The article Practical steps for internal audit to design and execute ESG reviews by Obiajulu Kwentoh, Senior Manager, Consulting argues that internal audit has a clear role in ESG because of its independence, systems thinking, and control testing skills. It presents a practical review programme that helps organizations assess regulatory exposure, governance, double materiality, data controls, and due diligence in a structured way.
A central message is that internal audit should begin by confirming the organization’s regulatory posture and value chain exposure. Even where CSRD or CSDDD scope changes apply, companies may still face requests from customers, lenders, group entities, or voluntary reporting frameworks, so management’s scope assessment and contingency planning should be tested carefully.
The article then turns to governance and accountability, stressing that ESG assurance depends on clear ownership at board, executive, and operational levels. It also highlights the need to test whether the organization has the right sustainability skills and enough resources in place, which are areas internal audit can assess objectively.
Another important point is the treatment of double materiality as a controlled process rather than a one off exercise. The article recommends that internal audit review the full workflow from inputs and criteria to thresholds, decisions, and outputs, while checking that stakeholder engagement and due diligence inputs are properly evidenced and that boilerplate scoring is avoided.
Data quality is presented as a major assurance issue. The article explains that internal audit should test the ESG data architecture, including definitions, calculation logic, reconciliations, review controls, and evidence retention, because this supports readiness for external assurance and reduces the risk of omissions or scope problems.
The final step focuses on due diligence implementation under the amended CSDDD where relevant. The article points to chain of activities risk mapping, prioritization logic, grievance mechanisms, monitoring cadence, and documentation quality as areas that should be reviewed to confirm that ESG commitments are supported by real processes rather than statements alone.
For a blog audience, the most interesting takeaway is that ESG reviews are becoming a governance discipline, not just a reporting exercise. The article also emphasizes that internal audit should engage early, integrate ESG risks into audit frameworks, and help organizations build evidence based, reviewable ESG programmes that can stand up to both mandatory and voluntary reporting expectations.
The article has been published on the Crowe Website.