Master corporate sustainability in 10 weeks

Receive weekly email reports, guides and templates. Includes topics from CSRD compliance, decarbonization playbooks up to certifications and communication.

🎉 Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.

FAQ: Top 25 Frequently Asked Questions (FAQ) on the CSRD audit

Written by
Jasper Akkermans
August 20, 2024
8
min read

As the EU Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS) take effect, companies are preparing for the challenge of complying with new and rigorous audit requirements.

To help businesses navigate this complex landscape, Coolset, an all-in-one sustainability data management platform, and Flynth, a leading (CSRD) accountancy firm, have collaborated to create a detailed Audit FAQ. This resource is designed to provide companies with clear, practical answers to 25 frequently asked questions about CSRD auditing.

1. Do companies reporting on CSRD need an internal sustainability manager to ensure compliance, or is it possible to produce a CSRD report even with an internal team?

A CSRD report is always a team effort, which means that a dedicated sustainability manager is not always necessary. However, depending on the size of the organization, it may be beneficial to appoint a separate sustainability manager. Setting up a project team or working group is generally recommended, so that decisions about the report can be made within this group. For more information, check our article on best practices in CSRD reporting.

2. ESRS requires gas consumption to be presented in lower calorific value, but many invoices present it in higher calorific value. Will auditors maintain this strict distinction?

If the higher calorific value is used and this is clearly explained in the table where gas consumption is included in the sustainability report, this will not be a problem. Transparency is the crucial component in reporting.

3. How do you expect auditors to validate highly technical data that may be outside their area of expertise?

As with financial audits, auditors for CSRD and ESRS will be experts. For CSRD audits, external experts in areas such as greenhouse gases (GHG), ecology, and biodiversity may be used. However, it is not always necessary for the auditor to engage an expert; it will depend on the complexity of the data.

4. Who is primarily responsible for the accreditation of CSRD auditors?

In the Netherlands, the NBA (Nederlandse Beroepsorganisatie van Accountants) is primarily responsible for the accreditation of CSRD auditors.

5. How will the auditor statements be structured?

The exact structure of the auditor statements for CSRD is not yet fully available, and will be known at the latest when the first audit reports will be published in the first half of 2025. It appears that there will be separate statements for the financial audit and the CSRD audit. The statement for the CSRD audit will be an assurance report with a limited level of assurance. It is expected that the same types of opinions will be possible as for the financial audit: an unqualified opinion, a qualified opinion, an opinion with abstention, and an adverse opinion.

6. Is involving an auditor in the process compatible with maintaining his independence?

Yes, involving an auditor in the CSRD and ESRS auditing process may be compatible with maintaining his independence, provided it is carefully managed. If the client specifically requests an opinion, the auditor can enter into what is known as an extended 3810N engagement. Moreover, in the context of duty of care and advisory function, the auditor can look along with the client in the implementation process, to ensure answers are given in line with EFRAG requirements. However, the auditor must assess for themselve whether their independence remains guaranteed. If this is not the case, the auditor will indicate this.

7. Can companies be fined for non-compliance with the CSRD, even with limited assurance?

Yes, companies can be fined for non-compliance with the CSRD. Failure to comply with CSRD requirements may result in the auditor not issuing an assurance statement, even limited assurance. The lack of an assurance statement can have legal and financial consequences, including fines.

8. Who is responsible for ensuring the audit is done according to the EFRAG guidelines?

In the Netherlands, the NBA (Nederlandse Beroepsorganisatie van Accountants) is responsible for the accreditation of auditors involved in CSRD audits, as well as the supervision and controlling of their work in line with EFRAG, the organization that has set up the official CSRD reporting requirements.

9. How much time do auditors expect to spend on a single CSRD report?

It is difficult to estimate exactly how much time an auditor will spend on a CSRD report, but proper planning is crucial. It is advisable at the planning stage to allow about a week for the audit work and one to two weeks for the report, depending on the scope. It can be helpful to get an early understanding of the amount of data points you will be reporting as an organization so that the auditor can contribute to the planning and time commitment.

10. What is the expected cost of an audit for a mid-market company reporting under the CSRD?

Whilst the exact cost is often hard to approximate, it is not unlikely that the audit budget will increase by 50% of the current audit cost. This depends on the complexity of the reporting and the scope of the audit.

11. Does the limited assurance requirement apply to all audits, regardless of the size of the company (e.g., listed versus unlisted companies)?

Yes, all organizations covered by the CSRD are required to obtain at least limited assurance for their CSRD reporting, regardless of the size of the organization. This means that there is no distinction between listed and unlisted companies.

12. In what format should data reported under CSRD be submitted?

The data must be submitted in the European Single Electronic Format (ESEF). The reporting taxonomy is issued by EFRAG.

13. Is it likely that sustainability reports will eventually become as common and understandable as financial reports?

Yes, it is likely that sustainability reports will become increasingly important and understandable, possibly even more important than financial reports. This is because sustainability reports have broader social relevance and attract the interest of a wider audience.

14. To what extent will auditors rely on outside experts for specific environmental or social data that falls outside their traditional expertise?

It is up to the auditor to determine whether he or she has sufficient expertise to make judgments on specific environmental or social issues. In cases where technical information is required, the use of an outside specialist may well be appropriate.

{{custom-cta}}

15. How should companies approach combining financial and sustainability reporting, especially when the data sets are so different?

Although the nature of financial and sustainability data are different, the data sets are often more intertwined than they might at first appear. Much social data, such as personnel information, is already present in payroll and personnel files.

Information on carbon emissions may be new, but can be derived from purchasing data for gas, electricity, gasoline, etc., which are also captured in financial records. It is therefore crucial to involve the controlling and accounting departments in the collection and recording of sustainability data. For orderly and compliant capture with an audit trail, it is advisable to consider using specialized software.

16. Will companies be able to adjust sustainability metrics in future reports as new data or methodologies improve accuracy, and how will auditors handle such revisions?

Yes, companies will be able to adjust sustainability metrics in future reports as new insights or methodologies become available. For example, if emission factors change due to new scientific insights, they may be incorporated into the sustainability report.

If applicable, comparative figures from the previous year are also adjusted to ensure consistency and comparability. The ESRS allows error corrections and incorporation of new insights, provided it is clearly stated what has changed and why. Auditors will assess the impact of the changes and verify that they have been processed correctly.

17. What is the role of digital tools in facilitating CSRD compliance, especially for companies new to sustainability reporting?

Digital tools play a crucial role in facilitating CSRD compliance, especially for companies new to sustainability reporting. There are different types of tools available: some provide project support, some focus on data capture and collection, and some support report writing.

When selecting a tool, it is important to assess what the organization needs specific help with. If the need extends to all three aspects, it is wise to choose a tool that offers all of these features.

18. Is there a possibility that some sectors will be more strictly audited by auditors because of their high environmental or social impact, and how should these companies prepare for this?

Although there is no question of stricter control of certain sectors, auditors will pay more attention to high-risk topics in sectors that have a high impact on, for example, the environment or child labor. In those sectors, these topics will be considered high risk, meaning auditors will pay more attention to them during their work.

Although all CSRD-regulated organizations will be subject to a limited assurance audit, the focus on specific topics will vary depending on the sector and company profile.

19. Will companies operating in multiple EU member states be subject to audits by multiple auditors, and how will conflicts in audit findings be managed?

In principle, a consolidated report will be prepared, with the audit and opinion taking place at the group head, as is the case for financial audits. The group auditor may use local auditors in the member states where the group entities are located.

It is up to the group auditor to integrate the findings of the local auditors and manage any conflicts in audit findings. This process is not materially different from the approach used in financial audits.

20. How do you expect that materiality assessments, which are often subjective, will be validated and verified within the CSRD?

Materiality assessments will be validated and verified by ensuring a transparent and compliant process. It is essential that materiality is fully disclosed in the sustainability report. Auditors will likely benchmark against other organizations in the same sector to verify that no important issues have been overlooked in the materiality analysis.

It is important for companies to demonstrate that they have covered all relevant topics from the ESRS and to make clear which topics are or are not considered material.

21. Should companies prepare now for the transition from limited to reasonable assurance, and what steps can they take to facilitate this transition?

It is important that companies first get the data collection processes correct. Once these processes are in place, improvements will naturally emerge that will facilitate the transition to reasonable assurance. When setting up systems, it is wise to consider the requirements for reasonable assurance, such as establishing segregation of duties and implementing controls over the data. This will make it easier for the organization to meet higher audit requirements in the future.

22. Are there any existing certifications or frameworks that companies should join to simplify their compliance with CSRD reporting requirements?

Although not mandatory, it may be useful for companies to use certifications or frameworks such as the Environmental Barometer, the Carbon Performance Ladder, B Corp, or other relevant certifications. For example, the ESRS refers to initiatives such as SBTi (Science-Based Targets initiative) for climate transition plans. The use of such frameworks can help establish policies and targets that align with CSRD requirements.

23. How do auditors deal with potential conflicts of interest when companies use outside consultants who also offer audit services for sustainability reporting?

Auditors must maintain their independence. When an outside consultant has provided consulting services, that same consultant cannot perform the audit, which avoids a direct conflict of interest. However, a conflict of interest may arise if the consulting engagement is later terminated and the consultant also wants to offer audit services. Given the current workload in the audit industry, this is unlikely to be a common problem.

24. How should companies balance transparency and data protection when reporting sensitive or confidential information in their CSRD reports?

The ESRS describes what information can be considered sensitive and therefore need not be reported. However, this concerns very specific cases. In most cases, the purpose of the CSRD is to promote transparency about a company's environmental, social and governance (ESG) performance, which means that most information does need to be disclosed.

Of course, privacy rules continue to apply in preparing the report, and sensitive personal data must be carefully protected.

25. What role do stakeholders play in determining the materiality of sustainability issues for a company?

Stakeholders play a crucial role in determining materiality. Companies should actively engage with their key stakeholders, such as customers, employees, suppliers, and civil society organizations, to understand what sustainability issues they consider important. This input should be integrated into the materiality analysis so that the sustainability report provides a balanced and relevant representation of the issues that are important to the organization and its stakeholders.

Get ready for the CSRD audit with Coolset.

Speak to one of our sustainability experts.

See Coolset in action
Explore Coolset's top features and use cases.
Demo not supported.

Demo wordt niet ondersteund
op mobiele schermen

Kom alsjeblieft terug op een groter scherm
om deze demo te ervaren.
This is a preview window. Click below to see the demo in a larger view.

Audit-proof your CSRD report with Coolset.

Speak to one of our sustainability experts today.

Het duurzaamheidsmanagement platform voor mid-market bedrijven