FERMA
Latest news

Enterprise risk management frameworks key to meeting CSRD reporting requirements

Published on November 3, 2025

Protiviti and FERMA report highlights the key sustainability risks reported in the first wave of Corporate Sustainability Reporting Directive (CSRD) disclosures.

Brussels, 30 October 2025 – FERMA has released a new report which highlights the strategic opportunities presented by the EU Corporate Sustainability Reporting Directive (CSRD) and considers the practical implications for risk managers of its implementation following the first year of reporting.

The report, Implementation of the CSRD – First Year Lessons from Risk Managers’ Perspective, developed by Protiviti with FERMA’s support, follows the first wave of reporting. It provides actionable insights into the interplay between risk management and sustainability reporting and highlights best practices and areas for improvement as companies navigate the evolving regulatory landscape.

Download the report here 

Commenting on the findings, Valentina Paduano, chair of FERMA sustainability committee and co-supervisor of the report said: “Risk managers played a key role in the reporting process, applying their expertise in risk identification, evaluation, and management to the sustainability reporting framework. By adapting ERM methodologies for sustainability analysis, they emerged as both compliance enablers and strategic contributors to corporate sustainability goals.”

Double Materiality Assessment Findings

A key focus of the study is to assess the application of risk practices in the context of Double Materiality Assessment (DMA), a core component of the reporting requirements under CSRD.

Key findings of the report relating to DMA include:

  • A large majority of the companies examined leveraged ERM processes as a foundation for conducting the DMA, with 60% using their ERM Risk Register as a key input to develop the initial long list of risks and opportunities to be evaluated within the DMA framework.
  • Only 15% of companies used different time horizons from those suggested by the CSRD, primarily choosing time horizons aligned with their strategic/industrial plans.
  • Regarding the number of material risks identified, 10% of companies reported fewer than five risks, 25% identified between five and ten risks, the majority (35%) reported between eleven and twenty risks, while 25% disclosed more than twenty risks.
  • The top three most disclosed risks are: operational disruptions caused by weather events that could damage assets, non-compliance and/or tightening of pollution regulations, and risk that business partners along the supply chain may not fully comply with ethical and social standards.

Climate and Internal Control System Findings

The study also explores developments relating to climate change risk assessment and internal control systems (ICS) for sustainability reporting under CSRD.

In terms of identifying climate-related risks and opportunities, the study finds that 90% of companies had already conducted a Climate Change Risk Assessment prior to the entry into force of CSRD. Further, the report noted that the climate scenarios most referenced were closely aligned with established pathways from the Intergovernmental Panel on Climate Change (IPCC) and International Energy Agency (IEA) frameworks.

Focusing on ICS, the research shows that most companies disclosed general information on their ICS, of which 74% adopted a formal ICS on sustainability reporting for the first year of CSRD reporting. 55% also disclosed the main risks related to sustain ability reporting, including delays and incompleteness in information flows, data errors and poor information quality and weaknesses in data collection and entry processes.

Providing Risk Managers with a Strategic Opportunity

While the report highlights the challenges posed by the CSRD – which include the significant operational burden of new reporting practices – it supports a view of the directive as a strategic opportunity rather than a mere compliance exercise.

Philippe Cotelle, President of FERMA, said: “This new approach may require further refinement to establish a structured interaction, evolve existing ERM processes by integrating a clear assessment of opportunities alongside risks, ensuring precise definitions of opportunities to reduce the risk of misinterpretation and incorporate evaluations across multiple time horizons, with particular attention to the long term. Together, these efforts support an integrated reporting and control system that ensures compliance while enhancing risk management and value creation.”

Share with others

Subscribe to our newsletter

* indicates required
Interests

By subscribing to our newsletter, you agree that we may process your information in accordance with our Privacy policy.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at enquiries@ferma.eu.

We use MailChimp as our marketing platform. By subscribing to our newsletter, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp’s privacy practices here.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.