Article

Data Reliability for ESG Reporting

Ensuring the accuracy and reliability of the ESG-related end-to-end processes and data

Companies are currently facing new reporting and compliance requirements such as the Sustainability Reporting Directive (CSRD) and EU-Taxonomy. Against this background, appropriate IT General Controls (ITGC) and IT Application Controls (ITAC) need to be implemented and tested for effectiveness to ensure the reliability of the data in these ESG reportings. For more information on this topic, read our Deloitte article.

Introduction of ESG performance management

To create real value, companies need to implement an ESG performance management, including the definition of KPIs, ESG reporting, and management approaches for ESG KPIs. Only by successfully integrating ecomomic, environmental and social performance into strategic decision making, a company can gain a competitive advantage.

Today, there are many tools available to help companies collect the required data and generate reports based on ESG standards (e.g., SAP Sustainability Control Tower). However, in order to rely on the data and reportngs generated by these tools, the accuracy and reliability of ESG-related end-to-end processes and data must be ensured. This requires implementing and verifying the effectiveness of appropriate IT General Controls and IT Application Controls.

Effects of IT Controls

IT Controls are conducted at the application, operating system, and database levels for:

  • Access Management 
  • Change Management
  • Security Configuration 
  • API-/Job-Monitoring
  • Authorization concepts including test support and implementation

The IT Controls ensure the integrity of programs, data files, and computer operations. They are designed to fulfill all requirements regarding confidentiality, integrity, and availability of data. Without effective IT Controls, it may not be possible to rely on  ESG IT systems. IT Application Controls (ITAC) refer to transaction processing controls that ensure complete and accurate processing of data from input through output. 

Control catalog for nonfinancial reporting

  • Related to NFRD, CSRD, EU Taxonomy (etc.)
  • Inclusion of catalog in ICS

Governance, risk and compliance tools provide a holistic approach to managing an organization's risk and compliance requirements by integrating governance, risk management, and compliance management activities into a single platform. It is important to cover all relevant (SAP and non-SAP) source systems, from on-premise to Software-as-a-Service (SaaS), as shown in figure two: 

Depending on the deployment model, the responsibilities of the customer and the respective service provider(s) vary, and therefore do the related tasks.

Our services

In particular, our services are designed to ensure:

  • A strengthened ESG-control environment
  • Transparency
  • Data quality & data reliance
  • Process and controls formalized and documented
  • Reasonable assurance on a broader set of ESG disclosures determined by the regulators
  • Governance and accountability clearly defined

The aim of our services is to ensure the accuracy & reliability of ESG-related end-to-end processes and data to maintain an effective internal control system over sustainable business activities and reporting acknowledging the COSO-ICSR Supplemental Guidance (see COSO-ICSR-Report).  For more information, please contact our team at any time.

Fanden Sie diese Information hilfreich?