The involvement of internal audit in environmental, social, and governance practices and risks: Stakeholders' salience and insights from audit committees and chief executive officers

Abstract

We conducted 31 interviews with audit committee (AC) members, chief executive officers (CEOs), and chief audit executives (CAEs) to investigate the role of the internal audit function (IAF) in environmental, social, and governance (ESG) processes and related risks. We find that multiple possible combinations of the maturity of companies' ESG practices and CAE's perception of the IAF stakeholders' salience drive the type of IAF's involvement in ESG. In ESG‐mature companies with more salient ACs, the IAF provides assurance over ESG practices, ESG reporting, and reputation risks related to ESG, and it focuses on the governance dimension of ESG. When the CEO is perceived as more salient, the type of IAF's involvement includes both assurance over ESG controls in the supply chain and consulting on ESG activities. In contrast, in low ESG maturity companies with more salient AC, the IAF's role is limited to providing assurance over internal controls established to comply with environmental, health, and safety legal requirements, and prevent managers' unethical behavior. Finally, we discuss the implications for the IAF's ability to add value to the organization. We contribute to the underexplored research area of IAF's involvement in ESG practices and related risk.