Downloadable Checklist

CSRD Readiness Checklist

What CFOs and CSOs need to confirm before their first reporting cycle under the Corporate Sustainability Reporting Directive.

Jigar Dhabalia

Co-founder, DS Consulting

·11 March 2026·12 min read

A note on how to use this checklist

CSRD is not a reporting exercise. It is a governance transformation. The organisations that will struggle most are those that treat it as a compliance deadline rather than a systems build. This checklist is designed to help leadership teams identify where their readiness gaps are before the first disclosure cycle, not after.

Why this matters

According to PwC's Global Sustainability Reporting Survey 2025, more than half of respondents say internal and external pressure to provide sustainability data and insights has increased over the last year, while more than two-thirds of companies already reporting under CSRD or ISSB say they are seeing significant or moderate value beyond compliance from the data gathered through the reporting process.

This is reinforced by the Cost-benefit Analysis on Draft Amended ESRS by EFRAG, which estimates first-year ESRS implementation costs at EUR 287,000 for companies below 10,000 employees and EUR 1.97 million for those above that threshold, with assurance costs alone reaching EUR 115,000 and EUR 1 million respectively. The same analysis also notes that indirect assurance costs can add a further 15-25% on top of auditors' fees due to the absence of harmonised European assurance guidance.

Note: DS Consulting does not provide statutory audit or assurance. This checklist is for governance preparation purposes only.

Section 1: Scoping and applicability

Confirmed your entity falls within CSRD scope and identified your first reporting year.

Large companies: FY2024. Listed SMEs: FY2026 with opt-out to FY2028. Scope determination must be confirmed early, not assumed later.

Identified which group entities are in scope and which consolidation approach applies.

CSRD uses a group-level logic. The parent may report for subsidiaries unless exemptions apply. This must be understood before workstreams begin.

Determined whether you qualify for the subsidiary exemption.

A subsidiary can be exempt if the parent publishes a group sustainability report covering that subsidiary. Document the basis clearly.

Confirmed your financial year and the statutory deadline for your first disclosure.

CSRD reporting sits alongside the management report and follows the same filing logic. Timelines must be aligned from the start.

Identified the competent authority responsible for CSRD oversight in your jurisdiction.

Enforcement and oversight vary by EU member state. You need clarity on who will supervise and enforce compliance.

Engaged your statutory auditor on the assurance scope and timeline.

Limited assurance is required from the first cycle. Waiting too long to engage the auditor creates avoidable delivery risk.

Section 2: Double materiality assessment

Double materiality is the conceptual core of CSRD. You must assess both your impact on sustainability matters and their effect on your financial performance independently, systematically, and with evidence.

A double materiality assessment process has been designed and documented.

The process must be systematic, evidence-based, and repeatable. Ad hoc assessments will not satisfy leadership or auditors.

Impact materiality: identified actual and potential impacts across the value chain.

This requires mapping operations, supply chain, and downstream activities against relevant ESRS topic areas.

Financial materiality: identified sustainability-related risks and opportunities with financial relevance.

Use the existing risk register as a starting point, but explicitly connect each risk or opportunity to CSRD and ESRS topics.

Stakeholder consultation has been conducted and documented.

You need evidence of who was consulted, when they were consulted, and how their input influenced the assessment.

Material topics have been mapped to the relevant ESRS disclosure requirements.

A material topic does not automatically require every disclosure in that standard. Materiality determines the reporting scope.

The materiality outcomes have been reviewed and approved at board or executive committee level.

Leadership involvement is a governance requirement, not just a project management preference.

Section 3: Data governance and collection

A data owner has been assigned for each material ESRS KPI.

Data ownership is the most important governance decision. Without named owners, collection quality and accountability will break down.

A data collection template exists for each KPI, including methodology, calculation rules, and source.

Templates must be precise enough that another person could follow them and produce the same number.

GHG emissions data collection covers Scope 1, Scope 2, and material Scope 3 categories.

Scope 3 coverage should be determined through materiality, with all 15 categories assessed before exclusions are made.

The GHG calculation methodology is documented and aligned to GHG Protocol or ISO 14064.

Auditors will ask for the methodology. It cannot live only in one person's head or in an undocumented spreadsheet logic.

Data quality controls are in place: validation rules, reasonableness checks, and exception handling.

The evidence trail must show that controls were actually applied, not merely described in policy.

The data collection timeline is aligned to your financial close process.

If sustainability data cannot meet the annual reporting deadline, the whole reporting cycle becomes fragile.

A value chain data collection approach has been designed for material Scope 3 categories.

Primary supplier data is preferred. Where estimates are used, the methodology must be documented and defensible.

Section 4: Governance structure and controls

Board-level sustainability governance is documented: roles, responsibilities, and oversight frequency.

You cannot disclose governance credibly unless the governance structure already exists and is documented.

A sustainability reporting team has been identified with clear ownership of the reporting process.

This usually spans finance, legal, operations, and sustainability. Reporting cannot sit inside one team alone.

An internal review process exists for sustainability disclosures before publication.

Review steps, approval checkpoints, and sign-off responsibilities should be documented before the first cycle.

Evidence trails are maintained for all material KPIs: source data, calculations, and approvals.

A reviewer should be able to trace any published number back to its original source without depending on the preparer being present.

A CSRD disclosure calendar has been created covering data collection, review, and filing milestones.

Work backward from the filing deadline. Most organisations underestimate the time needed for review and revision loops.

Legal have reviewed the disclosure requirements and confirmed the report format and filing mechanism.

CSRD may require XHTML and iXBRL tagging under ESEF obligations. Format and filing requirements need early legal confirmation.

Section 5: Assurance readiness

CSRD requires limited assurance from the first reporting cycle. Assurance readiness means being able to show an auditor how you got to each number, not just that the number exists.

Your statutory auditor has been briefed on CSRD assurance scope and has confirmed capability.

Not all firms are equally prepared for CSRD assurance. Confirm capability and approach early.

A pre-assurance readiness review has been scheduled internally or with an advisory firm.

A dry run before the formal assurance cycle is one of the highest-value ways to surface gaps early.

All data collection processes, controls, and evidence trails are documented in a form an auditor can review.

Documentation for internal operations and documentation for assurance are not the same. Prepare for external review standards.

Your narrative disclosures are aligned to your quantitative KPIs with no inconsistencies.

Narrative claims that cannot be supported by the data will immediately create assurance friction.

A policy register exists covering all CSRD-relevant policies across environmental, social, and governance topics.

Policies should be approved, dated, current, and accessible. If they do not exist yet, they need to be created before the reporting cycle begins.

Your next step

If fewer than 70% of these items are confirmed, your organisation carries material assurance risk in its first CSRD reporting cycle. The items in Section 3 and Section 5 have the longest lead times and should be prioritised first.

DS Consulting helps leadership teams close these gaps through advisory and implementation: scoping, data governance design, evidence trail build, and assurance readiness preparation. We do not provide statutory audit or assurance services.

To discuss your situation, book a diagnostic at consult-ds.com/contact or write to contact@consult-ds.com.

Common questions

What is the first thing leadership should confirm for CSRD readiness?

The first step is to confirm whether the entity is in scope, identify the first reporting year, determine which group entities are covered, and clarify whether any subsidiary exemption applies. Without that scoping decision, the rest of the programme will drift.

Why is double materiality central to CSRD?

Double materiality is the conceptual core of CSRD. Companies must assess both their impacts on sustainability matters and the effect of sustainability-related risks and opportunities on financial performance. It must be systematic, evidence-based, and documented with stakeholder input.

What does assurance readiness mean under CSRD?

Assurance readiness means being able to show an auditor how every number and disclosure was prepared, including source data, methodology, controls, approvals, and evidence trails. It is not enough to have the number; the process behind it must also be defensible.

Get the PDF checklist

Download the full CSRD Readiness Checklist as a PDF for internal review, leadership alignment, and readiness workshops.