Introduction
Environmental, Social, Governance (ESG) is by now a well-worn topic in corporations; seems like almost every company is looking to “greenify” its business model and practices, intent on reducing carbon footprint while increasing corporate sustainability. The ‘purpose and principles of business’ have been universally challenged and social governance and equity are critical business topics. All great endeavors, but where should Internal Audit focus its efforts across this ESG expanse, to add value and provide some bang for the buck?
While ESG is a broad risk topic, covering 15 – 20 risk areas, here are my top 3 suggestions for Internal Audit teams to add value and increase relevance covering ESG risk.
Audit your Company’s Diversity Equity and Inclusion (DEI) Program
Many if not all organizations have devoted much effort over recent years to developing their DEI Programs, covering all aspects of gender, race, age, orientation, disability, equity within hiring and promotion, compensation, organization impact and roles. However, many organizations still fall short on achieving their diversity goals, despite well-coordinated and well-intended efforts often involving the most senior corporate executives and board members. For example, post-pandemic, disability has spiked up and become much more prevalent given the big increase in people managing through lockdown-related mental health challenges and it is critical that US companies be mindful of and fully comply with the broad disability-related provisions within the Americans With Disabilities Act. Internal Audit can objectively review the set-up and operation of these programs and ask tough questions that everyone in the organization should want to know the answers to, for example:
- Does the actual funding match the commitment?
- In support of the overarching goal, have specific goals been set within each process / area (e.g., hiring, promotion, compensation, corporate title / banding level)?
- Have sound benchmarks and data sources been identified, approved, and used transparently?
- Are there detailed departmental (and aggregate) scorecards and metrics supporting the broader goals?
- Does the company gather exit interview feedback covering diversity and is it being shared with Executive Mgt and the Board and being actioned? (Employees leaving the company will often be more candid on risks that matter)
- Is ownership clear within the executive management team and is there a good sense of tone at the middle and bottom of the organization, as well as at the top?
- Are there regular town hall meetings to share updates on progress being made?
- If sufficient progress is not being made, are the root causes understood, and have these been thoroughly vetted and challenged, and corrective actions agreed?
- How transparent is management being on such a critical risk for the organization? Diversity is a critical risk that matters, and Internal Audit needs to be objectively assessing how it is being managed.
Unfortunately, biases are all too real and easy to creep into even the best designed Diversity Program and as such there is a critical need for sustained management attention to get it right. Data can get skewed in the short-term given unpredictable staff turnover and company financial performance impacting hiring and contraction plans periodically. Indeed, compounding matters as I am penning this article, (December 2022) people risk is at or above risk tolerance in many companies, reflecting our new post-pandemic reality. Even in large organizations, diversity is a topic for continuous focus by executive management, the board, line managers and employees. Internal Audit can play an important role in being catalysts for positive change and auditing DEI Programs more actively and vigorously, will help organizations to make course corrections if necessary, and achieve the good outcomes that are universally desired.