Data Reliability for ESG-Reporting
Companies are currently confronted with new reporting obligations and the associated compliance requirements based on regulatories as Corporate Sustainability Reporting Directive (CSRD) and EU Taxonomy. To generate actual value, companies need to implement an ESG-Performance-Mangement including KPI definition, ESG reporting and management approaches for ESG KPIs. Only if a company can successfull include ecomomic, environmental and social performance into strategic decision-making it is possible to gain competitive advantage.
Currently lots of tools are available to support companies to record the required data and prepare a reporting based on the ESG standards (e.g. SAP Sustainability Control Tower). But to rely on the data and reportings prepared in these tools it is particulatly important to ensure the accuracy and reliability of the ESG-related end-to-end processes and data. For this purpose appropriate IT Controls and IT Application Controls need to be implemented and tested for effectiveness.
IT Controls are conducted on
application-, operating system- and database-level for
- Access Management
- Change Management
- Security Configuration
- API-/Job-Monitoring
- Authorization concepts including test support and implementation
The IT Controls ensure the
integrity of programs, data files and computer operations. They are designed to
fulfill all requirements in regards to confidentiality, integrity, and availability of data.
Without effective IT Controls, the
reliance of our ESG IT systems may
not be possible!
IT Application Controls (ITAC) refer to transaction processing controls which ensure the
complete and
accurate processing of data, from input through output.
Control catalog for nonfinancial reporting
- Related to NFRD, CSRD, EU Taxonomy (etc.)
- Inclusion of catalog in ICS
Governance, Risk and Compliance Tools provide a
holistic approach to manage an organization's risk and compliance requirements by integrating governance, risk management, and compliance management activities into a single platform
.
It is important to cover
all relevant (SAP) source systems, from on-premise to SaaS:
Depending on the deployment model, the
responsibilities of the customer and the respective service provider(s) vary and therefore the related tasks.
Who we are
|
Heiko Jacob (Deloitte GmbH WpG) – Partner Risk Advisory
Head of the "IT & Specialized Assurance" Division |
|
Jan Grüne (Deloitte GmbH WpG) – Director Risk Advisory
Head of the "Digital Internal Audit & Data Intelligence" division |
|
Dr. Roland Michalke (Deloitte GmbH WpG) – Director Risk Advisory
Head of the "Application Security - SAP Security" Division |
|
Christina Köhler (Deloitte GmbH WpG) – Senior Managerin Risk Advisory
Member of the "IT & Specialized Assurance" Division |