BRSR Reporting Guide for Auditors: SEBI ESG Requirements Explained [2026]
Environmental, Social, and Governance (ESG) reporting has moved from the periphery of corporate disclosure to its centre — and with it, the auditor's role has expanded into entirely new territory. In India, this shift is anchored by the Business Responsibility and Sustainability Report (BRSR), mandated by the Securities and Exchange Board of India (SEBI) for the top 1000 listed companies by market capitalisation.
For CA firms, BRSR is not just another compliance requirement to observe from a distance. SEBI has progressively introduced assurance requirements on specific BRSR disclosures, creating a direct engagement opportunity — and responsibility — for auditors. The intersection of BRSR with the emerging international standard ISSA 5000 (General Requirements for Sustainability Assurance Engagements) makes this a domain where Indian CA firms must develop competence now, not later.
This article provides a comprehensive guide to BRSR from the auditor's perspective: what it requires, how assurance works, and what CA firms need to do to build a credible ESG assurance practice.
What Is BRSR?
The Business Responsibility and Sustainability Report is SEBI's prescribed format for ESG disclosure by listed companies. It replaced the earlier Business Responsibility Report (BRR) and became mandatory from FY 2022-23 for the top 1000 listed companies by market capitalisation.
BRSR is structured around three sections:
Section A: General Disclosures. Basic company information — products, services, operations, employees, CSR details, transparency and disclosure, and details of the company's engagement with stakeholders.
Section B: Management and Process Disclosures. How the company has adopted the nine principles of responsible business conduct outlined in the National Guidelines on Responsible Business Conduct (NGRBCs). This section covers policy, governance, and process-level disclosures for each principle.
Section C: Principle-wise Performance Disclosures. Detailed performance metrics organised under each of the nine NGRBC principles. This is the substantive core of BRSR — it contains the quantitative and qualitative data that forms the basis for assurance engagements.
The Nine Principles of Responsible Business
BRSR's structure is built on the nine principles of the NGRBCs, which are themselves aligned with international frameworks. Understanding these principles is essential for auditors because each principle maps to specific disclosure requirements and potential assurance scope:
- Principle 1: Businesses should conduct and govern themselves with integrity and in a manner that is ethical, transparent, and accountable.
- Principle 2: Businesses should provide goods and services in a manner that is sustainable and safe.
- Principle 3: Businesses should respect and promote the well-being of all employees, including those in their value chains.
- Principle 4: Businesses should respect the interests of and be responsive to all its stakeholders.
- Principle 5: Businesses should respect and promote human rights.
- Principle 6: Businesses should respect and make efforts to protect and restore the environment.
- Principle 7: Businesses, when engaged in influencing public and regulatory policy, should do so in a manner that is responsible and transparent.
- Principle 8: Businesses should promote inclusive growth and equitable development.
- Principle 9: Businesses should engage with and provide value to their consumers in a responsible manner.
BRSR Core: The Assurance-Ready Framework
Recognising that a full BRSR is extensive and that assurance capacity needs to be built progressively, SEBI introduced the BRSR Core framework — a subset of key performance indicators (KPIs) drawn from the full BRSR that are subject to mandatory assurance.
What BRSR Core Covers
BRSR Core includes KPIs across the following areas:
Environmental indicators:
- Greenhouse gas emissions (Scope 1 and Scope 2)
- Energy consumption and intensity
- Water consumption and water intensity
- Waste generated and waste diverted from disposal
Social indicators:
- Gender diversity (employees and workers)
- Turnover rate for permanent employees and workers
- Median remuneration and wage-related metrics
- Occupational health and safety (LTIFR — Lost Time Injury Frequency Rate)
- Complaints on working conditions and human rights
Governance indicators:
- Input material sourcing (from MSMEs, local suppliers, recycled/reused sources)
- Job creation in smaller towns
- Open-ness of business (concentration of purchases and sales)
Assurance Requirements and Timeline
SEBI's phased approach to BRSR Core assurance has been as follows:
- Top 150 companies by market capitalisation: Required to obtain reasonable assurance on BRSR Core disclosures from FY 2023-24 onwards.
- Top 250 companies: Extension of assurance requirements on a progressive basis.
- Top 1000 companies: The full scope of companies currently filing BRSR, with assurance requirements expanding over time.
The distinction between reasonable assurance and limited assurance matters. Reasonable assurance (the standard for statutory financial audits) requires more extensive procedures and provides a positively worded opinion. Limited assurance requires fewer procedures and provides a negatively worded conclusion. SEBI's requirement for reasonable assurance on BRSR Core for the top 150 companies is a demanding standard — it means the assurance provider must perform procedures sufficient to reduce assurance engagement risk to an acceptably low level, comparable to what is done in a financial statement audit.
The Auditor's Role in BRSR Assurance
Who Can Provide BRSR Assurance?
SEBI's framework allows BRSR Core assurance to be provided by:
- Chartered Accountants or CA firms
- Company Secretaries (for limited scope areas)
- Cost Accountants (for cost and manufacturing-related metrics)
- Qualified ESG assurance providers with relevant credentials
For CA firms, this is a significant market opportunity. The top 150 listed companies alone represent substantial engagement potential, and as the assurance requirement expands to the top 250 and eventually top 1000, the addressable market grows considerably.
Key Competencies Required
BRSR assurance is fundamentally different from financial statement audit in several respects, and CA firms must develop specific competencies:
Subject matter expertise. Auditors must understand environmental metrics (GHG Protocol for emissions calculation, water accounting methodologies), social metrics (LTIFR calculation, workforce classification), and governance indicators. This is domain knowledge that does not come from traditional CA training.
Data verification methodology. ESG data often originates from operational systems (energy meters, HR databases, production records) rather than accounting systems. The auditor must understand how data flows from source to disclosure and design procedures to verify data at each stage.
Estimation and methodology assessment. Many ESG metrics involve estimation and methodological choices. For example, Scope 2 GHG emissions can be calculated using location-based or market-based methods, with materially different results. The auditor must assess whether the methodology selected is appropriate and consistently applied.
Value chain considerations. Several BRSR disclosures extend beyond the reporting entity's own operations into its value chain (suppliers, contractors, downstream impacts). Assuring value chain data presents challenges comparable to — and sometimes exceeding — group audit complexity.
BRSR vs GRI vs TCFD: A Comparison for Auditors
Indian auditors operating in the BRSR space must understand how BRSR relates to the two most prominent global ESG reporting frameworks: the Global Reporting Initiative (GRI) Standards and the Task Force on Climate-related Financial Disclosures (TCFD) recommendations.
| Dimension | BRSR (India) | GRI Standards | TCFD |
|---|---|---|---|
| Scope | Top 1000 listed companies in India | Voluntary, globally applicable | Voluntary, focused on financial sector and listed companies |
| Mandatory/Voluntary | Mandatory (SEBI regulation) | Voluntary (mandatory in some jurisdictions) | Voluntary (adopted by some regulators) |
| Structure | 9 NGRBC Principles | Universal, Sector, and Topic Standards | 4 pillars: Governance, Strategy, Risk Management, Metrics & Targets |
| Environmental focus | GHG emissions, energy, water, waste | Comprehensive environmental topics | Climate-specific: transition risks, physical risks, opportunities |
| Social focus | Employees, value chain workers, communities | Labour, human rights, communities, customers | Limited (through financial impact lens) |
| Governance focus | Ethics, transparency, policy engagement | Governance structure, ethics, anti-corruption | Climate governance specifically |
| Assurance | Mandatory for BRSR Core (top 150+) | Encouraged, not mandated by GRI itself | Not mandated |
| Materiality approach | Prescribed KPIs (BRSR Core) + broader disclosure | Double materiality (impact + financial) | Financial materiality (climate risks to the entity) |
| Value chain | Significant value chain disclosures required | Extensive value chain reporting | Scope 3 emissions (value chain) |
| India-specific elements | MSMEs, local sourcing, smaller towns, CSR | Not India-specific | Not India-specific |
Key Observations for Auditors
BRSR and GRI have significant overlap. Many BRSR disclosures are directly comparable to GRI topic standards. Companies reporting under both frameworks can leverage common data — and auditors can apply similar verification procedures across both.
TCFD is narrower but deeper on climate. BRSR's environmental disclosures cover climate alongside water and waste. TCFD focuses exclusively on climate-related financial risks and opportunities. For companies in carbon-intensive sectors, TCFD-aligned disclosures may require more detailed scenario analysis than BRSR mandates.
BRSR is uniquely Indian in its social metrics. The emphasis on MSME suppliers, local sourcing from smaller towns, and specific Indian regulatory contexts (CSR under Section 135, for example) means that BRSR assurance requires knowledge of Indian business and regulatory realities that international frameworks do not address.
Connection to ISSA 5000: The Global Assurance Standard
The International Auditing and Assurance Standards Board (IAASB) issued ISSA 5000 — the International Standard on Sustainability Assurance 5000 — as a comprehensive, framework-neutral standard for sustainability assurance engagements. This standard is directly relevant to BRSR assurance.
For a detailed analysis of ISSA 5000, see our ISSA 5000 ESG Sustainability Assurance Standard Guide.
Key aspects of ISSA 5000 that intersect with BRSR assurance:
Framework neutrality. ISSA 5000 is designed to work with any sustainability reporting framework, including BRSR. This means the assurance methodology prescribed by ISSA 5000 can be applied directly to BRSR Core engagements.
Scalability. ISSA 5000 provides requirements for both limited assurance and reasonable assurance engagements. Since SEBI requires reasonable assurance for the top 150 companies, practitioners must understand how ISSA 5000's reasonable assurance requirements translate to BRSR Core KPIs.
Practitioner competence. ISSA 5000 requires the practitioner to have competence in the subject matter being assured. For BRSR, this means auditors cannot simply apply financial audit skills — they must demonstrate competence in environmental measurement, social metrics, and governance evaluation.
Use of experts. ISSA 5000 contemplates the use of practitioner's experts — external specialists in areas like environmental science, occupational health, or supply chain assessment. CA firms should consider building panel arrangements with relevant experts to support BRSR assurance engagements.
Practical Steps for CA Firms Starting ESG Assurance
Step 1: Assess Your Firm's Readiness
Before pursuing BRSR assurance engagements, conduct an honest assessment:
- Does your firm have any partners or staff with ESG domain knowledge?
- Do you have established relationships with environmental or social experts?
- Can your existing audit methodology be extended to cover non-financial data verification?
- Does your professional indemnity insurance cover sustainability assurance?
Step 2: Build Subject Matter Expertise
Invest in training — both formal and on-the-job:
- ICAI's Certificate Course on Sustainability Reporting and Assurance
- GRI Professional Certification Program
- In-house study of ISSA 5000 and SEBI's BRSR circulars
- Practical workshops on GHG emissions calculation (GHG Protocol)
- Understanding water accounting (CEO Water Mandate, Water Footprint Network methodologies)
Step 3: Develop BRSR-Specific Audit Procedures
Create a structured methodology for BRSR Core KPIs. For each KPI, define:
- Data source identification: Where does the underlying data originate?
- Calculation methodology assessment: Is the company's methodology appropriate and consistently applied?
- Verification procedures: What tests of details and analytical procedures will you apply?
- Documentation requirements: How will you document your procedures and conclusions?
For example, verifying Scope 1 GHG emissions requires:
- Identifying all emission sources (fuel consumption, process emissions, refrigerant leaks)
- Verifying fuel consumption against purchase invoices and meter readings
- Assessing emission factors used (IPCC, national grid factors)
- Recalculating reported emissions and investigating variances
- Evaluating completeness — are all material sources included?
Step 4: Establish Expert Networks
No CA firm can be expert in every BRSR domain. Build relationships with:
- Environmental consultants (for emissions verification and environmental compliance)
- Occupational health and safety professionals (for LTIFR and safety data)
- Supply chain specialists (for value chain disclosures)
- Social audit professionals (for labour practices in the value chain)
Step 5: Start with Limited Scope, Build Credibility
Consider starting with limited assurance engagements or agreed-upon procedures on specific BRSR components before pursuing full reasonable assurance on BRSR Core. This allows the firm to build competence progressively while managing engagement risk.
Step 6: Leverage Technology
ESG data management is inherently complex — multiple data sources, varied measurement methodologies, and evolving requirements. Technology platforms that centralise data collection, automate calculations, and maintain audit trails are valuable for both the reporting company and the assurance provider. Firms experienced with audit automation for listed companies will find that many of the same data management principles apply to ESG assurance.
Common Pitfalls in BRSR Assurance
Based on early experiences with BRSR assurance in India, several recurring pitfalls deserve attention:
Treating BRSR assurance as a financial audit extension. The procedures, competencies, and professional judgments required are substantially different. Firms that simply "stretch" their financial audit methodology to cover BRSR will produce inadequate work.
Underestimating data quality challenges. ESG data systems are typically less mature than financial accounting systems. Data may be maintained in spreadsheets, operational logs, or manual registers. The auditor must assess not just the data but the systems and processes that produce it.
Ignoring value chain disclosures. BRSR requires significant value chain information. Assuring this data requires procedures that extend beyond the reporting entity — something financial auditors accustomed to single-entity work may not be prepared for.
Insufficient documentation. ESG assurance documentation must explain the auditor's understanding of the subject matter, the procedures performed, the evidence obtained, and the conclusions reached. Generic working papers repurposed from financial audits will not satisfy quality review.
Overlooking the reasonable assurance threshold. For BRSR Core (top 150 companies), SEBI requires reasonable assurance — not limited assurance. The procedures required are substantially more extensive than for limited assurance. Firms must design their engagements accordingly.
The Market Opportunity
The mandatory nature of BRSR — combined with expanding assurance requirements — creates a substantial and growing market for CA firms:
- Top 150 companies: Reasonable assurance on BRSR Core required now
- Top 250 companies: Progressive expansion of assurance requirements
- Top 1000 companies: BRSR filing mandatory; assurance requirements expected to extend
- Voluntary adopters: Companies outside the top 1000 increasingly adopting BRSR voluntarily, often at the request of investors or lending institutions
Additionally, Indian companies with international operations or global investors may seek assurance aligned with GRI, TCFD, or the ISSB standards (IFRS S1 and S2), creating cross-framework assurance opportunities.
Conclusion
BRSR assurance is not a niche specialisation — it is becoming a core component of the audit profession's mandate in India. SEBI's progressive approach ensures that the market will expand, competency requirements will increase, and the standards applied to assurance quality will tighten.
For CA firms, the strategic choice is clear: invest in building ESG assurance competence now, or watch this growing market be captured by competitors who moved earlier. The firms that develop genuine subject matter expertise, build robust methodologies, and invest in the right technology infrastructure will find BRSR assurance to be a significant practice area for years to come.
The convergence of BRSR with international standards like ISSA 5000, combined with India's position as one of the few jurisdictions mandating ESG assurance, means that Indian CA firms have an opportunity to develop world-class ESG assurance capabilities — if they start building now.
Get weekly audit insights
Practical guides on audit automation, SQM1 compliance, and Ind AS procedures — delivered to 2,000+ CA professionals every Friday.
No spam. Unsubscribe any time.
Topics