Auditing-Requirements-under-CSRD-and-ESRS
Article
Sustainability Reporting

Assurance and Auditing Requirements of the CSRD & ESRS

January 19, 2024

The Corporate Sustainability Reporting Directive (CSRD) regards sustainability reporting as one part of a company’s management report and therefore should be subject to similar standards of assurance. There are, however, slight differences, as the quality and nature of data can differ significantly between financial and non-financial information. The CSRD stipulates assurance requirements for sustainability reporting. In this article, we explore the provisions for sustainability-related audits in accordance with the CSRD mandate.

Limited assurance for CSRD reporting  

CSRD-aligned sustainability disclosures must obtain “limited assurance” as opposed to the “reasonable assurance” required of financial reporting. For a limited assurance, auditors perform fewer procedures and provide a lower level of confidence compared to a reasonable-assurance audit. Limited assurance engagements are typically less extensive, and the statement of the assurance report will have a lower degree of certainty. To satisfy this provision, minimum external assurance is required for the following:

1.    Compliance with the reportingrequirements under Article 19b, essentially the European Sustainability Reporting Standards (ESRS)

2.    The process which information is identified and selected for reporting, i.e. the materiality assessment - learn more in our ESRS Super Guide

3.    Compliance with the required single electronic reporting format in accordance with Article 3 of Commission Delegated Regulation (EU) 2019/815*15, which introduces the XBRL format and digital tagging of disclosures for machine readability

4.    Mark-up of disclosures stipulated in Article 8 of Regulation (EU) 2020/852

Assurance must be conducted by an independent third party. The CSRD allows for assurance by an external provider different than the accountant used for financial auditing. Who qualifies to conduct the assessment will depend on each Member State’s implementation of the CSRD.

The assurance provider is required to follow a standard specifying how the engagement is to be performed. A specialised assurance standard for sustainability information is under works, named ISSA 5000. Until this standard is completed, it is expected that member states will require assurance providers to comply with ISAE 3000 – a standard for assurance engagements other than audits or reviews of historical financial information.

ESRS general principle of verifiability

As the reporting framework under the CSRD, the ESRS does not explicitly define auditing measures, but it defines the “Characteristics of information quality” under section 2.1 of the draft ESRS 1 General Principles. The latter is one of two cross-cutting standards that apply to all reports regardless of industry.  

Of the five characteristics outlined, the one related to auditing is verifiability. This principle requires data to be verifiable by independent observers, meaning that different parties should be able to gather or substantiate data to the same effect. Verifiability of data is dependent on traceability, and this is why having a systematic data management system is highly recommended.

How digital data management helps

Having an automated data management system in place not only simplifies the internal data collection processes for a company, it also ensures traceability of every single data point. This is especially useful for large operations with complicated value chains or multiple subsidiaries, where data ownership may be held by different entities or personnel.

With Daato’s ESG data management software, you can securely share access to your data with external assurance providers, thus enabling your information to be verified efficiently. Using an ESG software can also help you assess if your disclosures comply with the CSRD even before you hire an external assessor. You’ll be able to pinpoint the areas of reporting that are lacking or the disclosures that fail to satisfy conditions for limited assurance.

Many external auditors limit the number of auditing rounds their clients are allowed to make as it can be a costly process. With a smart management system, you can work on improving the quality of reporting to get itin the best state possible before launching the external assurance process, saving you time and money.

Clearly, the strength of an organisation’s data management determines whether or not they can obtain assurance. Here are a few more ways a complete data management system can help you in this process:

  • Multiple users can input and/or verify data and changes are tracked to always ensure traceability
  • Automates prompts and guidance to gather disclosures following ESRS requirements
  • Option to compile/present information in an easily readable electronic report
  • Maintains a repository of all information past and present
  • Automatically imports/integrates data from other organisational software such as HRS
  • Prevents human error and protects data integrity

With a detailed plan to manage ESG data, compliance with the CSRD and its assurance standards can be easily achieved. Learn more how we help in our ESRS Super Guide or book a demo.

Related content

Get started!

Choose an all-in-one ESG management solution to ensure your compliance and start building your sustainability strategy