Building a sustainable path to cleaner ESG data

The SEC’s climate disclosure rules — requiring companies to disclose a significant amount of data in a 10-K — means your company will need robust, auditable ESG data.

In March 2024, the Securities and Exchange Commission (SEC) finalized new rules for climate disclosures that focus on the oversight of climate-related risks, the financial impacts of severe weather events, and Scope 1 and Scope 2 greenhouse gas (GHG) emissions, if material. (The SEC rules do not cover Scope 3 emissions.) The rules also require registrants to obtain independent attestation of any required Scope 1 and Scope 2 emissions.

Companies will need to validate ESG data — from the sources to reporting. Certain aspects of the SEC rules will be phased in over multiple years. But it will be critical for companies to start thinking now about the process for ESG data collection (completeness), data quality (accuracy), data transformation and reporting strategy so they can provide investors, customers, suppliers, auditors and management with reliable ESG data that has been independently audited, using approved procedures.

The SEC’s rules aren’t the only regulations changing the way companies report their ESG information. Last year, the European Union enacted the Corporate Sustainability Reporting Directive (CSRD) and California passed its own set of climate disclosure requirements. There is also an increasing expectation from investors that companies publish the material risks climate change poses to their operations. PwC’s 2023 Global Investor Survey reflected those expectations.

Investors are more likely to trust fully audited ESG reports


of investors believe corporate reporting contains at least some level of unsupported sustainability claims.


of investors think companies’ disclosures of ESG metrics and KPIs should be assured at the same level as financial statement audits (i.e. reasonable assurance).


of investors want assurance practitioners to have expertise in applying professional skepticism in assessing management’s forward-looking estimates and judgments.

Source: PwC’s 2023 Global Investor Survey

An effective ESG reporting strategy starts with quality data sources

Sources of the data, methodology, and estimation techniques, and the processes and controls that may be required for the new disclosures could be significant and originate in parts of the business that have not historically been subject to disclosure controls and procedures or audit procedures.

There are various systems and tools designed to automate and streamline reporting, but the software being used is only as effective as the data entered into the system. Without complete, accurate and reliable ESG data, the software alone will not be sufficient to satisfy SEC requirements or management’s reporting goals. Unreliable reporting can expose your company to financial, regulatory and reputational risks even in the absence of SEC reporting requirements. 

There is no one-size-fits-all approach to effective ESG data collection and reporting.

Company leaders should consider the following steps as they evaluate the best approach for their organization:

  • Understand the requirements and goals of the organization.
  • Determine responsibility and accountability for ESG and sustainability strategies and reporting within the organization.
  • Assess the reliability and availability of required data.
  • Identify and remediate data gaps.
  • Establish a sustainable, repeatable process and internal controls to collect and aggregate data and remediate data quality issues in an efficient and effective manner that facilitates reporting and decision-making.
  • Maintain and store ESG data in accordance with regulatory requirements and company policies.

Building the foundation of high quality ESG data

Strong internal controls for investor-grade ESG reporting

Once companies have selected the metrics they plan to disclose, they need to assess whether their organizations have controls over the information. The best way to do so is to walk through the journey of that metric — starting at the source data and going through its entire life cycle, up to its inclusion in the report. 

The challenge is to balance speed with quality. Many companies already produce sustainability reports annually, but they will have to accelerate their processes to meet 10-K reporting requirements.  

It’s also critical to quickly establish rules for information governance. One model is a tiered approach for different categories of information. Define categories and align around requirements for each, so that there is clarity across the organization on how existing and new metrics will be incorporated into ESG reporting.

Externally reported information should be confirmed as accurate and complete by its owners and reviewed independently before release. Company management, most likely the chief financial officer, will be required to demonstrate to the independent auditor that they have sufficient evidence over the reliability of GHG data and other metrics so the independent auditor can form an opinion related to the new footnote disclosure in the financial statements as well as the GHG attestation report. A large global organization could have an ESG controller with additional team members:

  • Information owners responsible for owning data quality and standards and implementing metric-level process documentation.
  • Disclosure owners who work with information owners to include certified information into ESG disclosures.
  • A validator, who is responsible for providing an independent review over information and ESG disclosures.

How can companies transform their ESG data and reporting?

As company leaders turn to building a methodology for collecting and reporting ESG data, they can take the following steps to help their companies transition to reporting as expected under the proposed SEC disclosure requirements. This will also allow companies to quickly react to changes in global reporting standards.

Determine your company’s reporting framework

In addition to the anticipated guidance from the SEC specific to your company’s expected ESG disclosure, your company should also understand and select any incremental reporting frameworks and metrics that may be meaningful for your business needs, requirements, investor expectations and what existing regulations may require.

Define incremental ESG metrics and goals

Within your company’s voluntary disclosures and management needs, identify climate measures and metrics that are most relevant for the industry and that meet stakeholders’ expectations and incremental company strategy and goals.

ESG data source identification and collection

Once your company identifies the appropriate metrics, it should determine the data sources and perform procedures that will assess the completeness of the information.

A data source inventory should help answer important questions such as: 

  • What data is required? 
  • How will the data be used in reporting? 
  • Where does the data exist and is it reliable? 
  • Where will the data reside over the long term?

If needed, enhance the underlying data being collected and the process infrastructure for collecting it. Remediate potential data gaps identified inclusive of lookback periods as applicable.

Data transformation and quality assessment

Perform quality assessments on relevant data to assess its accuracy, the reliability of the calculations and the effectiveness of reporting. 

Design and execute a data remediation strategy for accuracy concerns that may impact required calculations and reporting.

Calculations and reporting

Using the transformed and cleansed data, your company can calculate and report on the relevant metrics. 

Consider integrating ESG reporting through the enterprise system architecture, processes and internal controls that already exist.

Process and controls considerations during and after adoption

The completeness, accuracy and validity of information and assumptions used during initial data collection and assessment activities should follow a well-defined process and set of controls management can leverage for adoption and future needs.

Design and maintain processes and controls to capture and maintain relevant, complete and accurate data for management to achieve their goals and timely reporting obligations.

Repeating the process

Your company’s ESG data reporting strategy should be dynamic and adapt when global reporting standards are updated. While the proposed SEC requirements today are focused on greenhouse gas protocols, they are subject to change as investor expectations and global regulations evolve. Over time, requirements may include capturing social and diversity dimensions, and more. As regulations change, data needs will also evolve to potentially include vendors, customers, business partners and other groups to effectively gather the data needed to satisfy the regulations and meet the demands of investors. 

Having a foundation and process to capture data will help your company quickly comply with new regulatory requirements and build trust with stakeholders in global markets.

Ready to get started?

Ask these questions when contemplating existing data collection and assessment processes for ESG reporting:

  • What are the known ESG data sources? Have all data sources been identified?
  • How is ESG data captured in your organization today? What processes and internal controls exist? How long does it take to gather the information?
  • How does your company assess its ESG disclosures?
  • How comfortable are you with the reliability of those data sources? Is the data complete and accurate? 
  • What’s your company’s desired future state? How does that compare with your company’s current state? 
  • How prepared is your company to have its ESG reporting audited under limited or reasonable assurance?

Contact us

Neerav Gandhi

Neerav Gandhi

Partner, PwC US

Sammy Lakshmanan

Sammy Lakshmanan

Sustainability Partner, PwC US

Ryan Hamill

Ryan Hamill

Director, PwC US

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.