What Group 1 ASRS Reporters Got Wrong in Year One

The first mandatory ASRS sustainability reports from Group 1 entities started landing in March 2026. Companies with December 2025 year-ends had to lodge by 31 March (disclosing entities) or 30 April (everyone else). We've been reading them. So have auditors, investors, and — you can bet — ASIC.

And the ASRS lessons learned from Group 1 are not flattering.

That matters if you're a Group 2 company. Your reporting period starts 1 July 2026. Four months from now. Everything Group 1 got wrong, you're about to repeat unless you pay attention to what actually happened — not the polished case studies, but the messy reality of first-year mandatory climate reporting in Australia.

Here's the thesis of this piece, stated plainly: most Group 1 reporters treated ASRS as a document production exercise. They should have treated it as a capability-building exercise. The ones who outsourced the thinking — not just the work, but the thinking — are now stuck with models nobody internal can explain, scenario analysis that buckled under assurance scrutiny, and boards who signed declarations they didn't fully understand.

The consultant trap was exactly as bad as predicted

Oxford Economics flagged this before the first reports were even filed. They called it the "one-off model" pitfall. And it played out almost word for word.

Here's what happened. A Group 1 entity — let's say a large listed company with operations across three states — engages a Big Four firm or specialist consultant. The engagement runs $200,000 to $400,000 for the first year. The deliverable is a sustainability report and an underlying emissions model, typically built in Excel or a proprietary tool the consultant controls.

Year one gets done. The report is filed. Everyone exhales.

Then year two arrives and the internal team opens the model. Nobody understands the assumptions. The emission factor lookups reference a tab that was manually overwritten. The scenario analysis links to an external dataset the consultant had access to but didn't include in the handover. The team has two choices: re-engage the consultant at similar cost, or spend $50,000+ reverse-engineering the model before they can even start updating it.

This isn't hypothetical. We've heard versions of this from sustainability managers at three different ASX 200 companies since January. One described inheriting the year-one model as "like being handed someone else's tax return and being told to update it." The consultant who built it had moved firms.

The risk Oxford Economics identified is that "firms commission data for internal models in year one, then must start from scratch in year two." That's exactly what's happening. And it's particularly painful because ASRS isn't a one-off. This is annual reporting with escalating assurance requirements — limited assurance now, reasonable assurance from financial years beginning 1 July 2030. You can't outsource your way through a decade of reporting. Or you can, but it'll cost you seven figures.

Scenario analysis was the most expensive mistake

Of the four AASB S2 pillars — governance, strategy, risk management, and metrics — strategy is where the money burned fastest. And the specific problem was scenario analysis.

AASB S2 requires entities to use climate-related scenario analysis to assess their resilience. You need at least two temperature pathways: one aligned with 1.5°C and one that exceeds 2°C. You have to show how your financial position, performance, and cash flows would shift under each scenario across short, medium, and long-term horizons.

That's a reasonable requirement. The problem is how Group 1 entities executed it.

Most grabbed a global scenario off the shelf — IEA Net Zero by 2050, or one of the NGFS pathways — and wrote their strategy section around it. These are well-constructed global models. But they're global. An IEA scenario tells you what happens to world GDP under a 1.5°C pathway. It doesn't tell you what happens to your revenue from coal haulage contracts in the Hunter Valley when the NSW government accelerates mine closures. It doesn't tell you what a 2.5°C physical risk scenario means for your property portfolio in North Queensland.

ERM's frontline analysis of Group 1 preparation put it bluntly: existing scenario work often functions as "simple risk ratings rather than strategic exploration of how the business model responds to different climate futures." That's the gap. A risk rating says "high risk." A proper scenario analysis says "under a 1.5°C pathway, our revenue from segment X declines 12-18% by 2035 due to carbon pricing at $75/tonne, while our maintenance costs for coastal assets increase 8-15% annually under a high-warming physical risk scenario."

When assurance providers started testing these disclosures, the generic ones fell apart. Auditors asked: how does this global pathway map to your specific P&L? Where's the bridge between the IEA's aggregated GDP impact and your asset valuations in Western Australia versus Tasmania? Companies couldn't answer. Their consultants had produced a document, not a model. There was nothing underneath it.

We're still figuring out the best approach for scenario analysis in our own product — it's genuinely hard, and anyone who tells you they've cracked it for every sector is selling you something. But the floor isn't that high. You need scenarios localised to your operations, connected to actual financial line items, with documented assumptions. That's the bar. Most Group 1 entities didn't clear it.

Numbers moved when someone actually checked them

This is the one that should worry CFOs most.

Oxford Economics identified a pattern where "reported financial impacts shift significantly once external assurance processes begin." Translation: the numbers in the draft report changed when the auditor opened the spreadsheet.

That's a credibility problem. Not just with the assurance provider — with investors, with ASIC, with anyone who reads version two and wonders what version one said.

Why did this happen? In most cases, because the emissions data wasn't properly traceable. Someone downloaded electricity bills from a portal, typed figures into a spreadsheet, and ran calculations. The assurance provider asked to see the source document for a specific figure. The source document was a PDF in someone's email. The calculation chain went through four Excel tabs with manual overrides. The emission factor used was from 2023-24 when it should have been the 2024-25 NGA Factor. Small errors, but they compound.

Under AASB S2, Scope 1 and 2 emissions have no safe harbour protection. Full stop. The modified liability window — which runs from 1 January 2025 to 31 December 2027 — protects you on Scope 3 emissions, scenario analysis, and transition plans. Only ASIC can take action on those, and only for injunctions and declarations during the window.

But your core emission numbers? Full liability from day one. Directors sign off on them under the same provisions as your financial statements. Penalties go up to $15 million or 10% of annual turnover. Getting those numbers wrong isn't an operational inconvenience. It's a legal exposure. If you're still tracking emissions data in spreadsheets — and I know most mid-market companies are — read our breakdown of why that's riskier than you think.

Boards signed off on reports they didn't understand

The AICD has been warning about this for two years. Their Director's Guide to Mandatory Climate Reporting (now on version two) specifically addresses the gap between what directors are asked to declare and what they actually understand about climate disclosures.

The declaration requirement under ASRS is modelled on the financial report sign-off. Every director has to confirm whether, in their opinion, the entity's sustainability report complies with the law. During the transitional period through 2027, the wording is slightly softer — directors declare whether the entity has "taken reasonable steps" to ensure compliance. But that's still a personal attestation about technical disclosures most board members have never dealt with before.

The AICD's boardroom readiness research found that directors reported embedding climate into core strategy and risk management as "more complex than anticipated." That's diplomatic language for: they didn't realise how much they didn't know. Board-level skills gaps in climate literacy meant some directors were signing off on scenario analyses they couldn't interrogate and emission calculations they couldn't verify.

I don't say this to be harsh. Climate disclosure is genuinely new territory for most directors. But the solution isn't to wave it through and hope the assurance provider catches any problems. The solution is to get boards to a point where they can ask the right questions — even if they can't do the calculations themselves.

Three questions every board member should be able to answer about their company's ASRS disclosure:

What are our three largest sources of Scope 1 and 2 emissions, and how confident are we in those numbers?
Which climate scenario would most materially affect our revenue, and over what timeframe?
If ASIC asked us to explain how we arrived at a specific figure in our report, could we trace it back to a source document within 24 hours?

If your board can't answer those questions, you have a governance problem. Not a reporting problem. A governance problem.

What this means for Group 2 (starting July 2026)

Group 2 entities — $200M+ revenue, $500M+ gross assets, 250+ employees, or NGER reporters pulled in via the registration pathway — begin reporting for financial years starting 1 July 2026. We've written a detailed breakdown of exactly what's required and a sixteen-week preparation plan.

But here's what the Group 1 experience tells you that a checklist can't.

Build internal capability, don't rent it. Use consultants for specific gaps — scenario analysis methodology, assurance readiness reviews, technical GHG Protocol questions. Don't outsource the whole thing. Your sustainability manager (or whoever owns this) needs to understand every number in the report, every assumption in the model, and every data source. Because they'll be the ones updating it next year, and the year after that. And the year after that.

Start with your data, not your disclosures. The companies that struggled hardest in Group 1 started by writing a report and worked backwards to find data that supported it. The ones who had a smoother time started by getting their Scope 1 and 2 data right — every utility account, every fuel source, every refrigerant — and built the report around what the data actually showed. If your data collection is still manual, automating that pipeline is the single highest-return investment you can make before July.

Get your assurance provider involved early. Don't wait until September to engage an auditor. Talk to them now. Tell them your data sources, your methodology, your emission factors. Let them flag problems in March so you can fix them before your reporting period even starts. BDO, Grant Thornton, Pitcher Partners — they're already booking up. The Big Four are more expensive but have deeper ASRS experience from Group 1. Pick one and call them this week.

Brief your board properly. Don't just present the sustainability report at a board meeting and ask for sign-off. Run a dedicated session — two hours minimum — where directors can ask questions about methodology, scenarios, and data quality. They're putting their names on this. They deserve to understand what they're signing.

ASIC has said they'll take a "proportionate and pragmatic" approach to enforcement during the early years. That's good. But they've also said they're more likely to investigate where they see misconduct of "a serious or reckless nature" or where a company simply fails to lodge. Pragmatic doesn't mean permissive.

The real lesson is the boring one

Group 1's mistakes all come back to the same root cause. Not incompetence. Not bad faith. Just the very human tendency to treat a new compliance obligation as a project rather than a permanent operating change.

ASRS isn't a project. It's a new cost of being a large Australian company, the same way financial audit has been for decades. The companies that figured this out in year one — the ones who invested in repeatable data systems, localised scenario models, and genuine board engagement — will spend less in year three than the ones who bought a consultant-built report in year one and are now scrambling to rebuild it.

If you're Group 2 or Group 3, you have something Group 1 didn't. You can watch them go first. Use that.

Related Reading:

Carbonly.ai automates emissions data extraction from utility bills, invoices, and operational documents for Australian companies facing ASRS and NGER reporting. Our platform provides the auditable data trail that assurance providers require — built specifically for Australian emission factors, regulatory frameworks, and reporting timelines.