About Wolters Kluwer
Wolters Kluwer is a global provider of professional information, software solutions, and services for clinicians, nurses, accountants, lawyers, and tax, finance, audit, risk, compliance, and regulatory sectors.
Select Language
Visit our global site, or select a location
Health
Trusted clinical technology and evidence-based solutions that drive effective decision-making and outcomes across healthcare. Specialized in clinical effectiveness, learning, research and safety.
Tax & Accounting
Enabling tax and accounting professionals and businesses of all sizes drive productivity, navigate change, and deliver better outcomes. With workflows optimized by technology and guided by deep domain expertise, we help organizations grow, manage, and protect their businesses and their client’s businesses.
Finance
Our solutions for regulated financial departments and institutions help customers meet their obligations to external regulators. We specialize in unifying and optimizing processes to deliver a real-time and accurate view of your financial position.
Compliance
Enabling organizations to ensure adherence with ever-changing regulatory obligations, manage risk, increase efficiency, and produce better business outcomes.
Legal
Serving legal professionals in law firms, General Counsel offices and corporate legal departments with data-driven decision-making tools. We streamline legal and regulatory research, analysis, and workflows to drive value to organizations, ensuring more transparent, just and safe societies.
There’s no single taxonomy of environmental risks. Consider what categories your organization uses and what is used elsewhere in the sector. The following should all be covered, at a minimum, but may be described in different ways using different terminology:
There is clearly an interplay between these risks, but as they represent the major environmental impacts, this offers a good starting point.
This should fit neatly into your existing risk assessment process. Typical impacts for the organization will be reputational, legal and regulatory, financial, operational, and ultimately strategic. All things we are very familiar with.
Every organization is different. You will need to start with a risk assessment to determine the key risks, potentially using the list above. To do this, you will need to understand the main environmental issues in your business, considering a number of factors:
All of this (and more) should have been considered by the business (first or second line) and internal audit should leverage their work, effectively challenging and validating. If this has not been done, internal audit needs to be taking a step back and conducting a more basic evaluation of the maturity of the organization’s risk assessment process.
Some types of environmental impact will be universal and significant no matter what your business activity. These include climate change and waste, which I will dig a little deeper into later in the article. Others may apply to a much greater extent in certain industries, such as those in extractive industries (oil and mining for example) and heavy manufacturing (where there may be high levels of resource use – both raw materials as inputs and energy and water in the production process).
As with any aspect of audit planning, the greatest value internal audit can bring will depend on the major risks identified. But we can’t just consider the inherent risks, we need to understand what other sources of assurance are in place and, most importantly, what activities are contributing to both the risk and the assurance. Think about the following:
A common factor across many environmental risks is availability and the quality of the data. Process and controls for environmental data are generally less mature and systems are not always equipped or configured to meet the complexities and nuances of this data. This is often a great opportunity for internal audit to add value, both by providing assurance over processes and systems, and by validating the data itself. Both leverage core internal audit skills.
We can also go further, confirming that reports meet whichever standards are being applied, that management reports or projects evaluations fairly, and that these completely reflect risks as well as opportunities. However, this may require more specialized knowledge.
All organizations need a response to climate change, and so while the specific needs will differ, this is an issue increasingly relevant for everyone. How can internal audit add value? Let’s look at two potential opportunities:
Waste is an issue for all organizations, although the specific impacts will be very different across businesses. As well as the environmental impact, businesses have a cost-incentive to reduce waste, as it is increasingly expensive to treat and dispose of. Internal audit can add value in a number of ways. Here are some examples:
To summarize, we have described the importance of environmental risk to all organizations and have shown how internal audit can respond to some of those risks. Internal audit can use existing tools and skills to get started, and leverage widely available sources of knowledge to find out more.
The next article in this series will focus on the “S” (Social) in ESG. We will explore how internal audit can address important social risks, with a focus on labor standards and sales practices.
TeamMate+ Audit
Audit management
The world’s leading audit management software – empowering audit departments of all sizes.
When you have to be right
© 2022 Wolters Kluwer N.V. and/or its subsidiaries. All rights reserved.