Exploring the Risks and Opportunities of Information Technology in Environmental, Social and Governance Reporting

The introduction of the Corporate Sustainability Directive (CSRD) significantly expands ESG reporting requirements for organizations in the EU. As a result, companies face growing pressurde to ensure that ESG data is accurate, complete, and reliable. This study explores how data gathering technologies (specifically ERP systems and IoT devices) support or hinder these goals, and how they are assessed in ESG assurance practices. Using a qualitative design and the Gioia methodology, fifteen interviews were condcuted with ESG and IT audit professionals. Findings show that while ERP systems offer potential for standardized ESG reporting, these systems are often not yet consistently or fully implemented. IoT technologies are rarely applied, except in emission-intensive sectors. Key risks include manual data handling, lack of integration, and weak internal controls. Assurance remains limited, with minimal involvement of IT auditors, due in part to the CSRD’s emphasis on limited assurance. The study concludes that realizing IT’s potential in ESG reporting requires regulatory clarity, organizational maturity, and stronger IT-audit integration.