Building a COSO-aligned ESG internal control framework: a blueprint for sustainable governance

6 May 2024
Annemie Pelgrims Expert Practice Leader Risk Connect on Linkedin

In today's business environment, sustainability is recognized as a critical driver of long-term value creation. Our extensive experience assisting companies in achieving ESG compliance has revealed a growing awareness among organizations of the importance of incorporating Environmental, Social, and Governance (ESG) principles into their business strategies and operations as investors and stakeholders rely on these criteria to assess performance across these critical dimensions.

Aligning ESG principles with the COSO framework

To effectively manage the ESG risks and opportunities and remain ESG compliant, organizations can rely on the ESG internal control framework aligned with COSO principles. Aligning ESG principles with the COSO framework allows organizations to pursue transparency, accountability, and sustainability while mitigating risks.

Designing your organization’s ESG landscape begins with the understanding of the ESG criteria that are relevant to your company, stakeholders and geographical locations. In this process, the COSO framework can be used to assess the design and operating effectiveness of the ESG program, to ensure ESG risks are mitigated by internal controls.

How can the COSO framework help your organization in developing and implementing its ESG risk landscape?

The COSO methodology offers a standardized framework to assess the effectiveness of your ESG program, comprising five components: a control environment, risk assessment, control activities, information and communication, and monitoring activities. These components contribute to improving the accuracy and completeness of your ESG reporting.

ESG controls can be seamlessly integrated into the current internal control framework and should align with the enterprise risk management structure. The COSO methodology includes the following principles:

Establish a control environment by

  • Aligning on accountabilities within the organization.
  • Developing and implementing ESG policies and procedures.
  • Defining industry-relevant KPIs in line with the ESG value statement.

Conduct a risk assessment by

  • Running a comprehensive assessment of the ESG-related risks impacting your organization.
  • Prioritizing risks and opportunities considering both internal and external factors.
  • Integrating ESG risks into the Enterprise Risk Management Program.

Design control activities by

  • Defining an internal control framework to address ESG operational and financial risks and opportunities while ensuring compliance with ESG standards and regulations.
  • Defining IT internal controls for the collection and reporting of ESG data.

Inform and communicate within the organization by:

  • Training employees on relevant ESG topics and their specific roles to enhance awareness.
  • Establishing reporting processes to deliver transparent and accurate reporting to stakeholders.
  • Incorporating the expectations of key stakeholders (investors, customers, employees) regarding ESG performance.

Continuously improve and monitor by:

  • Assessing the design and operational effectiveness of ESG internal controls.
  • Establishing a reporting mechanism to track ESG performance metrics and KPIs.

Integrating ESG principles with the COSO framework offers organizations numerous advantages. It not only enhances sustainability performance, enabling companies to improve their sustainability practices, mitigate risks, and maximize growth opportunities. It strengthens enterprise risk management by helping organizations in the identification, assessment, and mitigation of environmental, social, and governance risks. Furthermore, this integration ensures transparency and accountability, guaranteeing that ESG information is communicated in accordance with COSO principles. Ultimately, it creates long-term value for shareholders and stakeholders by embedding ESG considerations into both business strategy and operations.

How can a comprehensive ESG framework help detect greenwashing?

An emerging risk tied to the implementation of ESG frameworks is greenwashing, a practice that involves companies making false or deceptive claims about the environmental benefits of their products or practices, leading stakeholders to believe that the organization is environmentally friendly and sustainable. This misleading information is frequently presented through evocative imagery or ambiguous labeling. To detect and monitor greenwashing, organizations can:

  • Conduct thorough assessments: carry out in-depth evaluations of all ESG-related disclosures, practices and performance metrics. This entails reviewing the company’s environmental policies, social impact, and governance structures to ensure they reflect actual practices and outcomes, rather than just for public relations purposes.
  • Promote transparency and integrity: To build trust and credibility, ensure that all ESG reports and disclosures follow the COSO framework. This can be accomplished by providing detailed explanations of how ESG goals are set, met, and measured.
  • Define accountability for long-term value: Develop and implement clear lines of accountability for ESG practices within the organization. By holding specific individuals or teams responsible for meeting ESG goals, stakeholders can be confident that the company is committed to long-term sustainability and value creation. Transparency can lead to stronger relationships with stakeholders.

Leverage enterprise risk management: Utilize the enterprise risk management approach to identify, assess and mitigate environmental, social and governance risks. A structured framework helps to proactively address risks before they become issues, providing a robust system to ensure ESG claims are accurate and verifiable.

Enhancing ESG Frameworks with COSO for Accountability and Performance

Whether your organization is just starting out building its ESG framework or has a well-established approach, the COSO framework provides valuable insights and recommendations for enhancing the design and effectiveness of ESG internal controls.

Integrating this framework into your operations can be a critical step toward aligning processes and ensuring that stakeholders involved in sustainability roles work effectively together to achieve your ESG goals.

Furthermore, this approach helps to identify and reduce instances of greenwashing, ensuring the authenticity and verifiability of sustainability efforts. Finally, COSO's guidance supports a strong and transparent ESG framework, which enhances accountability and performance.

Image by Freepik on Freepik