Work instructions are key to the quality of the CSRD audit

By Berend Berendsen,on October 16, 2024

This is my first blog post of a series of stories to share in the assurance community and related to CSRD. It is written with the idea that you are most likely an ESG professional or auditor and have some understanding of CSRD, auditing and the use of assurance standards.

An essential part of any audit is the so-called work instruction. A work instruction is a kind of blueprint on how auditors conduct an audit. Financial audits can fall back on decades of history and have well established work instructions and the assurance standards that are considered the basis of the instructions are well known. 

So how do you define work instructions for a new type of audit, for example the CSRD legislation?

 

To be short, it is a challenge.

 

The sustainability audits can fall back on the legal texts and that provides some structure but that alone is not a work instruction. When we started Engyon we realised early on, that the quality of the work instructions for a large part dictate the quality of the audit. Just checking the disclosed documentation against the legal text is not how auditors operate: additional elements from assurance standards, like from ISSA5000, are not taken into consideration with that approach. 

We started writing and developing these work instructions with our audit partners, using the legal text as a starting point and adding control steps that were already provided in ESRS. This work led to better results for our automation when finding references and provided better results to our users.

Work instructions are more than just a list of steps. Some steps only make sense in a particular order and specific steps become important when the underlying  risk is considered high, and helps to focus the attention of the auditor. Within a step, checks can relate to data points, policies or explanations which all have different nuances when they are checked by an auditor. 

The collaboration between our audit partners and Engyon resulted in a set of more than 200 steps to conduct a full ESRS audit with an average of 6 checks per step. Not all these steps are relevant  for each audit, because of their dependency on the material topics selected by the customer. We added logic that automatically selects the relevant disclosure requirements for each material topic, helping the auditor to ensure he or she is checking the right steps. We also ensured that if actions, metrics, policies or targets are mentioned, additional data points are added to the work instructions. 

Looking forward, we see a huge opportunity to improve these work instructions in the coming years in our pursuit to help auditors and ultimately lifting up the quality of sustainability data across the spectrum. If you are curious about these work instructions or want to contribute to the quality of the work programs, please reach out to me personally.

More blog posts are to follow about how AI speeds up the work of the auditor, how we deal with languages, where risk based compliance comes into play and how industry classifications are used in the risk based compliance work.