Confidence in the reliability of your ESG data
Internal Control over Sustainability Reporting (ICSR)
Organisations are facing new and constantly evolving reporting challenges due to the required inclusion of sustainability matters into annual reporting under numerous sustainability regulations, including the Corporate Sustainability Reporting Directive (CSRD). Importantly, due to the evolving reporting requirements in the simplified European Sustainability Reporting Standards (ESRSs), published in November 2025, you might be worried about your new obligations to report on internal controls over sustainability reporting (ICSR). Is your organisation ready to report quality data? Are you ready for limited (or even reasonable) assurance over your sustainability reporting? How can an internal control framework help you deliver those outcomes?
Having a solid internal controls framework over sustainability reporting in place helps your organisation to ensure the reliability of sustainability information presented to shareholders and the wider stakeholder field, while reducing the risks around misreporting. The goal is improved steering, performance management and, ultimately, value creation through quality sustainability data.
Our perspective is that the simplified ESRSs do not substantially change your incentives (or obligations) to start developing a (simple or robust) ICSR framework. The simplified ESRS reduce the number of ICSR datapoints/requirements from approximately five to just two, but the components remain the same. Therefore, get started on creating your ICSR! We believe a good internal controls framework over sustainability reporting has five important benefits for stakeholders, management and employees:
Benefits for stakeholders, management and employees
- 1. Helps drive alignment across the organisation
- 2. Adds value through holistic decision-making
- 3. Allows you to get reliable information, faster
- 4. Minimises financial and reputational risks due to misstatements
- 5. Helps with limited assurance
1. Helps drive alignment across the organisation
Sustainability data is often spread across multiple reporting entities, divisions or departments within your organisation, and is also outside the conventional financial reporting realm which is usually a more mature process coordinated by your finance division. New information around your material Environmental, Social and Governance (ESG) matters becomes in scope for your renewed annual reporting under the Corporate Sustainability Reporting Directive (CSRD). At PwC we aim for sustainability data embedded into your existing processes and IT systems, to drive alignment and reduce duplication of reporting tasks. Given that sustainability data is spread across your organisation, PwC focusses on upskilling your internal controls function on corporate sustainability while showing departments outside the finance realm the added value of working with a rigorous controls framework around their reporting processes.
2. Adds value through holistic decision-making
Next to the reporting or “compliance” challenge, we believe that the wealth of Sustainability information to be collected and reported, provides new and valuable insights into your business processes and business model at large.
Integrated sustainability and financial reporting processes and controls enable holistic decision-making across the organisation for management teams (perhaps for the first time), as well as for external stakeholders such as investors, governmental agencies and regulators.
3. Allows you to get reliable information, faster
Given compliance with all mandatory Sustainability regulations and material CSRD requirements demands a substantial effort from your organisation, it is key to identify the most efficient processes tailored to your ways of working.
Streamlined, tech- and AI-enabled data collection processes, leveraging existing financial reporting templates and tools with consistent parameters, and a systematic automated controls framework, make your information reliable, available faster and saves costs. This allows you to focus on what is most important: the strategic and value-creating implications of the Sustainability data you've collected.
4. Minimises financial and reputational risks due to misstatements
Well-documented, repeatable processes and controls - with the right level of precision - reduce the likelihood of material errors in disclosures. Under the CSRD (Omnibus updated), organisations are required to ensure limited assurance over sustainability reporting. From 1 January 2025 onwards Dutch listed companies are equally encouraged to ensure solid risk and controls management practices around ESG reporting by means of the Corporate Governance Code, with the inclusion of the statement on risk management (VOR).
5. Helps with limited assurance
Strong, well-documented controls are the backbone of limited assurance over sustainability reporting. Clear ownership and segregation of duties, defined methodologies and boundaries, restricted access, and disciplined review/approval workflows (e.g., reconciliations, variance thresholds, independent checks) build a consistent audit trail. Operating these controls on a set cadence - with evidence of review captured in system logs, approval forms, and confirmations - gives assurance providers confidence that data is complete, accurate and valid. The result is smoother walkthroughs and testing, fewer last‑minute surprises, and a faster path to assurance so your teams can focus on insights and action.
“Our approach harmonises people, processes, systems and controls so you can make your information reliable, available faster and saves costs.“
Peter Links – Director, Risk & Sustainability reportingStrengthening Sustainability Reporting with COSO
As a writing partner of the Committee of Sponsoring Organisations of the Treadway Commission (COSO) framework, PwC helps organizations implement effective internal controls for sustainability reporting. Based on 17 core principles, the COSO Internal Control – Integrated Framework supports reliable, consistent, and compliant reporting.
Our approach aligns with COSO’s 2023 guidance on Internal Control Over Sustainability Reporting (ICSR), ensuring your sustainability data is well-governed and trustworthy.
Interested to discuss ESG Risk & Controls for your organization?
Please contact us
