Father and son on home counseling therapy. Post pandemic period. Belgrade, Serbia

Nine key actions to prioritize as the CSRD looms

The EU Corporate Social Responsibility Directive’s broad scope will upend reporting for organizations that do business in the region.


In brief

  • The scoping of CSRD operates on different time horizons and thresholds, and the way an organization is scoped, based on its size, may affect how it reports.
  • In the inaugural EY CSRD roundtable, over 200 participants across sectors — from startups to Fortune 100 companies — debated the challenges and responses.
  • Dialogue surfaced key challenges that companies are facing and key steps to take across scoping, assessment and design and implementation phases.

For US multinationals, nonfinancial reporting has been a constantly morphing topic with global implications, forcing professionals in functional areas such as finance, sustainability, internal audit, IT and legal to confront gaps in data, reimagine processes and assign new responsibilities.

The European Union’s Corporate Sustainability Reporting Directive (CSRD) has emerged over the business landscape. The scope is so broad that many companies are quickly moving forward to understand its implications while monitoring other global regulators and standard setters, including the US Securities and Exchange Commission (SEC), to avoid duplicating efforts under multiple environmental, social and governance (ESG) reporting directives.

Against this backdrop, over 200 participants joined the inaugural EY CSRD roundtable, representing a broad cross section (of sizes, industries and functional roles) of companies to discuss strategies, pressing questions and lessons learned. Most participants have made strides to address the CSRD, but because of the broad scope of the directive, they were looking forward to discussing and understanding the perspectives of their peers.

This recap document summarizes what roundtable participants say they are doing to prepare across three phases: scoping, design and assessment and implementation. Each discussion began with a poll of roundtable participants to understand their position on the CSRD journey.

Scoping

Has the company assessed when it will be subject to CSRD requirements?


CSRD has 12 standards covering 82 disclosure requirements — almost 1,500 data points in total. Scoping operates on different time horizons, with different thresholds, and the way an organization is scoped on the basis of size may affect how it reports.

 

Key challenges identified

  • Interpreting the guidance. Some areas remain vague — for instance, organizations are unclear which entities the CSRD will apply to, particularly as it relates to subsidiaries and multiple legal entities. Many areas of the guidance may require companies to consult with accounting and legal advisors.   
  • Gathering data for applying scoping application thresholds. Many participants across different sectors had the same question: How should we align on data-gathering parameters? Additionally, given the potential number of entities within scope and the sometimes lack of centralized data management, many companies are concerned with the ability to obtain accurate information in a timely manner.  
  • Considering reporting options. The CSRD includes both financial statement materiality and impact materiality, collectively called double materiality. The latter considers stakeholders, like customers, regulators and other business partners, along the value chain. Organizations are asking how they should report: entity, sub-consolidated or consolidated. The issue is less about disclosure strategy and more about understanding what is permissible under the CSRD. This will help match current reporting, which does not include current entity-level or sub-consolidated reports, in some cases.
  • Monitoring local requirements. While the CSRD unifies the laws across the EU with one proposal, different Member States may build onto it.
  • Assessing the impact of decisions on other reporting regimes, including the SEC’s proposal. The SEC’s proposal concerns only climate, without double materiality, so it won’t be equivalent to the CSRD. And assurance is only for Scope 1 and Scope 2 emissions, whereas the CSRD includes a more extensive range, including taxonomy disclosures. Separately, the EU would need to formally assess whether the CSRD and other reporting regimes are equivalent. The European Financial Reporting Group and International Sustainability Standards Board have been working toward a potential path, for instance.

Actions to consider 

  1. Determine which function owns scoping, if not a dedicated ESG department.
  2. Align on data-gathering parameters (e.g., whether revenue includes or excludes intercompany amounts).
  3. Work with legal to review the legal-entity structure and preliminarily decide which entities are in scope along with the reporting strategy.
  4. Plan for regular updates on the reporting landscape annually, semiannually or quarterly, depending on company preference.

Assess and design

Assessment chart

Eighty percent of participants had not completed a CSRD readiness assessment, although many said they were in various stages of scrutinizing gaps and considering materiality impacts. But a lot of work remains, with a big need for education, given the breadth of stakeholders and geographies involved. Many organizations are further along on the “E” side and are building off those resources already in place.

Key challenges identified

  • Prioritizing next steps given the significant volume in disclosure gaps that most companies are experiencing. What data do you have, what gaps do you have, what’s material — and can you determine all this at the same time? Many participants expect that new resources will also be needed, but how many and in which functions is to be determined.
  • Aligning on governance for next steps to close gaps. Organizations are considering new approaches to governance now that there are more groups involved, especially as voluntary is quickly becoming involuntary. Several have established the role of ESG controller to collect data and help drive processes and controls and continuing to build out the ESG controller teams.
  • Educating reporting teams on the CSRD. Getting everyone on the same page, given the breadth of stakeholders and geographies involved, can be a challenge. Professionals should lead efforts that cross functions and geographies, connecting the dots between engineers, sustainability, legal, finance, internal audit and other internal groups.
  • Improving processes to meet reporting deadlines and produce sufficient quality data.  ESG data currently being reported typically hasn’t been held to the same scrutiny as financial information, as it often lacks the similar processes and controls. Ever-changing methodologies and the availability of information pose added complexities.

Actions to consider

  1. Provide training on the CSRD, including what it means for the organization as a whole, the various internal functions and individual employees.
  2. Gather data and market trends, and host internal working sessions to benchmark at a high level your understanding of the impacts of CSRD on your organization and focus on next steps.

Implementation

Implementation chart

Few participants have reached the implementation stage, saying they are completing prework. Data emerged as the most pressing issue for many participants, as collecting information from sources that their company does not have control over was one of the most significant concerns. For social and governance, especially for individual countries in Europe, companies are often required to start from scratch to find the data and the resources. Another challenge is to get people comfortable with disclosing previously non-public data and building the proper governance, processes and controls.

Key challenges identified

Aligning on process improvements within the organization, including defining levels of processes and controls. The importance of internal controls and data integrity can echo the conversations held in 2002 with the implementation of Sarbanes-Oxley. Some organizations are defining a RACI matrix (detailing who is responsible, accountable, consulted and informed) to lay out what they need for SEC sustainability reporting.

Implementing systems to support faster and more accurate reporting. While few participants cited technology as their primary concern, they are unclear what they need in this regard. Some say they are expanding use of platforms already used by finance for other functional groups needed in ESG reporting (e.g., covering greenhouse gas emissions and data related to human resources). Others are using spreadsheet-based data for qualitative information.

Completing internal and external assurance. Finance resources expressed reservations about nonfinancial attestations, highlighting the need for more specialized talent. Organizations can improve existing processes by defining a reviewer and their relevant experience so internal and external assurance goes more smoothly. In the words of one internal auditor: “If you’re asking me about emissions out of smokestacks, I don’t know about that.”

Actions to consider

  1. Understand current state processes and controls, identify gaps and design the future state.
  2. While designing the future state process and controls, develop tools and enablers to support execution and roll them out through training.
  3. Align on the role of internal audit and identify the external assurance provider. 

Summary

Although the CSRD is an EU regulation, it will impact companies based outside the EU that have business there, driving reporting on environmental, social and governance information. Organizations must assess their report options, uncover the relevant data and set up audit-ready processes and controls, building on what they may already have within environmental sustainability initiatives.

About this article

Contributors