Sustainability Audit: How to Conduct One for Your Business
Sustainability Audit: How to Conduct One for Your Business
Last updated: 24 June 2026 | Author: VerdaScope Editorial Team
A sustainability audit is a structured review of how your organisation measures, manages, and reports environmental, social, and governance performance. Whether you call it an environmental audit, sustainability assessment, or business sustainability review, the purpose is the same: identify gaps, validate data, and prepare for credible ESG reporting. This how-to guide walks through a practical sustainability gap analysis process with an audit checklist UK businesses can use annually.
What You Will Achieve
- A clear picture of sustainability maturity across E, S, and G
- Documented gaps against obligations and stakeholder expectations
- Validated sustainability data ready for disclosure or assurance
- Prioritised actions for ESG strategy and reporting
Before You Start
Sustainability audit vs external assurance
| Type | Who conducts | Purpose |
|---|---|---|
| Internal sustainability audit | Internal team or consultant | Gap analysis, process review, data validation |
| External assurance | Independent assurance provider | Third-party opinion on selected disclosures |
This guide focuses on internal audit / gap analysis. External assurance is increasingly expected for UK SRS and CSRD reporters.
Who should be involved
- Sustainability lead or ESG project owner
- Finance (data and controls)
- Operations/facilities (environmental data)
- HR (social metrics)
- Legal/compliance (obligations)
- Internal audit (if established)
Prerequisites
- Basic understanding of what is ESG
- List of mandatory obligations (SECR, TCFD, CSRD, MSA)
- Prior year reports and customer questionnaires
Step 1: Define Audit Scope and Objectives
Actions
- Set objectives — e.g. “Prepare for UK SRS alignment” or “Validate SECR data before annual report”
- Define scope — entities, sites, topics, reporting period
- Select benchmarks — regulations, chosen frameworks (GRI, TCFD, UK SRS), customer requirements
- Agree deliverables — audit report, gap register, action plan
Scope document template
Audit title: Annual sustainability gap analysis FY2025
Scope: UK operations, all sites, E/S/G material topics
Benchmarks: SECR, TCFD (if applicable), ESG strategy KPIs
Exclusions: Non-UK subsidiaries (separate audit)
Deliverable date: [Date before annual report sign-off]Step 2: Map Obligations and Stakeholder Expectations
Regulatory checklist
| Obligation | In scope? | Evidence location |
|---|---|---|
| SECR | Y/N | Directors’ Report |
| TCFD | Y/N | Annual report climate section |
| UK SRS (voluntary/mandatory) | Y/N | Sustainability disclosure |
| CSRD | Y/N | EU subsidiary reports |
| Modern Slavery Act | Y/N | Website statement |
Stakeholder checklist
- Investor ESG questionnaires reviewed
- Top 10 customer requirements documented
- Bank/lender sustainability assessments captured
- Employee/stakeholder concerns logged
Step 3: Conduct Document and Policy Review
Environmental audit documents
- Energy and emissions data collection procedures
- SECR calculation spreadsheets
- Waste and water records
- Environmental permits and compliance certificates
- Net zero strategy and climate risk assessments
Social documents
- H&S policies and incident logs
- HR policies (DEI, grievance, whistleblowing)
- Modern slavery statement and supplier due diligence
- Training records
Governance documents
- Board/committee minutes referencing ESG
- ESG policy and terms of reference
- Risk register entries for climate/ESG
- Public claims approval process
Audit questions
- Are policies current and board-approved?
- Do procedures match actual practice?
- Is there evidence of implementation—not just paper?
Step 4: Validate Sustainability Data
Data validation tests
| Test | Method |
|---|---|
| Completeness | Compare data sources to organisational boundary |
| Accuracy | Recalculate sample emissions using conversion factors |
| Consistency | Year-on-year variance analysis with explanations |
| Ownership | Confirm KPI owners signed off data |
| Estimation | Review assumptions for estimated (non-metered) data |
Priority metrics to validate
- Scope 1 and 2 emissions (scope 1, 2 and 3)
- Energy kWh (SECR)
- Safety rates
- Headcount and diversity statistics
- Supplier compliance rates
Cross-check sustainability KPIs against source systems.
Step 5: Site and Process Walkthroughs (Where Applicable)
For operational businesses, supplement document review with:
- Facility walkthroughs (energy systems, waste handling, safety signage)
- Interviews with site managers
- Verification of metering and sub-metering
- Sampling of supplier files for labour standards
Document findings with photos, notes, and corrective action requests.
Step 6: Perform Sustainability Gap Analysis
Rate each area:
| Rating | Definition |
|---|---|
| Green | Meets obligation/benchmark; evidence strong |
| Amber | Partial compliance; improvements needed |
| Red | Gap or non-compliance; priority action |
Gap analysis template
| Area | Benchmark | Current state | Gap | Priority | Owner | Target date |
|---|---|---|---|---|---|---|
| Scope 3 screening | UK SRS S2 | Not started | No category assessment | High | Sustainability | Q3 |
| Board climate oversight | TCFD governance | Mentioned once in AR | No committee | Medium | Company Secretary | Q4 |
Step 7: Report Findings and Action Plan
Audit report structure
- Executive summary
- Scope and methodology
- Findings by pillar (E, S, G)
- Gap register with priorities
- Recommended actions and resource estimates
- Appendices (checklists, data tests)
Present to leadership
- Board or leadership session on top 5 risks
- Agree action plan owners and timelines
- Link actions to ESG strategy roadmap
Sustainability Audit Checklist
Governance
- Board ESG oversight documented
- ESG policy current
- Public claims approval process exists
- ESG risks in enterprise risk register
Environmental
- SECR data validated (if in scope)
- Emission factors current (DEFRA/DESNZ year)
- Organisational boundary documented
- Scope 3 material categories assessed
- Climate risks identified (TCFD if applicable)
Social
- H&S data complete and accurate
- Modern slavery statement published (if required)
- Supplier due diligence files sampled
- DEI metrics methodology documented
Reporting
- Prior year report compared to framework requirements
- Comply-or-explain positions justified (TCFD)
- Stakeholder questionnaires answered consistently
- Greenwashing risk review completed
Preparing for External Assurance
If you plan limited assurance on sustainability disclosures:
Readiness checklist
- KPI methodology manual complete
- Source data retained (invoices, HR exports, incident logs)
- Recalculation of sample metrics matches reported figures
- Prior year comparatives consistent or restated with explanation
- Management representation letter process understood
- Timeline allows assurance provider review before publication
Common assurance findings
- Incomplete organisational boundary
- Emission factor year mismatch
- Scope 3 categories excluded without materiality analysis
- Social metrics without definition (e.g. turnover calculation)
- Inconsistent units (kg vs tonnes CO₂e)
Address these in internal audit before engaging external assurers.
Environmental Audit Focus Areas
For operational businesses, deepen environmental audit coverage:
| Area | Audit procedures |
|---|---|
| Permits | Verify environmental permits current; conditions complied with |
| Metering | Test meter calibration; sub-meter coverage vs billed consumption |
| Refrigerants | F-gas logs complete; leak detection programme |
| Waste | Duty of care certificates; contractor licences |
| Spill response | Training records; incident history |
Environmental compliance findings should feed enterprise risk register and ESG strategy prioritisation.
Worked Example: UK Food Distributor (220 Employees)
Objective: Validate SECR and prepare for customer ESG audit.
Findings:
- SECR emissions matched utility data ±2% (Green)
- Refrigerant leak log incomplete (Amber)
- No Scope 3 screening (Red)
- Modern slavery statement current but supplier audits only covered 30% spend (Amber)
Actions:
- Implement refrigerant tracking (Q2)
- Screen top 5 Scope 3 categories (Q3)
- Expand supplier audits to 60% spend (12 months)
Common Mistakes and Greenwashing Risks
| Mistake | Risk |
|---|---|
| Audit without benchmarks | Subjective opinions only |
| Ignoring social and governance | Unbalanced programme |
| No finance involvement | Data fails assurance |
| Findings not actioned | Repeated gaps annually |
| Conflating audit with certification | False confidence |
Frequently Asked Questions
What is a sustainability audit?
A structured review of ESG policies, data, processes, and disclosures against obligations and benchmarks—often producing a gap analysis and action plan.
How is a sustainability audit different from an environmental audit?
An environmental audit focuses on environmental compliance and impacts. A sustainability audit typically covers environmental, social, and governance topics together.
How often should UK businesses conduct a sustainability audit?
Annually at minimum, aligned with reporting cycle. Additional audits before major disclosures or assurance engagements.
Do I need an external auditor for sustainability?
Not always. SECR does not mandate external assurance. UK SRS and CSRD may require limited assurance for certain disclosures. Internal gap analysis still valuable.
What is a sustainability gap analysis?
Comparison of current practices and data against required or target standards, identifying gaps with prioritised remediation.
Can SMEs benefit from a sustainability audit?
Yes—especially before responding to large customer ESG requirements or preparing first ESG reporting.
What audit checklist should I use?
Combine regulatory checklist (SECR, TCFD, MSA), chosen framework requirements, and your sustainability KPIs register.
When to Commission External Support
Consider external consultants or auditors when:
- First TCFD or UK SRS gap analysis
- Scope 3 screening of all 15 categories
- Customer audit failure requires remediation
- Board requests independent validation before IPO or major contract
- CSRD double materiality assessment for EU entity
Internal audit remains valuable annually; external support supplements—not replaces—management accountability.
Audit Frequency and Triggers
| Event | Recommended audit depth |
|---|---|
| Annual reporting cycle | Full gap analysis |
| New regulation (UK SRS mandatory) | Targeted compliance audit |
| Failed customer ESG audit | Root cause remediation audit |
| Acquisition integration | Boundary and data merge audit |
| Assurance engagement | Pre-assurance readiness review |
Document audit findings in a register tracked to closure—unresolved red findings should not be omitted from board reporting.
Conclusion
A sustainability audit is the quality control layer for credible ESG programmes. UK businesses that audit annually catch data errors early, close compliance gaps, and prepare for assurance as UK SRS and customer expectations intensify.
Treat the sustainability assessment as a management tool—not a box-ticking exercise—and link findings directly to strategy and reporting.
Next steps:
- Sustainability KPIs — define what to measure
- ESG reporting — disclosure requirements
- ESG strategy — remediate gaps systematically
Sources
- UK Government — Environmental reporting guidelines including SECR
- Financial Reporting Council — Sustainability reporting developments
- International Auditing and Assurance Standards Board — sustainability assurance developments
This article is for general information only.