ABSTRACT
The control environment for CSR reporting is equal to that for financial reporting and will thus provide the evidence required for the data reported. This practice of ensuring the control environment surrounding the financial reporting process can usefully be replicated directly in CSR reporting so that the quality of data in the report can be guaranteed to be rooted locally. The process of risk assessment begins with a gross assessment of the underlying probability that elements in the report will be flawed and to what extent, if controls are not carried out. The risk assessment has two sets of inputs first, a quantitative input and second, a qualitative input concerning. When the control catalogue has been established, it is time to develop more specific Standard Operating Procedures (SOPs). These are important, not only because they often act as a kind of workflow description, but also because they ensure that the selected control is performed in the same way across the organization.
