BRSR Core Assurance Readiness Guide for Indian Companies

SEBI BRSR Framework Overview

The Business Responsibility and Sustainability Report (BRSR) is India's comprehensive ESG disclosure framework, mandated by the Securities and Exchange Board of India (SEBI) for the top 1000 listed entities by market capitalization. Introduced as a replacement for the earlier Business Responsibility Report (BRR), the BRSR framework is structured around the nine principles of the National Guidelines on Responsible Business Conduct (NGRBC).

The BRSR framework comprises three sections:

• Section A: General Disclosures -- Company overview, products/services, operations, employees, CSR details, and governance structure
• Section B: Management and Process Disclosures -- Policy commitments, governance processes, and stakeholder engagement for each of the nine NGRBC principles
• Section C: Principle-Wise Performance Disclosures -- Quantitative and qualitative performance data organized under each of the nine principles

The full BRSR encompasses over 130 disclosure items across these sections. However, SEBI recognized that requiring assurance on the entire BRSR immediately would be impractical. This led to the creation of BRSR Core -- a focused subset of the most critical ESG metrics selected for mandatory external assurance.

BRSR Core vs Full BRSR

Understanding the distinction between BRSR Core and the full BRSR is essential for prioritizing assurance readiness efforts:

While the full BRSR requires reporting on a wide range of ESG topics, the assurance obligation is limited to the BRSR Core attributes. This focusing mechanism allows organizations to prioritize data quality and controls where they matter most -- on the metrics that will be independently verified.

The 9 ESG Attributes Requiring Reasonable Assurance

BRSR Core identifies nine key ESG attributes for mandatory reasonable assurance. Each attribute maps to specific NGRBC Principles and requires quantitative disclosure with supporting evidence:

Phased Applicability Timeline

SEBI has implemented BRSR Core assurance through a phased approach based on company market capitalization:

For companies entering the assurance mandate for the first time (e.g., companies ranked 251-500 for FY 2025-26), the preparation window is typically 6-12 months before the financial year-end. Given that FY 2025-26 runs from April 2025 to March 2026, companies in this cohort should ideally have begun preparation by Q3 2024.

Value Chain Extension

From FY 2024-25, SEBI requires the top 250 companies to also report and obtain assurance on value chain ESG disclosures for the BRSR Core attributes. This adds significant complexity, as companies must collect ESG data from their upstream (supplier) and downstream (distributor, customer) value chain partners. The value chain requirement is covered in detail in our companion guide on ESG Value Chain Disclosures Assurance Readiness.

What to Evidence for Each Attribute

Each BRSR Core attribute requires specific types of evidence to support the reported data during assurance. The following guidance covers the key evidence requirements:

Attribute 1: GHG Emissions

• Fuel purchase records (invoices, delivery notes) for all stationary and mobile combustion sources
• Electricity bills or meter readings for Scope 2 calculations
• Emission factor documentation (source, version, applicability)
• GHG inventory boundary documentation (operational control basis)
• Calculation workbooks showing conversion from activity data to tCO2e
• Revenue data for intensity ratio calculations

Attribute 2: Water Management

• Water utility bills and/or metered consumption records
• Groundwater extraction logs (where applicable)
• Discharge monitoring records and consent-to-operate (CTO) compliance
• Water balance calculations (withdrawal - discharge = consumption)
• Third-party water quality testing reports (for discharge compliance)

Attribute 3: Waste Management

• Waste manifests and transfer notes from authorized waste handlers
• Hazardous waste returns filed with State Pollution Control Boards
• Recycling and composting records from contracted service providers
• Waste classification methodology documentation
• Landfill disposal invoices and weighbridge tickets

Attribute 4: Energy Consumption

• Electricity bills and/or sub-meter readings
• Fuel consumption records (separate from GHG -- covering all energy sources)
• Renewable energy certificates (RECs), power purchase agreements (PPAs)
• Energy conversion factor documentation
• Revenue or production data for intensity calculations

Attribute 5: Gender Diversity

• HRIS/payroll system extracts showing total headcount by gender
• Board composition records from company secretarial function
• Key management personnel listing with gender classification
• Methodology documentation (headcount vs FTE, reporting date, employee categories)

Attribute 6: Gross Wages

• Payroll system extracts showing total gross wages by gender
• Median remuneration calculation workbooks
• Methodology for wage calculation (what constitutes "gross wages")
• Contract labour and temporary worker inclusion/exclusion policy

Attributes 7-9: Social and Governance

• CSR expenditure records and project reports (Inclusive Development)
• Consumer complaint management system extracts and resolution records (Customer Fairness)
• Anti-corruption training attendance records, disciplinary action logs (Open-ness of Business)
• Data privacy breach incident logs and notification records
• Political contribution declarations or confirmation of nil contributions

How Assurance Is Applied to BRSR Core

The assurance engagement for BRSR Core follows the standard reasonable assurance process under ISAE 3000 (Revised), with specific considerations for the Indian context:

Engagement Scope

The scope covers all 9 BRSR Core attributes for the reporting entity. For consolidated BRSR (where the listed entity reports on behalf of the group), the scope extends to all entities within the reporting boundary. The assurance provider must verify data at both the entity level and the consolidated level.

Reasonable Assurance Procedures

Reasonable assurance requires more extensive procedures than limited assurance:

• Comprehensive testing: The assurance provider tests each BRSR Core attribute with sufficient depth to form a positive conclusion
• Internal control evaluation: Controls over data collection, processing, and reporting are evaluated for both design adequacy and operating effectiveness
• Site visits: A higher proportion of sites are visited compared to limited assurance, with deeper testing at each site
• Source document inspection: Larger samples of source documents are inspected and reconciled to reported figures
• Management representation: Written representations from management confirming the completeness and accuracy of data provided

Assurance Report

The assurance report for BRSR Core must include:

• A positive-form conclusion ("In our opinion, the BRSR Core attributes are fairly stated...")
• Description of the 9 attributes assured and the reporting criteria
• Reference to the assurance standard used (ISAE 3000)
• Procedures performed and their extent
• Any qualifications, emphasis of matter, or scope limitations

Common BRSR Core Readiness Gaps

Based on our experience with Indian listed companies preparing for BRSR Core assurance, the following gaps are most commonly encountered:

Data Collection Challenges

• Decentralized operations: Large Indian conglomerates with multiple subsidiaries and diverse businesses struggle to standardize KPI definitions and data collection across all entities
• Manual processes: Many companies still rely on spreadsheet-based data collection, increasing the risk of transcription errors and formula mistakes
• Missing months: Utility bills or waste records for certain months are unavailable, requiring estimation without documented methodology
• Contractor data: Contract labour data (relevant to gender diversity and wages) is often not systematically collected from labour contractors

Definition and Methodology Gaps

• Inconsistent GHG boundary: Subsidiaries and joint ventures are inconsistently included, with no documented consolidation approach
• Wage definition ambiguity: Lack of clarity on what constitutes "gross wages" -- whether to include bonuses, allowances, employer PF contributions
• Customer complaint classification: Different business units classify and count complaints differently, making consolidated reporting unreliable
• Energy conversion inconsistencies: Different sites using different calorific values for the same fuel type

Control Environment Weaknesses

• No formal review process: ESG data flows from site to group without documented review or approval at any level
• Key person dependency: Data collection and reporting depend on individual knowledge rather than documented procedures
• No variance analysis: Year-on-year changes are not analyzed or explained before submission
• IT system gaps: ESG data is not integrated into enterprise systems, relying on parallel manual processes

Practical Preparation Steps

Companies approaching BRSR Core assurance readiness should follow a structured preparation programme:

Step 1: Establish Governance (Month 1)

• Designate a BRSR Core project lead with authority and accountability
• Form a cross-functional working group (EHS, HR, Finance, Company Secretary, IT, Operations)
• Brief the Audit Committee on BRSR Core assurance requirements and timeline
• Define reporting boundary covering all entities and operations

Step 2: Define and Document KPIs (Months 1-2)

• Create formal KPI definition sheets for all 9 attributes
• Document calculation methodologies with worked examples
• Standardize definitions across all subsidiaries and business units
• Define and document emission factors, conversion factors, and assumptions

Step 3: Implement Controls (Months 2-3)

• Establish data collection templates for each site and attribute
• Implement review and approval workflows at site and business unit levels
• Set up variance analysis procedures (current vs prior period)
• Define evidence retention requirements and begin systematic archiving

Step 4: Collect and Validate Data (Months 3-5)

• Begin in-year data collection using standardized templates
• Perform quarterly internal data quality reviews
• Address identified data gaps and estimation requirements
• Build evidence packs for each attribute

Step 5: Pre-Assurance Dry Run (Month 5-6)

• Conduct internal testing mimicking the assurance provider's procedures
• Verify traceability from source documents to reported figures
• Identify and resolve remaining gaps
• Prepare information request response package for the assurance provider

Step 6: Engage Assurance Provider (Month 6-8)

• Issue RFP to qualified assurance providers (ICAI members or accredited providers)
• Finalize engagement terms, scope, and timeline
• Support the assurance engagement with timely responses and evidence
• Address findings raised during fieldwork

India's BRSR Core mandate at reasonable assurance level places Indian listed companies at the forefront of global ESG assurance practice. While the preparation effort is significant, the resulting data quality and governance improvements benefit the organization far beyond compliance.

Frequently Asked Questions

What is BRSR Core?

BRSR Core is a subset of the full BRSR framework mandated by SEBI for Indian listed companies. It consists of 9 key ESG attributes that require mandatory reasonable assurance by an independent assurance provider. These attributes cover greenhouse gas emissions, water management, waste management, energy consumption, gender diversity, wages, inclusive development, fairness in engaging with customers, and open-ness of business.

Which companies must comply with BRSR Core assurance?

BRSR Core assurance is being implemented in phases: top 150 listed companies by market capitalization from FY 2023-24, top 250 from FY 2024-25, top 500 from FY 2025-26, and top 1000 from FY 2026-27. The applicability is determined based on market capitalization as of March 31 of the respective financial year.

What level of assurance does BRSR Core require?

BRSR Core requires reasonable assurance, not limited assurance. This is a notably higher standard than most other jurisdictions (e.g., the EU CSRD initially requires only limited assurance). Reasonable assurance requires more extensive testing, larger sample sizes, and evaluation of internal control effectiveness.

Who can provide BRSR Core assurance?

BRSR Core assurance must be provided by members of the Institute of Chartered Accountants of India (ICAI) or assurance providers meeting SEBI's specified criteria. The provider must be independent, competent in ESG subject matter, and must perform the engagement in accordance with IAASB standards (ISAE 3000 or ISSA 5000 once effective).

What is the difference between BRSR Core and full BRSR?

The full BRSR covers a comprehensive set of disclosures across all 9 NGRBC Principles with over 130 data points. BRSR Core is a focused subset of 9 key ESG attributes selected for mandatory reasonable assurance. All listed companies in the top 1000 must file the full BRSR, but only the BRSR Core attributes require external assurance.