived experience of non-financial data. We had a conversation with 11 people in a room on TCFD: it was a little bit of everyone’s job, so who is really responsible?”

It is important to be clear from the outset what the internal accountabilities and responsibilities are for managing climate-related risks and mitigating activities. The three lines of defence model is the common framework for considering this.

First line: As with all risks, management in the first line must own and manage the risk and associated mitigating activities and controls. Management attestation that controls over climate risk are working as intended will become ever more important.   
Second line: In the second line, we need to look at climate risk through a multi-function lens, such as financial, legal, commercial, scientific and technical. There will often be a head of sustainability whose role is to create policies, monitor compliance with these policies, and determine and advise on the relevant metrics and wider commitments that the organisation needs to be able to comply with. Coordination of these functions will be necessary to avoid duplication and create a pragmatic and optimised approach.
Third line: Internal audit in the third line owns the overall internal assurance framework and process and is best placed to integrate the three lines of defence and drive consistency with the second line. There is a strong case for internal audit to act as coach and facilitator across the three lines, as many do for other strategic risks that manifest in multiple ways. 

Companies’ levels of maturity in embedding effective lines of defence vary significantly. While many companies may believe their lines of defence are well established, the need to monitor ESG matters and information provides an opportunity to review this. 

For example, a concern raised by the CAE of a global mining company is that “lines of defence are not well established generally". The CAE added: "Climate risk is not in one place, so how do you differentiate and define accountabilities?” 

Moreover, a NED of a major utility provider told us: “We thought we had a three lines of defence model, but our experience of environmental reporting evidenced that it was not working. The first and second line were operating as one, whilst the third line was not sufficiently involved in oversight.”

We need internal audit to help the organisation in thinking forward appropriately and in ensuring all risks are considered.

Audit committee chair of a Housing Association

We believe climate risk and assurance activities should become embedded in business as usual within organisations as part of the system of risk management and internal control and be discussed at the executive table. Larger companies have had sustainability functions for some time and companies are increasingly seeking to appoint heads of sustainability. However, the skills required are scarce and they won’t always be at an appropriate level of seniority. 

A robust, fully implemented and understandable internal framework will provide directors with a clear view on the confidence they can take from the internal lines of defence. They can then determine where external assurance is required because of regulatory or other demands, and where such assurance creates value and insight.

Recommendations

  • Ensure all directors are clear that they carry the responsibility for managing climate risk and for all related commitments made by the company.
  • Develop an appropriate board and committee structure to evidence appropriate oversight.
  • Integrate climate risk and assurance within the broader audit and assurance reporting and discussions of the audit committee to meet regulatory expectations.
  • Delegate authority from the top down, ensuring appropriate experience and capabilities.
  • Use this opportunity to reinforce the effectiveness and assurance role of the lines of defence in providing directors with the confidence to act.

Case study

Unilever clarifies its approach to sustainability commitments.

A team of office workers in a meeting
This page is part of a series

To find out more about other aspects of climate assurance, visit the hub.

Related articles
Government delivers timeline for S1 and S2 endorsement
  • Article
  • 20 May 2024
Dates for endorsement of the International Sustainability Standards Board’s IFRS S1 and IFRS S2 standards announced, ending speculation over timescales for new reporting requirements.
The role of boards in reaching net zero
  • Article
  • 23 Jan 2024
The non-executive board and the task of the net-zero transition are perfect bedfellows, according to Chapter Zero’s Chief Executive.
Exclusive Update on sustainability reporting and assurance
  • Article
  • 08 Sep 2023
Resources to help auditors keep up with developments around climate, ESG and sustainability reporting, and assurance.
Consultation opens on global sustainability assurance standard
  • Article
  • 03 Aug 2023
The International Auditing and Assurance Standards Board (IAASB) is calling on anyone involved with preparing, using and regulating sustainability reports to feedback on its proposed International Standard on Sustainability Assurance – ISSA 5000.
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.
Login

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields
Next step

Add this page to your CPD activity

Step 2 of 3
Mandatory field
Back Next step

Add activity to my record

Step 3 of 3
Mandatory field
Back Add activity to my record

Activity added

Go to my CPD record

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250
Add activity to my record