The ESG Checklist for

Internal Audit:
Guide to Regulations, Risks, and Roles

As organizations embark on their 
 to set up processes to comply with global

ESG journey, the role of internal audit regulations, and what roles your team and
and risk professionals is becoming other departments can take to drive ESG
increasingly visible and critical to help program success. And to note, your ESG
drive ESG performance. From assessing program is an ongoing effort that will
a broad range of ESG-related risks to require continuous evaluation—from the
internal controls you establish to the people
ensuring the completeness and
you involve, internal audit teams need to
accuracy of sustainability data, ESG
remain agile. With that in mind, let’s dive in!

presents a unique opportunity for audit

professionals to add value and elevate
their role as a strategic advisor.

But with an ever-changing ESG ESG Program

landscape, how can internal auditors take
advantage of this opportunity to help
their organizations prepare?

This checklist can help! Use it as a starting Audit Risk

point to identify key actions. We’ll review
items for identifying and assessing ESG-
related risks, what to consider and how
 Risks

To effectively mitigate ESG-related risks

and meet ESG performance goals,
integrating ESG concepts and material risks
into your strategic planning and enterprise
risk management should be at the top of
your list. In fact, a recent study found that
52% of organizations surveyed report that
identifying and assessing ESG-related risks is
the number one priority for their
organization’s ESG strategy, while 87% find it
as a priority overall.

Given the importance, here’s a checklist to help you get started:

Engage key stakeholders, including the Develop, implement, and harmonize

board of directors, to discuss how your policies, processes, controls, and control
organization is approaching ESG

activities to maximize ESG opportunities
and mitigate risks


Conduct a materiality assessment and

create a list of the topics that are material Implement monitoring activities across
to your organization

the second and third lines of defense to
determine if control activities are yielding
Understand how ESG aligns with your expected results and helping achieve ESG
organization’s strategy and pinpoint the commitments


ESG topics that are most applicable to

your business

Establish a regular reporting process 

to share relevant information with
Familiarize yourself with your stakeholders on ESG performance and
organization’s current ESG program and compliance with regulatory requirements


what’s being reported both internally or

externally

Re-evaluate and respond to new 

ESG-related risks with appropriate internal
Integrate material ESG-related risks into controls


your broader enterprise risk assessment

and management process

Schedule retrospective reviews to
determine what’s working well and how to
Start auditing the completeness 
 continuously improve
and accuracy of any current ESG-
related metrics that your organization
reports externally

2
 Regulations

With the extensive nature of both proposed

and forthcoming ESG regulations, internal
audit teams across the globe are facing Want more
change at a relentless pace. Here’s a information about
checklist of considerations as you help your ESG regulations
organization get regulation ready: across Europe?
Determine what regulations or standards 
 Download this guide to get detailed
apply to your organization. Here are some information for current regulations in
notable regulations to consider: Austria, Belgium, Denmark, Finland, France,
Germany, Ireland, Italy, Netherlands,
CSRD: Approximately 50,000 organizations will Norway, Portugal, Spain, Sweden,
be required to report beginning in 2024. This Switzerland, the U.K., and the E.U. at large.
includes any third-country organization with
E.U.-based subsidiaries, or with securities on
E.U.-regulated markets, with a net turnover of
€150m within the E.U. Learn more.


ISSB IFRS S1 and IFRS S2: The IFRS Apply practices developed from internal
Sustainability Disclosure Standards will focus on controls over financial reporting (ICFR)
useful sustainability information, which is practices to internal controls over
enhanced if the information is “comparable, sustainability reporting (ICSR) and modify
verifiable, timely, and understandable.” While not existing ICFR practices as needed to fit 

currently mandatory, the U.K. and Japan have unique ICSR challenges


committed to use the standards if they pass
their endorsement processes and many other Tap into existing expertise across your 

countries have indicated interest. The effective organization, including the CFO team, who 

date for the application is 2024, with the first has extensive experience in applying 

reports published in 2025. Learn more.

 ICFR concepts

TCFD: Currently mandated in the U.K. and seven Use COSO’s ICIF-2013 framework, which is
other jurisdictions, the TCFD consists of a applicable to ICSR, as a starting point to 

framework of recommendations intended to design, implement, and maintain a system of
help organizations disclose climate-related risks internal controls

and opportunities, but can be adopted by any

company looking to improve the way they assess Map out and understand where your
or disclose climate-related risks. Learn more.

organization’s ESG data is coming from

SEC: The rule requires climate-related Determine how complete, accurate, relevant,
disclosures, including material climate-related and reliable your ESG data is and document 

risks and how companies are managing them, the reliability of information sources


and climate-related targets or goals that are
material to a company’s financial performance. Formalize processes for managing data from
Large accelerated and accelerated filers will outside parties, such as vendors and
have to disclose Scope 1 and/or Scope 2 GHG government entities


emissions, if material, requiring limited

assurance (with a phase-in period). Large Adapt current tools or adopt new technology
accelerated filers will eventually transition to to help manage data gathering and aggregation
reasonable assurance. Learn more. to improve accuracy and consistency

3
 Roles

Don’t overlook the importance of defining Build relationships with departments who have
clear roles and responsibilities for your never been through the assurance process before

organization’s ESG program. Taking a

strategic approach with cross-department Coach employees to help them understand the
alignment and well-coordinated plans will auditing process, what is needed from them, and
how to prepare data and processes for the
help you avoid silos and potential rework.
scrutiny of a regulatory agency

Here’s a checklist of what to consider

across teams: With the breadth and depth of ESG requirements and
risks—and fast pace of change—it’s important to
take an agile approach. You should look to modify
Assemble a multidisciplinary team with
members from key departments, including your strategy, processes, and controls as often as
finance, accounting, sustainability, legal, and necessary to align with the current ESG landscape.

investor relations


The good news is that you don’t have to take this

Align on what issues are most important to journey alone—Workiva is here to help! Our
your organization and define ESG targets 


connected platform is the only one that unites

governance, risk, and compliance (GRC) processes
Meet on a regular basis to measure ESG
performance, discuss new risks, determine directly with ESG and financial reporting, helping you
adjustments to your program, and identify any increase collaboration, improve accuracy, and
action needed to mitigate risks



simplify the assurance process.

To learn how we can help your team prepare for ESG

regulations and maximize your impact, request a demo.

About Workiva

Workiva Inc. (NYSE: WK) is on a mission to power transparent reporting for a better world. We build and deliver the
world’s leading regulatory, financial, and ESG reporting solutions to meet stakeholder demands for action, transparency,
and disclosure of financial and non-financial data. Our cloud-based platform simplifies the most complex reporting and
disclosure challenges by streamlining processes, connecting data, and ensuring consistency.



Text Text Text Text

20240311

The information contained herein is proprietary to Workiva and cannot be copied, published, or distributed without express
prior written consent. Copyright 2023 Workiva Inc. Workiva is a registered trademark of Workiva Inc. All rights reserved. workiva.com | [email protected]