2023/2772, various EFRAG guidance documents, and reports related to CSRD, ESRS, stakeholder
engagement, double materiality, external assurance, and digital reporting Study guide Reference at
the end of each question
Under the ESRS framework, effective internal controls for assurance purposes must meet key
characteristics to ensure reliability, traceability, and auditability.
Correct Options Explained:
(A) Documentation & Implementation: Internal controls must be formally documented,
implemented as per the designated schedule, and consistently applied.
(C) Testability by External Assurance Providers: Assurance providers must be able to verify the
controls, test their effectiveness, and ensure compliance with CSRD assurance requirements.
Incorrect Options Explained:
(B) Same Staff Performing & Assuring the Control: A fundamental principle of internal control is the
separation of duties to avoid conflicts of interest. The control must be performed by one team and
assured independently.
(D) No Need for Documentation: Proper documentation is mandatory for internal controls to enable
traceability, testing, and regulatory compliance.
ESRS Reference:
Commission Delegated Regulation (EU) 2023/2772, GOV-5: Risk management and internal controls
over sustainability reporting, highlighting the necessity of internal control mechanisms.
EFRAG Assurance Guidelines: Stipulating that documented controls must be verifiable and tested for
external assurance.
