Climate Change – Why it should be on your audit and risk plans.

It’s 2019 and the weather has gone crazy. Paris experienced its hottest day on record this year. Cape Town counted…

9 Jul 19

My Audit Spot

4 mins

Go to previous page

It’s 2019 and the weather has gone crazy. Paris experienced its hottest day on record this year. Cape Town counted down the day days to Day 0 where they would run out of water. Australia is in the midst of another and Chicago almost broke its coldest day on record. The weather alone is enough to be concerning, but businesses need to start treating climate change seriously, or otherwise, face a multitude of consequences.


The Institute of Chartered Accountants Australia and New Zealand (ICAANZ) last month posted the article in its Acuity Magazine titled “How companies put climate change financial risks on the books“. It focuses on why business should be accounting for climate change in their financial statements. It’s an interesting read and references ClientEarth, a charity which “uses the power of the law to protect the planet and the people who live on it”. The charity referred four UK businesses; EasyJet, Balfour Beatty, EnQuest and Bodycote, to the Financial Reporting Council (FRC), over their failure to address and report to shareholders climate change risks and trends in their Annual Reports. Alongside the four companies, their auditors were also bought into the mix for failing to identify this through their audits. Each of the four businesses was audited by a Big 4 audit provider.

It’s an interesting topic, but I personally believe the days of throwing in a few lines regarding Corporate Social Responsibility (CSR) are gone. A more comprehensive approach needs to be taken by businesses, regulators, and auditors, when dealing with Climate Change.


When researching this topic more (and there is a lot to read about it!), it was interesting to note that the Chartered Institute of Internal Auditors noted Climate Change as a ‘Hot Topic’ for Risk and Internal Audit in 2019. The full list can be read here. Unfortunately, none of the Big 4 firms included this in their own ‘Hot Topics’ material for 2019; even when they have fallen victims themselves as a result of ClientEarth.


The Chartered Institute of Internal Auditors state within the Risk in Focus 2019 report that: “Organisations must now report on what they are doing to identify and mitigate sustainability risks and should look to the Global Reporting Initiative’s Sustainability Reporting Standards (GRI Standards) for guidelines on how to achieve this.”

This is a huge ask, but something that needs to be done. So how do we do it?

We have pulled together some guidance and considerations that should be applied when undertaking this task. There are six steps to this process:

  1. Identify what risks your business may have.
  2. Understand how these risks might impact your business.
  3. Research your local regulations and laws.
  4. Review your businesses preparedness and ability to respond.
  5. Report what you have found.
  6. Disclose to shareholders and investors your position.

Our full guidance can be checked out here.

Despite my comments earlier about how none of the Big 4 consider this to be a risk / focus area for 2019, they have managed to pull together some great guidance.

KPMG Australia have prepared a documented titled: “Understanding Social and Environmental Risks”. The full report can be downloaded here, however it is the concept of a Dynamic Risk Assessment (DRA) that proves most valuable.


The DRA firstly determines the severity and likelihood of a climate change risk. This is distinguished by the size and colour of the ‘dots’ used in the map. Lines are then drawn between each of the dots, demonstrating the relationship between events. The thicker the line, the stronger the relationship.


KPMG have used the example from the City of Sydney, and whilst not entirely relate-able for most businesses, the concept is something that can be carried forward and applied within an organisation. However, to build such a map requires a sound understanding of the business, its risks, and preparedness. Our guidance document considers these, and provides one example for how you may be able to collect the information to build your own DRA.


I completely agree that this is an emerging area for audit teams to begin considering. Legislation and various reporting requirements are likely to be further strengthened and embedded in an organisation, and therefore, it is in our own interests and to be prepared for such reporting requirements.


>