ESG has morphed from a fashionable slogan into a force reshaping regulation, reputation and investor expectations. In that world, internal audit can no longer just wag the finger from the sidelines. The once-stoic watchdog now must grapple with climate targets, social justice metrics, supply-chain integrity and shifting governance norms. Far from being yet another compliance burden, ESG demands that “trust” be redefined, and internal audit is uniquely placed to lead that transformation. In the following discussion, we’ll show how audit can evolve into a strategic trailblazer rather than a reactive inspector.

From Watchdog to Trailblazer

Gone are the days when internal audit’s sole mission was to vet ledgers and test controls. Today’s ESG era demands a bolder remit that reaches into climate strategy, human rights and value-chain ethics. Under the EU’s Corporate Sustainability Reporting Directive (CSRD), ESG disclosures must withstand scrutiny and assurance, not just lip service.

In practice, audit teams are using scenario analysis to stress-test decarbonisation pathways, and applying AI to detect anomalous emissions or social metrics. This might be flagging a suspicious “jump” in energy use or that supplier whose labour scores don’t align with peers.

Imagine a UK utility whose internal audit validates the credibility of its supplier transition plan, or a pan-European retailer auditing human rights compliance across its sourcing network.

This isn’t about finding errors after the fact. Audit now helps management anticipate and navigate ESG shocks. In short, the internal auditor’s role isn’t shrinking into the shadows, rather it’s stepping into the spotlight as a strategist, not a fault-finder.

Reinventing Risk Oversight

ESG risks are rarely about spreadsheets. Think reputational crises, abrupt climate transition costs, biodiversity collapse, human rights violations or a fragile supply chain. These aren’t your garden-variety credit or operational risks and they demand a new lens.

To manage them, risk frameworks must shift from single-capital thinking (finance only) to multi-capital; financial, natural, social. Internal audit needs to stress-test carbon targets under different warming scenarios and assess “double materiality” (i.e. how ESG issues affect the business and how the business affects people and the planet) under CSRD.

In the UK, the Transition Plan Taskforce (TPT) has set out a disclosure framework so companies chart credible climate transition strategies. Suppose a large retailer’s audit team models multiple decarbonisation paths against cost, regulatory stress and supplier disruption, or audits compliance with EU Taxonomy rules embedded in sustainability reporting.

In short: internal audit must reinvent itself as an ESG integrator,  embedding sustainability into enterprise risk management, not treating it as an afterthought.

Greenwashing, Governance, and the Auditor’s Dilemma

Greenwashing is no longer an academic worry, it’s headline fodder. Banks, funds and corporates have been slammed for overstating their green credentials or making unverifiable “net-zero” promises. For example, Lloyds had an advert banned by the UK Advertising Standards Authority (ASA) for omitting carbon-intensive exposures in its claim about clean investment.

Here’s the internal audit catch 22: ESG metrics are evolving, definitions are fluid, and much of the data is qualitative. How do you assure that a supplier “fair labour” claim is true, or that a carbon credit scheme is credible? That’s where innovation comes in, for example in satellite imagery, blockchain traceability and advanced data analytics which can help validate sustainability assertions.

Regulators are already tightening the net. The EU is pushing directives to ban vague environmental claims and demand proof.  Meanwhile in the UK, the ASA and Competition and Markets Authority (CMA) are enforcing the “Green Claims Code”, and increasingly invalidating puffery around “eco” branding.

Internal auditors face mounting moral pressure: call out spin, even if leadership resists. If you don’t interrogate the narrative, you risk being complicit in it.

The Hidden Engine of ESG Trust

Too often internal audit is pigeonholed as the compliance guard….or the “no” department. But in the ESG era, its real power lies in making trust tangible. Investors, consumers and regulators want proof, not promises. In all cases, they will penalise spin and reward evidence.

Imagine an FTSE-listed firm giving its internal audit team the mandate to review board oversight of climate risk, and to issue a “credibility score” on the firm’s ESG narrative. Or picture real-time assurance dashboards that spotlight emerging social or environmental drift rather than waiting for annual reviews. In effect, the auditor becomes a trust architect, aligning narrative with numbers, culture with action.

Some forward-thinking internal audit functions already link findings to tone from the top, calling out when board rhetoric on inclusion or net zero doesn’t match the metrics. This isn’t about policing but embedding integrity. After all, trust is the real currency in ESG, and internal audit is the engine room making sure the wheels don’t fall off.

The Future of ESG Audit

The next frontier for internal audit is the seamless integration of ESG assurance with financial audit, underpinned by the new ISSB standards (S1 and S2), which set a globally consistent baseline for sustainability disclosures. Auditors will increasingly be expected not just to comment on ESG figures, but to embed ESG controls into the core audit cycle, treating non-financial risks as first-class citizens.

Simultaneously, continuous assurance will move from concept to reality. AI, automation and sensor-based data will enable audit teams to monitor ESG metrics in near real time, flagging drift before annual reports land. Firms like PortF, which use AI to aggregate and validate ESG and financial data, offer a glimpse of that future.

But internal audit must also become a trailblazer and an innovation scout embedding sustainability into strategy, not just polishing reports. One consumer goods company has already built a dedicated ESG audit team reviewing sustainability governance, carbon emissions and supply chain labour practices. Their audit flagged gaps in data controls that might otherwise have derailed credibility.

In the ESG era, the strongest organisations will be those where audit isn’t feared as a watchdog, but trusted as a compass. Let internal audit be central to your ESG prowess as it takes on new and broader responsibilities.

And what about you…?  A broad investigation of where you are now.

  •  How well do you feel your organisation’s internal audit function currently understands and evaluates ESG-related risks?

•  In what ways has your role or audit plan changed, or should it change, to reflect growing ESG expectations from regulators, investors and stakeholders?

•  Which aspects of ESG (E, S, or G) do you find most challenging to measure or assure, and why?

•  Do you believe internal auditors should act primarily as assurers of ESG data, or also as advisors helping management embed ESG principles?

•  What worries you most about your organisation’s readiness for ESG reporting and assurance — data quality, governance oversight, resource capability, or something else?