Evaluating Corporate Social Responsibility

Corporate Social Responsibility (CSR) presents significant risks and opportunities for many organizations. Stakeholders expect boards and management to accept responsibility and implement strategies and controls to manage their impact on society and the environment, to engage stakeholders in their endeavors, and to inform the public about their results. The proliferation of regulation and voluntary standards has made CSR management a complex endeavor.

Internal auditors should understand the risks and controls related to CSR objectives. Where appropriate, the Chief Audit Executive (CAE) should plan to audit, facilitate control self-assessments, verify results, and/or consult on the various subjects. Internal auditors should maintain the skills and knowledge necessary to understand and evaluate the governance, risks, and controls of CSR strategies.

This guide will assist internal auditors in understanding:

The risks (operational, reputational, etc.) associated with CSR activities and how to use such knowledge in audit planning.
The approaches to evaluating CSR activities, including auditing, facilitating, and consulting.
Audit considerations such as use of the audit opinion, independence and objectivity, and types of resources.
Considerations in developing the internal audit program, including whether CSR information is consistent with standards and how management communicates and sets priorities for CSR strategies.

The guide also explains detailed approaches to auditing in the following appendices: