Evaluate internal controls for fraud risks
The answers to the fraud risk management assessment will drive your team’s audit plan. For example, you may find executive compensation plans are directly tied to ESG initiatives, and the data used in ESG disclosure reporting is compiled manually. This would represent a high-risk scenario for ESG fraud risks and should be audited. During the audit, the team will evaluate whether internal controls are designed to prevent or detect fraud sufficiently. They would test to verify the fraud prevention and detection controls are operating effectively. Finally, if fraud occurs, internal auditors should only conduct a fraud investigation if they are qualified. Otherwise, they should delegate the investigation to trained fraud examiners.
Internal Audit’s role in fraud risk management
As with any fraud, internal audit plays a vital role in addressing ESG frauds. Building knowledge in this area, assessing the organization’s ESG fraud risk management, and pulling in experts when needed will be critical to a solid assurance program. Leverage the tools you already have and keep your antenna up as the ESG reporting landscape evolves.
