ASRS S2 (Australia's adoption of IFRS S2) requires companies to disclose climate-related risks and opportunities across four pillars: Governance, Strategy, Risk Management, and Metrics and Targets. The climate risk assessment sits primarily under Strategy and Risk Management and feeds into every other disclosure.
Under ASRS S2, your risk assessment must cover both physical risks, which relate to the direct impacts of climate change on your assets, operations, and supply chain, and transition risks, which relate to how the shift to a lower-emissions economy affects your costs, revenues, and market position in Australia and globally.
Unlike voluntary frameworks such as TCFD, ASRS S2 disclosures are mandatory, subject to limited assurance from year one, and filed with ASIC as part of your annual sustainability report. Directors can be held personally liable for misleading statements, which makes the quality of your underlying risk assessment a compliance and governance issue, not just a sustainability exercise.
These two categories require different methodologies, different data sources, and different disclosure approaches.
Physical risks are divided into acute and chronic. Acute physical risks are event-driven, such as floods, storms, cyclones, or bushfires. Chronic physical risks are slow-onset, such as rising average temperatures, changing rainfall patterns, sea level rise, and prolonged drought. For Australian companies, physical risks are highly geography-dependent: a logistics company with warehousing in coastal Queensland faces different acute exposures than an agribusiness in the Murray-Darling Basin.
Transition risks cover four sub-categories:
Under ASRS S2, you must assess which of these risks are material to your specific business. Materiality is not a fixed threshold; it means risks that could reasonably be expected to affect your cash flows, cost of capital, or access to finance.
A credible ASRS-aligned climate risk assessment in Australia follows six steps. The depth required in year one is different from year three: limited assurance in year one means a structured, documented approach is sufficient, but the foundation you build now determines how much work year two requires.
Step 1: Define your assessment boundary. Identify which legal entities, geographies, and value chain segments are in scope. Be explicit about what you are including and excluding, as auditors will check your rationale.
Step 2: Identify your relevant physical and transition risks. Using sector-specific and location-specific inputs, build a longlist of risks relevant to your industry, operating locations, and supply chain. For Australian companies, this should reference Australia's National Climate Risk Assessment (Australian Climate Service, 2025), CSIRO's state-level climate projections, and relevant sector guidance. Not every risk on a generic list applies to your business. The identification step narrows the longlist to what is genuinely relevant.
Step 3: Assess materiality. Score each risk on likelihood and consequence, typically using a 5x5 risk matrix. This is not a desk exercise: the standard practice is a risk ranking workshop with key business stakeholders, including finance, operations, legal, and risk. The output is a prioritised list of material risks, mapped to short (to 2030), medium (to 2040), and long-term (to 2050) horizons.
Step 4: Run scenario analysis. ASRS S2 requires analysis across at least two scenarios: one aligned with 1.5°C warming and one consistent with a high-warming future (above 2°C, typically 3°C in practice). Scenario analysis tests your business resilience: how do your material risks change depending on which future unfolds? In year one, qualitative narrative with quantitative context is the expected output; detailed financial modelling is not required under limited assurance.
Step 5: Write your resilience statement. ASRS S2 requires a disclosure on the resilience of your strategy under the two scenarios. This is not a marketing summary: it must identify where your current strategy holds up under climate stress and where you have gaps, with evidence auditors can review.
Step 6: Document everything for assurance. Your assurance provider will ask for the evidence behind every material disclosure. This includes your risk identification methodology, workshop records, data sources for scenario inputs, and version history on your resilience statement.
ASRS S2 mandates at least two climate scenarios: one consistent with limiting warming to 1.5°C (broadly aligned with a net zero transition) and one high-warming scenario that well exceeds 2°C. In practice, most companies use a 3°C scenario as the high-warming pathway.
The 1.5°C scenario is higher in transition risk: it assumes strong, rapid policy action to decarbonise the economy, which means higher carbon pricing, faster electrification timelines, and greater regulatory pressure. The 3°C scenario is higher in physical risk: it assumes insufficient policy action, meaning more severe and frequent extreme weather events, greater chronic hazard, and more asset exposure over time.
For year one in Australia, the key questions to address under each scenario are:
You do not need quantitative financial modelling in year one. What auditors are looking for is a clear, consistent, and evidenced narrative showing that you have genuinely tested your strategy against two plausible futures, rather than simply describing the scenarios in abstract.
The three-year transitional relief period (to December 2027) means that ASIC, not private litigants, can take action on scenario analysis disclosures during the initial reporting years. This reduces immediate litigation risk but does not reduce the audit quality expectation.
A resilience statement summarises how your strategy holds up under the two required scenarios. It is one of the most scrutinised sections of an ASRS S2 disclosure because it is forward-looking and requires judgement calls that auditors cannot easily verify from raw data alone.
What auditors will look for: that your resilience conclusions are traceable to your scenario analysis; that identified gaps are acknowledged rather than glossed over; and that the language is appropriately conditional, using terms like "may", "could", and "is expected to" rather than categorical claims about future performance.
The most common failure in resilience statements is circularity: describing the scenarios at length, then concluding that "the company is well positioned to manage these risks" without demonstrating how. Auditors at Deloitte and EY are specifically looking for evidence that the resilience statement was informed by the risk assessment and workshop outputs, not written separately.
Existing contracts, supplier agreements, lease terms, and insurance policies often contain adaptation provisions that qualify as existing resilience measures. These are often overlooked but are relevant to include.
The traditional approach to climate risk assessment in Australia is consultant-led: a team of advisors designs the methodology, runs the workshops, writes the narratives, and delivers a document. For large organisations, ASRS preparation costs under this model run to $750,000 to $1.6 million according to Treasury estimates.
A software-led approach does not replace expert judgement: it structures and accelerates the process so your internal team and advisors spend their time on decisions, not administration. SEE Group completed their ASRS climate risk assessment in 2 weeks using Trace, compared to the industry-typical 13 weeks under a traditional process.
Unlike a consultancy engagement that delivers a PDF, a software platform maintains an auditable record of every input, version, and decision throughout the reporting cycle. This is increasingly important as assurance standards move from limited to reasonable assurance in year two and beyond.
The difference matters for cost, timeline, and ongoing repeatability. A process built in software can be refreshed annually without starting from scratch. A consultant-generated document typically cannot.
.png)
Trace works with businesses at every stage of their mandatory reporting journey, from first emissions measurement to audit-ready ASRS S2 disclosure. Talk to our team to see how we can help.
What does ASRS S2 require for climate risk assessment in Australia?
ASRS S2 requires Australian companies to identify both physical and transition climate risks, assess which are material to their business, conduct scenario analysis across at least two climate futures (1.5°C and a high-warming scenario above 2°C), and disclose how those risks affect their strategy and financial position. Disclosures must be supported by evidence sufficient for limited assurance from year one.
What is the difference between physical and transition risk under ASRS S2?
Physical risks are the direct impacts of climate change on your assets, operations, and supply chain, including both acute events (floods, storms, fires) and chronic changes (rising temperatures, drought, sea level rise). Transition risks are the financial impacts of the shift to a lower-emissions economy, covering policy and legal changes, market shifts, technology disruption, and reputational exposure.
What scenarios are required for ASRS S2 scenario analysis?
ASRS S2 requires analysis under at least two scenarios: one consistent with limiting warming to 1.5°C and one consistent with a high-warming pathway well above 2°C. In practice, most Australian companies use a 3°C scenario as the high-warming pathway. You must assess both transition risks (more severe under 1.5°C) and physical risks (more severe under 3°C) under each scenario.
Does ASRS S2 require quantitative financial modelling in year one?
No. Under limited assurance in year one, qualitative narrative with quantitative context is the expected standard. You need to show that you have analysed your material risks under both scenarios and understood the directional impacts, but you are not required to produce detailed financial modelling of climate scenarios. This requirement increases as assurance moves from limited to reasonable in later years.
How long does a climate risk assessment take for ASRS S2?Under a traditional consultancy model, a first climate risk assessment typically takes 8 to 13 weeks from scoping to completion. With AI-powered software, this can be reduced significantly: SEE Group completed their ASRS climate risk assessment in 2 weeks using Trace. The timeline depends on how quickly your team can gather required inputs and attend the stakeholder workshop.
What is a risk ranking workshop and is it required?A risk ranking workshop is a structured session where key business stakeholders, including finance, operations, risk, and legal, review and score the identified climate risks on likelihood and consequence. It is not explicitly mandated by ASRS S2, but it is the standard methodology for producing a defensible, internally validated risk assessment. Without a workshop, the risk that your assessment is challenged as desk-based rather than genuinely business-informed increases.
What do auditors check in an ASRS climate risk assessment?Auditors under limited assurance check your process and evidence, not just your numbers. They will look for: a documented risk identification methodology; records of the stakeholder workshop; traceability between your scenario analysis and your resilience statement; and appropriate conditional language in your forward-looking disclosures. The most common audit finding is a lack of connection between the risk assessment and the resilience conclusions.
Ready to complete your ASRS climate risk assessment?
Trace is an AI-powered AASB climate reporting platform specialising in ISSB and AASB standards. Our climate risk and scenario analysis module guides Australian companies through every step, from risk identification to audit-ready documentation.
Book a free 30-minute call to map your climate risk assessment requirements
London - Sydney
.png)
.webp)