The implementation of the CSRD from 2024 poses a number of challenges for companies now subject to extra-financial reporting. For those who have already been doing so for years, the task is to check and update their data collection in line with the new requirements. For newly-eligible companies, many of them SMEs with no previous experience of this exercise, the challenge is to organize an approach that ensures compliance without placing too heavy a burden on the organization. In 3 questions, Ksapa shares its experience in organizing this essential process as efficiently as possible.
What is data quality?
CSRD compliance will require eligible companies to take a close look at the various EU ESRS standards. The first step is to identify the “material” indicators, and then explore how to aggregate the available data to report on the requested indicator. For example, ESRS S1 will ask you to report on the number of personnel. ESRS E1 will ask you to report on the company’s carbon footprint. In both cases, compiling or updating this type of ESG data can be a real challenge for the vast majority of companies that have not already taken part in this type of exercise – both within and outside Europe.
Reporting on a total number of employees quickly raises the question of the eligible scope (any employee who has been working for more than 6 months, for example?), and the different data systems to be connected (companies operating in different countries often have separate payroll software…). The carbon footprint and the calculation of data also brings its share of surprises in terms of aggregating different types of energy bills to create an indicator.
These are not new challenges. At Ksapa, we have the experience of having worked on exactly these issues for over 20 years, which gives us a certain hindsight and knowledge of many of the tools that can significantly accelerate these processes. The fact remains that, whatever the context, it is always necessary to examine the question of “data quality” first. Connecting data is all very fine. Ensuring compliance is essential. But ensuring that this work is carried out with a concern for quality is a strategic way of entering the subject, in order to properly weigh up the various dimensions to be addressed in the composition of ESG reporting.
Quality data is characterized by its accuracy, reliability, relevance, completeness, consistency, timeliness and validity. Here is a detailed definition of the key aspects that need to be explored in order to properly audit existing data, and structure a robust ESG data collection and aggregation process:
- Accuracy: Data is accurate if it correctly represents the real-world value or event it is intended to describe. Inaccuracies can arise from errors during data entry, processing, or other factors.
- Completeness: Data is complete if it contains all the necessary information and is not missing any relevant details. Incomplete data can be misleading and hinder effective analysis.
- Consistency: Consistent data is uniform and follows predefined rules or standards across various data sets or within the same dataset. Inconsistencies can arise from discrepancies in formats, units, or values.
- Reliability: Reliable data is trustworthy and can be depended upon for making decisions. It is free from errors, bias, or inconsistencies and is obtained from reputable and credible sources.
- Timeliness: Timely data is up-to-date and relevant for the intended use. Outdated data may not accurately reflect the current state of affairs and can lead to incorrect conclusions.
- Relevance: Relevant data is directly related to the purpose for which it is being used. Irrelevant or extraneous data can clutter analysis and decision-making processes.
- Validity: Valid data conforms to the defined rules and constraints of the data model. It adheres to the specified data formats, ranges, and types.
- Uniqueness: Uniqueness ensures that each data record is distinct and doesn’t have duplicate entries. Duplication can skew analysis and misrepresent the true state of the data.
By ensuring data quality, an organization can maximize the efficiency of its recurring ESG reporting processes, make better-informed decisions when trade-offs arise, and better grasp the levers for improving overall performance that ESG reporting provides. This requires efficient data collection, cleansing, validation and management processes, as well as consistent standards and practices across the organization.
How to document a data collection process to be verified by a third party?
With enforcement of EU CSRD, ESG sustainability information mandatorily to be reported in the management report must be verified by a third party with limited assurance. Beyond data quality, a next critical question comes with data documentation. Documenting a data collection process for third-party verification is essential to ensure transparency, accuracy, and reliability of the collected data. Here’s a step-by-step guide on how to effectively document a data collection process for third-party verification:
- Introduction and Overview:
- Provide a general introduction to the data collection initiative, its purpose, and its significance.
- Present an overview of the entire data collection process, outlining key steps and stakeholders involved.
- Objectives and Goals:
- Clearly state the objectives and goals of the data collection effort, explaining what you intend to achieve with the collected data.
- Identify and reference any relevant regulations, standards or guidelines related to data collection (e.g. ESRS, GRI and ISSB correspondence where applicable).
- Data Collection Methodology:
- Describe the specific methods and techniques used to collect data. This could include Excel files completed manually, databases, intervior automated data collection systems.
- Explain the rationale for choosing the selected data collection methods, detailing their appropriateness for the research or project.
- Sampling Strategy:
- Define the sampling approach, including the target scope, sample size, and sampling technique (e.g., random, stratified, convenience sampling).
- Justify the chosen sampling strategy and explain how it aligns with the research objectives.
- Data Collection Tools and Instruments:
- List and describe the tools and instruments used for data collection, such as questionnaires, sensors, or software platforms. Build as much as possible on digital infrastructure already in place!
- Provide details on how these tools were developed, tested, and validated for accuracy and reliability.
- Data Collection Procedures:
- Document the step-by-step procedures followed during data collection, ensuring clarity and comprehensiveness.
- Include details on how data collectors were trained, supervised, and guided throughout the process.
- Data Privacy and Ethics:
- Outline the measures taken to ensure data privacy, confidentiality, and compliance with ethical guidelines, laws, and regulations.
- Explain how informed consent was obtained from participants and how their privacy was protected in compliance with EU GDPR, California CCPA or China PIPL as deem appropriate.
- Data Validation and Quality Control:
- Describe the measures taken to ensure data quality, such as data validation checks, double-entry verification, or outlier detection.
- Explain any procedures or mechanisms in place to address data collection errors and inconsistencies.
- Data Storage and Security:
- Detail how the collected data is stored, secured, and managed to prevent unauthorized access, tampering, or loss.
- Mention any encryption or access control measures implemented to maintain data security.
- Documentation of Data Flow:
- Create a visual representation or flowchart illustrating the data flow from collection to storage and eventual analysis.
- Include descriptions of each step and the data transformations or processes that occur.
- Appendices and Supporting Materials:
- Include any supporting documents, forms, questionnaires, or training materials used during the data collection process.
- Attach relevant templates or checklists for data collectors to use.
- Review and Approval:
- Have the documentation reviewed by internal stakeholders, subject matter experts, and, if possible, an external reviewer for feedback and validation.
- Obtain necessary approvals from project leads or management before finalizing the documentation.
By thoroughly documenting the data collection process in a clear, detailed, and transparent manner, you facilitate third-party verification and demonstrate the credibility and rigor of your ESG data collection efforts.
What questions to address to ensure good governance of data collection process in organizations?
Ensuring good governance of the data collection process within organizations is critical for maintaining data quality, integrity, and compliance. Addressing key questions can help establish effective data governance practices in data collection processes. Here are important questions to consider:
- Purpose and Objectives:
- How do the objectives of data collection align with the overall organizational goals?
- What is the purpose of the data collection process?
- Data Collection Methodology:
- What methodologies and techniques are being used for data collection?
- How were these methodologies chosen, and are they appropriate for the intended purpose?
- Data Privacy and Compliance:
- How is data privacy ensured during data collection?
- Are data collection practices compliant with relevant laws and regulations, such as GDPR, or industry-specific requirements?
- Data Quality Assurance:
- What measures are in place to ensure data accuracy, completeness, consistency, and reliability during data collection?
- How are errors, discrepancies, or inconsistencies addressed during or after data collection?
- Data Ownership and Responsibility:
- Who owns the data being collected, and who is responsible for overseeing the data collection process?
- How are roles and responsibilities defined and communicated within the organization regarding data collection?
- Data Collection Standards and Protocols:
- Are there established standards, protocols, or guidelines for conducting the data collection process?
- How are these standards enforced and monitored to maintain consistency and quality?
- Data Security and Storage:
- How is data securely stored and managed during and after the data collection process?
- Are there encryption, access controls, and data retention policies in place?
- Data Transparency and Documentation:
- Is the data collection process well-documented and transparent?
- How is documentation maintained and made accessible to relevant stakeholders for review and validation?
- Training and Capacity Building:
- Are data collectors adequately trained on the data collection process, tools, and ethical considerations?
- Is there a plan for continuous training and capacity building to keep data collectors up-to-date with best practices?
- Data Governance Oversight:
- Is there a designated committee or individual responsible for overseeing and managing data governance in the organization, specifically relating to data collection?
- How is this oversight function structured, and what are its responsibilities and authority?
- Feedback Mechanisms and Continuous Improvement:
- Is there a mechanism to collect feedback from stakeholders involved in the data collection process?
- How is feedback utilized to drive continuous improvement in the data collection process?
- Vendor or External Partner Management:
- If external vendors or partners are involved in data collection, how is their performance and adherence to data governance standards monitored and managed?
- Are contracts and agreements in place to ensure compliance with organizational data governance policies?
By addressing these questions, organizations can establish a robust governance framework for their data collection processes, ensuring data quality, privacy, security, and compliance with relevant regulations and standards.
The implementation of extra-financial reporting, supported by effective management of data collection, is a must for many companies subject to CSRD. This data will be increasingly in demand from customers, financial partners and other stakeholders – both within and outside the European Union.
The challenge is to structure a process that is as robust and lean as possible in terms of data quality, ease of verification, and governance within organizations, capitalizing as much as possible on what already exists. By bringing informational value to the various functions contributing to the exercise in organizations: human resources, purchasing, general services, finance, for example.
Ksapa has the experts, methodologies and references to carry out this exercise. Contact us, and let’s move forward together!
Author of several books and resources on business, sustainability and responsibility. Working with top decision makers pursuing transformational changes for their organizations, leaders and industries. Working with executives improving resilience and competitiveness of their company and products given their climate and human right business agendas. Connect with Farid Baddache on Twitter at @Fbaddache.