CSR Tools
CSRD audit: Everything about the audit of the sustainability report

CSRD audit: Everything about the audit of the sustainability report

The CSRD audit presents both opportunities and challenges for companies. Our article provides information and tips on how to prepare.

Last updated on: May 27, 2026
In brief
  • Since the Omnibus package (in force 18 March 2026), only companies with more than 1,000 employees AND more than €450m net turnover must report under the CSRD.
  • The sustainability report will be audited - starting with limited assurance, later moving to reasonable assurance (expected from 2028 onwards).
  • In Germany, only registered auditors (Wirtschaftsprüfer) are currently authorised to conduct the CSRD audit.
  • Involve your auditor early - ideally during the double materiality assessment - to avoid costly corrections later.
  • A strong internal control system, clear data processes and suitable software reduce audit effort and cost significantly.

Sustainability reporting under the CSRD / ESRS now affects companies meeting the revised thresholds. With the Omnibus package in force since 18 March 2026, the reporting obligation applies to companies with more than 1,000 employees AND more than €450m net turnover. For qualifying companies, the sustainability report becomes part of the management report and will be subject to a formal audit - for the 2027 financial year at the latest. This also poses major challenges for the auditing industry, both as consultants and as auditors. The following article gives you a practical overview of the CSRD audit: who does it, what gets examined, and how you can prepare.

Who may audit the CSRD report in Germany?

Who conducts the audit of the sustainability report is one of the most debated aspects of the government draft for implementing the CSRD in Germany.

The Directive allows Member States to approve auditors beyond the statutory financial auditor. The current German draft does not simply activate this option. Instead, it provides for a future government review on whether other independent assurance providers (such as environmental verifiers) may be admitted through a later amendment. As a result, the CSRD audit in Germany is currently the responsibility of registered auditors (Wirtschaftsprüfer).

Who is authorised to audit?

Under the government draft, either the statutory auditor or another qualified auditor may be commissioned to audit sustainability reporting. The prerequisite is that auditors register as sustainability auditors and can demonstrate at least 40 hours of CSRD training.

Choosing the right auditor

Picking a suitable sustainability auditor matters. Using the statutory auditor has advantages - they already know your company. If you bring in a different auditor for sustainability, check their qualifications and prior CSRD experience carefully.

Lenders and investors will increasingly rely on the content of the sustainability report as a basis for decisions. Reliable, relevant information - supported by a thorough audit - is therefore in your direct interest.

Tip: involve the auditor early

Include your auditor at the start of the preparation process. At the latest, they should be involved during the double materiality assessment review. Early involvement avoids negative consequences for the audit opinion and saves both time and money.

What exactly is audited in the sustainability report?

The audit focuses in particular on three areas:

  • Double materiality assessment: the process, the criteria applied and the material topics identified
  • ESRS data points: completeness and accuracy of all reportable data points based on the material topics
  • EU Taxonomy reporting: reporting obligations under Article 8, including the process for determining KPIs (revenue, OpEx and CapEx)
Tip: start EU Taxonomy data collection early

Alongside ESRS disclosures, EU Taxonomy data collection should begin early. To collect data reliably and without high manual effort going forward, most financial accounting systems will need changes to the chart of accounts or transaction recording (for example, additional data points).

ESRS data points template

Determine your reportable ESRS data points at the touch of a button. Our template maps the relevant data points based on your material topics.

Learn more

What level of assurance applies to the CSRD audit?

Limited assurance at the start

At the outset, the legislator requires a CSRD audit with limited assurance. The result is summarised in a separate audit opinion alongside the existing financial audit opinion. From around 2028, the audit is expected to move to reasonable assurance, in line with the audit standard applied to annual financial statements.

Audit costs and time requirements for the sustainability report are expected to be comparable to those for the traditional financial audit. This reflects the growing importance of the sustainability report, which is to have equivalent status to the annual accounts.

What does limited assurance involve?

A limited assurance engagement is not a full-scope audit. The auditor focuses primarily on:

  • Understanding the company, including business processes and the control environment
  • Surveys and analytical assessments aimed at checking the plausibility of the information provided

Compared with reasonable assurance, the auditor has more flexibility regarding site visits and sample sizes.

How does reasonable assurance differ?

With reasonable assurance, the auditor expands the scope of the audit procedures significantly, in particular in the areas of internal controls and IT systems. Larger sample sizes and extended site audits are conducted due to the higher level of assurance required.

Tip: invest in your internal control system

From the company's perspective, an effective internal control system is the single most impactful lever for keeping audit effort manageable. Suitable ESG software solutions (such as the Materiality Master) and appropriate IT controls generally reduce the time required - and therefore the cost.

Steps for the CSRD audit process

Step 1: Preparation

First, appoint a suitable sustainability auditor - either your statutory auditor or another qualified and experienced one.

Before the audit begins, prepare all relevant documents. These should include in particular:

Step 2: Conducting the audit

The sustainability auditor begins by examining the process used to prepare the sustainability report and the resulting data points. This includes discussions with internal stakeholders (such as those responsible for sustainability reporting) and individual samples.

Comparing your data with that of peer companies in the same sector is a useful way to assess consistency and quality before the auditor does.

Step 3: Follow-up

The auditor reports back on the results of the CSRD audit. Where necessary, they make recommendations for improving data collection and underlying processes. Implement these process improvements promptly and keep the auditor involved throughout.

Common CSRD audit challenges and how to overcome them

The CSRD requires a large number of data points that most companies have not previously collected in structured form. Identifying the relevant data points early is therefore essential.

Practical tips for audit readiness
  1. Make the selection of material topics in the double materiality assessment as pragmatic as possible. The topics you identify directly determine how many data points you need to report.
  2. Simplification provisions apply in the first few years - particularly for smaller companies. Use them fully. They give you time to build robust processes and deliver high-quality data points.
  3. Set up a dedicated reporting system to ensure data is collected and transmitted consistently. Internal plausibility checks (for example by the controlling department) help maintain data quality.

For globally active groups in particular, a data and information strategy with clear responsibilities and processes is essential. This means comprehensive internal communication across all affected departments, plus information flows from the value chain (especially but not only direct suppliers and customers). A suitable IT infrastructure, an internal database or an external CSRD tool can all provide resource-efficient support.

Best practices for a successful CSRD audit

  • Involve the auditor early - at the latest during the double materiality assessment
  • Document thoroughly - detailed, stringent documentation allows the auditor to work efficiently
  • Start data collection early - give yourself time to clarify questions with the auditor before deadlines
  • Ensure cross-departmental communication - all relevant stakeholders need to be aligned from the outset
  • Run internal audits regularly - check completeness and correctness of your data on an ongoing basis

If you are using software for CSRD reporting, look for solutions with relevant certification. Providers differ considerably in functionality and price.

Tip: evaluate software carefully

To avoid unnecessary costs, conduct a market review and evaluation of available software products using, for example, our CSR tool overview. Not every function is useful for every company.

Review your internal reporting and preparation processes regularly. Legislation and guidance are evolving - staying current means you can react quickly to changes.

Materiality analysis template

Prepare your double materiality assessment audit-ready from the start. Our Excel template structures the process step by step.

View template

Frequently asked questions about the CSRD audit

Who is currently authorised to audit the CSRD sustainability report in Germany?

In Germany, only registered auditors (Wirtschaftsprüfer) who have completed at least 40 hours of CSRD training and registered as sustainability auditors are currently authorised. The government draft reserves the possibility of admitting other independent assurance providers at a later stage through an amendment to the law.

What level of assurance applies to the CSRD audit and when does it change?

The CSRD audit starts with limited assurance, which is less intensive than a full-scope audit and focuses on plausibility. From around 2028, the audit is expected to move to reasonable assurance, which is comparable in scope to a traditional financial statement audit and involves larger sample sizes and expanded site audits.

When should I involve my auditor in the CSRD process?

As early as possible - and no later than during your double materiality assessment. Early involvement helps avoid costly corrections and negative impacts on the audit opinion. It also reduces the overall time and resources required for the audit.

Which companies must have their sustainability report audited under the Omnibus rules?

Since the Omnibus package came into force on 18 March 2026, the CSRD reporting and audit obligation applies only to companies with more than 1,000 employees AND more than €450m net turnover (both criteria must be met). Many companies that were in scope under the previous thresholds no longer need to report under these revised rules.


Guest article written by Urs Gnädinger and Sarah Stindl

Urs Gnädinger
Auditor · audit.innovation / audit.neo

Urs Gnädinger from the Stuttgart region is an auditor at audit.innovation and founder of audit.neo - an operating system for auditors. He started his career at Ernst and Young (EY) in 2012 and is also a lecturer for international accounting at the HTWG University of Applied Sciences Konstanz.

Sarah Stindl
Audit Consultant · audit.innovation

Sarah Stindl works as an audit consultant at audit.innovation. She completed her Bachelor of Science at the University of Ulm in March 2024 and dedicated her thesis to sustainability reporting.