The future of auditing ESG – or anything else

In recent years, environmental, social and governance (ESG) principles have taken centre stage in business conversations. ESG is commonly seen as an additional initiative, something that requires new resources, dedicated budgets, and an overhaul of existing processes.

For many organisations, the idea of introducing an ESG manager, investing in new training programmes, and undergoing extensive changes can seem overwhelming. However, this view of ESG as a separate entity, needing extra attention, misses the bigger picture.

Many organisations already engage in ESG activities without labelling them as such, or perhaps without even realising it. The challenge is in making this work visible to management in business terms, so they recognise that it is happening and can identify risks – perhaps without ever mentioning ESG.

‘Good’ ESG is simply doing the right things for long-term success. Instead of introducing ESG as something new, businesses can embed it into existing metrics, helping the organisation to see how current processes support ESG goals. The key is framing these activities as ESG without explicitly saying so.

Measuring performance

There is no one, recognised, universally accepted ESG index against which to measure performance, other than the United Nations Sustainable Development Goals (SDGs).

Example:

The example below draws on a typical people management process in an organisation’s audit schedule. The audit combines behavioural assessments, focusing on outcomes rather than just outputs, and document reviews, with roughly a 70:30 split in the amount of objective evidence gathered.

All evidence is risk assessed against a capability model (see Figure 1 below). This outlines what the scores mean and where the highest risks to ESG adoption are emerging.

Once the evidence is analysed, it can be presented in different ways based on the audience's needs. In this case, the findings will be reported in two distinct sections.

Section 1 – A report for the C-suite, focusing on the key drivers of business performance. This will include ESG factors framed in business terms, alongside an evaluation of the effectiveness of current people management processes. The goal is to provide actionable insights for operational improvement (Figure 2).

Section 2 – A report for stakeholders, requiring evidence of effective SDG management. This will offer assurance to customers, investors, employees, and society at large, and may address topics such as worker rights or other social impacts (Figure 3).

Figure 2:

Figure 3:

ESG alignment ESG is simply the natural outcome of running a business effectively and responsibly. Focus on auditing core business processes, identifying any risks or inefficiencies, and addressing them. As you improve these areas, ESG alignment will emerge as a byproduct, rather than something forced or separate. The goal is to link your existing business practices to ESG outcomes, rather than retrofitting ESG into the process.

You will also have objective evidence for related standards, such as ISO 9001 and ISO 14001, so there is an opportunity to merge ESG auditing into your existing audit activity – just report differently. 

"The goal is to link your existing business practices to ESG outcomes, rather than retrofitting ESG into the process."

Ian Rosam CQP MCQI, Chief Product Officer at DeepFathom

New technologies, like those created by Generative artificial intelligence (AI), offer businesses more ways to optimise ESG performance. AI can review objective evidence consistently against a risk model, reducing manual effort and costs. As compliance costs rise, automating audit processes can be transformative, ensuring thorough, consistent audits, while providing real-time insights into emerging risks.

For example, a digitally assisted audit analysed one process, but produced multiple reports for different stakeholders, demonstrating how ESG aligns with strategic objectives.

Translating ESG into business terms

To truly embed ESG into an organisation, it’s essential to translate ESG and SDG priorities into business terms. This not only highlights the key drivers that impact organisational performance, but also helps identify emerging risks before they become critical.

Addressing these risks proactively allows companies to stay ahead of potential problems and turn ESG audits into transformative processes that drive continuous improvement.

Conclusion

ESG should not be seen as an extra burden or separate initiative requiring additional resources, budget or staffing. It is a natural result of good business practices, which can be audited within existing management systems, whether first-, second-, or third-party.

By aligning current activities with global goals and using audits to address risks, companies can integrate ESG seamlessly into their operations. Ultimately, ESG is not an extra task, but the outcome of doing business the right way.