In an era when sustainability is at the forefront, the Corporate Sustainability Reporting Directive (CSRD) raises the bar in terms of transparency and accountability for companies. Data and IT functions are at the epicenter of this movement. In this second blog, in a series of four, we address the specific challenges of sustainability reporting. We also look at how to align data management and IT infrastructure with the organization's sustainability goals.

When and for whom is this event of interest?

In case you have not yet read the first blog in this series, first briefly what the CSRD is about. This refers to an EU requirement to report on non-financial data, such as your carbon emissions, with the ultimate goal of improving an organization's ESG (Environmental, Social, Governance) performance. By enforcing transparency on ESG performance, the EU hopes that organizations will put their best foot forward. The environmental aspect is particularly important to the government because organizations are expected to help achieve Green Deal goals. Schematically, the relationship between the Green Deal, the CSRD and other related legislation is as follows:

Compared to the current Non Financial Reporting Directive (NFRD), which dates back to 2014, the CSRD leads to mandatory auditing of more detailed reporting requirements and mandates the use of the EU Taxonomy (reporting standards). If you want to know more about the relationship between the CSRD, the EU Taxonomy and the Sustainable Finance Disclosure Regulation (SFRD) read, for example this blog.

The CSRD uses a double materiality approach. This means that organizations must evaluate both the impact of their activities on ESG factors ("inside out") and the financial impact of ESG factors on the organization itself ("outside in") in their annual report. This double materiality approach takes into account the various stakeholders: investors, employees, customers, supply chain partners, and ultimately the society in which the organization operates.  

Lots of data!

Whichever perspective you take, the CSRD is going to demand a lot from organizations. On 23/10/2023, the EU adopted the European Sustainability Reporting Requirements (ESRS) endorsed. In total, an organization may have to deal with more than 1,000 data points on which to report.

Data points come from a variety of systems and will need to be reported by default, sometimes based on a new unit of measurement. For example, think about translating the euros on your power bill and mileage from your fleet to "metric tons of CO2 equivalent" (mtCO2e). Or think about extracting diversity and inclusion numbers from your HR system. That means you have to involve all kinds of data sources and therefore all kinds of functions within the organization to produce the CSRD report. So data lineage is also going to play an important role here. No small beer then!

Special case: GHG emissions

And data sources from outside your organization must also be consulted. Take, for example, greenhouse gas emissions (also known as GHG for "Greenhouse Gases"), which are part of Environmental reporting. You need to consider three types of emission sources:

• Scope 1 refers to the emissions that come directly from your organization. Consider the combustion of fossil fuels in both stationary and mobile sources, for example a stove and a car, the use of air conditioners and refrigerators and the GHG substances released in the process, including during maintenance;
• Scope 2 concerns a specific indirect emission, which is the emission from generating purchased electricity that is directly consumed by the organization. For example, the energy an organization purchases from its energy supplier. The emission itself occurs at the facility where the energy is generated, hence the term indirect;
• Scope 3 are all other indirect emissions. It includes all processes that emit GHG in your value chain, from raw material extraction to delivery to the consumer. The use of the cloud and other IT resources also falls into this. Scope 3 is the most difficult and challenging to qualify and quantify.

Scope 3 emissions are expected to be the largest for any organization and also the most difficult to quantify. The CSRD shows understanding of this complexity. You do not have to report very precise data - especially in the first few years. Provided you properly indicate how you get it, you may make estimates, using sector averages for example. It is therefore advisable to get started with CSRD reporting right away, so that your organization can learn in the coming years and you have time to find solutions to the problems you encounter. 

By the way, CSRD reporting is not only about numerical data but also about text and explanation of your policies, goals and plans on how to achieve them. So keep in mind that "CSRD data" also involves text. And keep in mind the necessary change management activities. More on this in the next blog in this series.

Special case: GHG emissions

Last but not least, because your annual report, including the ESG data therefore, is subject to assurance, you need to consider burden of proof and audit trail. Your board will want to be 100% behind the report they approve and have it reviewed by an external auditor, an accountant usually.In summary, the CSRD is going to require the following from your organization:

• Collect all kinds of ESG data, from inside and outside the organization;
• Translate that data into concrete KPIs cq targets;
• Write underlying policies and plans, how you will achieve ESG goals;
• Maintain evidence and audit trail;
• Produce a conclusive report approved by management and auditors.

From over a thousand 'disclosure requirements' to focused work: the Double Materiality Assessment

As mentioned, there are more than a thousand data points ("disclosures requirements") in the European Sustainability Reporting Requirements (ESRS). A subset of these apply to your organization. So which ones? To find out, you need to perform a so-called "double materiality assessment. This means that on the one hand you examine the opportunities offered by ESG developments, but on the other hand you also look at the associated risks. You must translate these opportunities and risks into financial impact for your organization.

Materiality is a measure in auditing and accounting that determines whether or not a certain amount is significant. Think 1% to 5% of your annual sales. Take "air, water and soil pollution" as an example, which falls under ESRS E2. If your organization operates in the food chain, those are topics that can have a big impact on your income statement. So those are material and so you need to take measures to actively deal with this theme and measure your progress on this.  

Another example: if your organization is an advertising and marketing agency, chances are its impact on and opportunities from "water and marine resources" (ESRS E3) is very low. Not material, so you don't need to report on this. You do need to be able to explain how you reach that conclusion. You summarize the result of this analysis, the double materiality test, in a materiality matrix (see below for inspiration).  

Data and information management in order

You've long felt it coming: to get your sustainability reporting right, your data and information housekeeping itself must be firmly in order.

This starts with clear roles and responsibilities. Different departments and individuals inside and outside the organization must work together. It is necessary to clearly define who does what to ensure an efficient compliance process.

What are the minimum roles you need:  

• Leadership: the CFO, your Chief Sustainability Officer ... someone needs to be ultimately responsible for a successful CSRD compliance program. That person will need to provide the necessary resources and leadership;
• Sustainability team: develops sustainability strategies and ensures alignment with CSRD requirements;
• Data stewards: identify and maintain data sources and ensure data quality;
• IT team: systems and infrastructure are needed for data collection, storage and reporting. 

Next, you will need to consider how you handle data itself. Where do you get what data and documents from?  

• Figure out how to engage the necessary external parties (including supply chain partners) and make arrangements for providing the necessary data;
• Establish clear procedures for collecting and storing sustainability data;
• Implement data quality controls to ensure accuracy, including version control;
• Document data sources and methods for transparent reporting, you should be able to show an audit trail to the auditor.

The impact of CSRD on IT  

How does this development fit into your current application and data landscape? What can you automate and where do you suffice with manual operations? What tools do you deploy for data analysis to derive meaningful insights from the data? These questions need to be answered specifically for each organization. Valid is happy to help you with this.  

In fact, IT's role goes beyond data management to the core of sustainability performance. Here are some ways IT impacts sustainability efforts:

• Remote working solutions. Enabling remote working can reduce the environmental impact of commuting and energy consumption in the office;
• Energy efficiency. IT infrastructure and data centers can be optimized for energy efficiency, reducing the carbon footprint of data operations;
• Sustainability software. Implementing software and systems can streamline data collection and reporting;
• Data security. Robust data security measures are essential to protect sensitive endurance data.

For all these points, Valid works with leading partners who help us and our customers achieve ESG goals. Microsoft is an excellent example here with its "Cloud for Sustainability." This set of tools built over Azure is in full development. This cannot be otherwise since the legislation and associated data standards are not yet fully crystallized.  

A holistic approach

Hopefully it has become clear that the CSRD is about more than reporting. It is a commitment to sustainable practices. By addressing data management, defining clear roles and harnessing the potential of IT, organizations can not only comply with regulatory requirements, but also achieve positive sustainability results.

The CSRD challenges us to examine our data and information management practices, collaborate effectively and deploy solutions to improve sustainability. It's about compliance but also about taking the lead in creating a more sustainable future. ith time to take action.