Audit and standards bodies outline climate recommendations for company directors

The Chartered Institute of Internal Auditors has joined forces with the British Standards Institution to recommend ways in which business leaders may prioritise action on climate risk.

With just ten days until the COP26 UN Climate Summit kicks off in Glasgow, the two bodies are urging audit committees and directors to make better use of their internal audit functions in identifying, managing and mitigating the risks and opportunities associated with climate change.

John Wood, chief executive of the Chartered Institute of Internal Auditors said: “Climate change is the most acute challenge facing our planet right now. With COP26 just days away we urge business leaders to play their full part by prioritising action on climate risk. With its unrestricted scope and mandate, internal audit is in a strong position to work with company directors to help drive meaningful action on climate change, ensuring that their organisations are fully prepared for climate-related risks and on a sustainable footing for the long-term. Environmental sustainability must become a fundamental and intrinsic component of good corporate governance.”

Sir Jon Thompson, chief executive of the Financial Reporting Council added: “The joint Chartered IIA and BSI guide for audit committees and directors on harnessing internal audit against climate risk could not be more timely, published on the eve of the COP26 climate conference in Glasgow. Internal audit absolutely has a key role to play in working with company directors and the audit committee to ensure that the organisation is managing and mitigating climate risk effectively. I echo the call for company directors to start taking climate risk more seriously and ensure they are prioritising action on it.”

Checklist: Climate action recommendations (Source: Chartered IIA and BSI)

• If they haven’t already done so, company directors, and especially audit committees, should start having conversations about what action is being taken on climate change preparedness with their internal audit teams immediately.

• Company directors and audit committees must feel empowered to use their leadership position to direct their internal audit activity in relation to climate risk.

• Audit committees should begin by asking internal audit to undertake a climate risk audit engagement. To start with, internal audit should be asked to identify what the following say on climate change: the mission and purpose of the organisation; its long-term strategy; its organisational and governance policies; its declarations to its stakeholders and the information associated with all non-financial and financial reporting.

• Internal audit should be utilised in auditing climate-related commitments, plans and actions, such as commitments to carbon neutrality and net zero. Internal audit can ensure it provides assurance over the completeness and accuracy of data on these targets and actions, as well as report on progress towards meeting them.

• As well as the need to prepare for the physical impacts of climate change, company directors must help their organisations adapt to the requirements of new national and international laws, regulations and standards that will embed sustainability in their products and services. Internal audit has a role in providing assurance that the changing regulatory expectations are being identified and assessed early; that revised policies and procedures meet the new requirements and that when implemented, they are working effectively.

• With mandatory climate-related financial reporting for larger organisations due to become a regulatory requirement from April 2022, internal audit activities have an important role to play in providing assurance that the organisation is properly prepared to meet these new requirements.

The guide, Harnessing Internal Audit Against Climate Risk: A Guide for Audit Committees and Directors, is published after a poll of 700 chief audit executives across Europe last month revealed that that around 9 in 10 organisations are not committing major time and effort to preparing for the rising risk of climate change.

The full guide may be accessed here:

    Share Story:


Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021