Sustainability under scrutiny: How companies can prepare for the mandatory audit of the sustainability report


​​​​published on 11 March 2024 I reading time approx. 4 minutes

With the start of application of the Corporate Sustainability Reporting Directive (CSRD), the sustainability report must undergo a mandatory audit for the first time. To ensure that this can take place smoothly, the disclosed data must meet certain requirements and be verifiable. However, due to the high amount of qualitative and quantitative data points to be reported in future, ensuring auditability poses major challenges. At best, the course for an efficient audit process is already set in the run-up to data collection.

With the replacement of the Non-Financial Reporting Directive (NFRD) by the Corporate Sustainability Reporting Directive (CSRD) from January 1, 2024 on and the associated expansion of the group of users, corporate sustainability reporting will experience a significant increase in importance. Whereas previously only around 500 companies across Germany were obliged to prepare a non-financial statement in accordance with the NFRD, the CSRD will require around 15,000 companies to disclose information on their sustainability performance in future. The start of application will be staggered – for the 2024 financial year, the new regulation will initially affect those companies that are already subject to the NFRD. Large non-capital-market-oriented companies (from FY 2025) and listed SMEs (from FY 2026 with the option of voluntary deferral until FY 2028) will also gradually be required to prepare a CSRD-compliant sustainability report.​​


By introducing uniform European reporting standards, the European Sustainability Reporting Standards (ESRS), the EU has paved the way for more transparent, relevant and comparable sustainability reporting. In order to ensure the credibility and informative value of the sustainability report, the CSRD – unlike the NFRD, according to which only the existence of the non-financial statement had to be audited – provides for a mandatory audit of the content of the report. This is initially carried out with limited assurance, but a transition to reasonable assurance is planned in the medium term. Depending on the German implementation of the CSRD, which is currently still outstanding, the audit can be carried out either by the statutory auditor, another auditor or, if necessary, by an independent provider of assurance services. For cost and efficiency reasons alone and to ensure consistency between financial and sustainability reporting, however, the vast majority of companies are likely to decide in practice to appoint the statutory auditor as the auditor of the sustainability reporting. 


The CSRD specifies which requirements a sustainability report must fulfill from an auditor's perspective. When auditing the sustainability report, the auditor must therefore not only assess compliance with the ESRS with regard to the data points disclosed, but also the process used by the company to determine the information reported on. This includes, for example, the process for determining the material topics (materiality assessment) and the data collection process, including the internal controls implemented. Furthermore, the auditor determines compliance with the reporting requirements in accordance with Art. 8 of the EU Taxonomy Regulation as well as compliance with the obligation to tag the reporting by means of ESEF tagging. However, the latter requirement only has to be fulfilled once the corresponding regulation has come into force – this is not yet foreseeable at the present time. 


Naturally, companies have an interest in making the audit as efficient as possible and completing it within the estimated time frame. In order to achieve this, a number of points should be taken into account when preparing the report, especially when collecting data: 

  • Conducting a robust materiality assessment: The materiality assessment is used to determine the material topics and data points in advance of data collection. If the materiality assessment is not performed in accordance with the ESRS, the actual relevance of the disclosed data points cannot be adequately validated by the auditor in retrospect. To ensure that the auditor can understand the results and implications of the materiality assessment as part of the audit, this should be closely aligned with the ESRS and other documents such as the EFRAG Guidance. Furthermore, comprehensible documentation of the approach, selected methodology, involvement of stakeholders and other decisions made is necessary. 
  • Clear definition of data points: The required data points should be clearly defined and described in accordance with the respective requirements of the ESRS (e.g. required unit of measurement) in advance of the company-wide data collection. As data collection is usually carried out by several people in parallel (e.g. those responsible for a specific topic in different subsidiaries), it is important to create a uniform understanding of the individual data points. In this way, inaccuracies and errors in the data can be prevented at an early stage. 
  • Organization of data collection: Companies should ensure that they have a robust system in place that enables organized and structured data collection, analysis and management. A central storage location for the collected data is a basic requirement here. Although manual data collection using Excel templates appears to be the quickest and easiest to implement at first glance, it is extremely error-prone, especially when it comes to many subsidiaries and extensive data points such as CO2 emissions. It is therefore advisable to consider implementing an ESG software solution as early as possible, which can make a significant contribution to improving audit capability through a wide range of functionalities. 
  • Documentation and evidence: In order for the accuracy of a data point to be verified, appropriate evidence is required. In the case of electricity consumption, for example, this can be invoices from the provider, while HR key figures can often be taken directly from the HR management system. It is important here that the original data source is visible and traceable for the auditor. In any case, it is advisable to request and store the relevant evidence during the data collection process. In this way, they can be made available to the auditor immediately if required and major delays can be avoided.  

Companies should also consider involving the auditor in the reporting process from the outset as part of an assurance engagement accompanying the preparation of the report. This approach has the advantage that companies can obtain direct audit feedback on every step of the process and thus avoid unnecessary loops. The audit accompanying the preparation of the report enables continuous support from the auditor and therefore targeted preparation for the subsequent mandatory audit.


Having the content of the sustainability report audited is the decisive step in ensuring that it has been prepared in accordance with the CSRD or the ESRS and therefore meets the requirements for the quality of a sustainability report. Companies should be aware that sustainability reports are not primarily used as marketing tools, but rather as instruments for accountability to stakeholders and for identifying potential for improvement in their own business activities and the upstream and downstream value chain.

Although having the content of the report audited is a more extensive and time-consuming reporting process, companies can still benefit from the audit and the associated validation of the report content. For example, the audit strengthens the credibility and transparency of a company by ensuring that the sustainability report does not contain any misleading or exaggerated information. For example, companies must disclose how the data was collected and which methods were used for measurement, calculation or estimation. Careful examination of the data sources, methods and assumptions strengthens stakeholders' trust in the company and ensures that the information is communicated to them in a clear and understandable way. The audit also validates the process for selecting the relevant sustainability information. This enables targeted management of the key sustainability aspects. The audit also helps to identify weaknesses or gaps in both the data collection processes and the company's sustainability performance. By identifying critical areas, companies can take targeted measures to improve their processes, achieve long-term goals and thus meet the expectations of stakeholders and the demands of today's world. ​

 From the Newsletter


Contact Person Picture

Christian Maier


+49 711 7819 147 73

Send inquiry

Contact Person Picture

Annalena Müller


+49 911 9193 1855

Send inquiry

 How we can help

Deutschland Weltweit Search Menu