As a seasoned chief audit executive, I’ve witnessed firsthand how Internal Audit can serve as a strategic partner in navigating complex regulatory environments. Today, companies are facing one of the most significant regulatory challenges yet: the new Environmental, Social, and Governance (ESG) reporting requirements and Internal Audit can be your secret weapon in mastering the new ESG requirements coming out of California and the EU.

With California’s SB 253 and the EU’s Corporate Sustainability Reporting Directive (CSRD) coming into effect in 2026 based on 2025 data, the urgency for companies to act is undeniable.

ESG compliance isn’t just a box-ticking exercise—it’s about driving meaningful corporate transformation. Internal Audit is uniquely positioned to help organizations not only comply with these requirements but also create long-term value through sustainability initiatives.

The ESG Tidal Wave: Why the Time to Act Is Now

With ESG regulations from California and the EU rolling out soon, companies must have robust processes in place by January 1, 2025, to ensure they’re able to collect, verify, and report accurate data. For many, that’s less than four months away, and the stakes couldn’t be higher.

• California SB 253 requires companies with over $1 billion in revenue to disclose Scope 1, 2, and 3 greenhouse gas emissions. While enforcement starts in 2026, the data must be collected starting from January 1, 2025.
• Similarly, the EU’s CSRD, estimated to impact nearly 50,000 companies globally, requires a vast array of sustainability disclosures, including detailed environmental and social metrics and adherence to the European Sustainability Reporting Standards (ESRS).

These reports will be subject to third-party assurance, and failure to comply could result in severe financial penalties. Under SB 253, companies could face fines of up to $500,000 for non-compliance. The EU’s penalties can be even steeper, with fines of up to €10 million or 5% of annual turnover.

For companies, this means more than just getting ready to report by 2026. They must begin collecting, retaining, and analyzing data right from the start of 2025. This tight timeline means the time for preparation is now—not later.

Leveraging Internal Audit: Your ESG Secret Weapon

Internal Audit can serve as a secret weapon in preparing for these new ESG regulations. Through a combination of oversight, risk management, and collaboration with key departments, Internal Audit is instrumental in ensuring compliance and creating an ESG framework that adds strategic value.

1. Assessing ESG Maturity: The Reality Check

Internal Audit provides an invaluable bird’s-eye view of the organization. By conducting a baseline assessment of your current ESG practices, Internal Audit can identify gaps between what’s in place today and what’s needed to meet the stringent requirements of California’s SB 253 and the EU’s CSRD.

This initial evaluation serves as a roadmap, allowing companies to understand where they stand and what needs to be done—quickly. We’re not just here to highlight deficiencies; we’re here to help you prioritize actions that will have the most immediate impact.

2. Building a Robust ESG Governance Framework

ESG compliance is not just the responsibility of one department—it needs to be embedded into the very DNA of the organization. Internal Audit can help design and implement an ESG governance framework that integrates sustainability into every decision-making level, from the C-suite to the front lines.

This governance framework ensures that ESG isn’t an afterthought, but a central component of corporate strategy, driving long-term value and stakeholder trust. Internal Audit can collaborate across departments to ensure that sustainability initiatives are not siloed, but rather part of an integrated, organization-wide approach.

3. Data: The New ESG Currency

In the world of ESG reporting, data is the new currency. The accuracy, completeness, and reliability of your ESG data will dictate whether your reports meet the rigorous standards required by regulators. Internal Audit can be your data quality guardian, helping to design and test controls around data collection and reporting processes.

This includes ensuring compliance with global standards like the Greenhouse Gas Protocol and Global Reporting Initiative (GRI). Internal Audit can help build the necessary infrastructure for data collection, ensuring the right systems are in place to capture everything from carbon emissions to workforce diversity metrics.

4. Risk Management: Navigating the ESG Minefield

ESG introduces new risks, from regulatory penalties to reputational damage. Internal Audit can help organizations integrate these risks into the Company’s enterprise risk management (ERM) frameworks.

Rather than treating ESG as a standalone issue, Internal Audit ensures it is woven into the fabric of risk management. This holistic approach helps identify potential pitfalls—such as gaps in data collection or inaccuracies in reporting—and ensures these are prioritized and addressed before they become significant issues.

5. Ensuring Reporting Confidence: From Data to Storytelling

Both California’s SB 253 and the EU’s CSRD mandate that ESG reports be subject to third-party assurance, making it critical for companies to report data that is not only accurate but verifiable. Internal Audit can act as an important line of defense, reviewing ESG reports for accuracy and regulatory compliance before they’re made public and ensuring they meet both regulatory requirements and stakeholder expectations.

Beyond data validation, Internal Audit plays a role in telling the Company’s ESG story. We help translate numbers into narratives that resonate with stakeholders, ensuring that ESG reports are compelling, transparent, and credible.

6. Board and Executive Engagement

Internal Audit is uniquely positioned to communicate with the Board and senior executives about the company’s ESG readiness. By providing clear, data-backed reports on the company’s progress, Internal Audit can help leadership understand the urgency and importance of ESG compliance.

Embrace Internal Audit as ESG Partner

The timeline is tight, and the stakes are high. As companies navigate the complex waters of ESG requirements, don’t make the mistake of overlooking the powerful ally you have in Internal Audit. We’re not just here to check boxes; we’re here to help create sustainable value, build stakeholder trust, and position the organization we work with as a leader in the ESG space. The ESG wave is here, and the clock is ticking. With Internal Audit by your side, you won’t just survive it – you’ll ride it to new heights of success and impact. The time to act is now. Let’s partner to create an ESG strategy that doesn’t just meet requirements but sets new standards for excellence. Are you ready to unlock the full potential of Internal Audit in your ESG journey? The countdown to 2025 has long begun. Let’s make every day count.

References:

1. California Legislative Information, “SB-253 Climate Corporate Data Accountability Act” (https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240SB253)
2. European Commission, “Corporate sustainability reporting” (https://finance.ec.europa.eu/capital-markets-union-and-financial-markets/company-reporting-and-auditing/company-reporting/corporate-sustainability-reporting_en)
3. Greenhouse Gas Protocol (https://ghgprotocol.org/)
4. Global Reporting Initiative (GRI) (https://www.globalreporting.org/)