The Role of Audits and Certification in ESG Risk Management

The Role of Audits and Certification in ESG Risk Management


An auditor’s unbiased review of risks and control effectiveness provides invaluable inputs for identifying and mitigating financial and all forms of risks. Effective audits identify threats and baseline the institutional risk management framework, measure decrease in risk incidents, and improve the risk management framework. Hence ESG risk factors that undergo independent audits are scored favorably by ESG assessment providers, and areas of risk audits are always included in ESG datasets. It is expected that companies disclose their audit and certification practices in their ESG disclosures.

This study evaluated the ESG datasets disclosures of the top 500 Indian companies by market cap to review their Audit compliance practices across key Social and Governance issues. Our findings show that companies use the audit as a tool only where regulators mandate it; voluntary adoption is still scarce. The entire industry’s performance is admirable in meeting SEBI listing and disclosure requirements. However, it falls short when on the audit of sector-specific issues like safety, human rights supplier’s operation, or health and safety of employees. As we had seen in an earlier paper, even information security audits are not widely prevalent.

Almost none of the companies reviewed have their ESG disclosures externally certified, further adding to the board’s risk in certifying the SEBI mandated BRR disclosures.


History has highlighted several ESG failures attributable entirely to poor controls, inadequate recognition of risks, and at times, lack of auditor independence. Audits can go far beyond financial numbers, and given the importance of ESG risk assessment and disclosures, companies should extend audits to health and safety, environmental risks, data security, and other sector-specific risk issues like labor welfare, consumer and product safety, product life cycle impact, and much more. All these are critical ESG risks, and independent reviews will ensure that the companies can proactively improve controls.

Evaluation of compliance with SEBI listing rules and show that – Companies show high compliance with the SEBI listing regulations; however, when not mandated, the adoption of audits drop significantly. Only 1/3rd of the industry performs an external audit to evaluate critical governance parameters, for example, business ethics. So it is safe to conclude that Audit and certifications are still not used by companies as an effective governance tool.


adoption in aread where audits are mandatory


adoption in areas that are optinal


Regulators are now increasing the audit requirements. Recently, RBI announced additional rules for the BFSI sector, especially after big governance failures in DHFL, Yes Bank, and IL&FS. RBI’s new guidelines now stipulate joint audits and changing auditors every three years. A section of experts believes the new guidelines will go a long way in ensuring better quality audits.

Investors and other stakeholders are also supportive of increased audit requirements as the benefits of closer scrutiny far outweigh the audit costs.



social risk audits & certification

Occupation Health and safety is a crucial issue for every company, and it only becomes more material for some industries, like mining, oil exploration, and construction. There are over thirteen labor laws relating to health, safety, and working conditions. The proposed occupation safety, health, and working conditions code will classify these into four categories to ease evaluation and reporting. The four codes cover industrial relations, wages, social security, worker health, safety, and welfare. Essentially, all these laws put the onus on the employer to ensure that the workplace is free from hazards that cause or likely cause injury or occupational disease to the employees. What we find looking at the industry data is that only 29% of companies have an ISO certification on occupational health and safety, and 38% of companies have an OHSAS certification on health and safety management. The Food & beverage service and Food manufacturing sectors performed remarkably in adopting food safety management as 94 % of the companies in these sectors had a food safety management system. As well as information about why is ESG more important for investors and companies?

Some of the other sector-specific certifications are inadequate, as we find in our study:

Only two automobile companies had a GNCAP rating. The top 5 safest Indian-made cars as of 2020 were from Mahindra & Mahindra and Tata Motors’s stable. What about the other Indian automobile manufacturers?


A company’s entire supply chain can make a significant impact on human rights and safety. It is not reassuring to see that only 3% of companies perform an audit on supply chain safety and 1% on human rights practices of their suppliers. The UN Global Compact encourages companies to make sustainability a priority from the top of the organization. Only if the Board sees the supply chain as an extension of the core workforce and community will the company’s environment and social standards percolate. Integrating the supply chain in ESG datasets promotes a broader understanding of how decisions made on costs and safety standards affect the supply chain.

important the supply chian
ESG datasets