Arnd Wiedemann | Yanik Bröhl
IRO stands for Impacts, Risks and Opportunities. This triad is the central basis of the European Sustainability Reporting Standards (ESRS). In order to be able to report on the success of their sustainability activities, companies must have implemented a process for identifying, measuring and managing their impacts, opportunities and risks. This triad also forms the basis of the materiality analysis and enables a comprehensive view of a company’s sustainability activities and the associated consequences. Effective risk governance plays a central role here, as it links the IRO triad required for external reporting with internal corporate management.
Role of the IRO triad in sustainability reporting
On January 1, 2024, the Corporate Sustainability Reporting Directive (CSRD) came into force in the EU, leading to a significant expansion of sustainability reporting. Initially, this extended reporting obligation only affects large companies that are already subject to the Non-Financial Reporting Directive (NFRD; adopted in Germany as CSR-RUG). These companies must report for the first time in 2025 in accordance with the CSRD for the 2024 financial year. From the 2025 financial year, the reporting obligation will be extended to all other large companies. From the 2026 financial year, small and medium-sized companies listed on regulated European markets will also be required to report on CSRD. However, they can be exempted from this obligation until the 2028 financial year, but must explicitly explain in the management report why they are not submitting a sustainability report. From the 2028 financial year, the CSRD also applies to certain companies from third countries with a relevant EU connection (Art. 5 EU Directive 2022/2464).
CSRD reporting is governed by the European Sustainability Reporting Standards (ESRS), which currently consist of two general standards and ten topic-related standards. The general standards deal with general requirements (ESRS 1) and general disclosures (ESRS 2) on sustainability reporting. The topic-related standards are divided into five environmental standards, four social standards and one governance standard. The standards are thus based on the three pillars of sustainability (ESG criteria): Environment (Environment), Social (Social) and Governance (ESRS 1 para. 4). The environmental standards cover climate change (ESRS E1), environmental pollution (ESRS E2), water and marine resources (ESRS E3), biodiversity and ecosystems (ESRS E4) as well as resource use and the circular economy (ESRS E5). The social standards deal with the company’s own workforce (ESRS S1), the workforce in the value chain (ESRS S2), the affected communities (ESRS S3) and consumers and end users (ESRS S4). The governance standard focuses on corporate policy (ESRS G1). Sector-specific standards are also to be introduced by June 30, 2026 (Art. 1 EU Directive 2024/1306).
The ESRS define the requirements for companies to disclose material impacts, risks and opportunities (IRO) in relation to sustainability aspects (ESRS 1 para. 2). The impacts refer to both positive and negative sustainability-related impacts resulting from the company’s business activities. Risks and opportunities, on the other hand, relate to the company’s financial sustainability risks and opportunities. Taken together, the impacts, risks and opportunities form the IRO triad, which reflects the principle of double materiality in the ESRS (ESRS 1 para. 14). The principle of dual materiality takes into account both the inside-out perspective, which considers a company’s impact on society and the environment, and the outside-in perspective, which considers the risks and opportunities for the company itself (ESRS 1 para. 37).
Impact materiality is determined from the inside-out perspective. This aims to determine the negative and positive impacts of a company in the short, medium and long term that result or could result from its business activities, its upstream and downstream value chain, its products and services and its business relationships on people or the environment (ESRS 1 para. 43). The impacts address the ESG criteria in particular (ESRS 1 para. 44). In contrast, the outside-in perspective is used to determine financial materiality. This refers to the analysis of sustainability-related risks and opportunities that have or could have a short, medium or long-term impact on a company’s financial position, financial performance, cash flows, access to finance or cost of capital (ESRS 1 para. 49). A reporting obligation exists if materiality is already identified for a sustainability aspect from one of the two perspectives (ESRS 1 para. 28). In contrast, the NFRD only took into account aspects that were considered material from both perspectives (Art. 1 EU Directive 2014/95).
The ESRS contain a list of specific sustainability aspects that must be reviewed as a minimum. These aspects are categorized according to the topic-related standards, which in turn are divided into sub-topics and sometimes even into sub-sub-topics. For example, working conditions is a sub-topic and appropriate remuneration is a sub-sub-topic of ESRS S1 (own workforce). The list is not intended to be exhaustive, but should form the starting point for identifying further company-specific sustainability aspects. A separate analysis process is required for this purpose (ESRS 1 para. AR 16).
Process for IRO assessment in accordance with ESRS
The materiality assessment of a company should reflect not only the perspectives of both impact materiality and financial materiality, but also the interrelationships between the two (ESRS 1 para. 38). However, separate and independent processes do not have to be performed (EFRAG 2024, p. 19). Impact materiality should be the starting point for the materiality assessment, as sustainability-related impacts will also have financial effects in the short, medium or long term (ESRS 1 para. 38). The ESRS do not provide any fixed requirements or specify a particular sequence of steps for carrying out the materiality assessment. This is at the discretion of the respective company. The selected process can therefore take into account the specific circumstances and conditions of the company (EFRAG 2024, p. 19).
Fig. 01: Process for materiality analysis (based on EFRAG 2024, p. 20)
Source: EFRAG 2024, p. 20
The European Financial Reporting Advisory Group (EFRAG) proposes three analytical steps as a possible approach to materiality analysis (Fig. 01). The first step is to determine the impact materiality. To this end, the interrelationships between the company’s activities, its business relationships and the interests of the various stakeholders must be identified and analyzed in order to understand the resulting impacts. The next step is to identify both the actual and potential impacts that may result from collaboration with stakeholders. These impacts can be both negative and positive. In order to arrive at a well-founded assessment of the impact on sustainability aspects, the company can draw on scientific studies and its own analyses. In the third step, the actual and potential impacts are assessed with regard to their materiality. The sustainability aspects to be classified as material are derived from the results of the assessment. Threshold values must be defined for this purpose, which are used to decide which impacts are to be included in the reporting (ESRS 1 para. AR 9).
When assessing impact materiality, cooperation with the affected stakeholders is of crucial importance in order to fulfill the company’s duty of care (sustainability due diligence) (ESRS 1 para. 24). Stakeholders are persons or groups that either influence the company or are influenced by it. The ESRS distinguishes between affected stakeholders and users of sustainability reporting. Affected stakeholders are individuals or groups whose interests are or could be positively or negatively influenced by the activities of the company and its direct and indirect business relationships along the value chain. Users of sustainability reporting are primarily the addressees of general financial reporting, such as existing and potential investors, lenders and other creditors. However, users also include business partners, trade unions, the company’s social partners, civil society, non-governmental organizations, governments, analysts and academics (ESRS 1 para. 22).
After determining the impact materiality, the analysis of financial materiality must be carried out. The starting point is the identification of risks and opportunities that have or could have short, medium or long-term financial effects on the company (ESRS 1 para. AR 14). The focus here is particularly on dependencies on natural, human and social resources (ESRS 1 para. 50). After identifying the risks and opportunities, the company must determine which of these are material for financial reporting. The potential financial effects are weighted with probabilities of occurrence and assessed on the basis of defined thresholds (ESRS 1 para. AR 15). In addition, information is always material if it can be assumed that omission, misstatement or concealment of this information could negatively influence the decisions of the addressees of the sustainability report (ESRS 1 para. 48).
The foundation of the materiality analysis is therefore the stakeholder dialog. To this end, the company should work directly with the affected stakeholders or other experts in order to obtain feedback on the material IROs (ESRS 1 para. AR 8). Nature is a silent stakeholder. Objectified data must be used in the IRO assessment to take it into account (ESRS 1 para. AR 7). However, despite the clear emphasis on the importance of stakeholder orientation, the ESRS do not specify which specific stakeholders should be included in the materiality analysis and how. However, the diversity of stakeholders mentioned in the ESRS makes it clear that the IRO assessment goes far beyond the narrow circle of purely economic issues and also includes social, environmental and governance aspects.
Integration of external reporting requirements into corporate management
In view of this comprehensive consideration of stakeholder interests, the dovetailing of external reporting requirements with internal corporate management is of crucial importance for the strategic orientation and sustainable success of a company. A careful materiality analysis not only enables the external reporting requirements to be met, but also the key strategic areas of action to be identified. These areas of action in turn form the basis for the strategic objectives, the associated key performance indicators (KPIs and key risk indicators; KRIs) and the corresponding implementation measures. Risk governance is a particularly suitable concept for this integration (Wiedemann et al. 2024, p. 276). It ensures that business activities are continuously compared with the current risk environment and provides impetus for strategic adjustments or realignments where necessary. Risk governance also links the interests of stakeholders with sustainability risks and opportunities, thereby contributing to the long-term success of the company (Stein/Wiedemann 2016, p. 823 f.). Risk governance is therefore the link for integrating the key sustainability aspects identified in the materiality analysis into corporate management and communicating the results to stakeholders via external reporting.
The systematic consideration of sustainability aspects in corporate management can bring advantages for a company in terms of better access to markets, easier capital procurement from investors and lenders and/or increased attractiveness for customers and suppliers. The materiality analysis also contributes to a positive external image as a responsible company, which can create trust and improve reputation. It can also help to identify trends at an early stage and provide impetus for cooperative solutions (Ankele/Winterstein 2021, p. 32). All of this is in line with the objectives of risk governance. In addition, the results of the materiality analysis are not only crucial for monitoring and reporting processes, but also for the company’s forward-looking planning and decision-making processes. It is therefore particularly suitable as a foundation for the development of a sustainability-oriented corporate strategy (Arena 2022, p. 76).
A close link between the materiality analysis and the existing risk management tools and processes also ensures that the risk aspect in the area of sustainability is given appropriate consideration. A central component of risk governance in institutional terms is the risk governance circle. This internal group consists of employees from various functions who share their risk perceptions. Cross-functional communication in particular enables the identification of key sustainability opportunities and risks. The findings from the circle are regularly communicated to the company management and integrated into the materiality analysis, which ensures a strategic and integrated risk assessment at all levels of the company (Stein et al. 2018a, p. 1294 f.).
Strategically oriented risk governance enables companies to take a comprehensive approach to risk and identify potential threats at an early stage. At the same time, it ensures that the resources used are proportionate and adapted to the individual needs of the company. This applies in particular to the business model and risk tolerance (Stein et al. 2018b, p. 69). The demand-oriented scaling of risk governance and materiality analysis ensures the effectiveness of trading. In addition to the link to internal risk management, the materiality analysis also influences internal profitability management and makes it clear that success is more than the purely financial dimension. By also taking environmental and social aspects into account and considering them as part of the triple bottom line approach, the circle is closed.
Conclusion
Integrating the external reporting requirements derived from the IRO triad into corporate management through a well-founded materiality analysis and strategically oriented risk governance can contribute significantly to the sustainable success of a company and should therefore become the engine and driver of action. In this way, not only can the requirements of stakeholders be met, but competitiveness can also be secured in the long term. The dovetailing of the IRO triad with risk governance therefore represents a decisive step towards sustainable and responsible corporate management. It enables a company to evaluate its strategic fields of action and manage sustainability risks. At the same time, the growing demands for transparency and accountability are met and stakeholder confidence is strengthened.
Literature
Ankele, K. / Winterstein, J. (2021): Better material: What matters in a materiality analysis. Ecological Economy, 36(2), 30-34.
Arena, M. (2022): ESG and their Impact of Risk Governance. In: A. Wiedemann, V. Stein & M. Fonseca (Eds.), Risk Governance in Organizations: Future Perspectives (pp. 75-79). Universi.
Stein, V. / Wiedemann, A. / Zielinski, M. (2018a): Classification of risk governance in the system of corporate monitoring. Der Betrieb, 86(8), 1292-1295.
Stein, V. / Wiedemann, A. / Wilhelms, J. H. (2018b): Integrative risk management approaches for SMEs: Enterprise risk management versus risk governance. ZfKE, 66(1), 61-70.
EFRAG (2024): EFRAG IG 1: Materiality Assessment Implementation Guidance.
Stein, V. / Wiedemann, A. (2016): Risk governance: Conceptualization, tasks, and research agenda. JBE, 86(8), 813-836.
Wiedemann, A. / Bröhl, Y. / Mies, M. (2024): Implications of the European Sustainability Reporting Standards for the risk management of banks. WPg, 77(5), 270-276.