When ASIC brings a sustainability claim to Federal Court and walks away with an $11.3 million penalty, the line between climate communication and climate evidence stops being theoretical. Australia’s mandatory Sustainability Reporting Standards (ASRS) put that line on paper, capturing around 7,000 companies directly. Regulator guidance also identifies an “emissions threshold” pathway – under s292A(5) of the Corporations Act, a registered corporation with emissions reporting obligations under the National Greenhouse and Energy Reporting Act must comply regardless of size.
For years, audited financial statements faced evidentiary scrutiny while sustainability disclosures largely operated on goodwill. The Australian Accounting Standards Board’s AASB S2 ends that arrangement. The problem most organisations will confront is not a shortage of climate data but data and narrative built for communications rather than assurance. AASB S2 does not raise the ambition of sustainability reporting – it changes its category. The four pillars the standard tests – governance, strategy, risk management, and metrics and targets – are not headings to populate but pressure points where assurance can expose the difference between claimed and evidenced climate oversight. That gap will determine whether compliance turns out to be substantive or nominal as phased rollout progresses, and it frames the global ISSB-aligned baseline Australia has stepped into.
The Standard That Changed the Rules
AASB S2 does not raise the bar for sustainability communication – it changes the category of obligation altogether. The old, largely voluntary model let organisations choose what to disclose, how to frame it, and what to leave out, with limited consequence beyond reputational noise. Under AASB S2, entities must describe the governance processes, controls and procedures used to monitor, manage and oversee climate-related risks and opportunities, and provide connected information so that data and assumptions used in climate disclosures are consistent with the financial statements.
The Auditing and Assurance Standards Board (AUASB), Australia’s assurance standard-setter, makes the implication operational in ASSA 5000: “In a reasonable assurance engagement, the practitioner may need to consider obtaining evidence about the effectiveness of the entity’s controls.” Climate disclosure now has to sit on an operating system of controls and evidence, not just narrative. For entities already reporting under the National Greenhouse and Energy Reporting framework, that expectation builds on an existing compliance structure rather than arriving from nowhere.
Within that frame, the four AASB S2 pillars of governance, strategy, risk management, and metrics and targets function less as report sections and more as interrogation points. Assurance providers are not grading the prose – they’re testing whether the evidence behind each claim actually exists. That changes what the four pillars demand: not articulate language, but traceable, owned, and internally consistent evidence chains aligned with the financial statements. The hardest of those to build retrospectively is governance, which depends on documented board oversight that cannot be reconstructed after the fact.
The Upstream Problem: Governance and Strategy
The most common governance failure in climate disclosure isn’t ignorance – it’s the absence of evidence. Climate topics reach board agendas in many organisations; what’s missing is the paper trail. AASB S2’s governance pillar requires entities to identify which bodies oversee climate-related risks and opportunities, how frequently they consider them, and how that oversight shapes strategy, risk appetite and major decisions. What assurance providers will look for is not whether a board discussed climate but whether minutes are specific, responsibilities are defined, and accountability chains link board discussion to documented management action.
ASIC’s first greenwashing enforcement action illustrates what happens when sustainability-themed positioning is not backed by enforceable governance and controls. ASIC reported that Mercer admitted making misleading statements about the “sustainable” characteristics of certain investment options, and the Federal Court ordered the company to pay an $11.3 million penalty. The lesson for AASB S2 is structural: without clear ownership, control processes and monitoring behind climate-related assertions, confident narrative claims can turn into measurable legal and assurance exposure.
That exposure is rarely the result of deliberate misrepresentation. More often, organisations make climate assertions in good faith without the underlying governance structures that would substantiate those claims under scrutiny – and that is exactly the gap AASB S2 now makes testable. In practice, closing that gap means treating climate oversight as a board-level governance discipline before disclosure drafting begins. That is the entry point for Monique Chelin, founder of MJC Sustainability and a governance-qualified board director (GAICD) with more than 20 years’ experience advising on ESG risk and sustainability reporting, when organisations ask for help preparing for AASB S2. She typically begins with a structured board workshop that builds shared understanding of what the standard requires and what comparable organisations are doing, then maps those expectations onto existing governance structures and accountability lines, translating disclosure requirements into concrete governance, risk and operational decision-making settings, including decision-useful climate scenario analysis. That distinction – decision-grade climate work embedded in board processes and accountability structures rather than assembled from communications outputs – is precisely what assurance review will surface.
On the strategy pillar, AASB S2 requires entities to use climate-related scenario analysis to assess climate resilience and to disclose information enabling users to understand the effects of climate-related risks and opportunities on strategy and decision-making, including the implications of that resilience assessment for the strategy and business model. The common failure is scenario work that reads plausibly on paper but doesn’t quantify materiality at asset or business-unit level across time horizons, or show clearly how strategies, capital plans or business models change in response.
Both weaknesses share the same structural root: climate risk has not been treated as a decision-grade input to governance and planning, so scenario analysis and narratives are not tied to documented decisions, accountability and follow-through that assurance can test. But diagnosing weak governance and strategy is only part of the picture – even where boards engage seriously with climate, organisations still need to show that individual risks are quantified, owned, and traceable through controls and decision records. That is where risk management and metrics either complete the disclosure or undermine it.
The Evidentiary Chain: Risk Management and Metrics
Listing a risk is not the same as managing it. Many organisations already carry climate change in their risk registers, but as a generic category – a label rather than a quantified exposure. AASB S2’s risk management pillar requires entities to describe how they identify, assess and manage climate-related risks within their broader enterprise risk management framework. Without specifying which assets, operations or counterparties are affected under which scenarios, over what time horizons, and with what estimated financial impact, a risk entry stays a label. It won’t support the kind of decision-useful, assurance-ready disclosure the standard is designed to elicit.
Supervisory findings from outside the climate domain show how blunt that distinction becomes under external review. The U.S. Federal Reserve’s review of Silicon Valley Bank described vulnerabilities that the bank’s board and senior management did not fully appreciate, alongside critical deficiencies in governance and core risk management. The parallel for climate disclosure is direct: listing a risk category is not the same as quantifying it, setting limits, monitoring it and escalating it through documented decisions. External scrutiny exposes that gap without ceremony.
What rigour of that kind looks like in practice – at institutional scale, under direct regulatory pressure – is visible in the work Nigel Williams undertook as Group Chief Risk Officer at Commonwealth Bank of Australia. Following APRA’s Prudential Review, Williams led efforts to strengthen risk management, culture and governance at CBA, building transparent relationships with regulators and government. That work centred on anchoring risk metrics, scenario assumptions and board-level statements in documented controls, clearly defined data ownership and decision records capable of withstanding regulatory and assurance scrutiny. CBA’s organisation-wide AI programme, run as a governed, standardised capability with clear ownership and consistent processes, provides a structural parallel: what separates governed risk from risk-shaped language is the same in both contexts – defined accountability, traceable evidence, and a data architecture built before the reporting deadline arrived. Climate disclosures assembled without that infrastructure – without quantified exposures, defined data ownership and traceable decision records – will not hold under AASB S2’s limited assurance lens, regardless of how well the narrative is written.
The metrics and targets pillar exposes similar weaknesses in many organisations’ emissions data. Scope 1 and 2 figures may rely on shifting organisational boundaries or changing methods, and Scope 3 disclosures can omit categories or rely on partial estimates, often without transparent rationale or documented ownership. What makes that last problem particularly pointed is this: a reduction target is only auditable if the starting line is fixed and documented, which means the entire target architecture depends on governance decisions made before the reporting year, not during it. Climate targets compound the problem further when baselines move or are poorly recorded, because progress is only credible if the starting point, calculation methods and responsibility for the underlying data are stable and clearly assigned.
The evidence architecture AASB S2 assumes cannot be assembled at the reporting deadline – these are not late-stage documentation gaps but the accumulated structural consequence of climate never being embedded in risk governance from the outset.
The False Buffer and the Global Baseline
Phased implementation creates the conditions for a specific kind of institutional miscalculation. Organisations in later cohorts often run a quiet logic: let the first wave absorb the compliance uncertainty, then standardise from what they learn. AASB S2 applied to the largest entities from 1 January 2025, with further cohorts from 1 July 2026 and 1 July 2027 – but those dates don’t behave the way that logic assumes. Large entities already subject to the regime must disclose Scope 3 emissions, which makes their suppliers and value-chain partners immediate sources of data feeding into mandatory reports. Mandatory disclosure obligations travel up the supply chain regardless of whether the business supplying the data is technically in scope – so the commercial pressure tends to arrive before the legal deadline does. A mid-tier business whose emissions information is inconsistently bounded or methodologically opaque creates problems for its customers’ reporting and, increasingly, for its own commercial relationships. Using the lead time to build robust governance architecture offers more protection than using it to refine climate narratives.
AASB S2 is also not an isolated local experiment. It is Australia’s instantiation of the ISSB’s IFRS S2 framework, part of a broader internationally aligned baseline for climate-related reporting. The IFRS Foundation reports that nearly 40 jurisdictions have already taken steps to adopt or otherwise use ISSB Standards. In the United Kingdom, work on UK Sustainability Reporting Standards is explicitly based on IFRS S1 and IFRS S2; the Philippines securities regulator has adopted Philippine Financial Reporting Standards on Sustainability Disclosures (PFRS S1) and Climate-related Disclosures (PFRS S2). The same controls-and-evidence logic embedded in AASB S2 is being written into frameworks across jurisdictions that share the same ISSB foundation.
The European Union’s Omnibus I Directive, adopted in February 2026, is the most prominent counterpoint on scope. It amends the Corporate Sustainability Reporting Directive and the Corporate Sustainability Due Diligence Directive by raising size thresholds, abolishing phased implementation waves, and removing many smaller entities from mandatory coverage from 2027. Those changes narrow the EU population subject to mandatory sustainability reporting but do not relax the evidentiary expectations placed on large companies that remain in scope. For Australian entities subject to AASB S2, the more consequential implication of global ISSB-aligned convergence is not which companies are captured – it is what evidential standard the captured companies must meet. As more jurisdictions anchor their frameworks to the same ISSB baseline, that standard is being reinforced, not softened.
The Diagnostic That Sorts
AASB S2 functions as a diagnostic of existing governance – and diagnostics don’t create what they reveal. Where climate risk has already been treated as a decision-grade input, the evidence chains the standard assumes are largely in place, built for operational and financial decisions rather than assembled for reporting.
For organisations where climate has lived primarily in communications or sustainability teams, the experience will be different. Disclosures can be formatted to address the four pillars, but assurance providers will look through the language to the underlying evidence. If there are no governance records, quantified analyses, controls or data-ownership structures to substantiate the claims, the gap won’t surface as a narrative weakness – it will appear as an assurance finding. The standard isn’t creating that weakness; it’s making it visible.
Earlier sustainability disclosure relied on goodwill while financial reporting faced audit-level scrutiny. AASB S2 does not change the nature of climate risk; it changes the nature of the question being asked about it – from ‘What does the organisation say?’ to ‘What can the organisation prove?’ That shift lands differently depending on where you sit. For communications teams, it reads as a documentation challenge. For boards, it is a governance accountability question – and an assurance finding that the board cannot document its own climate oversight is not something the sustainability team resolves. It belongs on the agenda of the people who signed off on the narrative in the first place.
