In response to the alarming climate changes on the planet, more and more companies are actively and visibly playing their part in accelerating their moves to a carbon-free world.
As ESG grows and becomes mainstream, so does scrutiny – from consumers, investors, regulators, employees, and the media.
According to Ian Beale, VP, Advisory at Gartner, there is more focus than ever before on what companies are saying, and even more importantly, what they are doing – whether they are doing enough, acting on it fast enough, and whether they are accurately telling the whole story in their public announcements.
This focus raises concerns about greenwashing risks for companies. There are usually two types of greenwashing – the intentional over-inflating of your green credentials and the doing so deliberately.
Ian says many CEOs may make pronouncements about their companies’ performance and plans, sign up to protocols and commit their companies to certain goals, targets, and timelines. They may do this because the feel it is the right thing to do or, more cynically, to try and gain a competitive edge.
“However, unless there is a genuine commitment, investment, resources, and the project management process in place to achieve these goals – and to ensure they are the right goals – there are risks that poor goals are chosen, company strategy is not aligned to the goals, resources are not committed to the right activities and targets will be missed.”
If statements are made, and then not delivered upon, or inaccurate information is reported, there will be a swift and negative impact, warns Ian, with consequences more severe in relation to investors and whether a company is considered ‘investable’ by ESG mandates.
How can internal audit identify and mitigate greenwashing risks
Internal auditing can help to both identify and mitigate greenwashing risks, explains Ian. They can challenge the commitments made by management, for example by questioning if management is making “genuine and substantive commitments to meet the right protocols and adjusting those commitments as new protocols that are announced,” he says.
“Is management aware of the regulations to which they need to comply and making optimal decisions where regulations appear to conflict or overlap?”
He also urges internal audit leaders to ensure that the right management teams, in terms of seniority and expertise, are clearly responsible and empowered to deliver the necessary activities quickly enough.
“They should also check to see that progress and performance are being reported accurately and consistently internally, and that appropriate metrics are being fully, accurately and honestly reported externally with appropriate context.”
Ian explains how these approaches use standard audit techniques to understand a process, assess the risk to the satisfactory achievement of stated goals, and to map the controls needed to mitigate those risks within an agreed and defined acceptable tolerance.
“This approach must also use audit skills to identify and collect data, to challenge management, to robustly critique their plans and statements, to maintain independence (while being a critical friend int his fast-changing area) and to interact professionally with senior management.”
Ian emphasises that there is clearly a need for many teams to upskill in specific ESG areas that are most critical to their organisations, to be able to adequately assess management statements, their activity and system data – something that is always needed for any new and evolving complex risk area.