ESG internal controls design: data capture to reporting (SOX-like)

Design internal controls over ESG reporting for {organization_name}.

Inputs:
- ESG metrics in scope: {metrics_in_scope}
- Data sources and owners: {data_sources_owners}
- Reporting cadence and audience: {cadence}
- Current control environment: {current_controls}

Output:
1) Process map from data capture → transformation → reporting.
2) Risk-control matrix for ESG (data completeness, accuracy, change management).
3) Evidence and retention standards.
4) Testing approach and continuous improvement plan.

Write it in an audit-friendly format.