Insight: The sustainability reporting practice: the scenario of itali

Winners Consulting Services Co., Ltd. has identified a key phenomenon revealed by a study on the sustainability disclosure practices of Italy's top five manufacturing companies: during the regulatory transition from the Non-Financial Reporting Directive (NFRD) to the Corporate Sustainability Reporting Directive (CSRD), the "social pillar" is the most actively disclosed area. However, most companies still have significant gaps in double materiality assessment and third-party assurance mechanisms—a risk signal that requires immediate attention from Taiwan's export-oriented manufacturing industry.

About the Author and This Study

This study was conducted by Italian scholar Francesco Ilardo and published on the arXiv platform in 2024 as a Master's thesis (Laurea Magistrale). Ilardo's research design is rigorous and representative: it targets the top five companies by revenue in each sub-sector of Italy's ATECO code Section C (Manufacturing activities), based on financial statements ending December 31, 2022. The analysis covers core manufacturing fields such as food, textiles, machinery, automotive, and chemicals.

Although presented as an academic paper, the study's rigor lies in its dual-framework comparison: it evaluates corporate disclosure quality against two regulatory generations—EU Directive 2014/95 (NFRD) and Directive 2022/2464 (CSRD)—while also referencing major frameworks like GRI, TCFD, and SASB. This comparative structure gives the findings direct policy and practical relevance, making them particularly noteworthy for Taiwanese companies preparing for the Corporate Sustainability Reporting Directive (CSRD) and its European Sustainability Reporting Standards (ESRS).

Five Core Findings on Sustainability Disclosure in Italian Manufacturing

Ilardo's research spans over 25 manufacturing sub-sectors in Italy, systematically comparing more than a hundred non-financial statements. It reveals the true state of disclosure among EU manufacturers during this regulatory transition, with five findings holding direct implications for Taiwanese companies.

Core Finding 1: Social Pillar Disclosure is Most Mature, with Clear Gaps in Environment and Governance

The study found that among the three pillars of ESG, "Social (S)" issues—including employee health and safety, talent development, and supply chain labor standards—generally exhibited the highest disclosure density and the richest quantitative metrics in the sample companies. In contrast, while the "Environment (E)" pillar had basic disclosures due to NFRD requirements, the completeness of carbon emissions data and the coverage of Scope 3 indirect emissions were still clearly insufficient. The "Governance (G)" pillar showed the greatest variation in disclosure quality, indicating a lower willingness for voluntary disclosure on corporate governance transparency. This finding suggests that the strength of regulatory enforcement, rather than corporate sustainability awareness, directly impacts disclosure quality.

Core Finding 2: The NFRD-to-CSRD Transition Gap is Concentrated in Double Materiality Assessment

One of the study's most cautionary findings is that most sample companies' non-financial statements still adhere to the single "financial materiality" perspective of the NFRD and have not yet fully established the "double materiality" assessment mechanism required by the CSRD. The CSRD's double materiality assessment requires companies to evaluate both the "outside-in" impact of the external environment on the company's finances and the "inside-out" impact of the company on the environment and society. This is precisely the aspect that leading Italian manufacturing companies had generally not fully presented in their 2022 reports. This implies that even large European companies with a history of reporting will face substantial pressure to upgrade after the CSRD is formally implemented.

Core Finding 3: GRI is the Most Prevalent Reporting Framework, but Mixed Use is Common

In terms of reporting framework selection, the Global Reporting Initiative (GRI) Standards were the most widely adopted primary framework among the sample companies, followed by a combination of the Task Force on Climate-related Financial Disclosures (TCFD) and the Sustainable Development Goals (SDGs). However, the study also found that it was common for companies to mix multiple frameworks without systematic integration. The same report might cite GRI, SASB, and TCFD indicators without explaining the correspondence between them, reducing the report's comparability. In light of the CSRD's mandate to adopt the European Sustainability Reporting Standards (ESRS), this phenomenon of "framework mixing" will require fundamental adjustment after the Wave 1 compliance period.

Core Finding 4: SDG Disclosure is Widespread but Lacks Depth, Often Limited to Statements of Correspondence

Nearly all sample companies presented their alignment with the SDGs in their reports. However, the study found that most disclosures were limited to a "statement of correspondence" level, lacking quantitative targets, baseline years, and progress tracking. Specifically, SDG 3 (Good Health and Well-being), SDG 8 (Decent Work and Economic Growth), and SDG 13 (Climate Action) were the most frequently cited goals, but the proportion of associated quantitative KPIs was low. This finding points to a significant ERM issue: sustainability commitments without quantitative tracking are viewed as a "greenwashing" risk by regulators and investors.

Core Finding 5: Third-Party Assurance Rates Remain Low, with a Narrow Scope of Assurance

Regarding the adoption of External Assurance, the study found that while the coverage rate among sample companies was higher than the EU average, "Limited Assurance" was far more common than "Reasonable Assurance." Furthermore, the scope of assurance was often focused on specific indicators rather than the entire report. Considering the move towards standardized assurance required by the CSRD and proposed in a report from Japan's Financial System Council (including mandatory assurance for companies with a market capitalization over 500 billion yen), upgrading the quality of third-party assurance will be a core compliance task for all manufacturing companies in the next three years.

Four Key Implications of the Italian Manufacturing Study for Enterprise Risk Management (ERM) in Taiwan

The Italian case serves as a preview for Taiwan's manufacturing industry. As a key node in the global supply chain, Taiwanese manufacturers face challenges highly similar to those of their Italian counterparts, but with a more urgent timeline. The following four implications directly affect the design of ERM strategies for Taiwanese companies.

First, supply chain compliance pressure has already become a concrete ERM risk event. According to the expansive logic of the European Sustainability Reporting Standards (ESRS), large EU companies subject to the CSRD must disclose sustainability information about their supply chains. This means that ESG data from Taiwanese suppliers will be directly incorporated into their EU clients' compliance reports. If Taiwanese companies fail to provide supply chain data that meets ESRS requirements, they will face the tangible business risk of losing orders, not just regulatory penalties. Within the ISO 31000 framework, this constitutes an "external context risk" that needs to be identified, assessed, and addressed with a response strategy.

Second, double materiality assessment is a priority for upgrading the COSO ERM framework. The biggest gap identified in the Italian study—double materiality assessment—corresponds to two core components in the COSO ERM (2017) framework: "Strategy & Objective-Setting" and "Performance." If a Taiwanese company has not yet integrated double materiality issues into its COSO ERM risk identification process, its risk management framework has a systemic blind spot, rendering it unable to effectively identify the financial impacts arising from unmet sustainability performance targets.

Third, KRI design must include ESG indicators, especially Scope 3 carbon emissions tracking. The study shows that Italian manufacturers are generally weak in disclosing Scope 3 indirect emissions, which is precisely the area where Taiwan's export-oriented companies are most frequently questioned by their EU clients. When designing monitoring and review mechanisms under ISO 31000, Taiwanese companies should prioritize supply chain carbon emissions tracking as a Key Risk Indicator (KRI) and establish a comprehensive carbon footprint tracking system from raw material procurement to product delivery.

Fourth, a third-party assurance strategy must be planned in advance to avoid a last-minute compliance rush. The Italian case shows that even companies with years of reporting experience face significant challenges in upgrading the quality of their assurance. Taiwanese companies should begin evaluating third-party assurance partners between 2025 and 2026 and establish a monitoring mechanism for "reporting quality risk" within their ERM framework to ensure that their annual sustainability reports can pass at least a "Limited Assurance" standard review.

How Winners Consulting Services Helps Taiwanese Manufacturers Build a CSRD-Compliant ERM Framework

Winners Consulting Services Co., Ltd. assists Taiwanese companies in implementing the ISO 31000 and COSO ERM frameworks, establishing risk matrices and Key Risk Indicators (KRIs), and strengthening the board's risk governance capabilities. In response to the core gaps revealed by the Italian manufacturing study, we recommend that Taiwanese companies take the following three concrete actions:

1. Months 1-3: Double Materiality Gap Diagnosis. Benchmark existing non-financial reports against CSRD/ESRS double materiality assessment requirements to identify disclosure gaps. Determine which ESG issues have a material financial impact on the company (outside-in) and which corporate activities have a material impact on the environment and society (inside-out). This step directly corresponds to the "Establishing the External and Internal Context" requirement of ISO 31000 and is a prerequisite for strategy and objective-setting in COSO ERM.
2. Months 4-8: Establish an ESG Risk Matrix and KRI Monitoring System. Translate the results of the double materiality assessment into a structured risk matrix. Set KRIs covering dimensions such as Scope 1, Scope 2, and Scope 3 carbon emissions, supply chain labor standards, and governance transparency. Each KRI must have a baseline value, warning thresholds, and trigger response mechanisms, and be embedded in the board's regular reporting process to ensure the effective operation of risk governance.
3. Months 9-12: Third-Party Assurance Preparation and Report Quality Verification. Use third-party assurance as the final quality acceptance standard. Conduct a mock assurance review in advance to identify weaknesses in data collection and verification processes, and establish an assurance-ready mechanism compliant with standards like ISAE 3000 or AA1000AS. Simultaneously, incorporate reporting quality risk into the ISO 31000 monitoring and review cycle to ensure the continuous improvement of sustainability reporting quality.

常見問題

義大利製造業研究對台灣供應商有什麼直接影響？

直接影響在於：CSRD 適用的歐盟大型製造業客戶從 2025 年起（Wave 1）需揭露供應鏈永續資訊，台灣供應商若無法提供符合 ESRS 標準的 ESG 數據，將面臨被要求更換或降低採購比重的商業風險。義大利研究顯示，即便是歐盟本地製造業龍頭企業在 Scope 3 間接排放與雙重重大性評估上都存在顯著缺口，台灣企業的準備狀態普遍更為薄弱。建議台灣出口導向製造業立即啟動供應鏈 ESG 數據盤點，優先建立 GHG 排放核算（特別是 Scope 3）與供應鏈勞工標準追蹤機制，以符合歐盟客戶的揭露要求。

台灣企業導入 CSRD 雙重重大性評估時最常遇到什麼挑戰？

最常見的挑戰是「框架理解偏差」：許多台灣企業誤將雙重重大性評估等同於傳統的財務重大性評估，僅從「ESG 風險如何影響企業財務」的單一方向進行評估，忽略了 CSRD 要求同步評估「企業活動如何影響環境與社會」的衝擊面向。在 COSO ERM（2017）框架下，這對應到「外部情境分析」的不完整。解決方案是建立雙軌評估流程：第一軌依照 ISO 31000 的風險識別程序，從財務重大性角度識別 ESG 風險；第二軌則從利害關係人角色出發，系統性識別企業活動的正負面衝擊，兩軌結果交叉比對後才能形成完整的 CSRD 合規重大性矩陣。

ISO 31000 在 CSRD 合規框架中的核心角色是什麼？如何導入？

ISO 31000（2018 版）提供了 CSRD 合規所需的風險管理系統性基礎。具體而言，ISO 31000 的「情境建立」步驟對應 CSRD 的雙重重大性評估；「風險識別與評估」步驟對應 ESRS 的重大性議題識別；「風險處理」步驟對應 CSRD 要求的行動計畫揭露；「監測與審查」步驟則對應永續報告的年度更新機制。導入時程建議：前 3 個月完成現況診斷與缺口分析；第 4 至 6 個月完成雙重重大性評估與風險矩陣設計；第 7 至 9 個月建立 KRI 監控體系與數據收集流程；第 10 至 12 個月進行第一輪整合報告試跑與內部審查，全週期 12 個月可完成基礎合規框架建置。

台灣企業導入 CSRD 合規 ERM 框架，成本與效益如何評估？

成本面：對中型製造業（員工 500 至 2,000 人規模）而言，建立符合 CSRD/ISO 31000 要求的 ERM 框架，初期投入通常包含顧問輔導費用、系統建置成本與人員培訓費用，業界估計總投入約在新台幣 200 至 500 萬元之間，視企業複雜度而定。效益面：義大利研究顯示，具備完整永續報告機制的企業在歐盟客戶評估中的評分顯著優於同業，且能避免因合規缺口導致的訂單流失。日本金融審議會的保證標準化建議也顯示，市值 5,000 億日圓以上企業的強制保証將是趨勢，提早準備可降低最後衝刺的合規溢價成本。建議採用「分階段投入」策略，以 12 個月為週期逐步建置，將每年合規成本分散，同時逐步累積報告能力。

為什麼找積穗科研協助企業風險管理（ERM）相關議題？

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）在台灣企業風險管理領域擁有深厚的實務輔導經驗，專注於協助製造業、科技業與金融業建立符合 ISO 31000 與 COSO ERM 框架的系統性風險治理機制。我們的核心優勢在於：第一，跨域整合能力——同時具備 ERM、CSRD/ESRS 合規、ISO 管理系統三個領域的深度專業，能夠將義大利製造業研究等前沿學術洞見直接轉化為台灣企業可執行的行動框架；第二，在地化服務設計——深度理解台灣製造業的供應鏈結構、出口依存特性與董事會治理文化，提供符合實際情境的客製化解決方案；第三，完整的 7 至 12 個月導入支援——從缺口診斷、框架設計、人員培訓到第三方保證準備，提供全週期陪伴式輔導。如需了解更多，歡迎申請免費機制診斷。