Sustainability Reporting: An Opportunity for Business Transformation

Reporting under the European Union’s Corporate Sustainability Reporting Directive (CSRD) alone doesn’t make an organization sustainable. However, when embedded effectively, it can provide important insights to shape financial and operational decisions, providing a pivotal opportunity to redefine value, build long-term resilience, and drive sustainable success. 

While the CSRD serves as a disclosure framework, incorporating its findings into business strategy and decision-making can propel transformation and help organizations build a more resilient business model. Doing so depends on anchoring CSRD outcomes into the business through policies, actions, targets, data management, and internal controls.

Who must report?

In 2025, all “large” companies listed on EU-regulated markets will report under the CSRD for the first time. This designation covers any organization that meets two of the following criteria:

• Net turnover of €50 million or more
• Total assets of at least €25 million
• An average of 250 or more employees over the course of a fiscal year

From 2026, CSRD reporting will expand to include:

• “Large” non-listed EU corporations
• Listed small and medium-sized enterprises
• Non-EU companies with a significant EU presence (as defined by the above criteria)

Turning a challenge into an opportunity

While CSRD reporting can be a daunting challenge for businesses due to its stringent rules and disclosure requirements (including the need for assurance), it also offers game-changing opportunities. A central focus of the CSRD is a “double materiality assessment,” which requires organizations to identify their material environmental, social, and governance-related impacts, risks, and opportunities (IROs). Integrating these IROs into the business so that they can be monitored, measured, managed, and/or mitigated is a critical activity at the strategic and operational levels. To achieve this, business leaders should incorporate the following core elements as part of a robust, effective CSRD program:

Policies, actions, and targets. To effectively manage and mitigate material IROs, leaders should incorporate specific policies, actions, and targets into their business processes. Some examples include:

• Adopting circular economy principles, which foster sustainable development by using resources more efficiently and reclaiming waste as a valuable resource for new materials and products¹
• Improving the supplier due diligence process to identify environmental and human rights impacts
• Developing policies to protect and promote biodiversity such as impact assessment protocols, sustainable sourcing requirements, and stakeholder engagement principles²
• Creating a climate transition plan that includes a comprehensive decarbonization strategy to ensure the business model aligns with the transition to a net-zero economy
• Updating the supplier code of conduct policy to accommodate social imperatives such as health, safety, and forced labor safeguards

Data management. With over 1,000 data points that may need to be reported, leaders should develop policies and procedures that ensure data quality, compatibility, interoperability, and comprehensiveness. Reporting requirements should be seamlessly integrated into existing systems to avoid disrupting day-to-day operations. To meet these objectives, organizations should consider the following best practices:

• Document the current state of data capabilities, including data requirements, and integrations with existing financial and business process workflows
• Conduct a data capabilities gap analysis between the current and future states, keeping non-financial reporting for CSRD compliance in mind
• Develop data collection guidance including data standards, use, and rules to ensure consistent, reliable data collection and reporting that delivers value and meets business requirements

Internal controls. To safeguard assets, ensure reporting accuracy, and enhance operational efficiency, companies need to update their internal control systems to account for new non-financial disclosures. That means that processes and IT systems must be adapted or designed to accommodate new data points. Common controls include segregating duties, roles, and responsibilities, along with determining access rights, approval thresholds, and data verification procedures. Doing so provides checks and balances and mitigates the risks of fraud, noncompliance, and incorrect or incomplete data collection.

To meet these requirements, organizations should consider the following best practices:

• Conduct a gap analysis of internal controls and prioritize necessary improvements
• Create and update relevant process flows, identify key control points, and design and document controls
• Develop test criteria, test procedures, and document requests in accordance with reperformance standards to assess the design and operating effectiveness for each documented control
• Conduct testing, aggregate the results, validate findings, and identify control gaps and opportunities for improvement

A catalyst for business transformation

Forward-thinking companies can use the CRSD reporting requirements to enhance business strategies and decision making by establishing new policies, processes, and controls to link financial, sustainability and operational management. This can enhance their ability to adapt to changing environmental and societal needs and ultimately deliver better outcomes to stakeholders and society.