CSRD: deciphering the H2A guidelines for certification of sustainability information
The year 2025, for fiscal 2024, will be the first year of publication of the sustainability report in accordance with the Corporate Sustainability Reporting Directive(CSRD).
In accordance with Articles L. 821-54 and L. 822-24 of the French Commercial Code, and in order to guarantee the reliability of the sustainability information published in application of the texts resulting from the transposition of the European directive, this information is subject to verification by one or more auditors, i.e. statutory auditors (CAC) or independent third-party organizations (OTI). The auditors’ mission results in the production of a certification report, issued on the basis of limited assurance.
In carrying out their work, the auditors comply with the standard on limited assurance that the European Commission had planned to adopt by October1, 2024 in the form of a delegated act.
In anticipation of this standard, and given that the French government had no plans to adopt a national standard, the Haute Autorité de l’Audit (H2A) published guidelines.
These describe the work expected of the auditor and how he will express himself in his conclusions. The October 2024 guidelines update those published in June 2023.
RSM France, the 6th largest international network of financial auditors, chartered accountants and consultants, certified by Visa Durabilité and OTI, and kShuttle, a software publisher specializing in financial and extra-financial performance management, offer an insight into these guidelines, and the implications for the management and robustness of sustainability information.
1. An expanded mission to verify and certify sustainability information
Compliance of sustainability information with ESRS standards and regulatory requirements
Articles L. 821-54 and L. 822-24 of the French Commercial Code define the certification mission. The auditor, called upon to certify the sustainability information published by the entity, issues, at the end of his mission, an opinion on :
- compliance with European Sustainability Reporting Standards (ESRS) of the process implemented by the entity to determine the sustainability information published, and compliance with the obligation to consult the CSE. As a minimum, the above-mentioned process requires the entity to carry out a dual materiality analysis, involving a review of the Impacts, Risks and Opportunities (IROs) linked to sustainability issues, and enabling it to identify its material challenges;
- compliance of the sustainability information included in the management report with the requirements of article L. 232-6-3 (or L. 233-28-4 of the French Commercial Code, depending on the entity concerned), including with the ESRS. The information resulting from the above-mentioned process must meet the criteria of relevance, faithful representation, comparability, verifiability and comprehensibility;
- compliance with the disclosure requirements of the Taxonomy standard. Article 8 of Regulation (EU) 2020/852 stipulates that entities shall publish in their sustainability report information on “the manner and extent to which [leurs] activities are associated with environmentally sustainable economic activities with regard to the six environmental objectives selected by the European Commission “;
- compliance with the sustainability information tagging requirement laid down in Article 29quinquies of Directive 2013/34/EU. To date, there is no text specifying the content and presentation of information to be published in the single electronic information format (xHTML), nor any methodology to be followed in order to comply with it.
2. A verification process designed to ensure transparency of sustainability information
2.1 In-depth analysis of the entity and its context
The auditor’s approach requires a thorough understanding of the entity and its internal and external environment.
- The business sector and characteristics of the entity,
- the regulatory framework for sustainability information,
- governance involvement in determining sustainability issues,
- the elements of internal control relevant to the determination,
- preparation and presentation of sustainability information and information required by the taxonomy reference framework
are all factors to be taken into account by the auditor in order to understand the context in which the information is established and the maturity of the ensuing process.
2.2 Verifying the suitability of the IRO identification and assessment process
The process for identifying IROs (Impacts, Risks and Opportunities) related to sustainability issues is an integral part of the audited entity’s internal environment, and must be described in the sustainability report.
This process must include :
- identification of all entities belonging to the communicating company’s group.
Sustainability disclosures are assessed at consolidated or combined level. Each activity or company contributing to the scope must be analyzed in order to identify its material or non-material IROs.
- identifying the stakeholders affected by the Group’s activities and the users of sustainability information. IROs are to be analyzed for each stakeholder.
- impact materiality assessment.
For each sustainability issue,ESRS 1 recommends identifying the entity’s actual and potential impacts, both negative and positive, on the population or the environment, notably through exchanges with internal and external stakeholders.
This assessment must cover the entire value chain of the Group, i.e. its upstream operations, its own operations and its downstream operations. It is then necessary to assess their materiality in relation to the thresholds defined by the entity for publication.
The materiality of the issues at stake is determined by criteria of severity, probability of occurrence, and the scale of the risks and opportunities in the short, medium or long term,
- assessment of financial materiality.
The latter is based on environmental, social or governance forecasts and scenarios whose realization is deemed probable but whose expected financial effects have not yet been reflected in the financial statements of the audited scope.
The auditor will also verify the criteria used by the company to publish information relating to indicators for a material sustainability issue.
The entity may also need to supplement this with specific information relating to IROs not covered by an ESRS but material due to specific facts or circumstances.
The first two axes of the auditor’s mission, i.e. checking the conformity of the process for determining the sustainability information to be published and the sustainability information published, consist mainly in ensuring that the auditor :
- first of all, check:
- the relevance of the entity’s analytical approach to the dual materiality process in relation to the objective of ensuring that the outcome of this process leads to the publication of material impacts, risks and opportunities;
- the correct description of this analytical approach in the management report, in light of the objective of making this approach easier to understand.
This is a crucial step, since the correct application of ESRS to the process determines the appropriateness of the information that is material and must therefore be published.
- secondly, it specifically verifies any published information which it considers to present a significant risk of non-compliance with the texts governing it, including the ESRS, and/or for which there are strong expectations on the part of the users of this information.
2.3 Verifying the consistency of all sustainability information
This verification is carried out in accordance with the requirements of the ESRS standards, which stipulate in particular that the said information must meet the criteria of relevance, faithful representation, comparability, verifiability and understandability, i.e. :
- Relevance requires that the information provided enables users to make decisions based on the dual materiality approach (impact materiality and financial materiality);
- fair representation requires that information be complete, neutral and accurate;
- comparability implies that the information provided by the entity for the year can be compared with information provided for previous years, and that it can be compared with information provided by other entities (in particular those with similar activities or operating in the same sector);
- verifiability implies that it is possible to corroborate the information itself or the resources used to obtain it;
- comprehensibility implies that information is clear and concise. Compliance with the comprehensibility criterion must enable any informed user to understand the information communicated without difficulty.
The entity publishes material information, which may be supplemented by information linked to non-mandatory ESRSs(ESRS 1 – Appendix C and ESRS 1, 18), for two reasons:
- information that is not required to be published until after the financial year in question, or information that arises from local legislation or positions taken by standards bodies;
- or because it is information that the entity is only invited to publish in order to encourage good practice.
All the information that the entity decides to publish on the basis of its analyses is included in the sustainability report.
To ensure that sustainability issues are easy to read and understand, the directive recommends that the sustainability report be published in a specific section of the management report.
This section is organized into four distinct parts, in the following order:
- general information;
- environmental information (including that required by the taxonomy);
- social information;
- governance information.
With regard more specifically to verifying that sustainability information complies with the requirements of the French Commercial Code, including those of the ESRS, the checks cover the methods used to prepare and present sustainability information, as well as specifically selected information.
To this end, the auditor carries out the work specified in the guidelines.
Given the volume of sustainability information and the level of assurance expected (limited assurance), the auditor specifically verifies only some of this information with the aim of identifying the existence, or otherwise, of material errors, omissions or inconsistencies, including as a result of fraud or greenwashing practices, likely to influence the judgment or decisions of users of the sustainability information, or affected stakeholders.
This work is sized according to the level of limited assurance presented in the certification report, and is based on a risk-based approach.
The auditor identifies and selects the information which, in his professional judgment, presents a significant risk of non-compliance with the provisions of the French Commercial Code, including the ESRS and the characteristics (cited above 2.3) which they must meet and/or for which, in his opinion, there are strong expectations on the part of the users of the information in terms of sustainability.
The identification and volume of information verified by the auditor depends on the level of risk determined in the published information, with regard to multiple internal or external factors (internal organization, banking ratios linked to sustainability issues, variable remuneration of management, maturity of the internal control system, use of consultants, etc.).
To verify the selected information, the auditor applies the appropriate control techniques to the information subject to verification.
These are similar to those used for auditing financial statements.
These techniques may include analytical procedures, physical observations, whether on-site or off-site, on-site or off-site inspections, requests for information from people inside or outside the entity, or from entities included in the scope of consolidation or combination or in its value chain, or the use of experts.
3. Focus on verifying Taxonomieverte information
With regard more specifically to the information provided for in the Taxonomy reference framework (article 8), it should be remembered that any entity required to – publish sustainability information – must publish information on the manner and extent to which its activities are associated with environmentally sustainable economic activities in relation to the six environmental objectives adopted by the European Commission.
The main aim of the taxonomy is to direct capital flows towards environmentally sustainable investments.
3.1 Overview of Green Taxonomy requirements
The Taxonomy regulation requires the company to carry out an analysis of its activities in relation to this benchmark, so that it can communicate on the sustainable share of its sales, investments and operating expenses (Capex and Opex).
The production of this information implies that the entity determines, with regard to the taxonomy reference framework, its sustainable economic activities and, to do so, determines :
- its eligible activities: i.e. those that fall within the scope of the activities defined by the delegated acts adopted by the European Commission as likely to make a substantial contribution to each environmental objective;
- the aligned nature of these economic activities;
- key performance indicators and accompanying information, depending on whether or not the entity is a financial enterprise.
Each activity will be classified as follows:
- or as aneligible and aligned activity, forming the company’s sustainable share in its reporting,
- either as anon-aligned eligible activity, informing the market that the technical alignment criteria have not been met, or as a non-eligible activity.
Eligible economic activities are considered aligned if they meet the following 3 criteria:
- they make a substantial contribution to achieving one or more of the six environmental objectives by complying with the technical alignment review criteria defined for each activity;
- they do not cause significant harm to any of the other five objectives (” Do No Significant Harm ” criterion),
- they are carried out in compliance with the minimum guarantees defined by the taxonomy reference framework, corresponding in particular to the procedures the company implements to comply with the OECD and UN guidelines on business and human rights (human rights, corruption, taxation, competition).
3.2 Verification of analysis process and associated ratios
With regard to the auditor’s verification of compliance with the disclosure requirements set out in the Taxonomy framework, the auditor carries out the work defined in the guidelines in order to conclude that he has not detected any errors, omissions or inconsistencies in the information provided by the entity, of such significance that they call into question compliance with the disclosure requirements.
His work focuses on 3 dimensions:
- the determination by the entity of its eligible and aligned activities.
On the basis of his knowledge of the taxonomy reference framework and the information gathered during the inspection of the entity, the auditor :
- verifies that the procedures implemented by the entity cover all its economic activities and, where applicable, those of entities included in the consolidated or combined scope of sustainability information;
- assesses whether these procedures have been established in such a way as to comply with the requirements of the taxonomy framework as regards the establishment and formal presentation of qualitative information (in particular the nature of eligible and aligned activities, the way in which the entity has assessed the satisfaction of the technical alignment criteria, the description of the composition of key performance indicators, the methodologies for allocating these indicators to the various activities) and quantitative information (in particular key performance indicators);
- verifies that these procedures are set up in such a way as to ensure that the figures used to establish key performance indicators are consistent with accounting data.
- presentation of the information required by the taxonomy repository
The auditor verifies that the information published is provided and presented in accordance with the requirements of ESRS 1 and the taxonomy reference framework.
- verification of specifically selected information.
For each of the selected items of information, the auditor uses the appropriate control techniques, and in particular carries out checks on the eligibility of economic activities, their alignment, and the key performance indicators and accompanying information.
The legal mission of limited assurance, entrusted to the Sustainability Auditor, could be the subject of a future evolution towards reasonable assurance.
This means that the nature (choice of control techniques) of the work, its scope (amplitude) and, consequently, its duration are different from those required to obtain reasonable assurance.
Such an engagement requires the auditor to use his or her professional judgment and critical thinking to define the work that will enable him or her to arrive at an assurance that, although less than reasonable, increases the confidence that users of the information, the subject of the engagement, can place in it.
One of the major challenges for entities subject to CSRD is to provide readers with a true picture of the impact of sustainability issues (environmental, social and corporate governance issues) on their activities, and of the impact of these activities on sustainability issues, as well as the way in which they take these issues into account, particularly in a forward-looking manner, in the evolution of their business models and strategies.
The notion of transparency is essential for clarifying and documenting the process of constructing a dual materiality analysis, identifying IROs and taxonomy information.
Transparency and documentation are essential to the auditor’s work.
Implementing the CSRD requires in-depth reflection on the part of governance, both in terms of the objectives set and the resources allocated to meet them, in particular with appropriate processes and tools for collecting, processing and compiling information.
That’s why we strongly recommend digitizing the reporting process. It’s a way of making the information collected and published more reliable, and of ensuring the success of audits.
4. CSR Insight: a tool for companies
The CSR Insight solution has been designed to meet these challenges and align with auditors’ expectations:
- Embedded ESRS, to ensure regulatory compliance in the presentation of disclosures
- Full alignment withIG3 and CSRD by integrating all sector-agnostic datapoints, including voluntary, phase-in, conditional and alternative ones;
- Library of indicators to collect data in CSRD format, including expected units, IG3* reference, list of underlying data required to produce the report (e.g. Disclosure Requirement S1-6 – Characteristics of the Undertaking’s Employees, requiring disclosure of Workforce/FTEs by gender), description;
- Generate a ready-to-use report presenting all datapoints to be disclosed according to the recommended output format
- Validation workflow for tracking roles and responsibilities
- A workflow process for data validation, possible at several levels, and aligned with the organization and scope of responsibilities: data entry, validation, analysis, consultation, etc., according to the organizational scope of the company, but also the different business areas (social, environment, climate, governance, etc.).
- An integrated dialog box to facilitate communication between players, streamline the process and track exchanges;
- On-board consistency checks to make data collection more reliable and automate verifications
- Consistency checks on data entry: completeness (number of indicators entered and status), comparison with threshold values, comparison with historical data, request for comments in the event of significant discrepancies, etc. ;
- Indicator definitions, procedures and calculation methods are made available to ensure that they can be appropriated and to limit confusion or interpretations that could be a source of error;
- Interoperability with existing tools, to favor automated collection of data that has already been checked and made reliable internally;
- Complete audit trail (traceability) of data (history and supporting documents)
- An integrated audit trail to record and trace all data modifications and validations in each campaign
- Add and archive supporting documents and comments to help understand or validate one or more indicators;
This article was co-authored with RSM experts, who share our commitment to guiding companies through CSRD compliance and sustainable transformation.
💡 Would you like to find out more about our solutions tailored to your regulatory and strategic needs? Find out how our tools can help you collect, analyze and manage your ESG data.
