Insight: Navigating sustainability : an analysis of corporate sustain

About the Author and Research

Winnie Akoth Oginga's 2024 study represents a rigorous mixed-method investigation into how corporations deploy sustainability reporting to establish and maintain legitimacy. The research analyzes sustainability reports from three Swedish companies across diverse sectors, combining document analysis with qualitative interviews of industry experts. The theoretical anchor is Legitimacy Theory—the premise that corporate sustainability reports function not merely as information disclosure vehicles, but as institutional mechanisms through which companies negotiate their social license to operate.

The choice of Swedish companies is methodologically significant: Sweden represents one of the most mature sustainability reporting environments globally, meaning the structural gaps identified in this study cannot be attributed to underdeveloped reporting culture. They reflect systemic challenges inherent to the practice itself, making the findings broadly applicable to Taiwanese companies navigating CSRD compliance requirements.

Three Structural Gaps That Define the State of Sustainability Reporting

The study's most actionable contribution is its systematic identification of what remains underreported in corporate sustainability disclosures—moving beyond the well-documented standardization critique to pinpoint specific, addressable gaps.

Finding One: Materiality Selection Is Distorted by Legitimacy Management Motives

Companies exhibit a consistent pattern of selecting materiality topics that favor positive, quantifiable metrics while systematically avoiding complex or unflattering disclosures. This means the materiality assessment process itself—the foundational step of any ESRS-compliant report—is contaminated by impression management incentives. For Taiwanese exporters subject to CSRD requirements, this finding signals a critical governance risk: if the materiality identification process lacks independence and auditability, the entire reporting structure rests on an unreliable foundation. Under ESRS double materiality requirements, this bias constitutes a direct compliance violation.

Finding Two: Supply Chain Disclosures Contain Systematic Data Gaps

Across all three analyzed companies, value chain disclosures were consistently incomplete. The study identifies two primary drivers: the genuine complexity of sustainable product development tracking, and the absence of standardized data collection mechanisms for upstream supplier performance. For Taiwan's manufacturing and export-oriented enterprises, this maps directly onto Scope 3 emission risk and supplier compliance risk—precisely the areas that EU buyers and CSRD regulators scrutinize most intensively. The gap between what companies report and what their supply chains actually generate represents an unmanaged KRI blind spot.

Finding Three: Regulatory Influence on Reporting Decisions Is Systematically Undisclosed

None of the analyzed companies clearly disclosed how regulatory requirements shaped their disclosure decisions. This transparency deficit prevents stakeholders from distinguishing voluntary disclosure from compliance-driven reporting—a distinction that significantly affects the information's decision utility. The study frames CSRD's introduction as a direct institutional response to this accountability gap, requiring companies to make their reporting rationale, not just their reporting content, transparent and verifiable.

ERM Implications for Taiwanese Companies: Three Actionable Dimensions

The core ERM implication of this research is straightforward: sustainability reporting gaps are risk management gaps. They cannot be resolved by improving report design alone. They require systematic intervention through ISO 31000's risk identification and assessment processes and COSO ERM's governance architecture.

Dimension One: Materiality Assessment Must Be Integrated into ISO 31000 Risk Identification
ISO 31000 Section 6.4.2 requires organizations to establish systematic risk identification processes with documented rationale. The materiality bias identified in this study is a symptom of this process lacking independence. Taiwanese companies should formally integrate ESRS double materiality assessment into their ISO 31000 risk identification workflow, establishing cross-functional materiality committees with documented decision trails that can withstand third-party assurance review.

Dimension Two: Supply Chain Risk Requires a Structured KRI Framework
Under the COSO ERM framework's "Risk Response" component, unmonitored supply chain ESG performance represents an accepted risk with undefined tolerance—a governance failure. Taiwanese companies should build a three-dimensional KRI system covering Scope 3 emission intensity, supplier labor compliance rate, and ESG data completeness ratio, with defined red/yellow/green thresholds and automated escalation triggers. Target: achieve 70% or higher Scope 3 data coverage within 8 months of implementation.

Dimension Three: Regulatory Risk Must Reach Board-Level Governance
The undisclosed regulatory influence identified in the study reflects organizations' insufficient regulatory risk identification and governance capacity. As CSRD, ESRS, and associated regulations evolve rapidly through 2025 and beyond, Taiwanese boards should establish quarterly regulatory environment scanning reports, systematically incorporating regulatory compliance risk into the enterprise risk register and risk matrix update cycle.

How Winners Consulting Helps Taiwanese Companies Bridge These Gaps

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) provides integrated ISO 31000 and COSO ERM implementation services specifically designed to address the structural gaps identified in research such as Oginga's 2024 study. Our approach translates academic findings into executable governance frameworks with measurable outcomes.

1. Months 1–3: Materiality Process Audit and Redesign—Audit existing materiality assessment processes against ESRS double materiality requirements; establish cross-departmental materiality committees with documented independence protocols; align assessment outputs with ISO 31000 Section 6.4.2 risk identification requirements.
2. Months 4–8: Supply Chain KRI System Implementation—Design a supplier risk matrix covering the top 20 suppliers; implement three-dimensional KRI monitoring (Scope 3 intensity, labor compliance, data completeness); establish automated data collection workflows targeting 70%+ Scope 3 coverage by month 8.
3. Months 9–12: Board-Level Regulatory Risk Governance—Establish quarterly regulatory scanning reports covering CSRD, ESRS, and key export market requirements; integrate regulatory compliance risk scoring into the enterprise risk register; present regulatory risk heat maps at annual board reviews in accordance with COSO ERM governance requirements.

Frequently Asked Questions

What are the most auditable defects in Taiwanese companies' materiality assessment processes?

The three most auditable defects are: (1) Process independence failure—materiality determined solely by the ESG department without financial or legal department cross-validation; (2) Scope bias—overweighting positive, quantifiable metrics while systematically excluding complex areas like Scope 3 emissions; (3) Incomplete decision records—inability to reconstruct why specific topics were excluded from the materiality matrix. Under ESRS double materiality requirements, all three defects constitute compliance gaps. Companies should conduct an annual materiality process audit and maintain complete decision documentation for third-party assurance review.

What ESG compliance challenges do Taiwanese companies most commonly encounter when implementing ISO 31000?

The most common challenge is integration failure between risk language and sustainability language. ISO 31000 Section 6.3 requires organizations to establish risk criteria, but most Taiwanese companies maintain separate ESG metric systems and risk thresholds with no unified evaluation scale. COSO ERM's "Event Identification" component is rarely deployed to systematically identify climate transition risks or regulatory compliance risks. Specific pain points include inconsistent supplier ESG data collection standards (coverage typically below 50%), non-standardized Scope 3 calculation methodologies, and absence of governance mechanisms linking the risk matrix to ESG performance targets.

What are ISO 31000's core requirements and how should Taiwanese companies phase implementation?

ISO 31000 structures risk management across three levels: principles, framework, and process. For implementation, Winners recommends a three-phase approach: Phase 1 (months 1–3)—complete a current-state diagnostic against ISO 31000 Section 5 framework requirements, establish risk management policy and authorization matrix; Phase 2 (months 4–8)—build the full risk assessment process covering risk identification (Section 6.4.2), risk analysis (Section 6.4.3), and risk evaluation (Section 6.4.4), design risk matrix and KRI system; Phase 3 (months 9–12)—integrate COSO ERM framework, strengthen board-level risk governance reporting. Independent external verification is recommended throughout.

What resources and investment are required for CSRD-compliant sustainability reporting risk management?

Based on Winners Consulting's implementation experience, medium-sized Taiwanese companies (revenue NT$5–30 billion) typically require 12–18 months and cross-departmental project resources, including 1–2 dedicated internal ESG risk specialists and external consulting fees. Expected benefits include: 40–60% reduction in third-party assurance correction items in year one, supplier data coverage rising to 70%+, and significantly reduced regulatory penalty risk from incomplete disclosure. Improved ESG ratings can lower financing costs, with some companies qualifying for green finance instruments at preferential rates—providing quantifiable financial return on the governance investment.

Why choose Winners Consulting for Enterprise Risk Management (ERM) support?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) offers integrated expertise spanning ISO 31000, COSO ERM, and ESG compliance—a combination rarely available from either pure ESG consultancies or traditional risk management firms. Our consulting team holds internationally recognized certifications and serves clients across manufacturing, financial services, and technology sectors. We design custom 7–12 month implementation roadmaps based on each company's scale, industry profile, and export market requirements. Our particular strength lies in CSRD compliance risk management and supply chain KRI design—providing full-cycle support from diagnostic through design to verification. The free ERM diagnostic gives companies a clear picture of current gaps and priority actions before committing to full implementation.

日本語版

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）は、2024年にarXivで発表されたWinnie Akoth Ogingaによる企業永続可能性報告研究を検証した結果、重大性評価の偏向・サプライチェーン開示の欠如・規制影響の低開示という三つの構造的ギャップが、ISO 31000およびCOSO ERMフレームワークによる体系的対応を必要とする測定可能なリスク管理上の課題であることを確認した。