Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Strengthen internal controls to navigate ESG reporting

A report on how companies can apply the internal controls used for other financial reporting to efficiently meet ESG reporting requirements and effectively carry out ESG strategies

Performance on environmental, social and governance (ESG) factors has become a significant issue for companies. As ESG has grown in importance, so have the reporting requirements. 

Internal controls for ESG

Most organizations already have established internal controls to handle financial reporting and operational risks. But gathering ESG data and mitigating related risks is evolving and control environments for ESG risks and reporting vary among organizations. Many businesses seek help understanding, preparing for, and complying with reporting standards.

Pitfalls and pain points

Many factors impact the effectiveness, efficiency, and reliability of ESG reporting controls. Common challenges include: 

  • Inadequate or incomplete risk assessment
  • Disconnect between ESG targets and business strategies
  • Insufficient commitment from board members, leadership, and employees 
  • Unclear roles, responsibilities, and delineation of duties
  • Difficulty establishing materiality
  • Inadequate processes and controls for data gathering, validating, and reporting
  • Too much time and resources spent on data collection and verification 
  • Incomplete documentation and communication
  • Limited monitoring and oversight
  • Lack of specificity in reported information

When organizations understand these potential obstacles, they can address them proactively when implementing a more robust and resilient control environment. 

In this recent paper Strengthen internal controls to navigate ESG reporting we describe how companies can apply the internal controls used for other financial reporting to efficiently meet ESG reporting requirements and effectively carry out ESG strategies.

Roadmap to Internal Controls Sustainability Reporting (ICSR) compliance

Whichever maturity level an organization desires, setting up internal controls for ESG reporting requires a systematic approach that aligns with the organization’s overall ESG objectives, strategy, and risk management framework. Organizations can take several steps to establish an effective internal control environment for ESG reporting and compliance.

Pre-readiness assessment to understand all regulations that apply to the organization.

Materiality assessment to determine ESG focus areas based on regulatory requirements and priorities for the organization and its stakeholders. Organizations should use the results of the materiality assessment to establish an ESG strategy that outlines its vision, goals, and priority topics for designing and implementing internal controls.  

Gap analysis against regulations and priority topics identified in the materiality assessment to understand the organization’s reporting requirements and readiness. The study can serve as a roadmap for gap remediation, including those in the control environment.

Appoint governance and resources over ESG reporting in an organizational structure that supports accountability and decision making related to upcoming reporting requirements.

Surveys and frameworks should collect qualitative and quantitative information for reporting and inform the design of a more robust control framework. Organizations should develop internal control procedures to prepare for reliable, accurate, and timely ESG reporting through data collection and validation processes. The process must check consistency and comparability and include controls safeguarding against manipulation or errors.

Audit readiness of ESG reporting should be assessed regularly by an internal audit that encompasses ESG data, controls, and reporting to identify gaps, weaknesses, or inconsistencies. Organizations should use these assessments to drive continuous improvement in ESG reporting practices.

Integration with management reporting must give organizational leadership confidence in the accuracy of ESG-related metrics and assertions published by the company.

How KPMG can help

KPMG can assist organizations every step of the way as they prepare for pending ESG regulations.

Our experts can help you by:

  • Identifying which ESG regulations apply to organizations
  • Understanding the specific requirements and phase-in timelines
  • Reviewing the existing internal controls in place over ESG data and providing recommendations for improvement 
  • Determining an organization’s desired maturity level for ESG controls 
  • Setting up a robust internal control environment, leveraging existing internal controls in place for financial reporting and external guidance where desired 
  • Supporting an organization’s Internal Audit function with subject matter expertise as it reviews the ESG control environment to prepare for external reporting 

Effective internal controls can shield organizations from exposure to fines or other regulatory sanctions and help improve stakeholder trust and confidence. 

Dive into our thinking:

Strengthen internal controls to navigate ESG reporting

Download PDF

Explore more

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.