top of page
Search

ESG & CSRD Audit Guide: Ensuring Compliance and Sustainability

  • Writer: Benoit Lescot
    Benoit Lescot
  • Jun 9
  • 4 min read

Updated: Jun 10

A structured approach to auditing Environmental, Social, and Governance initiatives and Corporate Sustainability Reporting Directive implementation for internal audit professionals.


Understanding Frameworks and Requirements


ree

A comprehensive ESG and CSRD audit must cover all sustainability-related policies, operational processes, control mechanisms, and required disclosures. The scope should encompass the entire organization while focusing on material sustainability topics. The audit objectives should establish clear parameters for evaluating the organization's readiness for compliance and identifying improvement opportunities.

Defining Audit Scope and Objectives

ree

A comprehensive ESG and CSRD audit must cover all sustainability-related policies, operational processes, control mechanisms, and required disclosures. The scope should encompass the entire organization while focusing on material sustainability topics. The audit objectives should establish clear parameters for evaluating the organization's readiness for compliance and identifying improvement opportunities.

Reviewing ESG & CSRD Governance Structure

ree


Assessing Materiality Process



Double Materiality Verification

Confirm that both financial materiality and impact materiality assessments have been performed according to ESRS requirements. Verify methodology aligns with best practices and regulatory expectations.

Stakeholder Engagement Evaluation

Review the stakeholder engagement process, including identification of key stakeholders, engagement methods, frequency of consultation, and documentation of feedback received.

Documentation and Application Assessment

Examine how materiality assessment results are documented and verify they appropriately inform the scope and content of sustainability reporting and strategic initiatives.

ree

Evaluating Controls Over ESG Data

ree

There are several effective EPM solutions (e.g. Board, CCH Tagetik, SAP Sustainability Control Tower...) on the market that ensure that robust reporting processes are in place to generate reliable CSR data.

  1. The assessment of reporting tools should determine whether systems are adequately defined to support data collection needs. If the process is manual, auditors should flag the technology gaps.

  2. Special attention should be given to documentation standards, ensuring final reported numbers maintain clear audit trails.

  3. Auditors should examine how reporting timelines are communicated and tracked, identifying any recurring delays or compliance issues.


ree

Testing Internal Controls & Procedures


Control Area

Test Procedure

Evaluation Criteria

Documented Procedures

Review procedure documentation for each ESG KPI

Completeness, clarity, and accessibility

Control Implementation

Test review/approval processes and calculation checks

Effectiveness in preventing/detecting errors

Data Governance

Verify version control and audit trail mechanisms

Traceability and change management

Segregation of Duties

Assess separation between data providers and reviewers

Independence and oversight effectiveness


Reviewing Reporting & External Disclosures


ree

  • Completeness Assessment

  • Verify that all required ESRS topics and disclosures are addressed in the sustainability report, with no material omissions.

  • Transparency Evaluation

  • Assess whether methodologies, assumptions, and limitations are clearly explained to avoid misleading stakeholders.

  • Cross-Report Consistency

  • Confirm alignment between sustainability disclosures and information in financial reports and risk disclosures.

  • Data Presentation Quality

  • Evaluate whether graphics, charts, and narrative explanations accurately represent the underlying data.


Identifying Gaps and Risks


Policy and Procedure Gaps

  • Missing or outdated sustainability policies

  • Undocumented data collection procedures

  • Insufficient guidance for report preparers


Control Deficiencies

  • Inadequate review processes

  • Lack of data validation controls

  • Insufficient segregation of duties


Data Quality Issues

  • Inconsistent measurement methodologies

  • Data gaps or estimation weaknesses

  • Poor traceability of reported figures


Reporting Risks

  • Potential greenwashing concerns

  • Non-compliance with ESRS requirements

  • Misalignment with stakeholder expectation

The audit should assess the maturity level of ESG implementation, categorizing it as basic (minimal compliance), emerging (developing processes), or leading (comprehensive integration).

The internal audit can cover local legal requirements: gender equality




One of the main issues that can be met is the disconnect between Group ESG objectives and the objectives set at local level.


ree

Group–Country Coordination and Support

Effective Group-Country coordination is fundamental to successful CSR implementation across global operations. Communication audits should evaluate both formal channels (reports, meetings) and informal networks. The assessment should identify coordination bottlenecks and information asymmetries that may impede effective implementation. Support mechanisms should be evaluated against country-specific needs, recognizing that markets at different maturity levels may require tailored assistance.


Like any FP&A objectives, the targets are overambitious and the entities are not really consulted to determine them. Down the line, entities are strugggling with the objectives and the means that are assigned to the projetcs


ree

External communication must be evaluated for consistency with regulatory requirements, including preparation for the EU's Corporate Sustainability Reporting Directive and France's Duty of Vigilance Law.


ree

Auditors should assess how effectively CSR results are communicated to investors, NGOs, and through social media channels, ensuring alignment between internal realities and external messaging.


Other questions can be reviewed during the audit such as:

  • Responsibility assignment – who tracks and updates compliance per country?

  • Readiness for upcoming CSRD adoption (for EU entities): assess tools, resources, and materiality analysis methodology.


There has been a clear increase in legislative pressure on companies to report and act on CSR/ESG matters.


Therefore, the internal audit must include a review of compliance with applicable laws, such as:

European Level

  • Directive 2014/95/EU: Requires disclosure of non-financial and diversity information starting from 2018.

  • European CSR Strategy (2002) and follow-ups.

  • ISO 26000 (2010): Guidance on social responsibility—while not legally binding, it's a global standard used in assessments.

  • Alignment with EU Green Deal and CSRD: The upcoming Corporate Sustainability Reporting Directive (CSRD) will significantly expand reporting obligations starting 2025.


French Regulations

  • New Economic Regulations Law (2001).

  • Grenelle II Law (2010) – environmental and social transparency obligations.

  • Copé-Zimmermann Law (2011) – gender parity in corporate boards.

  • Garot Law (2016) – food waste reduction.

  • Corporate Duty of Vigilance Law (2017) – legal liability for human rights and environmental risks in supply chains.

  • PACTE and Energy Climate Laws (2019).

  • 2020 Law on Waste and Circular Economy.


and any other regulations applicable in the countries where the company (or one of its entity) is listed or is present.

 
 
 

Comentarios

bottom of page