ESG consists of many diverse issues, each with its own risk profile.  As a result, there are several types of ESH audits to address different needs.  Environmental, health and safety (EHS) compliance audits originated in the late 1970s/ early 1980s to address the risks of agency enforcement, and injury to employees.  Environmental management systems (EMS) became a widely accepted mechanism to frame management processes; EMS certification is demanded by many customers – and it includes an EMS audit component.

“Internal” refers to any audit intended for internal (e.g. Management) use to mitigate risk.  “Internal Audit” (note capitalization) refers to the audit activity chartered by the Board.  Internal Audit is often thought of in the context of financial controls and reporting, and IT and cybersecurity.  Internal Audit authority extends to all areas of compliance and risk – including ESG.

DHC supports ESG audits done for Management, to mitigate ESG risks and to enhance ESG performance.

• “Second line” audits: –
  • Environmental
  • Health & Safety
  • Sustainability programs
• Internal Audit (“third line” of governance) – specialist support to ESG audits
• ESG/ Sustainability reporting/ non-financial reporting
• Pre-audit, audit readiness
  • for financial filings (environmental liabilities, ESG disclosures in 10-K, EU NFR directive, conflict minerals)
  • for other high-profile, high-stakes audits (enforcement, consent decree)

DHC leads and conducts the efforts noted above. DHC also co-sources these audits, providing specialist expertise with Client or other audit teams.

Auditing new or emerging issues is especially challenging.  Whereas audit criteria may be well established for compliance requirements 20+ years old, this is a challenge when rules, expectations, and performance are still developing.  It also poses challenges to the auditor, figuring out what to review, and what evidence should be evaluated, and how to draw meaningful conclusions.  DHC has conducted many audits of emerging issues and other “special purpose audits” for decades.  DHC communicates key points with audit sponsors and auditees throughout the process, enabling auditees to understand the risks and issues, and to get a head start on making their improvements.

Co-sourcing adds value.  Audits cost money; as much as Management wants to mitigate risk, they would usually prefer to devote this money to operations.  In co-sourcing arrangements, DHC leverages our experience, bringing perspectives from different types of audits, collecting and evaluating evidence, reporting methods, and options for corrective measures.  Co-sourcing also serves as a coaching opportunity.

When you’re ready for an audit, you’re ready for anything.  DHC helps clients prepare for high-profile, high-stakes audits.  Audit results can make the difference between hefty fines and penalties, or a clean bill from regulators.  Or the difference between closing out onerous obligations under a contract or agency enforcement agreement, and requirements for additional actions and an extension of oversight.  Or the difference between acceptance and rejection by a prospective new customer, or a socially-screened investment fund.  DHC has helped Clients achieve successful outcomes, allowing them to return to their business – which often runs more efficiently based on our input.

It’s time for an unvarnished look at internal ESG auditing programs.  COVID-19 has changed everything.  And nothing.  COVID-19 has changed the mechanics of how ESG audits are conducted.   COVID-19 is inherently a health & safety issue and shows the far-flung impacts that can occur from an ESG issue.  Instead of doing things differently, COVID-19 should be the impetus to consider doing different things.  Internal ESG audits are the perfect example.  DHC suggests it is imperative for companies to reconsider ESG risks, and to redesign their ESG audit programs accordingly.  A Quality Assurance Review – required by Institute of Internal Audit standards – serves as the logical place to start.  DHC is distinctly qualified to conduct an independent QAR.  Mr. Hileman was the senior environmental management/ environmental audit specialist on a high-profile monitorship, with the redesign of the environmental auditing program in scope.

We have an EMS – we’re even certified! - so we’re good – right?  DHC believes “not necessarily.”  ISO 14001 focuses on the process, and improvements to the process.  ISO does not check outcomes.  ISO does not check compliance.  Internal EMS audits required by ISO can be geared “to pass the test” of audits by the certifying body; they’re hardly audits at all.  ISO’s 2015 revision to ISO 14001 expanded focus to the entire life cycle, a substantial change that should yield environmental improvements.  The ISO management standards do not include prevention or detection of fraud; this is required in financial audits, and in Internal Audits (the “third line” function reporting to the Board).  Recent scandals have demonstrated that environmental fraud can be costly, and can inflict reputational damage.  ISO also poses another risk – complacency.  “Set it and forget it.”  Maintaining a certification can become the only goal, rather than the original intent of management systems.  DHC believes an EMS can be a good foundation – whether ISO certified or not – but organizations must still take a holistic approach to identifying and mitigating environmental risk.  In most cases, this will include some other types of environmental audits.

  No EPA enforcement, so cancel the environmental auditing program?  Think again.  When Trump Administration priorities dialed back on environmental enforcement, the risk of U.S. EPA fines and penalties was diminished.   The number, scale, and potential impact from other types of environmental risk continued to grow.  States and cities have environmental laws and regulations.  International treaties and protocols reflect a global awareness of environmental risk, and the commitment to address them.  Any company doing cross-border business must adopt these provisions, or risk losing business.  Biodiversity, circular economy, food sourcing – these are a few other issues that require ESG attention to maintain market segments and organizational reputation.  Limiting an auditing program to EPA regulations allows these other risks to go unchecked.  DHC believes the ESG audit program should be retooled to fulfill its core objective of mitigating risk – today’s risks.