Insight: Readiness assessment for the transition into meeting new req

About the Author and Research

Øystein Tuntland conducted this research within the Norwegian academic ecosystem in 2023, a context that lends particular credibility to the findings. Norway occupies a unique position in global ESG discourse: as home to one of the world's largest sovereign wealth funds and a petroleum sector subject to intense sustainability scrutiny, Norwegian scholars are well-positioned to assess corporate readiness for EU sustainability regulation. By focusing on three oil and gas companies—an industry at the epicenter of European sustainability pressure—Tuntland chose research subjects whose performance represents an upper bound rather than an average. If sector leaders fall short, the challenge for companies with less established reporting histories is proportionally greater.

The research design is methodologically notable: Tuntland derives a readiness assessment model and scoring methodology from supporting academic literature, then applies content analysis to evaluate existing sustainability reports against ESRS requirements. This approach transforms "readiness" from a qualitative impression into a measurable, comparable score. The full paper is publicly available at: https://core.ac.uk/download/588315622.pdf.

Core Findings: A Quantified Readiness Gap with Global Supply Chain Implications

The study's most significant contribution is methodological and empirical in equal measure. By converting ESRS readiness into a scored assessment, Tuntland creates a replicable diagnostic tool that any organization can apply to its own reporting portfolio.

Finding One: Existing Frameworks Create a False Sense of Readiness

All three oil and gas companies studied had established sustainability reporting practices prior to the research, using frameworks such as GRI or TCFD. Despite this experience, Tuntland's scoring model revealed systematic gaps between existing disclosures and ESRS requirements—particularly around double materiality assessment, value chain data collection, and third-party assurance standards. The implication is counterintuitive but clear: years of GRI-compliant reporting does not automatically prepare an organization for ESRS. The structural differences between existing frameworks and ESRS require deliberate, scored gap analysis rather than assumed continuity.

Finding Two: The Scale of CSRD Scope Expansion Demands Proactive Response

The research situates its findings within a striking contextual data point: from 2024, approximately 50,000 organizations will fall within CSRD scope, compared to 11,600 under the previous Non-Financial Reporting Directive (NFRD)—a more than fourfold increase. This expansion, combined with the finding that many organizations lack comprehensive knowledge of sustainability reporting at the required detail level, creates a systemic readiness deficit across European markets. For Taiwanese enterprises, the critical implication is supply chain cascade: as EU-regulated customers scramble to improve their own ESRS readiness, they will increasingly demand higher-quality ESG data from suppliers, regardless of where those suppliers are domiciled.

Finding Three: Strategic Steps Are Required—Readiness Is Not Self-Correcting

Tuntland's main finding is unambiguous: participating companies need to implement further strategic steps to improve readiness for ESRS transition. This conclusion carries methodological weight because it emerges from a scored assessment model rather than qualitative observation. The strategic steps required include improving knowledge depth, enhancing data collection infrastructure, and building governance mechanisms capable of supporting third-party assurance. These requirements map directly onto the ISO 31000 risk management cycle of identification, assessment, treatment, and monitoring.

ERM Implications for Taiwanese Enterprises

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) interprets Tuntland's findings through the dual lens of COSO ERM and ISO 31000 to extract three actionable risk management priorities for Taiwanese enterprises.

Priority One: Formalize ESRS Compliance Risk in the Enterprise Risk Register. ISO 31000 requires organizations to identify all sources of uncertainty that may affect objective achievement. ESRS non-compliance generates at least three categories of risk: EU market access risk, supply chain delisting risk, and increased cost of capital as ESG-linked financing becomes more prevalent. Each of these should appear in the risk matrix with defined KRI thresholds and monitoring frequencies. The COSO ERM framework's "Strategy and Objective-Setting" component explicitly requires that risk appetite and tolerance be defined in relation to strategic objectives—and European market access is a strategic objective for most export-oriented Taiwanese firms.

Priority Two: Embed Double Materiality Assessment into Existing ERM Processes. ESRS's double materiality principle—assessing both the financial impact of external sustainability factors on the enterprise and the enterprise's impact on the external environment—is structurally consistent with COSO ERM's "Risk Assessment" component, which requires evaluation of both internal and external risk factors. Rather than building a separate ESG assessment process, Taiwanese enterprises can extend their existing ERM risk identification workshops to capture double materiality dimensions, reducing duplication and improving integration.

Priority Three: Quantify Readiness Before Reporting Season Arrives. Tuntland's most transferable contribution is the scored readiness model itself. Taiwanese enterprises should conduct a structured gap analysis against ESRS thematic standards before the 2025–2026 reporting cycle, generating a baseline readiness score that can be tracked over time. This score-based approach replaces subjective confidence assessments with board-reportable data, satisfying both ISO 31000's monitoring requirements and directors' duty to oversee material risks.

How Winners Consulting Services Co. Ltd. Supports Taiwanese Enterprises

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) integrates ISO 31000 framework deployment, COSO ERM mechanism design, and ESRS readiness assessment into a unified service offering. Our approach ensures that ESG reporting compliance and enterprise risk management reinforce rather than duplicate each other.

1. ESRS Readiness Quantification: Structured gap analysis against all 12 ESRS thematic standards, producing a scored readiness report and prioritized action plan—directly operationalizing Tuntland's research methodology.
2. ERM×ESG Integration Design: Embedding ESRS compliance risk, supply chain ESG risk, and double materiality findings into the enterprise risk register with defined KRI dashboards, aligned with ISO 31000 and COSO ERM frameworks.
3. Board-Level Risk Governance Capability Building: Designing ESG risk reporting structures for board oversight, supporting third-party assurance readiness and satisfying regulators' expectations for director-level ESG risk supervision.

Frequently Asked Questions

How does Tuntland's readiness assessment model work, and can Taiwanese companies apply it?

Tuntland's model derives scoring criteria from supporting academic research and applies them through content analysis of existing sustainability reports. Each ESRS requirement is evaluated against current disclosure practices, generating a quantified readiness score. Taiwanese companies can apply the same logic by mapping their existing GRI or TCFD disclosures against ESRS thematic requirements across 12 topic standards. The key methodological insight is that readiness must be scored, not assumed. Companies that believe their GRI track record ensures ESRS readiness may be significantly overestimating their compliance position.

What is the difference between CSRD, ESRS, and how do they affect Taiwanese suppliers?

The Corporate Sustainability Reporting Directive (CSRD) is the EU legislative instrument that mandates sustainability reporting; the European Sustainability Reporting Standards (ESRS) are the technical standards specifying what must be disclosed and how. CSRD applies to approximately 50,000 companies directly, but its supply chain data requirements extend ESG disclosure obligations to suppliers regardless of jurisdiction. Taiwanese companies supplying CSRD-regulated European customers may be required to provide value chain ESG data including Scope 3 emissions, labor practices, and governance disclosures—making ESRS familiarity operationally critical even for companies outside the formal CSRD scope.

How does ISO 31000 relate to ESRS compliance risk management?

ISO 31000:2018 provides a principles-based framework for managing any form of organizational risk, including regulatory compliance risk. Its core process—risk identification, analysis, evaluation, treatment, monitoring, and review—applies directly to ESRS compliance risk. Specifically, ISO 31000's requirement to establish context (Clause 5.4) maps to identifying which ESRS standards are applicable; risk identification (Clause 6.3.2) maps to gap analysis; and monitoring and review (Clause 6.6) maps to ongoing readiness score tracking. Integrating ESRS compliance into an ISO 31000-governed risk register ensures it receives the same governance oversight as financial and operational risks.

What is a realistic timeline and resource requirement for ESRS readiness preparation?

Based on Tuntland's research and Winners Consulting Services Co. Ltd.'s implementation experience, a structured ESRS readiness program typically unfolds in three phases: Phase 1 (Months 1–3): readiness gap diagnostic against ESRS thematic standards, producing a scored baseline; Phase 2 (Months 3–6): data collection infrastructure design, double materiality assessment integration, and KRI framework development; Phase 3 (Months 6–12): reporting mechanism implementation, internal control enhancement, and third-party assurance preparation. Cross-functional involvement from sustainability, finance, legal, and procurement is required from Phase 1 onward. Companies with existing GRI or TCFD reporting histories typically reduce Phase 1 duration by 30–40% compared to those starting from zero.

Why engage Winners Consulting Services Co. Ltd. for ERM and ESRS readiness?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) offers cross-domain expertise spanning ISO 31000 framework deployment, COSO ERM mechanism design, and ESRS disclosure architecture—enabling Taiwanese enterprises to avoid the common pitfall of building separate, unconnected risk management and ESG reporting systems. Our scored readiness diagnostic operationalizes academic research like Tuntland's into board-reportable metrics, providing governance transparency that subjective assessments cannot. We support enterprises in achieving ISO 31000-aligned integrated risk management within 7 to 12 months, with ESRS compliance risk formally embedded in the enterprise risk register from the outset.

積穗科研株式会社（Winners Consulting Services Co. Ltd.）— 日本語分析

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）は、2023年にarXivで発表されたØystein Tuntlandによる研究が、台湾企業にとって高度に重要な警告を示していることを発見しました。石油・天然ガス産業のトップ企業でさえ、欧州サステナビリティ報告基準（ESRS）への準備度評価において体系的なギャップが確認され、さらなる戦略的行動が必要であることが示されています。既存のGRIやTCFDの報告実績があっても、ESRSへの準拠準備が整っているとは限らないという定量的な証拠は、台湾企業のサプライチェーンリスク管理において見過ごせない示唆を持ちます。