Sustainability has become a priority in Malaysian boardrooms, and ESG reporting is no longer just a formality. It now serves as a marker of real commitment to responsible business practices. Behind the scenes, internal auditors play an essential part in ensuring that what companies report is accurate and trustworthy.

With stricter requirements from Bursa Malaysia and Bank Negara Malaysia, internal auditors have taken on expanded responsibilities. Their work strengthens transparency, risk oversight and public confidence.

Investors and regulators expect more than statements of good intent. ESG disclosures must be backed by reliable data. This is where internal auditors matter most—they examine claims, identify inconsistencies and promote honesty.

Recent research by Lenz and Enslin (2025) encourages internal auditors to shift from being rule enforcers to active contributors who support ethical decision-making. That change is already happening in Malaysia.

Interviews conducted with internal auditors and senior leaders from listed companies between July 2023 and February 2024 revealed the growing role these professionals play in ESG assurance. Their tasks include setting targets, tracking progress, and confirming the accuracy of reports. Lenz and Jeppesen’s 2022 “5Ps” approach—Planet, Public, Profession, Prosperity and People—helps to describe this broader scope of work.

Auditors collaborate with management to make sure environmental goals are measurable, realistic and aligned with regulations. They also help prevent greenwashing—the practice of exaggerating or misrepresenting sustainability efforts. However, many auditors are still gaining experience in environmental risk assessment, an area becoming increasingly urgent as Malaysia faces more climate-related events.

According to PwC (2020), internal auditors help maintain good governance and ensure compliance with ESG rules. In Malaysia, where standards vary across sectors, they also push for tighter enforcement and more consistent expectations.

But these roles come with hurdles. Audit teams in smaller firms often face staffing and budget limitations, making it difficult to focus on ESG work. Others are adjusting to new tools and data systems needed for reliable ESG audits. Training and support in this area must be prioritised.

Cybersecurity is another concern. As more business is done online, ESG-related data must be protected. Internal auditors are now expected to assess whether digital systems are secure enough to handle this responsibility.

They also work with boards and regulators to encourage accountability. Their ability to raise concerns and provide risk updates supports both financial and sustainability goals.

Some confusion still exists between internal and external auditors, especially in ESG matters. It is important to clarify the unique value internal auditors bring: familiarity with internal operations, independence from day-to-day management and strong risk analysis skills.

To support their growing roles, companies should invest in ESG-specific training, upgrade their audit tools and clarify reporting standards. Internal audit must be treated as a strategic function, not just a compliance unit.

Internal auditors help ensure ESG claims are backed by real action. With the right support, they can strengthen public trust, improve corporate behaviour, and contribute to lasting improvements in how businesses operate.

Dr Suhaily Shahimi

Department of Accounting senior lecturer

Faculty of Business and Economics Universiti Malaya