How to Run an ESG Materiality Assessment That Holds Up

How to Run an ESG Materiality Assessment That Holds Up

An ESG materiality assessment identifies which environmental, social, and governance issues matter enough to disclose, manage, and report against. Under CSRD, ISSB, and increasingly the SEC and FCA, the assessment is no longer a marketing exercise. It is the foundation of your sustainability statements, and auditors will test it. Get it wrong and you create disclosure risk, restatement risk, and reputational risk simultaneously.

This is a guide to doing it properly.

Decide which type of materiality you are assessing

The first judgement call is the definition. Financial materiality (ISSB, SEC) asks what sustainability matters affect enterprise value. Impact materiality asks what effect the business has on people and planet. Double materiality (CSRD) requires both, assessed separately, then combined.

Most firms get into trouble here by hedging. They run a single workshop, score issues on a generic 2x2, and claim it covers both lenses. It does not. If you are in CSRD scope, you need two distinct analyses with different inputs, different thresholds, and different evidence trails. If you are ISSB-only, say so explicitly and do not pretend to assess impact.

Build the issue universe from external sources, not internal opinion

The worst assessments start with a management workshop listing what the team thinks matters. The best start with a structured scan: SASB standards for your sector, ESRS topical standards, peer disclosures, regulator priorities, NGO reports, litigation trends, and the issues your largest investors and customers are raising in writing.

This gives you an issue universe of typically 25 to 40 topics before any prioritisation. Document the sources. When the auditor asks why climate transition risk made the list and biodiversity did not, you need to point to evidence, not a flipchart.

Engage stakeholders with rigour, not box-ticking

This is where most assessments fail. A survey sent to 200 employees and a handful of customers is not stakeholder engagement. It is internal sentiment.

Good practice means structured engagement with: institutional investors (specifically the stewardship teams at your top 10 holders), regulators, large corporate clients, civil society organisations relevant to your sector, and frontline employees in the businesses where impact is concentrated. For impact materiality, you must engage affected communities, not proxies for them.

Weight the inputs. A written submission from a top-five shareholder carries different evidential weight than a customer satisfaction score. Record who said what, when, and how it influenced the scoring.

Score with defined thresholds, not gut feel

For financial materiality, score each issue on likelihood and magnitude of financial effect over short, medium, and long horizons. Define the thresholds in monetary terms or percentage of operating income. "High" cannot mean "the CFO frowned."

For impact materiality, score on scale, scope, irremediable character, and likelihood. ESRS gives you the criteria. Use them verbatim.

The matrix is the output, not the method. If you cannot show the working behind every dot, the matrix is decorative.

Pressure-test the result before the board sees it

Before presenting, run three challenges. One: does the result match what your largest investors are actually asking about? If not, why not. Two: does it match the risks in your principal risk register and ORSA? Misalignment between ESG materiality and enterprise risk is a red flag auditors look for. Three: would you defend this list publicly against an activist short report? If the answer is no, the threshold is wrong.

What good looks like

A defensible assessment has: a written methodology approved by the audit committee, documented source evidence for every issue considered (including those rejected), a stakeholder engagement log, scoring rubrics with quantitative thresholds, traceability from material issues to disclosed metrics and targets, and a refresh cadence (annually for the matrix, every three years for the full process, immediately on material change).

What goes wrong: assessments run by communications teams without finance and risk involvement, single-lens analysis dressed up as double materiality, stakeholder engagement that is internal only, and matrices that change every year without explanation.

Next decision

Before commissioning or refreshing your assessment, answer one question on paper: who in the organisation owns the output, and which existing process (risk register, strategy review, disclosure controls) will it feed into? If the answer is unclear, fix that first. An assessment with no owner and no destination is the most expensive document you will produce this year.