This is a huge area, because this is where parties outside the audit subject organization or party are relying upon some kind of sign off to have confidence in its reliability, comparability, etc.
Opportunity to align with financial statement auditors both internal and external; as well as risk management and proactive compliance, ISO, etc.
Consider preventative vs. detective controls; how such controls would be tested. Segregation of duties. Independence in fact vs. independence in appearance. Are relationships explicit, such as the frameworks used, the auditors; and the systems in place? There are several “sustainability” systems that are different names but owned by firms who audit and certify certain sustainability certifications … etc. … so are the controls and assurance as objective as possible?
Are related parties explicit? Who is preparing, who is signing off?
This is a huge area, because this is where parties outside the audit subject organization or party are relying upon some kind of sign off to have confidence in its reliability, comparability, etc.
Opportunity to align with financial statement auditors both internal and external; as well as risk management and proactive compliance, ISO, etc.
Consider preventative vs. detective controls; how such controls would be tested. Segregation of duties. Independence in fact vs. independence in appearance. Are relationships explicit, such as the frameworks used, the auditors; and the systems in place? There are several “sustainability” systems that are different names but owned by firms who audit and certify certain sustainability certifications … etc. … so are the controls and assurance as objective as possible?
Are related parties explicit? Who is preparing, who is signing off?