External sustainability reporting requirements

The report outlines increasing regulatory demands, including ISSB standards and the EU CSRD, requiring high-quality, decision-useful sustainability disclosures aligned with financial reporting. Companies must improve data quality, timing and connectivity to meet investor expectations and reduce the risk of modified assurance conclusions.

Governing body

Boards are responsible for overseeing sustainability reporting integrity, ensuring alignment with strategy and risk management. They should define roles, approve disclosures, and monitor internal controls. Strong governance supports credibility and ensures sustainability information meets the same standards as financial reporting.

Management

Management is accountable for implementing governance structures, systems and controls. Finance teams, including CFOs and ESG controllers, play a central role by applying financial reporting discipline to sustainability data. This includes integrating processes, ensuring data accuracy and supporting timely reporting alongside financial statements.

Internal audit

Internal audit provides independent assurance over governance, risk management and controls. It evaluates whether sustainability processes are effective and identifies gaps. Its role is critical in strengthening internal control environments and preparing organisations for external assurance.

External assurance providers

External assurance enhances trust by independently verifying sustainability disclosures. Early engagement with assurance providers helps organisations understand expectations, improve control design and reduce the likelihood of qualified opinions. Assurance standards are evolving to align with global sustainability frameworks.

The governing body

The governing body must ensure oversight of sustainability risks and opportunities, integrating them into enterprise risk management. It should confirm that disclosures are complete, balanced and consistent with financial information, reinforcing accountability and transparency.

The first line, the second line, the third line

The report adopts the three lines model. The first line (operational management) owns data and controls. The second line (risk and compliance functions) provides oversight and guidance. The third line (internal audit) offers independent assurance. Clear segregation of responsibilities strengthens control effectiveness.

Extending ICFR processes to sustainability data

Organisations are encouraged to extend existing internal control over financial reporting (ICFR) frameworks to sustainability data. This leverages established systems, reduces duplication and ensures consistency. Applying financial-grade controls improves reliability and audit readiness.

Materiality assessment

Materiality assessments identify relevant sustainability topics based on financial and impact considerations. Companies should document methodologies, involve stakeholders and regularly update assessments to reflect evolving risks and opportunities.

A materiality assessment can be based on financial and impact materiality

The report highlights dual materiality, combining financial risks/opportunities with environmental and social impacts. This approach aligns with regulatory expectations and ensures disclosures address both investor and societal concerns.

Risk assessment of material misstatement

Organisations must assess risks of errors or omissions in sustainability data. This includes identifying high-risk areas, such as estimates or complex metrics, and implementing controls to mitigate misstatement risks.

Control Objectives

Control objectives define what organisations aim to achieve, such as data completeness, accuracy and consistency. Clear objectives guide control design and ensure alignment with reporting requirements.

Control catalogues

Control catalogues provide structured lists of controls mapped to risks and objectives. They support standardisation, scalability and consistent implementation across reporting areas.

Monitoring plan

Continuous monitoring ensures controls operate effectively over time. This includes testing, remediation and periodic reviews. A structured monitoring plan supports ongoing improvement and assurance readiness.

Independent external assurance

External assurance validates sustainability disclosures and strengthens stakeholder confidence. Organisations should prepare by aligning controls, documentation and processes with assurance requirements.

A new global standard for sustainability assurance

Emerging global assurance standards aim to harmonise practices and improve comparability. Organisations must stay informed and adapt processes to meet evolving expectations, ensuring readiness for mandatory assurance regimes.