Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Business Ethics Best Practice > Internal Auditing’s Contribution to Sustainability

Business Ethics Best Practice

Internal Auditing’s Contribution to Sustainability

by Jeffrey Ridley

Executive Summary

  • Start with an understanding of, and an internationally recognized and accepted definition of, sustainability in your organization.

  • Relate this definition to your organization’s vision statement, strategies, and key objectives.

  • Relate this definition to your terms of reference for internal auditing. Sustainability should be there as part of your role to provide assurance in the management of risk and controls.

  • In today’s and tomorrow’s internal auditing engagements, the sustainability of your organization and of the planet should always be among your assurance objectives.

  • If your terms of reference include assurance of governance in your organization, you have a much wider contribution to make in sustainability programs at board level.

  • Whatever your internal auditing assurance role is in sustainability, you have the challenge and opportunities to develop this into consultancy and teaching roles covering all aspects of sustainability, at all levels in your organization.

  • Contributing to the sustainability of your organization is the pinnacle of added value from your best-practice internal auditing services.


Sustainability programs have three aims: people, planet, and profit. Few organizations today, across all sectors, will be without some form of sustainable development program—be it for altruistic reasons, required by regulation, or to stay at the cutting edge in their competitive market places. There can also be strong economic, environmental, and social reasons for marketing sustainable products and services: for reputational reasons and to control energy costs, or, even more importantly, to attract and keep both staff and investment.

Sustainability means more than just the economic, environmental, and social challenges an organization faces in its everyday and future operations: it means the ethics in these operations, touching on all the lives of those in the organization, its stakeholders, and the planet. The objectives of all sustainable development programs must be measured, and the results reported in and outside the organization. Stakeholders and society need to be assured independently that such measures are recorded accurately and in timely fashion before being reported. There are opportunities for internal auditing to contribute its independent and objective assurance services as an auditor as well as a consultant and teacher. Such a contribution can take best-practice internal auditing to a high level of added value.

What Is Sustainability?

Most governments and many organizations now define sustainability widely to include current and future issues and possible events that can impact an organization’s resources and stakeholders at community, national, and global levels. The Global Reporting Initiative’s (GRI) 2002 “Sustainability reporting guidelines” defined corporate social responsibility (CSR) as part of sustainability, and sustainability as “one of the three ideas that are playing a pivotal role in shaping how business and other organizations operate in the 21st century.” The other two ideas stated by GRI are accountability and governance. Linking sustainability into accountability and governance is an important statement for internal auditors in their assurance role. Sustainability programs should be a part of every organization's governance structure and practices in all sectors—private, public, and voluntary. This is now recognized globally. The now well-known GRI “triple bottom line” reporting of economic, social, and environmental performance has been adopted by many organizations as part of their annual reporting to stakeholders. The European Commission and national governments in Europe, if not the world, have been and are continuing to recommend triple bottom line reporting of performance. In some countries and for some companies this is now a legal/regulatory requirement.

Standards and awards for sustainable programs exist at national and international levels. At international level there are sustainability management and leadership standards for environmental, social, and risk (ISO 14000, 26000, and 31000, respectively), human rights (SA 8000; see SAI, 2008), ethics (GoodCorporation, 2010), and corporate responsibility and sustainable development (the AA1000 series published by AccountAbility). One example of national awards is the UK Business in the Community annual awards for corporate responsibility run in association with the Financial Times newspaper. These recognize and celebrate companies that have a presence in the United Kingdom and which have shown innovation, creativity, and a sustained commitment to corporate responsibility.

The United Nations Global Compact (UNGC) in its recent research “A new era of sustainability” (Lacy et al., 2010) continues the reinforcement of economic, environmental, and social reporting with its definition of sustainability:

“Throughout this report, we use the term ‘sustainability’ to encompass environmental, social and corporate governance issues, as embodied in the United Nations Global Compact’s Ten Principles. These ten principles [cover] areas of human rights, labour, the environment and anti-corruption…’”

Consider how the following ten principles, published by the UNGC in 2004, are embedded in your own organization’s strategies and operations and, more importantly, how they are audited.

Human Rights

  • Principle 1: Businesses should support and respect the protection of internationally proclaimed human rights.

  • Principle 2: They should make sure that they are not complicit in human rights abuses.

Labor Standards

  • Principle 3: Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining.

  • Principle 4: The elimination of all forms of forced and compulsory labor.

  • Principle 5: The effective abolition of child labor.

  • Principle 6: The elimination of discrimination in respect of employment and occupation.


  • Principle 7: Businesses should support a precautionary approach to environmental challenges.

  • Principle 8: They should undertake initiatives to promote greater environmental responsibility.

  • Principle 9: They should encourage the development and diffusion of environmentally friendly technologies.


  • Principle 10: Businesses should work against corruption in all its forms, including extortion and bribery.

This wide definition of sustainability recognizes and reinforces the importance of an organization’s sustainable strategy as being part of the ethical way it conducts its business. Questions every board and internal auditor should ask are listed in the next section.

The answers will always lead sustainability risk assessments to controls, challenges, weaknesses, strengths, and improvements. The questions in the box are a benchmark for those every internal auditor should seek to answer.

Back to Table of contents

Further reading


  • Brink, Victor Z. Foundations for Unlimited Horizons: The Institute of Internal Auditors 1941–1976. Altamonte Springs, FL: IIA, 1977.
  • Chambers, Andrew, and Graham Rand. Operational Auditing Handbook: Auditing Business and IT Processes. 2nd ed. Chichester, UK: Wiley, 2010.
  • Humble, John William. Social Responsibility Audit. London, UK: Foundation for Business Responsibilities, 1973.
  • IIA. International Professional Practices Framework (IPPF). Altamonte Springs, FL: IIA Research Foundation, 2011.
  • Nieuwlands, Hans. Sustainability and Internal Auditing. Altamonte Springs, FL: IIA Research Foundation, 2006.
  • Ridley, Jeffrey. Cutting Edge Internal Auditing. Chichester, UK: Wiley, 2008.


  • Cadbury, Sir Adrian. “Report of the committee on the financial aspects of corporate governance.” London, UK: Gee, December 1992. Online at:
  • Chartered Institute of Internal Auditors (IIA UK and Ireland). “Sustainability, environmental and social responsibility assurance.” 2002.
  • Chartered Institute of Internal Auditors. “Professional issues bulletin ethical and social; auditing and reporting—The challenge for the internal auditor.” 2003a.
  • Chartered Institute of Internal Auditors. “Emerging corporate social responsibility issues: Trust, materiality and brand.” 2003b.
  • Chartered Institute of Internal Auditors. “IIA risk based internal auditing tool.” February 2006.
  • Chartered Institute of Internal Auditors. “Sustainability and the AA1000 series.” 2009.
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO). “Internal control—Integrated framework.” AICPA, 1992.
  • COSO. “Enterprise risk management—Integrated framework.” 2004. Online at:
  • COSO. Guidance on Monitoring Internal Control Systems. 3 vols. New York: AICPA, 2009a.
  • COSO. “Strengthening enterprise risk management for strategic advantage.” Thought paper. COSO, 2009b. Online at:
  • COSO. “Effective enterprise risk management oversight: The role of the board of directors.” Thought paper. COSO, 2009c. Online at: [PDF].
  • Davies, J., P. Moxey, and I. Welch. “Risk and reward: Tempering the pursuit of profit.” Association of Chartered and Certified Accountants (ACCA), June 2010.
  • Global Reporting Initiative (GRI). “Sustainability reporting guidelines.” G2 guidelines. 2002.
  • GoodCorporation. “The GoodCorporation Standard.” Revised July 2010. 2010. Online at:
  • Institute of Internal Auditors (IIA). “Evaluating corporate social responsibility/sustainable development.” IPPF practice guide. February 2010b. Online at:
  • IIA UK and Ireland see Chartered Institute of Internal Auditors.
  • International Organization for Standardization (ISO). “ISO 14000 Environmental management.” 2004, 2007. Online at:
  • ISO. “ISO 31000:2009 Risk management.” 2009. Online at:
  • ISO. “ISO 26000:2010 Guidance on social responsibility.” 2010. Online at:
  • Lacy, Peter, Tim Cooper, Rob Hayward, and Lisa Neuberger. “A new era of sustainability: UN Global Compact–Accenture CEO study 2010.” Accenture, June 2010. Online at: [PDF]
  • Organisation for Economic Co-operation and Development (OECD). “OECD guidelines for multinational enterprises.” 2008.
  • Social Accountability International (SAI). “Social accountability 8000.” SAI Standard SA8000. 2008. Online at:
  • United Nations Global Compact (UNGC). “The ten principles.” 2004. Online at:
  • World Business Council For Sustainable Development (WBCSD). “Vision 2050: The new agenda for business.” WBCSD report. 2010. Online at:



Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share