Quick Read
The double materiality assessment (DMA) is the strategic foundation for all CSRD compliance and sustainability reporting, yet many organisations treat it as a deadline-driven compliance project to be audited only at completion—an approach that leaves methodological flaws and governance gaps undetected until costly rework is required. Progressive assurance, where the auditor engages continuously throughout the DMA process rather than at the end, identifies and corrects problems early while ensuring the final output reflects a process tested throughout. Effective DMA assurance requires practitioners who evaluate not just technical methodology but also stakeholder engagement quality, board governance, and alignment with external factors including geopolitics and regulatory trends.
Executive Summary
Across Europe and beyond, thousands of organisations are in the middle of their first double materiality assessment. For many, the target is clear: get it done by June or July, ahead of the first CSRD-aligned sustainability report. The DMA is being treated as a project with a deadline. The auditor — if one is engaged at all at this stage — is being kept in reserve for the end, to review the output once the work is done.
This approach is understandable. It is also a mistake.
The double materiality assessment is not a compliance deliverable that happens to require sign-off. It is the strategic foundation on which every material topic, every disclosure, and every assurance conclusion in the sustainability report will be built. Errors in methodology, gaps in stakeholder engagement, deficiencies in board governance, and failures to account for the external environment do not become visible at the output stage — they become expensive. A DMA that reaches July with a flawed methodology has not saved the time spent building it. It has invested that time in a document that will require significant rework before it can be relied upon.
Progressive assurance offers a fundamentally different model. Rather than waiting for completion, the assurance provider is engaged as a continuous presence across the DMA process — reviewing methodology before fieldwork begins, observing and challenging the engagement process as it unfolds, and assuring the final output with a documented understanding of how it was produced. Problems are identified when they can still be corrected. The final assurance conclusion reflects a process that has been tested throughout, not just checked at the end.
This whitepaper makes the case for progressive assurance and explains in detail what DMA assurance actually examines: the materiality methodology, the stakeholder universe, the engagement process, the survey design, the IRO assessment, the board governance, the company purpose alignment, and the documentation of in/out decisions. It argues that the auditor who adds most value at this stage is not a sustainability technician applying a checklist — but a practitioner who reads the DMA through a wide lens that includes geopolitics, the regulatory pipeline, sector disruption, and board governance. A DMA that does not account for the world as it currently is will not remain fit for purpose for the period it is designed to cover.
1. The DMA Is Not a Compliance Exercise
The double materiality assessment is the most consequential document an organisation will produce under CSRD. It determines which topics are reported, which disclosures are required, which metrics must be disclosed, and — by extension — which areas of the business will be subject to third-party assurance. It sits at the top of the CSRD architecture: every obligation that follows flows from it.
It is also, under ESRS 1, a document with specific methodological requirements. The ESRS double materiality standard requires organisations to assess both impact materiality — the significance of the organisation's impacts on people and the environment — and financial materiality — the significance of ESG risks and opportunities for the organisation's financial position and performance. These are not the same assessment. They must be conducted separately, documented individually, and integrated into a coherent output that identifies which topics clear the materiality threshold on one or both dimensions.
The DMA must also be grounded in a stakeholder engagement process that is genuine, representative, and documented. It must be integrated with the organisation's strategy and business model. It must be reviewed and approved by governance — board or equivalent. And it must be updated at sufficient frequency to remain current. These are not aspirational best practices — they are ESRS requirements that will be tested in assurance.
The DMA is not the start of the reporting process. It is the foundation. A cracked foundation does not become visible until something is built on it. |
Despite this, the DMA is frequently treated as a process-heavy but ultimately internal exercise — something to be completed, reviewed by the sustainability team, approved by a committee, and handed to the auditor as a finished product. The auditor is expected to validate a conclusion without having witnessed the process that produced it. This is precisely the circumstance in which methodology flaws, stakeholder gaps, and governance deficiencies are most likely to produce a qualified conclusion or require rework.
The financial reporting parallel is instructive. No serious CFO would complete a complex financial reporting process and then invite the auditor to review it once it was done, expecting a clean opinion. The auditor is involved in planning, in understanding the accounting judgements being made, in reviewing interim positions, and in testing the controls that produced the numbers. The engagement is continuous because the stakes are continuous. The DMA warrants exactly the same approach — and the stakes, in terms of regulatory exposure, stakeholder trust, and strategic credibility, are equally significant.
2. The Problem with End-Point Assurance
When an auditor is engaged at the end of the DMA process — after the methodology has been applied, the stakeholder engagement completed, the IRO assessments scored, and the materiality matrix finalised — their options are limited. They can confirm that the output is consistent with the methodology as applied. They cannot tell you whether the methodology itself was right. They can check that the documented process was followed. They cannot tell you whether the process was adequate. They can review the in/out decisions against the stated thresholds. They cannot tell you whether the thresholds were set appropriately.
End-point assurance is, in this respect, structurally constrained. The assurance provider inherits all of the decisions that were made before they arrived. Where those decisions were sound, end-point assurance can confirm it. Where they were flawed, end-point assurance can identify it — but at a point in the process where correction means rework, delay, and cost.
End-Point Assurance (Auditor engaged after completion) | Progressive Assurance (Auditor engaged throughout) | |
Methodology flaw identified | Identified after DMA is complete. Full rework required. Delays final report. | Identified at Phase 1. Corrected before fieldwork begins. No delay. |
Stakeholder engagement gap | Discovered during assurance. Additional engagement required post-completion. Potentially too late. | Identified at Phase 1 review. Corrected before engagement begins. |
Board governance deficiency | Flagged post-completion. Board re-engagement required. Timeline pressure. | Identified at Phase 2. Board process improved during the DMA. |
Material topic missed | Qualification in assurance conclusion. Disclosure gap in sustainability report. | Identified at Phase 2 via wide-lens external context review. Added to IRO assessment. |
In/out decision not documented | Assurance qualification. Potential regulator challenge. | Flagged at Phase 2. Documentation completed before finalisation. |
Assurance conclusion | Qualified or delayed conclusion. Rework cost incurred. Report timeline at risk. | Clean conclusion at Phase 3. Process documented. Report timeline protected. |
The rework problem is not hypothetical. The most common DMA assurance findings in practice relate to: methodology documentation that cannot demonstrate conformance with ESRS double materiality requirements; stakeholder universes that are too narrow, too investor-focused, or missing key affected community groups; impact materiality assessments that conflate severity with likelihood or that apply the criteria inconsistently across topics; financial materiality assessments that have not been conducted independently of the impact assessment; and board engagement that is nominal — a briefing rather than a governance process. Each of these is correctable before the DMA is finalised. None of them is easily correctable after.
There is also a timing dimension specific to the current regulatory cycle. Organisations completing their first CSRD-aligned DMA are working under significant time pressure — sustainability reports are due, assurance conclusions are expected, and regulators are watching the quality of first-year disclosure with particular attention. A qualified assurance conclusion on the DMA in year one is not a minor inconvenience. It signals to regulators, investors, and stakeholders that the organisation's materiality assessment — the foundation of its entire sustainability disclosure — has not met the standard. The reputational and regulatory consequences of that signal are disproportionate to the cost of getting the process right.
3. Progressive Assurance: The Better Model
Progressive assurance is the engagement of the assurance provider as a continuous presence across the DMA process — from methodology design through to final output — rather than as a reviewer of the completed product. It is not a new concept: in complex audit engagements across financial services, infrastructure, and regulated industries, continuous engagement between the preparer and the assurance provider is standard practice precisely because the stakes of getting it wrong are too high to leave to end-point review.
Applied to the DMA, progressive assurance operates across three phases, each aligned to a specific milestone in the DMA process.
Phase | Timing | Trigger / Milestone | What the Auditor Does |
Phase 1 Methodology & Design Review | Months 1–2 (Before fieldwork begins) | Materiality methodology documented; stakeholder universe drafted; survey instruments designed | Review methodology against ESRS LSME / CSRD double materiality requirements. Challenge scope, value chain boundaries, and stakeholder universe. Review survey design for bias, coverage gaps, and question quality. Assess alignment with company purpose and strategic objectives. Identify design flaws before data collection begins. Deliver written findings and recommendations. |
Phase 2 Process & Fieldwork Review | Months 2–4 (During data collection) | Stakeholder engagement underway; board briefings conducted; impact and financial materiality assessments in progress | Observe or review stakeholder engagement process for representativeness and independence. Review board engagement records and governance of the materiality process. Assess application of the IRO (Impact, Risk and Opportunity) identification methodology. Challenge emerging materiality conclusions against external context — regulatory pipeline, geopolitical developments, sector risk landscape. Flag inconsistencies in mid-process scoring. Deliver interim findings. |
Phase 3 Output & Conclusion Assurance | Month 5–6 (Before finalisation) | Draft DMA output produced; in/out decisions documented; board sign-off pending | Assure the final DMA output against the ESRS double materiality criteria. Review documentation of in/out decisions and the rationale trail. Confirm consistency between impact materiality and financial materiality assessments. Assess completeness against ESRS topical standards. Review board approval process and governance sign-off. Issue assurance conclusion suitable for inclusion in the sustainability report. |
The three-phase model changes the nature of the assurance relationship fundamentally. The auditor is not an external reviewer arriving at the end of a process they had no part in. They are a continuous presence — challenging, advising, and documenting — whose observations improve the process as it unfolds. The final assurance conclusion is the product of a relationship, not a retrospective judgement.
This has important implications for how the engagement is scoped and contracted. Progressive assurance is a longer-term commitment than a single end-point review engagement. It requires a different fee structure, a different staffing model, and a different set of deliverables — interim findings at each phase, not just a final opinion. For many organisations accustomed to commissioning assurance as a discrete project, this represents a change in how they think about the auditor relationship. The analogy is again to financial audit: the external auditor is not a vendor who delivers a product at year-end. They are a continuous quality check on the integrity of the reporting process.
It also has implications for the scope of the assurance programme more broadly. A DMA that has been progressively assured through to Phase 3 provides the foundation for a more efficient and more credible sustainability report assurance engagement. The auditor already understands the materiality process, already has confidence in the methodology, and already has documented the governance of the DMA. The assurance of the sustainability report itself builds on that foundation rather than starting from scratch.
4. What DMA Assurance Actually Examines
DMA assurance is not a mechanical exercise. It is not a checklist of ESRS requirements applied to a document. It is a substantive assessment of a process, a methodology, a set of judgements, and a governance structure. The following table maps the principal areas of examination in a well-designed DMA assurance engagement, the specific questions the auditor is asking in each area, and why each area matters to the quality and defensibility of the DMA output.
DMA Examination Area | What the Auditor Is Looking At | Why It Matters |
Materiality Methodology | Conformance with ESRS double materiality requirements; separation of impact materiality from financial materiality; scoring methodology; threshold-setting process; documentation of assumptions | The methodology is the foundation. Errors here invalidate the entire DMA output and cannot be corrected retrospectively without full rework. |
Stakeholder Universe & Identification | Completeness of stakeholder categories identified; rationale for inclusion and exclusion; whether affected communities and value chain partners are represented alongside investors and customers | A DMA built on a narrow stakeholder universe misses material impacts by design. Regulators and assurance standards both expect representativeness. |
Stakeholder Engagement Process | Independence and rigour of engagement; survey design; response rates and bias management; how dissenting or inconvenient views were handled; escalation of significant inputs | Engagement that is cosmetic rather than genuine fails both the CSRD intent and the assurance standard. The process must be documented and defensible. |
Survey Design & Analysis | Question framing for bias; coverage of all ESRS topical areas; statistical validity of results; weighting methodology; how quantitative and qualitative inputs were integrated | Poorly designed surveys produce systematically biased materiality conclusions. This is a common and fixable problem — but only if caught before results are analysed. |
IRO Identification & Assessment | Completeness of impacts, risks and opportunities identified; alignment with ESRS topical standards; value chain scope; time horizon treatment; severity and likelihood scoring | The IRO list defines what the company says it has looked at. Gaps here become disclosure gaps in the sustainability report and audit findings in formal assurance. |
Impact Materiality Assessment | Application of severity criteria (scale, scope, irremediability for negative; scale and scope for positive); treatment of actual vs potential impacts; connection to company activities and value chain | CSRD requires a rigorous, documented impact materiality assessment. Shortcuts in scoring or documentation are the most common source of assurance qualifications. |
Financial Materiality Assessment | Identification of ESG-related financial risks and opportunities; time horizons; linkage to financial statements and risk management framework; consistency with TCFD/ISSB disclosures | Financial materiality must be assessed independently of impact materiality. Many companies conflate them or apply only one. This creates both a compliance gap and a governance concern. |
Board Engagement & Governance | How the board was briefed and consulted; board approval of methodology and outputs; integration of DMA into board risk oversight; audit committee involvement | The DMA is a board-level governance document. Board engagement that is nominal rather than substantive is a governance deficiency, not a process technicality. |
Company Purpose & Strategy Alignment | Consistency between identified material topics and stated company purpose, strategic priorities, and business model; whether the DMA is integrated into strategy or conducted in parallel to it | A DMA that does not connect to company purpose and strategy is not being used as intended. It signals a compliance exercise rather than genuine double materiality thinking. |
In/Out Decision Documentation | Rationale trail for topics assessed as not material; consistency of thresholds applied; treatment of borderline topics; evidence that the process was applied rather than conclusions predetermined | In/out decisions are where the DMA is most vulnerable to challenge — from regulators, auditors, and stakeholders who believe their concerns have been dismissed without adequate justification. |
External Context Integration | Whether the materiality assessment has been informed by the regulatory pipeline, geopolitical developments, sector-specific risk trends, and peer company disclosures | A DMA conducted in isolation from the external environment will be overtaken by events — new regulations, emerging risks, or stakeholder concerns that were foreseeable but not considered. |
Several of these examination areas deserve particular emphasis for organisations completing their first DMA.
The separation of impact and financial materiality is consistently the area where first-time DMA preparers encounter the most difficulty. ESRS 1 is explicit: both assessments must be conducted and documented independently, and a topic may be material on one dimension without being material on the other. Organisations that conduct a single integrated assessment, or that treat financial materiality as a subset of impact materiality, have not met the standard — and the auditor will identify this at Phase 1 of a progressive engagement, before the assessment methodology is applied across all topics.
Board engagement is consistently underestimated in scope. Many organisations interpret board approval of the final DMA output as adequate governance. ESRS 1 expects more: the board (or equivalent governance body) should be engaged in the process of identifying and assessing material topics, not merely in approving the conclusion. An audit committee that reviews and approves a completed materiality matrix has not discharged the governance obligation. A board that has been briefed on the methodology, has provided input on strategic alignment, and has been engaged on significant in/out decisions has.
The documentation of in/out decisions is the area most often targeted in regulatory review and investor challenge. Every topic that is assessed and found not material must have a documented rationale trail that demonstrates the threshold was applied consistently and the conclusion was reached through process, not predetermined. Gaps in this documentation are the single most common cause of DMA assurance qualifications in practice.
5. The Wide Lens: What Your Auditor Needs to Bring
A DMA is, at its core, a structured assessment of the world as the organisation sees it — the impacts it has, the risks it faces, the opportunities it can pursue. The quality of that assessment depends entirely on the quality of the lens through which the world is being viewed. An auditor who approaches the DMA through a narrow sustainability lens — checking methodology boxes and reviewing stakeholder lists — will confirm that the process was followed. They will not be able to tell you whether the process was adequate to produce a DMA that genuinely reflects the organisation's material ESG context.
Adequacy at the DMA stage requires a wide lens. The organisation's material topics are shaped not only by its operations and its stakeholder views, but by the external environment in which it operates — the regulatory pipeline, the geopolitical landscape, the sector risk trajectory, the capital market expectations, and the social and political forces that are reshaping what stakeholders consider important. A DMA that does not account for this external context will be overtaken by events before the sustainability report it underpins is published.
The auditor who challenges your DMA through the lens of geopolitics, regulatory acceleration, and market disruption adds more value than the one who checks your ESRS box count. |
This is where the ISO management system audit tradition provides a structural advantage. Experienced management system auditors — particularly those who have worked across anti-bribery, information security, environmental management, and supply chain governance — are accustomed to reading organisational systems against external context. They ask not only whether the process was followed but whether the process was adequate for the environment in which the organisation operates. They bring a business and governance frame, not merely a technical sustainability frame.
The following table maps the key external forces that a wide-lens auditor will bring to DMA review — and what a sustainability-only audit view is likely to miss.
External Force | Why It Shapes Materiality | What a Narrow Assurance View Misses |
Geopolitical fragmentation & trade conflict | Supply chain reconfiguration, friend-shoring, and tariff escalation change which Scope 3 emissions, human rights risks, and supplier dependencies are material — sometimes materially and rapidly | A sustainability-only auditor may accept a Scope 3 boundary that excludes newly high-risk supplier geographies because they were low-risk when the methodology was designed |
Regulatory pipeline acceleration | CSRD, CSDDD, ESRS updates, ISSB adoption across 30+ jurisdictions, SEC climate rules, and national equivalents are creating converging mandatory disclosure regimes that will make today's voluntary material topics tomorrow's legal obligations | Topics assessed as not material today on a financial threshold may become legally mandated disclosures within the report's horizon — a narrow assurance view does not flag this forward-looking risk |
Energy security & transition volatility | The pace and politics of the energy transition — energy security concerns, fossil fuel policy reversals, grid investment gaps — directly affect which environmental and governance topics are material for energy-intensive and transition-exposed organisations | A materiality assessment that treats energy transition as a settled, linear process will not reflect the policy volatility that investors and regulators are now pricing into ESG risk frameworks |
Nature, biodiversity & TNFD | The TNFD framework, ESRS E4, and emerging mandatory biodiversity reporting requirements are accelerating nature-related financial disclosure from optional to expected within most DMA time horizons | Companies operating in sectors with land use, water, or ecosystem dependencies may be systematically under-assessing nature-related material topics if their auditor is not tracking the regulatory and investor trajectory |
Human rights & conflict zones | Escalating conflicts in multiple regions, sanctions proliferation, and CSDDD's mandatory human rights due diligence requirements are reshaping which supply chain human rights topics carry both impact and financial materiality | A DMA that relies on last year's risk geography without reference to current geopolitical conditions will contain human rights materiality conclusions that are already obsolete |
Artificial intelligence & technology governance | AI deployment is rapidly becoming a material governance topic — covering bias, data ethics, labour displacement, and decision accountability — and is explicitly emerging in ESRS G1 and investor ESG frameworks | Companies deploying AI at scale that do not include AI governance in their IRO identification have a gap that a wide-lens auditor would identify; a sustainability-only auditor may not |
Social licence & stakeholder activism | Heightened expectations from employees, communities, and civil society — combined with rapid social media amplification — are making social licence topics (community impact, executive pay, tax transparency) increasingly material even where financial thresholds are not met | Stakeholder engagement that does not capture civil society and community voices will systematically underweight social licence topics; an auditor with a broad governance background will recognise this pattern |
The practical implication is significant. An auditor conducting Phase 2 of a progressive DMA engagement should be in a position to challenge the completeness of the IRO list against the current external environment — not simply to check that the IROs that have been identified are consistently assessed. If an organisation operating in sectors exposed to geopolitical supply chain risk, AI deployment, and nature-related regulation has not identified these as material topic areas, the auditor should flag the gap. That flag — made during Phase 2, while the assessment is still in progress — gives the organisation the opportunity to address it. Made at Phase 3, it becomes an assurance qualification. Made not at all, it becomes a disclosure gap that regulators and investors will eventually find.
6. Designing Your Progressive Assurance Programme
Translating the progressive assurance model into practice requires some deliberate choices about scope, timing, governance, and deliverables. The following considerations are relevant for organisations designing their DMA assurance programme for the current reporting cycle and beyond.
6.1 Engage the Auditor Before the Methodology Is Finalised
The highest-value intervention in the DMA process is the Phase 1 methodology review — and it requires the auditor to be engaged before the methodology is applied, not after. This means commissioning the assurance provider as soon as the DMA methodology is in draft, typically at the start of the process rather than at the midpoint. The cost of early engagement is modest. The cost of a methodology flaw discovered after the assessment is applied across all material topics is significant.
At Phase 1, the auditor should review: the approach to separating impact and financial materiality; the proposed stakeholder universe and the rationale for its boundaries; the IRO identification methodology; the scoring criteria and threshold-setting approach; the proposed survey design; and the documentation plan for in/out decisions. Issues identified at this stage can be corrected before any fieldwork begins.
6.2 Involve the Auditor in Board Governance
The board governance of the DMA is a legitimate area of assurance examination, and the auditor should have visibility of it throughout the process. This does not mean the auditor attends board meetings — it means the auditor reviews the governance plan for the DMA: how the board will be briefed, at what stages it will provide input, how the audit committee will be engaged, and how final approval will be governed. If the governance plan is inadequate, Phase 2 is the time to say so.
Organisations should also consider whether to involve their assurance provider in briefing the audit committee on what DMA assurance involves — what the auditor will be examining, what findings might arise, and what the board's role is in addressing them. Audit committees that understand the assurance process are better placed to provide the governance oversight that ESRS 1 expects.
6.3 Structure the Engagement for the Long Term
The DMA is not a one-time exercise. ESRS 1 requires organisations to review and update their materiality assessment at sufficient frequency to ensure it remains current — which in practice means annual review, with more fundamental reassessment when significant changes in operations, strategy, or external context occur. A progressive assurance relationship should be structured to accommodate this: not a single multi-phase engagement ending at Phase 3, but an ongoing relationship in which the Phase 3 conclusion for one DMA cycle feeds into the Phase 1 engagement for the next.
This long-term structuring has practical benefits. The auditor who has conducted Phase 1, 2, and 3 of this year's DMA carries institutional knowledge of the methodology, the stakeholder engagement design, the board governance process, and the IRO assessment approach into next year's review. The Phase 1 engagement for year two is more efficient, more targeted, and more valuable than a cold start — and the organisation benefits from an auditor who can assess whether this year's changes are genuine improvements rather than cosmetic updates.
6.4 Use the DMA Assurance as the Foundation for Report Assurance
Organisations that have completed a progressively assured DMA are in a materially better position for their sustainability report assurance engagement. The auditor already has documented confidence in the materiality foundation — they have reviewed the methodology, observed the process, and tested the governance. The report assurance engagement can build on that foundation rather than reconstructing it.
This integration should be planned from the outset. The scope of the progressive DMA assurance engagement should be designed with the report assurance requirements in mind — ensuring that the documentation, the governance trail, and the methodology records produced during the DMA process are in a form that supports the report assurance engagement. A well-designed progressive assurance programme converts the DMA process itself into an asset for the subsequent assurance engagement.
Conclusion
The June or July DMA completion deadline is a milestone, not a finish line. What matters is not that the DMA is completed by that date — it is that the DMA completed by that date is capable of carrying the weight of the sustainability report, the assurance conclusion, and the regulatory scrutiny that will follow.
Progressive assurance is the structural mechanism by which that quality is built into the process rather than checked at the end. It transforms the auditor from a reviewer of finished work into a continuous quality presence — challenging methodology before it is applied, observing process as it unfolds, assessing governance in real time, and reading the materiality conclusions through the wide external lens that the current environment demands.
The organisations that will produce the most credible first-generation CSRD-aligned DMA outputs are those that have treated the DMA as a strategic process rather than a compliance project — and that have brought their assurance providers into that process from the beginning. They will reach July with a DMA that has been stress-tested against methodology requirements, stakeholder adequacy, board governance standards, and the external context. They will not be reworking it in August.
The wide-lens auditor adds value that a sustainability technician cannot: the ability to challenge the DMA against geopolitical reality, regulatory trajectory, sector risk, and governance standards — and to do so while there is still time to act on the findings. That is what assurance at the DMA stage should deliver. Not a stamp of approval after the fact, but a structured, ongoing challenge that makes the output stronger at every stage.
Don't bring the auditor in when the DMA is done. Bring them in when the work begins — and let the assurance make the work better. |
Speeki Speeki is an ISO 17021-1 accredited ESG assurance and certification firm operating across more than 100 countries. Headquartered in Singapore and accredited through COFRAC (France) and ANAB (USA), Speeki provides ESG assurance under ISSA 5000 and AA1000AS v3, including progressive DMA assurance, sustainability report assurance, and management system certification across a broad range of ISO standards. Speeki's auditors bring a wide-lens perspective to DMA and sustainability assurance — combining management system methodology, governance expertise, regulatory knowledge, and geopolitical context to add value at every stage of the reporting process, not only at the end. Speeki operates as an AI-native firm, deploying agentic AI across its assurance and certification operations. Learn more at: speeki.com |
The views expressed in this whitepaper are those of Speeki and are intended to contribute to practitioner and regulatory discourse on the evolution of ESG assurance standards and practice. They do not constitute legal, financial, or assurance advice.