AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Heads of Internal Audit Virtual Forum

12 May 2021

Please note:

  • All Institute responses are boxed and highlighted in blue.
  • Where the chair comments in that capacity, the box is highlighted in yellow.
  • For confidentiality, the identities of all delegates/attendees are anonymised.


Chair: Derek Jamieson - Director of Regions, Chartered IIA
Institute: John Wood - CEO, Chartered IIA
Institute: Liz Sandwith - Chief Professional Practices Advisor, Chartered IIA

Chair's opening comments

ESG is absolutely not something that has arrived recently but is something that has evolved over a number of years and now has real prominence. Despite its origins in the investment community, ESG has relevance to every organisation, in every sector and therefore demands internal audit consideration and response.

We are joined by today’s guests – Maxine Grainger from Sofology and Colin Gray from IHG.

Collectively, we are aiming to answer three questions today, namely:

Why is ESG as a topic relevant to our companies?

Why is ESG relevant to the risk and assurance agenda?

How do we go about supporting evolving risk management strategies and providing assurance over ESG?

In support of today's session, here's an infographic illustrating the various strands of ESG.

Key takeaways - guest speakers

Maxine Grainger, Group Head of Audit and Risk, Sofology said:

  • It’s very important that our colleagues, both new and existing, understand what our plans are for being sustainable and our future plans around our ESG strategy.
  • All our raw materials have to be sourced sustainably and our suppliers need to be ‘audit-able’ because reputation-by-association is key.
  • We have recently split out the E, the S and the G as, from a risk perspective, it was becoming very big to capture in our risk database.
  • ESG is a principal risk for us and has been now for the past two years.
  • We have created ‘responsibility champions’ at varying levels of seniority and they are now the ‘go to’ people to educate colleagues on ESG.
  • We are encouraging all colleagues to see climate change as their responsibility.
  • We have focused a lot on making ESG fun (wherever possible) as this raises the level of enthusiasm and engagement across the organisation.
  • Focusing on the small areas can make a big change, particularly around climate change.
  • If we are asked ‘what are you doing to save the planet’ we can show evidence. For example, we work with the Woodland Trust to plant trees.
  • We are engaged in discussions with the executive on a regular basis, providing guidance and assurance.

Colin Gray, SVP Risk & Assurance, IHG said:

  • The topic of ESG has always been there for hotels but it has become more pertinent in recent years.
  • The hotel sector accounts for approx. 1% of carbon emissions and it’s acknowledged that that could increase.
  • We acknowledge that we have a responsibility to manage our impact on the planet and on wider society.
  • We have some organisations that depend on us and what we do for their ESG commitments.
  • Our investors and our shareholders are looking increasingly to invest in sustainable business.
  • We also have to consider the evolving corporate governance expectations for transparency in reporting – we are not only obligated to say more about ESG, but we are choosing to say more about it.
  • We have recently been involved in the ‘taskforce for climate related financial disclosures’ and, under this, we have considered ‘how does a business begin to talk about the impact of climate’. One of the key recommendations is to think about how you embed this into other parts of the business.
  • This is not a topic that will be managed long-term by one team in the organisation – it will be woven into every part of the business.
  • ESG factors are now appearing in a number of our principal risks eg., brand preference, supply chain, ethical conduct and regulatory expectation.
  • ESG is now beginning to be incorporated into performance management structures and incentive structures.

Institute's comments

ESG is a challenging topic for internal audit. Great idea from Maxine to split the E, S and G and tackle them from a more focused perspective. I agree with Colin this isn’t new and that there is a lot that internal audit can do in terms of monitoring control processes and activities across the organisation and commenting on their efficiency and effectiveness.

As internal auditors, we should also comment on the maturity and quality of some key elements, eg waste management, FTEs and leavers. Along with training, human rights violations, donations, anti-corruption, CO2 sources and water.

Perhaps a number of mini audits, as Maxine mentioned, would enable us to trend progress. It’s worth having a look at our thought leadership report on 'Organisations' preparedness for climate change'.

Chair's closing comments

Thank you everyone for your participation in this very productive session.

Our next meeting on 9th June will be on leadership and will focus very much on the requirements of IA leaders as we enter the new normal.  

Finally, notes, chat comments and the slides shared today will be placed on our web pages in the next couple of days.

Thank you everyone and see you at the next session.

Future meetings

9 June | Inspiring leadership

Chat box Q&A and comments


Q  This is really good. Would either of the speakers be willing to share their ESG risk registers (suitably stripped of any confidential info)? I feel these could be very useful to those of us starting on the ESG journey.

A  There is a lot of content out there on the websites of organisations, offering useful insights in this regard. Content to look out for includes McKinsey’s newsletters, and responsible business reports from larger organisations.

Q  Would you like to have another session on ESG?

A  20 replied ‘Yes’


  • We are incorporating the E into each internal audit. An example of this is an audit of asset management, where we look at our vehicle management. How we can make personal use of vehicles more environmentally friendly? When do we switch corporate fleet to electronic, etc?
  • We are starting to review ESG strategy and the framework that underpins delivery (accountabilities, policies, key risks identified and core controls in place and tested).
  • From an audit perspective, we have broken down into different segments. We are in the consultancy stage: working with colleagues to provide feedback on the process.
  • We are talking a lot on the environment piece of ESG but, at our organisation, we are equally focused o human capital and social capital.