Insight: Sustainability reporting in the EU and Switzerland : Compari

About the Author and Research Design

Triin Ujok is a sustainability governance researcher whose 2025 thesis constructs a methodologically rigorous cross-border comparison between two of Europe's largest retail groups: Kesko (Finland, subject to mandatory CSRD compliance) and Migros (Switzerland, operating under voluntary GRI alignment). The study analyzes the companies' 2023–2024 sustainability reports using a qualitative comparative approach and applies the Gioia methodology for thematic coding. An in-depth interview was conducted with a member of Kesko's sustainability team; Migros declined to participate. The research focuses on six explanatory dimensions derived from General Disclosures standards—including materiality assessment, governance structures, key sustainability topics, and stakeholder engagement—ensuring cross-framework comparability beyond mere regulatory text analysis.

The choice of retail sector comparators is strategically significant: both companies operate complex, global supply chains with direct consumer-facing obligations, making their sustainability risk management challenges structurally analogous to those of Taiwanese manufacturers and distributors embedded in international value chains.

Core Findings: How Regulatory Architecture Shapes ERM Integration Logic

Finding 1: CSRD Mandatory Framework Converts ESG Risks into Financial Risk Register Items

Under CSRD, Kesko integrates sustainability risks directly into its financial risk management system. Rather than treating ESG disclosures as a parallel reporting exercise, Kesko anchors its sustainability strategy to measurable financial risk metrics—most notably, a 50% emissions reduction target by 2034—and enforces strict supplier audit protocols to ensure human rights compliance throughout its supply chain. This approach aligns precisely with ISO 31000:2018's Clause 5.4, which requires organizations to establish the internal and external context for risk management, with ESG material topics serving as critical external environment inputs. From a COSO ERM perspective, Kesko's model exemplifies Component 2 (Strategy and Objective-Setting), where sustainability risks are formally embedded in strategic planning cycles and linked to quantifiable Key Risk Indicators (KRIs).

Finding 2: GRI Voluntary Framework Produces Siloed Assessment with Aggregation Gaps

Migros adopts a long-term systemic change orientation—targeting net-zero by 2050 and biodiversity protection through certified sourcing—but assesses impacts separately across individual business units. While this long-horizon vision has strategic merit, the decentralized assessment architecture creates structural gaps in group-level risk aggregation. COSO ERM's Portfolio View explicitly requires organizations to manage risk in aggregate at the enterprise level; the inability to consolidate sustainability risk assessments across business units represents a governance blind spot that limits board-level oversight effectiveness. The study also notes that Migros's methodology transparency falls short of emerging international verification standards, a concern directly relevant to the Japanese Financial Services Agency's ongoing push to standardize third-party sustainability assurance—a trend that Taiwanese enterprises should monitor as a leading indicator of regional regulatory direction.

Finding 3: Materiality Assessment Methodology Transparency is the New Governance Standard

The research reveals that both companies exhibit room for improvement in materiality assessment documentation, but the gap is more pronounced in Migros's GRI-based approach. CSRD's double materiality requirement—simultaneously assessing the financial materiality of sustainability risks on the enterprise and the impact materiality of enterprise activities on the external environment—forces Kesko to maintain a more complete methodological audit trail. This finding directly parallels the Taiwan Stock Exchange's guidance on material topic disclosure, which similarly emphasizes process documentation and stakeholder engagement records. As IFRS S1 and IFRS S2 alignment advances in Taiwan, materiality methodology transparency will become a primary criterion for both regulatory review and third-party assurance engagements.

Strategic Implications for Taiwanese Enterprise ERM Practice

Taiwan's enterprises face a strategic inflection point structurally analogous to the Migros position: predominantly GRI-anchored voluntary reporting practices are increasingly insufficient in the face of IFRS S1/S2 convergence timelines and CSRD-driven supply chain expectations from European customers. The Kesko model provides four actionable ERM integration principles:

Principle 1 — Embed ESG risks into the ISO 31000 risk identification process: ISO 31000:2018's integration principle requires risk management to be embedded in all organizational activities and decision-making. Climate risks, supply chain human rights risks, and disclosure compliance risks must enter the formal Risk Register with defined likelihood, impact, and velocity parameters—not remain isolated in CSR department spreadsheets.

Principle 2 — Establish group-level sustainability risk aggregation: COSO ERM's Portfolio View requirement is directly applicable. Taiwanese conglomerates with multiple business units must build consolidation mechanisms that allow group-level sustainability risk assessment, enabling board-level risk oversight with enterprise-wide visibility.

Principle 3 — Use double materiality assessment outputs as KRI design inputs: IFRS S1's financial materiality standard and CSRD's double materiality logic both converge on the same requirement: material sustainability topics must be translated into monitorable KRIs. Taiwanese enterprises should redesign their KRI frameworks to include climate transition risk indicators, supply chain ESG compliance rates, and regulatory change velocity metrics.

Principle 4 — Build internal infrastructure for third-party assurance readiness: The Japan Financial Services Agency's standardization initiative for sustainability assurance is a leading indicator of regional regulatory direction. Taiwanese enterprises should invest now in data collection protocols, internal controls documentation, and assurance-ready reporting systems—not as a compliance reaction, but as a risk mitigation investment against future audit failures.

How Winners Consulting Services Helps Taiwanese Enterprises

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）provides integrated ERM implementation services that bridge ISO 31000 framework design, COSO ERM governance architecture, IFRS S1/S2 materiality assessment, and CSRD supply chain compliance readiness—all within a 7-to-12-month structured implementation timeline.

1. Months 1–3: ERM Gap Diagnosis: Assess existing sustainability reporting and risk management mechanisms against ISO 31000:2018's eight principles and six-step process. Identify integration gaps between ESG materiality assessments and the financial Risk Register. Benchmark against Kesko's CSRD integration model for target-state definition. Reference the original research methodology at: https://core.ac.uk/download/667966118.pdf.
2. Months 4–6: Framework Design and Risk Matrix Rebuild: Redesign the enterprise risk matrix under COSO ERM architecture to incorporate climate risk, supply chain ESG risk, and disclosure compliance risk categories. Develop IFRS S1-aligned financial materiality assessment documentation with full methodology transparency and audit trail. Define ESG-linked KRIs with quantitative thresholds and monitoring frequencies.
3. Months 7–12: System Implementation and Board Governance Activation: Deploy risk monitoring dashboards, conduct cross-functional training for risk management committees and sustainability reporting teams, and establish board-level risk oversight reporting mechanisms that meet COSO ERM's governance requirements. Prepare internal controls documentation for third-party assurance readiness.

Frequently Asked Questions

What is the most actionable lesson from the Kesko vs. Migros comparison for Taiwanese companies designing materiality assessments?

The most actionable lesson is that materiality assessment integration depth determines ERM quality, not just reporting completeness. Kesko's CSRD-driven approach links financial materiality directly to its financial risk management system, using measurable targets—such as a 50% emissions reduction by 2034—as KRI anchors. Migros's business-unit-level approach, while strategically ambitious, lacks group-level risk aggregation. Taiwanese companies should redesign their materiality assessment processes so that identified material topics automatically feed into ISO 31000 risk identification workflows, with methodology documentation sufficient for third-party assurance review under IFRS S1 standards.

What is the most common ESG risk integration failure in ISO 31000 implementations for Taiwanese enterprises?

The most common failure is organizational siloing: ESG reporting is managed by the sustainability or CSR function, while risk management sits with the CFO or CRO, and the two systems never formally intersect. ISO 31000:2018 Clause 5.4 requires that the organization's internal and external context—including ESG material topics—be systematically incorporated into risk management foundation-setting. COSO ERM's Strategy and Objective-Setting component equally requires ESG-related risks and opportunities to enter strategic planning cycles. The structural solution is a cross-functional risk governance committee where the Chief Sustainability Officer and Chief Risk Officer jointly own the materiality assessment process, with shared accountability for ESG KRI performance.

What is a realistic ISO 31000 implementation timeline for a mid-sized Taiwanese manufacturer?

A realistic 12-month timeline for a mid-sized Taiwanese manufacturer (500–2,000 employees) with existing GRI reporting capabilities unfolds in three phases. Phase 1 (months 1–3): Current-state diagnostic against ISO 31000:2018 principles—approximately 60 days if GRI material topic inventories already exist, as these can be directly converted into risk identification inputs. Phase 2 (months 4–6): Risk matrix redesign, KRI definition, and IFRS S1 financial materiality assessment documentation development. Phase 3 (months 7–12): System implementation, cross-functional training, board reporting mechanism activation, and third-party assurance preparation. The critical success factor is executive sponsorship at the board level from day one.

What resources and budget should a Taiwanese company realistically allocate for integrated ERM and sustainability risk implementation?

Resource requirements vary by organizational complexity, but a mid-sized company typically needs 1 to 2 dedicated internal project leads and external consultant support for framework design. Research indicates that enterprises with high sustainability maturity reduce report preparation labor by 30% to 50%—meaning the investment in integrated ERM infrastructure has a quantifiable payback period, typically within 2 to 3 reporting cycles. Beyond efficiency gains, the risk-adjusted value of avoiding IFRS S1 disclosure deficiencies—which can trigger investor confidence loss and regulatory inquiries—substantially exceeds implementation costs. European customer supply chain qualification requirements increasingly include ESG risk management capability assessments, making ISO 31000-aligned ERM a potential revenue-protection investment.

Why should Taiwanese enterprises choose Winners Consulting Services Co. Ltd. for ERM and sustainability risk management?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) offers an integrated advisory capability that simultaneously addresses ISO 31000 framework design, COSO ERM governance architecture, IFRS S1/S2 materiality assessment alignment, and CSRD supply chain compliance readiness—a combination that few consultancies in Taiwan provide under a single engagement structure. Our consultants have deep practical experience with the dual-track problem that afflicts most Taiwanese enterprises: disconnected ESG reporting and ERM systems. We design conversion pathways that leverage existing GRI reporting investments as ISO 31000 inputs, minimizing redundant work. Our 7-to-12-month implementation commitment includes board-level governance activation, cross-functional training, and third-party assurance readiness preparation, providing enterprises with a complete risk governance infrastructure, not just a compliance checklist.

日本語版

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）は、企業リスク管理（ERM）の専門機関として、2025年にarXivで発表された比較研究の核心的洞察を台湾企業に届けます。本論文が明らかにした最重要知見は、強制的な永続報告フレームワーク（EU・CSRD）が企業のESGリスクを財務リスク管理システムに真に統合させる一方、自発的フレームワーク（GRI）はビジネスユニット単位の分散評価にとどまる傾向があるという構造的差異です。IFRS S1/S2との接続とCSRDサプライチェーン圧力が同時進行する現在、台湾企業がISO 31000とCOSO ERMフレームワークへのサステナビリティリスク統合を7〜12ヶ月以内に着手すべき理由が、この比較研究から明確に示されています。