ASRS S2 is here: Is your GRC framework built for it?

With the finalisation of the Australian Sustainability Reporting Standards (ASRS), risk professionals will no longer be able to treat sustainability reporting as an isolated compliance function.

• ASRS S2 (Climate-Related Disclosures) is mandatory, requiring organisations to disclose their climate risks, transition plans, and emissions reporting.

• ASRS S1 (General Sustainability Disclosures) is voluntary, but it provides a structured framework for companies to disclose broader sustainability risks and opportunities beyond climate.

From reporting to resilience: What ASRS S2 means for your risk strategy

The Australian business landscape is undergoing a major risk transformation. Starting January 2025, large companies will be required to disclose climate-related financial information under the mandatory AASB S2 standard. 

If your organisation falls within the scope of mandatory climate-related disclosures, you must be ready to report, disclose, and integrate sustainability risks into your corporate governance structure.

But here’s what many risk professionals don’t realise: ASRS S2 compliance isn’t just about filling out reports—it’s about embedding sustainability into your Governance, Risk, and Compliance (GRC) framework.

If your company treats ASRS S2 as a standalone compliance task, you’re opening yourself up to reporting failures, legal risks, and missed strategic opportunities. The real key to getting this right isn’t just about following the new disclosure rules. It’s about ensuring that sustainability risks are properly managed within your business, and leveraging the opportunity to gain deeper insights into your risks, opportunities, and strategy.

Not just a reporting requirement: Sustainability is now a core business risk 

ASRS S2 requires companies to disclose climate-related risks, scenario analyses, and financial exposures. It demands more than just high-level commitments—it expects auditable, structured data that regulators, investors, and insurers will scrutinise.

That means sustainability risks can no longer sit in a silo. For full visibility, they must be integrated into your company’s existing risk and governance structures.

Companies that build sustainability into their GRC frameworks will not only meet compliance deadlines—but will also de-risk their business and gain investor confidence.

How? Start with four business fundamentals that every major sustainability standard is built on.

The four pillars of ASRS compliance – and why they matter to risk professionals

1. Governance: Accountability starts at the top

   
   

Under ASRS S2, companies must prove that climate-related risks are being actively managed at the Board and executive levels.

This isn’t just a formality—ASIC and financial regulators expect companies to provide clear oversight structures, roles, and decision-making processes for climate-related risks.

Ask yourself:

• Does your Board have the right sustainability expertise?

• Are climate risks reviewed at the same level as financial risks?

• Is there a governance structure to ensure data integrity in ASRS reporting?

  
  

Without clear governance, your ASRS S2 disclosures will lack credibility—and you risk scrutiny from investors, regulators, and financial markets.

2. Strategy: The financial impact of climate risks is now a boardroom issue

   
   

Sustainability isn’t just about risk mitigation—it’s about financial resilience.

Under ASRS S2, companies must disclose the financial impact of climate risks using scenario analysis to model risks under both a 1.5°C and a 2.5°C+ warming scenario.

For risk & compliance professionals, this means:

• Identifying how climate-related risks could affect financial statements, supply chains, and long-term business models.

• Proactively developing transition strategies to manage regulatory changes and market shifts.

  
  

Companies that integrate sustainability risks into business strategy now will be far ahead of the curve—while those that don’t will be forced to react under pressure.  

3. Risk management: Sustainability must be embedded in ERM

   
   

Climate risk is now enterprise risk. ASRS S2 mandates that companies identify, assess, and manage climate-related risks—but here’s where most companies go wrong,

Many organisations treat sustainability risks as a separate category, disconnected from core risk frameworks. This is a mistake. If sustainability risks aren’t properly embedded in Enterprise Risk Management (ERM), your organisation is exposed.

Regulators, insurers, and investors want to see that sustainability risks are managed with the same rigor as financial and operational risks.

Ask yourself:

• Are climate risks integrated into your risk register and control processes?

• Does your organisation have a clear framework for mitigating and reporting these risks?

• Is your compliance function aligned with sustainability reporting?

  
  

Failure to align sustainability risks with traditional risk management will lead to compliance failures and operational blind spots.

Integrating sustainability risks isn't just about meeting requirements, there are benefits too. Risk professionals already identify and monitor critical business processes, and those who support them (supply chains), including testing these for resilience. Identifying the impact of climate risks requires these details, avoiding duplication and misalignment.

4. Metrics & targets: Hard data now a requirement

   
   

Under ASRS S2, companies must provide quantifiable, auditable climate-related financial disclosures.

This includes:

• Greenhouse Gas (GHG) emissions: Scope 1 and 2 (Scope 3 to be phased in later).

• Capital allocation: How much investment is directed toward climate risk mitigation?

• Physical and transition risks: How exposed is your company’s balance sheet to climate events?

  
  

Beyond reporting, it’s about proving that your sustainability strategy is real, measurable, and financially sound.

Companies that fail to provide reliable, auditable data will face investor skepticism, reputational damage, and potential regulatory action.

ERMs already track KPIs related to financial and operational risks. ASRS data must form part of these measures, providing a solution to tracking performance to target benchmarks and related controls. 

Voluntary but vital: Why ASRS S1 is your secret weapon for long-term compliance

ASRS S2 might be the mandatory standard—but ASRS S1 (General Sustainability Disclosures) is the real risk blind spot.

Why? ASRS S1 helps companies build a robust and real sustainability risk framework, allowing companies to ‘stand back’ and assess the business for all material risks and opportunities - which wont be just just climate - ensuring that compliance with ASRS S2 is seamless, rather than reactive.

Companies that adopt ASRS S1 voluntarily will:

• Strengthen governance structures for sustainability risk oversight.

• Enhance transparency and investor confidence by disclosing material ESG factors.

• Prepare for future regulatory changes, as sustainability reporting is expected to expand.

• Showcase how they are already embedding sustainability practices outside of climate (diversity, community initiatives, data security, risk management, etc.)

  
  

ASRS S1 may not be mandatory—yet—but companies that implement it now will have a significant advantage when sustainability regulations inevitably tighten, including the ability to build long-term resilience and value creation.

How ready is your GRC framework for ASRS compliance?

ASRS S2 is mandatory, and risk professionals must take ownership of integrating sustainability into governance, risk, and compliance frameworks. If you aren’t yet preparing to align with ASRS S1, you are missing a significant strategic opportunity.

Ready to master the new AASB reporting requirements and future-proof your risk strategy? Learn more about how Drova’s sustainability solutions can help.