How to Generate an AASB S2 Climate Disclosure Report (Without Losing Your Mind)
AASB S2 requires structured disclosures across four pillars — Governance, Strategy, Risk Management, and Metrics & Targets. Software can auto-populate the quantitative sections from your emissions data. The qualitative sections? That's still on you. Here's what fills itself and what doesn't.
A Group 1 reporter we spoke with last month told us their AASB S2 climate disclosure took more time to assemble than their entire annual financial report. Not because the numbers were harder to calculate — they'd already done a GHG inventory. Because nobody had figured out how to stitch 150 individual disclosure requirements across four different pillars into a single coherent document that an auditor would accept.
That's the gap nobody talks about. Every carbon accounting platform can produce an emissions table. But an AASB S2 report isn't an emissions table. It's a structured disclosure combining hard numbers (your Scope 1, 2, and 3 emissions), semi-quantitative risk assessments (assets exposed to physical and transition risks), and pure narrative (how your board oversees climate risks). The BDO AASB S2 checklist — which incorporates AASB S1 general requirements — runs to 150 discrete disclosure items. Most sustainability managers we've talked to didn't realise the scale until they started trying to fill them in.
Here's what we've learned building report generation into Carbonly: software can do roughly 40% of the work automatically — primarily the Metrics & Targets pillar. The other 60% is qualitative, strategic, and governance-level content that needs a human. Being upfront about that split is more useful than pretending any tool generates a complete AASB S2 report with one click.
The four pillars aren't created equal (from a data perspective)
AASB S2 mirrors the ISSB's IFRS S2 structure. Four pillars: Governance, Strategy, Risk Management, and Metrics & Targets. They sound like they're evenly weighted. They're not — at least, not in terms of where the data work sits.
The Metrics & Targets pillar (paragraphs 28-37 of the standard) is where your emissions data, intensity metrics, target tracking, and cross-industry metrics live. This is heavily quantitative. It's also the section that faces limited assurance from Year 1 under ASSA 5010 — specifically your Scope 1 and 2 emissions under paragraph 29(a). An auditor will trace those numbers back to source documents. Your software needs to produce them with a full audit trail, not just a total.
Governance (paragraphs 5-12) and Strategy (paragraphs 13-22) are overwhelmingly narrative. They ask about board oversight structures, management processes, how climate risks feed into strategic decisions, scenario analysis, and transition plans. Software can provide the data that supports these narratives — for instance, pulling emissions trends into a strategy discussion about decarbonisation — but it can't write the governance description for you.
Risk Management (paragraphs 25-27) sits somewhere in between. It describes your processes for identifying and assessing climate risks, which is qualitative. But it also connects to the quantitative outputs of those processes — which risks you assessed as material, and the financial exposure numbers that back up your assessment.
What software actually auto-populates
We built Carbonly's AASB S2 template as a pre-seeded report structure that maps directly to the standard's disclosure requirements. When you generate the report, it pulls data from your existing emissions tracking, targets, carbon plans, and incident records. Here's what fills itself and what sits there waiting for human input.
Paragraph 29(a) — GHG emissions. This is the flagship metric. The standard requires absolute gross greenhouse gas emissions in metric tonnes CO2-e, broken out by Scope 1, Scope 2 (location-based mandatory, market-based optional but recommended), and Scope 3. Your software should pull these directly from your emissions calculations — with per-gas breakdowns for the seven Kyoto gases (CO2, CH4, N2O, HFCs, PFCs, SF6, NF3) because that's what paragraph 29(a)(ii) asks for. Carbonly tracks location-based and market-based Scope 2 separately, using state-based NGA Factors (NSW 0.64, VIC 0.78, SA 0.22 kg CO2-e/kWh for 2025-26), so both numbers flow into the report without manual recalculation.
Every emissions figure links back to its source document. That matters more than most people realise. Your auditor isn't going to accept a summary number — they'll want to trace a specific electricity bill through the calculation chain to the final figure in the report. Without that trail, you'll fail your Year 1 limited assurance engagement regardless of how accurate your total is.
Paragraph 29(e) — capital deployment. If you're tracking climate-related capex through your carbon planning module — LED upgrades, solar installs, boiler electrification, fleet transitions — that data can auto-populate into the capital deployment disclosure. We pull planned and actual spend from our carbon reduction planning features. But here's an honest limitation: not every company tracks climate capex in their carbon software. Many still track it in their finance system. So this section often needs manual supplementation or a data feed from your ERP.
Paragraph 29(f) — internal carbon prices. If you've set an internal carbon price, the price per tonne, how it's applied, and where it's used in decision-making can be pulled from your system. If you haven't set one, this section will flag as a gap — which is genuinely useful, because you need to disclose whether you use one, not just the price.
Paragraphs 33-36 — targets. Your emissions reduction targets, base year, progress metrics, interim milestones, and whether they cover Scope 1, 2, or 3 all pull from your target-tracking module. The standard requires specifics: is the target absolute or intensity-based? Was it derived from a sectoral decarbonisation approach? Does it rely on carbon credits, and if so, what verification scheme? The quantitative elements — current emissions versus target — auto-populate. The methodological description (how you set the target, third-party validation, alignment with Paris goals) still needs human drafting.
Paragraph 29(g) — executive remuneration. This won't auto-populate from a carbon accounting platform. Full stop. Whether climate considerations factor into executive compensation, and what percentage of remuneration links to climate performance, is information that sits in your remuneration committee minutes. Software can flag this as a required disclosure and prompt someone to fill it in. That's about it.
The sections that need a human
Let's be direct about where software hits its limits. We don't pretend Carbonly writes your governance narrative. That would be dishonest, and given ACCC enforcement of misleading environmental claims — over $42 million in greenwashing penalties since 2023 — precision about what a tool does and doesn't do matters.
Governance disclosures (paragraph 6). The standard asks how your board oversees climate risks, what skills and competencies the board has, how often it's informed about climate matters, and how climate considerations connect to strategic decisions, risk management, and target-setting. This is pure narrative. It's also subject to limited assurance from Year 1 under ASSA 5010 — meaning your auditor will test whether these descriptions are supportable. A well-phrased paragraph about "strong board oversight" means nothing if you can't produce the board papers that prove climate was on the agenda.
What software can do here: pre-populate the template with the specific questions the standard asks, so you don't miss any. Present a structured checklist tied to paragraph 6(a) through 6(b). Flag gaps. But the content? That's your company secretary, your board chair, or your governance team.
Strategy disclosures (paragraphs 13-22). This is where scenario analysis lives, alongside your description of climate-related risks and opportunities, their financial effects, and your transition plan. Strategy disclosures are partly quantitative (anticipated financial effects) and partly narrative (how you identified climate risks, what scenarios you used, how resilient your strategy is).
Software can feed emissions data into scenario analysis. It can show the financial impact of carbon pricing under different trajectories, or quantify the Safeguard Mechanism cost exposure at 4.9% annual baseline decline. But the interpretation — what your company is going to do about it, how it changes your capital allocation, whether you're pivoting your business model — that's a board-level conversation, not a data export.
Risk management disclosures (paragraphs 25-27). These describe your processes for identifying, assessing, and prioritising climate risks. How do climate risks integrate with your enterprise risk management? What criteria do you use to determine materiality? Again, this is process description. Your materiality assessment documentation feeds into this, but the risk management narrative itself requires human authorship.
The assurance trap nobody warns you about
Year 1 limited assurance under ASSA 5010 covers three things: your governance disclosures (paragraph 6), your strategy disclosures on risks and opportunities (paragraphs 9-10), and your Scope 1 and 2 emissions (paragraph 29). By Year 2-3, limited assurance extends across all report sections. By Year 4, you're looking at reasonable assurance — the same standard as a financial audit.
That phasing creates a false sense of comfort. Companies focus on getting their emissions numbers right for Year 1, because that's the quantitative piece under assurance. Then Year 2 hits and suddenly the auditor is testing your risk management process descriptions and your Scope 3 estimates. If you bolted those sections on with vague language in Year 1, expecting you'd "improve them later," you've got a problem.
We've seen Group 1 reporters learn this the hard way. The companies that treated Year 1 as a document production exercise — outsource it, file it, move on — are now scrambling to build the internal capability they should have been developing from the start. The report isn't the hard part. Building the system that produces a defensible report, year after year, is.
How report generation should actually work
Here's how we built it in Carbonly, and where we think the industry is headed.
You start with a pre-seeded AASB S2 template. The structure maps to the standard's disclosure requirements — not just the four pillar headings, but the individual paragraphs and sub-paragraphs underneath. Think of it as a structured document with ~150 fields, some quantitative, some qualitative, some mixed.
When you generate the report, the system does several things automatically. It pulls your Scope 1, 2, and 3 emissions from the current reporting period into paragraph 29(a). It maps your per-gas breakdown into the format the standard expects. It brings in both location-based and market-based Scope 2 figures. It connects your emission targets from the target-tracking module to paragraphs 33-36, including base-year data, progress calculations, and whether the target is gross or net. It flags any active incidents that might affect your disclosures. And it attaches the audit trail — source documents, calculation methodology, emission factors used — to every quantitative figure.
The qualitative sections show up as structured prompts with the exact wording from the standard. What has your board discussed? How often? What skills do they have? How does climate risk integrate with enterprise risk management? These aren't blank text fields. They're specific questions derived from the standard, with guidance notes about what the assurance provider will look for.
You export the completed report in PDF or Excel. The PDF is formatted for inclusion in your annual report. The Excel version gives your assurance provider the underlying data and calculation chains they'll need for their review.
We're not claiming this produces a finished, lodge-ready disclosure. It doesn't. Somebody needs to write the governance narrative. Somebody needs to sign off on the scenario analysis assumptions. Somebody — ideally a qualified person who understands both the standard and your business — needs to review every section before the directors sign the declaration. But the difference between starting with a pre-populated template versus a blank Word document is the difference between a two-week process and a three-month one.
The paragraph 29(b)-(d) problem
Three of the seven cross-industry metrics are genuinely hard to auto-populate, and we should be upfront about that.
Paragraph 29(b) asks for the amount and percentage of your assets or business activities exposed to climate-related transition risks. Paragraph 29(c) asks the same for physical risks. Paragraph 29(d) asks about alignment with climate-related opportunities. These require you to overlay your climate risk assessment onto your asset register and revenue streams — mapping which properties sit in flood zones, which revenue lines depend on fossil fuel demand, which business segments benefit from the energy transition.
Carbon accounting software can feed the emissions data that helps identify high-risk activities. But the risk classification itself — deciding that your Queensland coastal warehouse is "exposed to physical risk" and quantifying the financial exposure — requires judgement that sits outside the emissions calculation engine. Some platforms are building risk-mapping features, and we're working on connecting our emissions data with asset-level physical risk databases. But we're not there yet for most users, and pretending otherwise wouldn't be fair.
What Group 2 companies should do right now
Group 2 entities — those with $200 million revenue, 100+ employees, or existing NGER reporting obligations — start their mandatory reporting period on 1 July 2026. That's four months away. Your first AASB S2 report will cover the 12 months from that date.
If you're starting from scratch on AASB S2 report generation, here's the honest sequencing.
Get your emissions data right first. You can't auto-populate a report if the underlying Scope 1 and 2 numbers aren't calculated, documented, and source-linked. That's the foundation everything else sits on. If you're still using spreadsheets, this is the step where software pays for itself — not in the report generation, but in the data infrastructure that makes report generation possible.
Then work the Metrics & Targets pillar. Set your targets formally. Define your base year. Choose your intensity metrics. Document whether your targets are absolute or intensity-based, gross or net. This section should be 80% auto-filled once your emissions and targets are in the system.
The governance and strategy sections need calendar time, not software. Block half-day sessions with your board and leadership team to draft the governance narrative, run the materiality assessment, and document the risk management process. These aren't tasks you can rush in the final week before lodgement.
And talk to your assurance provider before you finish the report. Not after. The biggest mistake Group 1 made was presenting a "completed" report to the auditor and discovering fundamental gaps in the supporting evidence. Your auditor can tell you what they'll test. Build the evidence base while you're writing, not after.
The AASB S2 report is a disclosure document, not a trophy. It needs to be accurate, auditable, and honest about what you know and don't know. Software gets you halfway there. Your people — the board, your sustainability lead, your risk team — cover the rest.