Board-ready by design: What auditors expect under AASB S2

For years, climate reporting has leaned heavily on narrative. AASB S2 changes the incentive. It doesn’t ask companies to be inspiring; it asks them to be provable.

That’s not a semantic shift. It’s a governance shift. AASB S2 is built to sit alongside general purpose financial reporting, requiring disclosure of climate-related risks and opportunities that could reasonably be expected to affect cash flows, access to finance or cost of capital over the short, medium or long term. In practice, that pulls climate out of the Corporate Social Responsibility annex and firmly into the zone auditors recognise: documented processes, accountable decision-making, and traceable numbers.

Auditors don’t audit good intentions. They audit evidence.

What follows is the audit mindset AASB S2 brings to climate disclosure: build it to be assured, and it will be board-ready by default.

1) Governance: Who is responsible?

The first test is simple: who is actually accountable? Not “the business”, and not a steering committee with a penchant for PowerPoint.

AASB S2’s governance story is meant to give users confidence that climate matters are governed with the same discipline as other enterprise-critical issues.

That expectation becomes tangible in the evidence auditors reach for: board and committee charters, delegated authorities, and minutes and packs that show oversight, decisions, and (crucially) challenge.

This is where many companies fail quietly. They can describe oversight. But they can’t demonstrate it. An auditor will look for a governance chain that connects:

• the committee mandate to climate oversight,
• the agenda time devoted to climate,
• the decisions taken (or escalations made),
• and the follow-through in management reporting.

Management roles matter too. It isn’t enough to say the CFO is “involved” – controls, procedures, sign-offs and internal reporting packs are the kind of operational artefacts auditors expect to see.

A board-ready design principle here is clarity: a RACI you can defend, not a collaboration you can only describe.

2) Risk management: If it isn’t in ERM, it isn’t real

AASB S2 is explicit that climate risk management disclosures should explain the processes used to identify, assess, prioritise and monitor risks and opportunities, and whether/how those processes are integrated into overall risk management.

Auditors then translate that into a predictable checklist of evidence: risk assessment methodology, risk matrices, extracts from the risk register, workshop outputs, and evidence of monitoring cadence (such as risk reporting to the board, or dashboards and committee packs).

The telltale weakness is climate sitting adjacent to ERM rather than inside it—run by different people, on different cycles, with different thresholds and language. If your climate risks aren’t assessed using comparable criteria (likelihood, magnitude, potential financial impacts) and prioritised relative to other enterprise risks, the disclosure may read as disconnected – even if it’s well written.

Integration evidence is unusually concrete. Auditors often expect to see ERM frameworks, risk committee packs, and committee reporting that demonstrate climate risks are embedded and overseen as part of the broader system.

The board-ready design move is to stop treating climate as a special risk category that needs a special process. Under AASB S2, “special” is a liability – unless it’s documented and controlled.

3) Strategy & resilience: Scenario analysis with a paper trail

AASB S2 asks companies to show how resilient their strategy and business model are under different climate scenarios, using scenario analysis that fits their size and circumstances.

That means scenario analysis isn’t just “nice context” anymore. It needs to be clear and explainable: what scenarios you used, what data and assumptions sit underneath them, what the limits are, and what decisions the results influenced.

Auditors will then look for the usual evidence: the scenario analysis report, assumptions documentation, and management review and approval papers.

The real test is whether scenario analysis leads to action. If it shapes capex timing, supplier choices, or budget assumptions, it’s doing its job. If it doesn’t, it risks looking like a box-ticking exercise.

That’s why boards should engage early. If scenario analysis is done at year-end just to meet disclosure requirements, it will read that way. If it’s built into planning, the evidence shows up naturally in board papers, approvals, and updated models.

4) Financial effects: Connecting climate with financials

AASB S2 gets most demanding when it comes to financial effects. Companies need to explain how climate-related risks and opportunities are affecting – or could affect – financial position, financial performance and cash flows.

Climate disclosure has to connect to the financials, not just sit alongside them.

Auditors will usually look for the supporting evidence: budgets and forecasts, impairment and provisioning workpapers, key assumptions, and capital allocation decisions that reflect what you’ve disclosed.

It’s also where misalignment is most risky. If the narrative says climate is material, but the numbers (or the assumptions behind them) don’t move – and there’s no documented explanation – assurance concerns will rise quickly.

Board-ready by design means building a clear line of sight: climate assumptions that are either clearly embedded in financial planning, or clearly documented as out of scope, with a rationale that will stand up to review.

5) Metrics, data lineage, and the end of “trust us”

AASB S2 expects metrics that are useful for decisions and can stand up to assurance. That means they should link back to your strategy and risk management, and you should be able to explain how each metric is measured — including data sources, methods, and any limits on what’s reasonable to collect.

Auditors turn that into a practical test: clear metric definitions, documented approvals and ownership, and evidence the metrics are actually used in decision-making.

For emissions, the bar is even more hands-on. Auditors will want to see the emissions inventory outputs, the underlying source data (like energy, procurement, travel and supplier inputs), and the checks you’ve done to validate quality.

Two phrases draw the line between “we think” and “we can prove”:

• Data lineage: you can trace reported numbers back to the inputs, with methodology documentation and management sign-off.
• Reasonable and supportable information… without undue cost or effort: if you’re using estimates, you don’t need perfection — but you do need to explain your approach, the limits, and why further detail would be disproportionate.

In short: AASB S2 doesn’t expect perfect data on day one. It expects a defensible method, documented constraints, and a clear plan to improve over time.

6) Basis of preparation: Setting the “ground rules”

A lot of assurance issues come down to scope. The basis of preparation in AASB S2 sets the ground rules – what entity and boundary you’ve reported on, the reporting period, key judgements and estimates, and any omissions or limitations – so readers can see how the disclosures were built and how they connect to the financial statements where relevant.

Auditors will usually ask for the supporting package: a basis of preparation memo, confirmation of the reporting entity and related financial statements, group structure documentation, key judgement papers, and a disclosure completeness check.

Boards often overlook this because it feels procedural. But it’s where you avoid disputes later — especially about boundaries (including the value chain), estimation choices, and why some numbers aren’t disclosed yet.

Board-ready by design means setting these ground rules early, documenting them clearly, and keeping the disclosures consistent with them.

From disclosure to discipline

If there’s a single takeaway, it’s this: under AASB S2, “board-ready” is not a presentation standard. It’s an evidence standard.

The organisations that do best will build governance, risk processes, scenario analysis and financial linkages in a way that produces audit-ready evidence as a by-product of running the business – not as a leading cause of year-end panic.

The organisations that do best will build governance, risk processes, scenario analysis and financial linkages in a way that produces audit-ready evidence as part of normal business – not as a last-minute year-end scramble.

If you want a structured way to test your disclosures against what assurance teams typically look for, Drova’s ASRS Gap: A CFO Disclosure Checklist is built to help companies understand the requirements for first-year, assurance-ready AASB S2 reporting.