Focus on ESG: The Auditor Juggle Regulation and Corporate Practice

In recent years, sustainability has become a strategic pillar for businesses, institutions, and investors.  With the take effect of the CSRD and the mandatory adoption of the ESRS, sustainability reporting is  evolving into a structured process comparable to financial accounting. This shift marks a move away  from generic “environmental good practices” toward an integrated system for managing ESG  (Environmental, Social, Governance) risks and performance. In this context, a key figure has  emerged: the sustainability auditor (or sustainability assurance provider), responsible for ensuring  that companies’ non-financial disclosures are accurate, reliable, and compliant with international  standards. 

Currently, given the complexity of the applicable regulations, reporting obligations have been  postponed by Directive 2025/794, introduced in Italy through Article 10 of Law 118/2025, which  repealed the provisions of Legislative Decree 125/2024 related to the effective date of mandatory  reporting. As of today, except for large public-interest entities that have already prepared their 2024  sustainability reports, reporting remains voluntary. Companies may choose to fully apply the ESRS if  they aim to provide a comprehensive and detailed disclosure or alternatively adopt the simplified  VSME model. In the latter case, assurance is limited and not mandatory yet recommended when  companies wish to enhance the credibility and reliability of the information disclosed. 

Regardless of whether adoption is mandatory or voluntary, a common challenge for many  companies is that ESG reporting will require both cultural and operational changes. Understanding  how the sustainability auditor works is essential for setting up effective internal systems, controls,  and governance structures. 

The auditor's first activity concerns the definition of scope and materiality. In this phase, the auditor  checks whether the company has correctly identified significant environmental and social impacts,  as well as sustainability-related risks and opportunities. The overall objective is to ensure that the  report’s underlying logic is sound and that no material information relevant to stakeholders is  omitted. 

Next, the auditor focuses on the company’s internal processes for collecting ESG data. This part of  the work concerns the internal control systems applied to non-financial data, including the  examination of: 

• data collection procedures; 

• reliability of data sources; 

• internal roles and responsibilities; 

• authorization workflows. 

Another crucial step is verifying compliance with reporting standards, such as ESRS, TCFD, or GRI in  the case of simplified reporting. The auditor assesses whether the company meets mandatory  disclosure requirements and ensures consistency between narrative information and quantitative  data. For example, emissions must be calculated in accordance with recognized methodologies such  as the GHG Protocol. 

The auditor then evaluates ESG governance. Key questions at this stage include: Is the board  involved? Does management demonstrate a genuine commitment? Is sustainability integrated into  decision-making processes? This analysis helps determine whether the report reflects a real organizational commitment rather than a purely communication-driven exercise, demonstrating  that sustainability is embedded in corporate management. 

In the end of the procedures, the auditor issues an assurance statement—typically in the form of  limited assurance, currently the standard under the CSRD, or reasonable assurance on specific  indicators. This opinion certify reliability, the accuracy of the reporting process, compliance with  standards, and the absence of material misstatements. For the company, this constitutes a genuine  “technical seal” of credibility. 

Today, the role of the sustainability auditor is critical for companies, as it not only ensures compliance  with regulatory obligations but also supports improvements in internal management systems. Key  benefits include reducing the risk of non-compliance, protecting corporate reputation by avoiding  unintentional greenwashing, increasing trust among investors, banks and clients, enhancing the  integration of sustainability into business strategy, and developing more mature and well documented ESG processes that are also useful for internal management. 

It is important to note, however, that the regulatory landscape is still evolving. The framework is not  yet final, and there are no consolidated practical experiences to serve as clear implementation  models. Consequently, auditors are operating in a dynamic context, developing flexible and  adaptable solutions to support companies in building reliable and transparent ESG reports, while  awaiting more definitive guidelines and standards. 

Ultimately, sustainability assurance is not a formal compliance exercise: it is a strategic technical tool  that strengthens transparency, governance, and the competitiveness of the company.