Why your ESG reporting needs controls, not just commitment

You would never approve financial disclosures without controls. ESG reporting should be no different.

For businesses in scope of the Corporate Sustainability Reporting Directive, the focus has understandably been on materiality, double materiality, and data readiness. But what sits beneath all of that - what truly gives sustainability disclosures credibility - is control.

At Ancoram, we have supported finance and sustainability leaders as they navigate the growing pressure to produce ESG information that is not only accurate, but also auditable, trusted, and decision-useful. In practice, this means designing controls that are fit for the complexity of sustainability data.

That is why we created the ESG Controls Toolkit.

This resource offers a practical roadmap for building internal control over sustainability reporting. It draws on the COSO Internal Control – Integrated Framework, together with the 2023 guidance on ESG reporting. But it also reflects what we see every day in the field: real challenges with decentralised data, limited oversight, unclear ownership, and over-reliance on manual processes.

What does the toolkit cover?

The framework follows five familiar components:

1. Control environment – The tone set at the top, and the governance structures that influence reporting integrity.

2. Risk assessment – Understanding where ESG disclosures could go wrong, from Scope 3 estimation to social impact metrics.

3. Control activities – Practical mechanisms to prevent, detect and correct reporting errors across the data lifecycle.

4. Information and communication – Ensuring ESG data is accessible, interpretable, and reaches the right people at the right time.

5. Monitoring activities – Evaluating whether controls are working as intended and adapting to change.

We also provide examples of ESG controls mapped to ESRS topical standards, alongside guidance on applying controls to both qualitative and quantitative disclosures. These are designed with limited assurance in mind, but equally valuable for internal governance and investor confidence, especially as CSRD expectations evolve.

Why this matters now

The Omnibus Directive may have changed some of the timelines. But the momentum behind ESG transparency has not slowed. Regulatory expectations, investor scrutiny, and reputational risks are all rising. And for organisations that want to use sustainability as a source of advantage, not just compliance, credible data is essential.

Controls are how you get there.

Our message is simple. If your financial reporting has a control framework, your ESG reporting should too.

Download the ESG Controls Toolkit to see where your current approach stands, and what ‘good’ looks like.