What does a defensible ASRS climate risk assessment actually involve?

This guide is drawn from over 100 conversations with ASRS reporting businesses and 40+ live ASRS engagements. It sets out what a credible year one climate risk assessment really involves, the misconceptions that cost time, and the decision every leadership team faces. Free to download.

CFOsFinance DirectorsSustainability ManagersRisk & ComplianceBoard Members
FREE DOWNLOAD

Get the ebook

AASB Australia's Mandatory Climate Reporting

Trusted by Mandatory Reporters

“Trace’s AI capabilities have significantly streamlined our data collection and validation processes, reducing manual effort and giving us greater confidence .”

Name

CFO, Allied credit

“Trace’s AI capabilities have significantly streamlined our data collection and validation processes, reducing manual effort and giving us greater confidence .”

CFO, Allied credit

“We’ve worked with Trace for over 4 years and they’ve always given us confidence that our carbon data is accurate, audit-ready and aligned with evolving reporting standards.”

CEO, EnVATO

" Starting early [with the Trace platform] meant we avoided the scramble - saving time, money, and a lot of stress"

HEAD OF ESG, PADDY PALLIN

See Whats Inside

Five sections covering what a defensible climate risk assessment actually involves.

The guide moves from what audit-ready means in practice, through the work below the surface of the published disclosure, to the decision of whether to go in-house or seek support.

What "audit-ready" looks like

ASRS does not reward perfection in year one, it rewards a position you can defend. This section sets out the six markers of a credible first assessment, from defensibility under audit to proportionate scope to delivery before assurance begins. Understanding these markers early keeps effort aligned with what the standard actually requires.

What sits below the waterline

The published climate risk disclosure is often just a few pages in the annual report. Behind it sits a 50 to 70 page report, a multi-tab risk register, scenario narratives for 1.5 degrees C and 3 degrees C, and a complete audit trail. This section maps exactly what that submerged work involves so you can plan for it.

Three myths that cost you time

Most teams arrive at a climate risk assessment with at least one assumption that adds cost or wasted effort. This section unpacks the three most common: whether ASRS requires full financial modelling, whether the full assessment repeats each year, and whether a longer risk register signals more rigour.

What "material" means, and whether to go in-house

ASRS sets no fixed numerical threshold for materiality. This section explains how the test works in practice and how most organisations anchor it to their existing risk appetite. It also sets out the honest trade-offs between internal delivery and supported delivery, including the most expensive outcome to avoid.

Key Findings

Four things that surprise most teams preparing their first ASRS climate risk assessment.

These insights come up repeatedly across 100+ conversations with Australian mandatory reporters. None of them appear clearly in the standard guidance.

The workshop is the end point, not the start

Most teams picture the stakeholder workshop as the beginning of the climate risk process. In practice, it comes after scenario narratives are drafted, the risk long list is built, and initial rankings are prepared across time horizons. Starting without this foundation leads to an inconclusive workshop and a rework cycle that delays assurance.

ASRS does not require complex financial modelling

AASB S2 requires three exposure outputs: physical risk, transition risk, and opportunities. In early reporting years, these can be met with high-level, well-evidenced calculations, not complex dollar-impact models. Teams that build detailed financial models in year one often spend significant time on work that exceeds what the standard mandates.

More risks listed does not mean more rigour

Over-granular risk registers bury the risks that matter and complicate the materiality assessment. What ASRS requires is a complete long list as evidence of full consideration, alongside a consolidated set of decision-useful identified risks. The skill is in the consolidation, not the volume, and absence of a documented long list is a common assurer flag.

The risks you do not disclose still count

ASRS sets no fixed numerical threshold for materiality. A complete long list is what shows an assurer you considered the full picture. Completeness of consideration is itself evidence. What were called material risks under TCFD are now framed as identified risks under ASRS, but the audit expectation and what must be retained is the same.

Who This Is For

Written for the people
making ASRS decisions

This ebook is written at CFO grade, with enough detail to be genuinely useful to sustainability leads and risk teams. Not a primer. Not a sales deck.

CFOs & Finance Directors

Responsible for signing off on the disclosure. Needs to understand what auditors will scrutinise in year two, and where the financial integration gaps are in first-round disclosures.

Sustainability Managers & ESG Leads

Building the disclosure internally. Needs to understand what peers are doing on Scope 3, scenario analysis and materiality so the internal benchmark is calibrated correctly.

Risk & Compliance Teams

Needs to understand where governance documentation is falling short in first-round disclosures and what auditors are already flagging as areas for year-two improvement.

Board Members & Audit Committee

Accountable for climate risk oversight under AASB S2. Needs a clear picture of what comparable entities are disclosing and what the governance standard looks like in practice.

This ebook is particularly relevant if:

Your entity is likely to fall under ASRS Group 1, 2 or 3 (or you're not yet sure which group applies)

Your board or audit committee has asked about climate disclosure obligations for the first time

You're preparing a Group 2 first disclosure and want to learn from what Group 1 entities got right and wrong

You need to brief internal stakeholders on what AASB S2 actually requires versus what others are choosing to include

What Comes Next

From ebook to
compliant disclosure.

01

Download the ebook

Understand what first reporters did. Where they focused, where they struggled, and what auditors are already signalling for year two.

Get it now

02

Run your readiness assessment

Trace maps your current data, governance and reporting position against ASRS requirements. You get a clear picture of where you are and a prioritised gap list.

See how it works

03

Build your compliance roadmap

Trace turns your readiness assessment into a sequenced plan: what to do now, what to prepare for year two, and how to keep your board and audit committee informed throughout.

Book a call with our team

Questions we hear most from ASRS teams

These are the questions Traces team hears most often from CFOs and sustainability leads starting their ASRS journey. The full ebook answers all of them in depth.

What does a defensible AASB S2 climate risk assessment actually involve?
A defensible AASB S2 climate risk assessment involves far more than the published disclosure suggests. The climate risk section of an annual report is typically a few pages, but behind it sits a 50 to 70 page background report, a multi-tab risk register, scenario narratives for a 1.5 degree C and an approximately 3 degree C world, risk rankings across short, medium and long time horizons, materiality tested against the entity's risk appetite, resilience assessed risk by risk, and a complete audit trail. The stakeholder workshop typically comes at the end of this process, not the beginning.
Does AASB S2 require full financial modelling of climate risks?
No. AASB S2 requires three exposure outputs: physical risk, transition risk, and opportunities. In early reporting years, these can be met with high-level, well-evidenced calculations rather than complex dollar-impact models. The standard rewards a position you can defend, not modelling precision. Most Group 1 and Group 2 entities use qualitative and semi-quantitative methods in their first assessment, supported by referenced external data such as the NGFS Climate Impact Explorer, and build more quantitative approaches in subsequent years as their methodology matures.
How does climate risk materiality work under AASB S2?
AASB S2 sets no fixed numerical threshold for climate risk materiality. The test is whether information could reasonably be expected to influence the decisions of primary users of your reports. In practice, most organisations anchor this to their existing enterprise risk appetite statement and apply qualitative judgement where a risk sits near the threshold. Under ASRS, what were previously called material risks are now framed as identified risks, which are the subset disclosed in the annual report. The full long list of risks considered must be retained as evidence, even for risks that fall below the disclosure threshold.
Do we need to redo the full climate risk assessment every year?
No. A full reassessment is generally only required in line with your strategic planning cycle, or when something material changes in the business or operating environment. What AASB S2 requires each year is a resilience review and a check that your underlying assumptions still hold. A well-documented year one assessment is an investment: subsequent years involve updating rather than rebuilding. The cost of a poorly structured first assessment is felt most sharply in year two, when teams must reconstruct rationale they cannot locate or evidence to an assurer.
Should we complete our AASB S2 climate risk assessment in-house or with external support?
Most teams find that parts of a climate risk assessment are manageable internally, and parts genuinely benefit from external support. Internal delivery works well when there is bandwidth before assurance, access to relevant external climate datasets, capability to translate risks into structured financial impact language, and access to key internal stakeholders. Supported delivery is worth considering when time is tight, auditor expectations are high, supporting data is limited, or an independent view would help challenge assumptions. The most expensive outcome is completing an assessment internally and then redoing it under time pressure when an assurer pushes back.
What is the difference between a climate risk assessment and a climate risk disclosure under ASRS?
The climate risk disclosure is what appears in the annual report: a summary of identified risks, how they are managed, and their potential financial impact. The climate risk assessment is the structured analytical process that produces that disclosure. It includes business context review, scenario development, a full long list of risks and opportunities, ranking across scenarios and time horizons, materiality testing, resilience assessment, and an audit trail of assumptions and rationale. The disclosure is typically a few pages. The assessment behind it is typically a 50 to 70 page report plus a multi-tab risk register.

Want deeper answers? The ebook has entity benchmarks, worked examples and expert commentary.

Download the full ebook

Questions we hear most from ASRS teams

These are the questions Traces team hears most often from CFOs and sustainability leads starting their ASRS journey. The full ebook answers all of them in depth.

What does a defensible AASB S2 climate risk assessment actually involve?
A defensible AASB S2 climate risk assessment involves far more than the published disclosure suggests. The climate risk section of an annual report is typically a few pages, but behind it sits a 50 to 70 page background report, a multi-tab risk register, scenario narratives for a 1.5 degree C and an approximately 3 degree C world, risk rankings across short, medium and long time horizons, materiality tested against the entity's risk appetite, resilience assessed risk by risk, and a complete audit trail. The stakeholder workshop typically comes at the end of this process, not the beginning.
Does AASB S2 require full financial modelling of climate risks?
No. AASB S2 requires three exposure outputs: physical risk, transition risk, and opportunities. In early reporting years, these can be met with high-level, well-evidenced calculations rather than complex dollar-impact models. The standard rewards a position you can defend, not modelling precision. Most Group 1 and Group 2 entities use qualitative and semi-quantitative methods in their first assessment, supported by referenced external data such as the NGFS Climate Impact Explorer, and build more quantitative approaches in subsequent years as their methodology matures.
How does climate risk materiality work under AASB S2?
AASB S2 sets no fixed numerical threshold for climate risk materiality. The test is whether information could reasonably be expected to influence the decisions of primary users of your reports. In practice, most organisations anchor this to their existing enterprise risk appetite statement and apply qualitative judgement where a risk sits near the threshold. Under ASRS, what were previously called material risks are now framed as identified risks, which are the subset disclosed in the annual report. The full long list of risks considered must be retained as evidence, even for risks that fall below the disclosure threshold.
Do we need to redo the full climate risk assessment every year?
No. A full reassessment is generally only required in line with your strategic planning cycle, or when something material changes in the business or operating environment. What AASB S2 requires each year is a resilience review and a check that your underlying assumptions still hold. A well-documented year one assessment is an investment: subsequent years involve updating rather than rebuilding. The cost of a poorly structured first assessment is felt most sharply in year two, when teams must reconstruct rationale they cannot locate or evidence to an assurer.
Should we complete our AASB S2 climate risk assessment in-house or with external support?
Most teams find that parts of a climate risk assessment are manageable internally, and parts genuinely benefit from external support. Internal delivery works well when there is bandwidth before assurance, access to relevant external climate datasets, capability to translate risks into structured financial impact language, and access to key internal stakeholders. Supported delivery is worth considering when time is tight, auditor expectations are high, supporting data is limited, or an independent view would help challenge assumptions. The most expensive outcome is completing an assessment internally and then redoing it under time pressure when an assurer pushes back.
What is the difference between a climate risk assessment and a climate risk disclosure under ASRS?
The climate risk disclosure is what appears in the annual report: a summary of identified risks, how they are managed, and their potential financial impact. The climate risk assessment is the structured analytical process that produces that disclosure. It includes business context review, scenario development, a full long list of risks and opportunities, ranking across scenarios and time horizons, materiality testing, resilience assessment, and an audit trail of assumptions and rationale. The disclosure is typically a few pages. The assessment behind it is typically a 50 to 70 page report plus a multi-tab risk register.

Want deeper answers? The ebook has entity benchmarks, worked examples and expert commentary.

Download the full ebook

Your deadline is coming.
Start with the data.

Download the free ebook and see what Australias first AASB S2 reporters have already disclosed. Then talk to Trace about where you stand.

Newsletter:  Climate Reporting Simplified.
This monthly edition unpacks what mandatory climate reporting really requires and how to minimise cost, disruption & confusion.

💚 Don’t worry, we won’t spam!

London - Sydney

© Copyright 2026 Trace | All Rights Reserved
{ "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What does a defensible AASB S2 climate risk assessment actually involve?", "acceptedAnswer": { "@type": "Answer", "text": "A defensible AASB S2 climate risk assessment involves far more than the published disclosure suggests. The climate risk section of an annual report is typically a few pages, but behind it sits a 50 to 70 page background report, a multi-tab risk register, scenario narratives for a 1.5 degree C and an approximately 3 degree C world, risk rankings across short, medium and long time horizons, materiality tested against the entity's risk appetite, resilience assessed risk by risk, and a complete audit trail. The stakeholder workshop typically comes at the end of this process, not the beginning." } }, { "@type": "Question", "name": "Does AASB S2 require full financial modelling of climate risks?", "acceptedAnswer": { "@type": "Answer", "text": "No. AASB S2 requires three exposure outputs: physical risk, transition risk, and opportunities. In early reporting years, these can be met with high-level, well-evidenced calculations rather than complex dollar-impact models. The standard rewards a position you can defend, not modelling precision. Most Group 1 and Group 2 entities use qualitative and semi-quantitative methods in their first assessment, supported by referenced external data such as the NGFS Climate Impact Explorer, and build more quantitative approaches in subsequent years as their methodology matures." } }, { "@type": "Question", "name": "How does climate risk materiality work under AASB S2?", "acceptedAnswer": { "@type": "Answer", "text": "AASB S2 sets no fixed numerical threshold for climate risk materiality. The test is whether information could reasonably be expected to influence the decisions of primary users of your reports. In practice, most organisations anchor this to their existing enterprise risk appetite statement and apply qualitative judgement where a risk sits near the threshold. Under ASRS, what were previously called material risks are now framed as identified risks, which are the subset disclosed in the annual report. The full long list of risks considered must be retained as evidence, even for risks that fall below the disclosure threshold." } }, { "@type": "Question", "name": "Do we need to redo the full climate risk assessment every year?", "acceptedAnswer": { "@type": "Answer", "text": "No. A full reassessment is generally only required in line with your strategic planning cycle, or when something material changes in the business or operating environment. What AASB S2 requires each year is a resilience review and a check that your underlying assumptions still hold. A well-documented year one assessment is an investment: subsequent years involve updating rather than rebuilding. The cost of a poorly structured first assessment is felt most sharply in year two, when teams must reconstruct rationale they cannot locate or evidence to an assurer." } }, { "@type": "Question", "name": "Should we complete our AASB S2 climate risk assessment in-house or with external support?", "acceptedAnswer": { "@type": "Answer", "text": "Most teams find that parts of a climate risk assessment are manageable internally, and parts genuinely benefit from external support. Internal delivery works well when there is bandwidth before assurance, access to relevant external climate datasets, capability to translate risks into structured financial impact language, and access to key internal stakeholders. Supported delivery is worth considering when time is tight, auditor expectations are high, supporting data is limited, or an independent view would help challenge assumptions. The most expensive outcome is completing an assessment internally and then redoing it under time pressure when an assurer pushes back." } }, { "@type": "Question", "name": "What is the difference between a climate risk assessment and a climate risk disclosure under ASRS?", "acceptedAnswer": { "@type": "Answer", "text": "The climate risk disclosure is what appears in the annual report: a summary of identified risks, how they are managed, and their potential financial impact. The climate risk assessment is the structured analytical process that produces that disclosure. It includes business context review, scenario development, a full long list of risks and opportunities, ranking across scenarios and time horizons, materiality testing, resilience assessment, and an audit trail of assumptions and rationale. The disclosure is typically a few pages. The assessment behind it is typically a 50 to 70 page report plus a multi-tab risk register." } } ] }