The Role of Internal Audit in ESG Governance: A Conceptual Framework

The Role of Internal Audit in ESG Governance: A Conceptual Framework

Zulkiffly Baharom

Tunku Puteri Intan Safinaz School of Accountancy (TISSA-UUM), College of Business, University Utara Malaysia, Malaysia

DOI: https://dx.doi.org/10.47772/IJRISS.2025.908000080

Received: 26 July 2025; Accepted: 01 July 2025; Published: 28 August 2025

ABSTRACT

Environmental, social, and governance (ESG) governance has emerged as a critical component of corporate sustainability, requiring organizations to adopt transparent and accountable practices. Internal audit, traditionally focused on financial and compliance activities, is now expected to play a strategic role in ESG oversight. This article proposes a conceptual framework that defines internal audit’s contribution to ESG governance through its core roles: assurance, risk assessment, and advisory services. The framework highlights how these roles influence governance outcomes by enhancing ESG risk management and improving the quality of sustainability reporting, which act as mediating mechanisms. Additionally, it incorporates moderating factors such as board oversight and regulatory pressure that shape the strength of these relationships. By integrating governance theories—Agency, Stakeholder, and Institutional—the study advances theoretical understanding while offering practical guidance for boards, audit committees, and practitioners. The findings emphasize the internal audit’s transition from a compliance-driven function to a strategic partner in achieving ESG objectives. This work provides a foundation for future empirical research and offers actionable insights for organizations seeking to enhance accountability, transparency, and long-term sustainability through effective ESG governance.

Keywords: Internal audit, ESG governance, sustainability reporting, risk management, corporate governance

INTRODUCTION

ESG factors have become essential to corporate sustainability and are a key concern for stakeholders worldwide. Today, organizations face increasing pressure from investors, regulators, and the public to show accountability and transparency in managing ESG risks (Ding et al., 2024). This rising demand has shifted corporate priorities beyond just financial results, focusing more on ethical governance, environmental care, and social responsibility. As a result, internal audit functions, which have traditionally focused on financial compliance and operational efficiency, are evolving to take on a more strategic role in supporting ESG efforts (Sabauri, 2024).

Despite the growing importance of ESG governance, many organizations lack a clear framework that incorporates internal audit into their ESG governance process. While internal audit departments are expected to provide assurance on the accuracy of ESG reports and evaluate related risks, their roles often remain unclear (Rakipi & D’Onza, 2023). Some organizations view internal audit as an advisory partner in ESG integration, while others limit its involvement to compliance checks (Sabauri, 2024). This lack of clarity creates a gap between theory and practice, raising questions about how internal audit can most effectively contribute to ESG governance and improve organizational accountability.

This study aims to define the role of internal audit in ESG governance by creating a framework that emphasizes its assurance, advisory, and risk assessment functions. It aims to demonstrate how these roles can enhance the quality of ESG reporting, improve risk management, and promote overall governance effectiveness. In doing so, this article addresses two key research questions:

How can internal audit contribute to strong ESG governance structures?

Which aspects of internal audit are most impactful in achieving this goal?

The importance of this study lies in its ability to improve theoretical understanding and offer practical guidance. Academically, the proposed framework bridges internal audit theory with ESG governance, contributing to the growing literature on sustainability assurance. Practically, it provides actionable insights for internal audit leaders, audit committees, and boards on utilizing internal audit capabilities to meet regulatory requirements, build stakeholder trust, and achieve long-term sustainability objectives.

LITERATURE REVIEW

ESG Governance: Concepts and Evolution

ESG governance has become a crucial part of modern corporate management, reflecting the increasing recognition of sustainability as a key driver of organizational resilience and long-term success. ESG governance encompasses a set of principles and practices designed to ensure that companies operate responsibly, ethically, and in alignment with societal and environmental expectations (Huzooree & Yadav, 2025). It extends beyond merely complying with legal standards, focusing on proactive strategies to manage climate risks, promote social equity, and maintain robust governance systems (Lokuwaduge & De Silva, 2020). Over time, ESG governance has shifted from a voluntary initiative to a regulatory requirement in many areas, with global frameworks and guidelines influencing disclosure and reporting practices (Nicolo’ & Andrades‐Peña, 2024).

Internal Audit and Corporate Governance

Internal audit is an essential part of the corporate governance system, traditionally responsible for assuring financial reporting, risk management, and internal control systems. Its primary role has historically been to ensure compliance, protect assets, and detect fraud (Ziorklui et al., 2024). Nevertheless, the function has progressively expanded to encompass strategic supervision and advisory services (Ali & Akter, 2023). This change has been driven by the increasing complexity of business operations and stakeholder demands for greater accountability (Ma, 2021). Today, an internal audit is expected to deliver objective insights that enhance governance and support organizations in managing emerging risks, extending beyond financial concerns.

Intersection of Internal Audit and ESG

The integration of ESG into organizational strategies has introduced new dimensions of risk and opportunity, prompting a reassessment of the internal audit’s role. Unlike traditional financial risks, ESG risks are multidimensional, long-term, and often involve reputational concerns (Lokuwaduge & De Silva, 2020). Internal audit is uniquely positioned to support ESG governance by evaluating control adequacy, verifying the reliability of sustainability data, and advising on risk mitigation strategies (Sabauri, 2024). Furthermore, internal audit can help improve ESG reporting accuracy and ensure alignment with international standards. Its involvement not only enhances transparency but also builds stakeholder confidence in ESG disclosures (Gherai et al., 2024).

Gaps in Existing Research

Although ESG governance is widely recognized as important, research specifically examining the internal audit’s role in this area remains limited. Most existing studies focus on sustainability reporting or external assurance, neglecting the internal processes that support ESG accountability. There is a lack of empirical and conceptual models explaining how internal audit functions interact with ESG governance structures to add value (Rakipi & D’Onza, 2023). Additionally, the scope of internal audit’s ESG responsibilities remains unclear, especially regarding the balance between assurance and advisory roles (Sabauri, 2024). These gaps highlight the need for a conceptual framework that positions internal audit as a vital facilitator of ESG governance and clarifies its role in contributing to organizational sustainability goals.

THEORETICAL UNDERPINNINGS

Agency Theory

Agency theory describes the relationship between principals, such as shareholders, and agents, like managers, where conflicts often arise due to differing interests (Moloi & Marwala, 2020). In ESG governance, these conflicts become more complex as organizations face increasing demands from stakeholders for sustainable practices (Yeh et al., 2023). Managers may focus on short-term financial results, while stakeholders prioritize long-term environmental and social objectives. Internal audit serves as a monitoring tool that helps reduce information gaps and promotes accountability. By providing independent assurance on ESG reporting and risk management, internal audit helps mitigate agency conflicts and foster trust between management and stakeholders (Sabauri, 2024).

Stakeholder Theory

Stakeholder theory expands the traditional shareholder-focused view by acknowledging that organizations have responsibilities to a broad range of stakeholders, including employees, customers, regulators, and local communities (Pesqueux & Damak‐Ayadi, 2005). ESG governance closely aligns with this theory, as it requires companies to consider environmental and social impacts alongside financial results (Wang, 2024). Internal audit plays a vital role in ensuring these diverse interests are addressed by checking compliance with ESG standards and evaluating the success of sustainability efforts (Yan et al., 2024). Through advisory and assurance activities, internal audit helps strengthen an organization’s ability to meet stakeholder expectations and maintain its legitimacy in the market.

Institutional Theory

Institutional theory highlights how organizations conform to external pressures and norms to gain legitimacy and stability. The increasing focus on ESG governance reflects institutional influences, including regulatory demands, industry best practices, and societal expectations (Ahmad et al., 2023). Organizations adopt ESG practices not only for ethical reasons but also to stay competitive and protect their reputation (Solaimani, 2024). Internal audit plays a crucial role in ensuring compliance with ESG regulations and guiding the implementation of practices that align with institutional norms (Rakipi & D’Onza, 2023). Its role ensures that ESG commitments are integrated into organizational processes, rather than being seen as mere symbolic gestures, thereby strengthening both compliance and credibility.

METHODOLOGY

This study adopts a conceptual research design to develop a framework that explains the internal audit’s role in ESG governance. It draws on a synthesis of peer-reviewed academic literature sourced primarily from Scopus, Web of Science, and Google Scholar databases, covering the period from 2018 to 2025. The selection focused on studies related to internal auditing, ESG governance, sustainability reporting, and risk management. The literature was critically evaluated based on theoretical relevance, empirical strength, and thematic alignment with ESG integration. The framework is theoretically grounded in agency, stakeholder, and institutional theories. It integrates findings from recent studies to identify key roles of internal audit and the mechanisms through which they influence ESG outcomes. This methodological approach ensures that the framework is both theoretically robust and practically relevant, paving the way for future empirical validation.

CONCEPTUAL FRAMEWORK

The proposed framework positions internal audit as a vital enabler of ESG governance, emphasizing three key roles: assurance, risk assessment, and advisory services. These roles play a key role in enhancing ESG governance effectiveness by improving the quality of sustainability reporting and strengthening ESG risk management (Miao, 2024).  The assurance role ensures the transparency and dependability of ESG disclosures through independent verification. In contrast, the risk assessment role detects, evaluates, and tracks ESG-related risks, integrating them into overall risk management (Eulerich et al., 2022). The advisory role supports these efforts by advising on the design of governance structures, implementing internal controls, and enhancing reporting systems.

The framework suggests that the impact of internal audit on ESG governance is achieved through two primary mechanisms: effective ESG risk management and high-quality sustainability reporting. These factors turn internal audit activities into meaningful governance results (Fernandez et al., 2025). Additionally, external and internal factors—such as board oversight and regulatory pressure—serve as moderators, enhancing the impact of the internal audit’s contributions. When boards actively supervise ESG strategies and regulations demand compliance, the value generated by internal audit becomes more significant (Yan et al., 2024).

Overall, the framework views internal audit not just as a compliance function but as a strategic partner in ESG integration, providing assurance, risk insights, and advisory input that together improve organizational accountability and sustainability performance.

Diagram 1: Conceptual framework for ESG governance effectiveness

As shown in Diagram 1, the framework outlines the relationships between several key components that influence the effectiveness of ESG governance. The framework identifies three primary independent variables (IVs): the internal audit’s roles in assurance, risk assessment, and advisory services. Each role contributes uniquely to ESG governance. Assurance focuses on the verification and reliability of ESG disclosures, while risk assessment evaluates the organization’s exposure to ESG-related risks. The advisory role guides the development and enhancement of ESG strategies and internal control mechanisms. Together, these roles form the foundation of the internal audit’s influence on ESG practices.

The dependent variable (DV) is ESG governance effectiveness, which reflects the extent to which an organization successfully embeds ESG principles into its strategic, operational, and reporting processes. The framework also introduces two key mediating variables (MedVs): ESG risk management and sustainability reporting quality. These act as pathways through which internal audit functions translate into improved governance outcomes—by identifying ESG risks early and enhancing the transparency and credibility of disclosures. Additionally, moderating variables (MVs)—namely, board oversight and regulatory pressure—influence the strength of these relationships. When boards are actively engaged and regulatory frameworks are stringent, internal audit’s contribution to ESG governance becomes more impactful and strategically significant.

IMPLICATIONS AND CONTRIBUTIONS

Theoretical Implications

This conceptual framework advances the theoretical development of internal auditing and ESG governance by integrating established governance theories—Agency theory, Stakeholder theory, and Institutional theory—within the context of ESG. Historically, the internal audit literature has focused on financial controls, compliance, and operational efficiency, with limited attention to sustainability issues. This study expands that focus by suggesting that internal audit plays a vital role in ensuring ESG governance effectiveness through assurance, risk assessment, and advisory functions, as stated by Sabauri (2024). The framework introduces mediating variables, such as ESG risk management and the quality of sustainability reporting, which illustrate the pathways through which internal audit affects governance outcomes. It also includes moderating factors, such as oversight and regulatory pressure, providing a more comprehensive understanding of the conditions that strengthen or weaken these relationships. By doing so, the study lays a foundation for future empirical testing and comparative research across industries and jurisdictions.

Practical Implications

From a practical standpoint, the proposed framework offers actionable insights for boards, audit committees, and internal audit professionals. Organizations are facing increasing scrutiny from regulators, investors, and the public regarding the credibility of their ESG commitments and disclosures (Tamasiga et al., 2024). Internal audit can address this challenge by providing independent assurance on the accuracy of ESG data, ensuring compliance with reporting standards, and incorporating ESG risk assessments into enterprise risk management frameworks. This shift positions internal audit as a strategic partner rather than solely a compliance function, as mentioned. Boards and audit committees can use the framework to clearly define the role of internal audit, allocate resources for ESG-related audit engagements, and enhance oversight mechanisms. For regulators and professional bodies, the model provides guidance for developing policies and standards that encourage internal audit involvement in ESG reporting and governance. Ultimately, the effective implementation of this framework can enhance stakeholder confidence, mitigate the risk of greenwashing, and support the organization’s long-term sustainability goals.

FUTURE RESEARCH DIRECTIONS AND CONCLUSION

This study presents a conceptual framework that positions internal audit as a vital enabler of effective ESG governance. The framework emphasizes three primary roles of internal audit—assurance, risk assessment, and advisory—and describes how these roles impact ESG governance through mediating factors such as ESG risk management and the quality of sustainability reporting. Additionally, the model includes moderating factors, specifically board oversight and regulatory pressure, which influence the strength of these relationships. By aligning internal audit functions with ESG goals, organizations can move beyond compliance-based strategies to adopt proactive measures that improve transparency, accountability, and long-term value creation.

The conceptual framework makes two main contributions. First, it broadens the scope of internal audit by including ESG governance. Second, it offers practical guidance for organizations aiming to strengthen ESG governance and align with stakeholder expectations in a more regulated environment. The framework highlights that the internal audit’s role in ESG governance extends beyond traditional assurance, also to include strategic advice and risk-based input, making the function a key part of sustainable business practices.

Future Research Directions

While this study offers valuable insights, it is limited by its conceptual approach and lack of empirical validation. Future research should focus on testing the proposed framework across various industries and geographic regions to evaluate its applicability and robustness. Quantitative studies could measure the strength of relationships between internal audit roles and ESG governance outcomes. At the same time, qualitative research could examine organizational practices and challenges in implementing ESG-focused internal audit activities. Comparative studies between developed and emerging markets would further deepen understanding of contextual differences affecting ESG governance practices. Additionally, longitudinal research could assess how the internal audit’s ESG role evolves in response to regulatory changes and stakeholder demands.

By addressing these areas, future studies can enhance both theoretical and practical understanding, ensuring that internal audit continues to play a crucial role in helping organizations transition toward sustainable governance.

CONCLUSION

Through the development of this conceptual framework, the study concludes that internal audit plays a pivotal role in enhancing ESG governance effectiveness. When internal audit roles—namely assurance, risk assessment, and advisory—are strategically aligned with ESG priorities, they enable organizations to adopt a more structured and credible approach to sustainability. These roles do not operate in isolation but influence ESG outcomes through key mediating mechanisms such as ESG risk management and the quality of sustainability reporting. These pathways ensure that internal audit efforts are not merely procedural but meaningfully contribute to strengthening transparency, stakeholder confidence, and organizational legitimacy.

Furthermore, the effectiveness of this contribution is amplified or diminished by contextual moderating factors, particularly board oversight and regulatory pressure. In environments where boards are proactive and regulatory frameworks are stringent, the value derived from internal audit involvement in ESG matters becomes more profound. This reinforces the notion that internal audit must evolve beyond a compliance-focused function and embrace a strategic, integrated approach to sustainability governance. Overall, this framework lays the groundwork for future empirical validation and provides practical direction for both corporate governance actors and policymakers seeking to embed ESG values into the organizational fabric.

REFERENCES

1. Ahmad, H., Yaqub, M., & Lee, S. H. (2023). Environmental, social, and governance-related factors for business investment and sustainability: A scientometric review of global trends. Environment, Development and Sustainability, 26(2), 2965–2987. https://doi.org/10.1007/s10668-023-02921-x
2. Ali, M. M., & Akter, A. (2023). Resources of internal audit, internal audit outsourcing and competences of internal auditors. Global Mainstream Journal of Arts, Literature, History & Education, 2(1), 1–8. https://doi.org/10.62304/jbedpm.v2i01.47
3. Ding, H., Wang, Z., Lin, Z., & Xu, H. (2024). A study on the impact of board characteristics on the environmental, social, and governance (ESG): Responsibilities of listed companies—evidence from Chinese listings. Sustainability, 16(23), 10490. https://doi.org/10.3390/su162310490
4. Eulerich, M., Bonrath, A., & Lopez Kasper, V. I. (2022). Internal auditor’s role in ESG disclosure and assurance: An analysis of practical insights. Corporate Ownership and Control, 20(1), 78–86. https://doi.org/10.22495/cocv20i1art7
5. Fernandez, C., Riantono, I. E., & Evandio, D. Y. (2025). Corporate governance and ESG strategies: The moderating impact of internal audit quality on financial performance in Indonesian companies. Edelweiss Applied Science and Technology, 9(5), 685–702. https://doi.org/10.55214/25768484.v9i5.6983
6. Gherai, D. S., Mare, C., Matica, D. E., Rus, L., & Sabău Popa, D. C. (2024). The impact of Romanian internal auditors in ESG reporting and sustainable development goals. Sustainability, 16(19), 8680. https://doi.org/10.3390/su16198680
7. Huzooree, G., & Yadav, M. (2025). Sustainable project management and organizational resilience. In Enhancing Resilience in Business Continuity Management, 137-172. IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-8809-9.ch005
8. Lokuwaduge, C., & De Silva, K. (2020). Emerging corporate disclosure of environmental, social and governance (ESG) risks: An Australian study. Australasian Accounting, Business and Finance Journal, 14(2), 35–50. https://doi.org/10.14453/aabfj.v14i2.4
9. Ma, Y. (2021). Study on the positioning of internal audit function under corporate governance. International Journal of Business and Economics Research, 10(6), 277-283. https://doi.org/10.11648/j.ijber.20211006.18
10. Miao, X. (2024). Challenges and responses to ESG risk management. Modern Management Science & Engineering, 6(1), 55-63. https://doi.org/10.22158/mmse.v6n1p55
11. Moloi, T., & Marwala, T. (2020). The Agency theory. In Artificial Intelligence in Economics and Finance Theories, 95-102. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-42962-1_11
12. Nicolo’, G., & Andrades‐Peña, F. J. (2024). Does corporate governance influence environmental, social and governance disclosure practices of state‐owned enterprises? An international study. Corporate Social Responsibility and Environmental Management, 31(5), 4715–4731. https://doi.org/10.1002/csr.2824
13. Pesqueux, Y., & Damak‐Ayadi, S. (2005). Stakeholder theory in perspective. Corporate Governance: The International Journal of Business in Society, 5(2), 5–21. https://doi.org/10.1108/14720700510562622
14. Rakipi, R., & D’Onza, G. (2023). The involvement of internal audit in environmental, social, and governance practices and risks: Stakeholders’ salience and insights from audit committees and chief executive officers. International Journal of Auditing, 28(3), 522–535. https://doi.org/10.1111/ijau.12341
15. Sabauri, L. (2024). Internal audit’s role in supporting sustainability reporting. International Journal of Sustainable Development and Planning, 19(5), 1981–1988. https://doi.org/10.18280/ijsdp.190537
16. Solaimani, S. (2024). From compliance to capability: On the role of data and technology in environment, social, and governance. Sustainability, 16(14), 6061. https://doi.org/10.3390/su16146061
17. Tamasiga, P., Onyeaka, H., Bakwena, M., & Ouassou, E. H. (2024). Beyond compliance: Evaluating the role of environmental, social and governance disclosures in enhancing firm value and performance. SN Business & Economics, 4(10). https://doi.org/10.1007/s43546-024-00714-6
18. Wang, C. (2024). The relationship between ESG performance and corporate performance – Based on Stakeholder theory. SHS Web of Conferences, 190, 03022. https://doi.org/10.1051/shsconf/202419003022
19. Yan, J., Hu, H., & Hu, Y. (2024). Does internal control improve enterprise environmental, social, and governance information disclosure? Evidence from China. Corporate Social Responsibility and Environmental Management, 31(5), 4980–4994. https://doi.org/10.1002/csr.2837
20. Yeh, T., Daniel, S. J., & Xiao, Y. (2023). Stakeholder influences on management control systems for ESG governance and reporting in the global automotive industry. Journal of Corporate Accounting & Finance, 35(2), 103–120. https://doi.org/10.1002/jcaf.22671
21. Ziorklui, J., Ampofo, F., Nyonyoh, N., & Antwi, B. (2024). Effectiveness of internal control mechanisms in preventing and detecting fraud. Finance & Accounting Research Journal, 6(7), 1259–1274. https://doi.org/10.51594/farj.v6i7.1322