- Collect backwards, not forwards. Start from each IFRS S2 disclosure paragraph, write down the exact item it needs, then go and find that item. IFRS S2 data collection is a finite checklist, not an open-ended “gather everything” task.
- Separate what you have from what you must create. Most governance and risk records already exist. The genuinely new data is the physical-risk numbers under paragraph 29(c).
- Start the physical-risk numbers first. They have the longest lead time and depend on analysis that takes months. Leaving them until drafting is how timelines slip.
- Give it a runway, and an owner for each item. A defensible first-year disclosure is built over months: foundations early, analysis in the middle, assurance evidence last.
1. Data collection is where the timeline slips
Most IFRS S2 guidance explains what the standard’s paragraphs mean. The harder problem is usually getting the underlying data ready before you write a word.
KPMG reviewed the first thirty mandatory reporters under AASB S2, which is Australia’s adoption of IFRS S2 and the largest set of IFRS S2-aligned disclosures filed so far. It found that the time and resources required to prepare the report were “higher than anticipated.” In practice, the data work, not the drafting, is usually where first-year projects run late.
There is a simple reason, and it is easy to miss. Audit firms publish worked examples of what an IFRS S2 disclosure should look like. A leading one lays out the physical-risk metric in paragraph 29(c) as a finished table: a list of assets, their values, and the share at risk. That metric asks for the amount and percentage of your assets that are vulnerable to climate-related physical risks. Seeing it laid out that neatly can make the requirement look solved. It is not. The table is the easy part. The numbers that fill it, asset by asset, take months to produce, and that is where the time goes. A worked example shows you what the finished disclosure should look like. It does not hand you the data behind it.
Even naming the risks is still early work. Across that first wave, reporters flagged on average about one physical risk each, with a range from none to six. This piece is about how to approach the data work so the timeline does not slip on you.
2. Collect backwards, not forwards
The common mistake is to collect forwards. A team asks “what climate data do we already have?”, gathers it, then tries to map it onto the standard. They end up with a pile of material that does not line up with what any paragraph actually requires, and with gaps they find too late.
The better approach is to collect backwards. Start from the disclosure itself. Read each requirement, write down the specific item it needs, then go and find that item. The question is never “what do we have?” It is “what does this paragraph require, and who owns getting it?”
A worked example makes this concrete. IFRS S2 paragraph 13 asks you to disclose where in your business and value chain your climate-related risks are concentrated, giving the examples of geographical areas, facilities and types of assets. Read forwards, that is abstract. Read backwards, it produces one specific item: a register of your assets that records each site’s exact location and what type of asset it is. You now know exactly what to build, and who should own it.
This one change reframes the whole project. “Collect all our climate data” is an open-ended task with no finish line. “Produce the few dozen items these paragraphs require” is a finite checklist you can assign, track, and close out.
3. Four moves that make the data work manageable
Build a list first, organised by paragraph. Before collecting anything, list every item the standard requires. For each one, record the details it must include, the paragraph it answers, and the person who owns it. This turns a vague effort into a list you can hand out. A worked example of a complete IFRS S2 disclosure, paragraph by paragraph, shows what each finished item looks like before you build your own; the link is at the end.
Separate what you have from what you must create. Most governance and risk-management records already exist somewhere: board minutes, committee charters, the enterprise risk register. The genuinely new data sits in two buckets. One is the greenhouse gas inventory, which counts your emissions; it is its own piece of work and outside the focus of this guide. The other is the physical-risk numbers under paragraph 29(c). Both are where most of the effort goes, because most reporters have not produced them before. The rest of this guide stays on the physical-risk bucket.
Find the hard new data early. The new-data buckets typically have the longest lead time, so they should start first, not last. The physical-risk numbers in particular depend on analysis that can take months to commission and review. Leaving them until the drafting stage is a common way to miss a deadline.
Give it a runway, and an owner for each item. A defensible first-year disclosure is built over many months, not assembled in the final quarter. Set the foundations early, including governance records, the risk register, the cut-off for what counts as material, and the asset register. Build the substantive analysis in the middle. Leave the final stretch for linking the disclosure to your financial statements and gathering the evidence your auditor will want to see. Every item needs a named owner, because the ones with no owner are the ones missing at the end.
4. The hardest bucket: the physical-risk numbers
Of everything on the list, the physical-risk metric in paragraph 29(c) is usually the one a team cannot produce from records it already holds. It asks for the amount and percentage of assets vulnerable to climate-related physical risk. Producing that number takes four inputs.
First, a complete asset register with locations precise enough to analyse, down to the building or site rather than the postcode. Second, the value of each asset, so you can work out a total. Third, a forward-looking view of the risk each location faces, hazard by hazard, across the different climate scenarios and future years the disclosure uses. Fourth, a cut-off that defines what “vulnerable” means for your business, often called a materiality threshold, so you know which assets to count.
Note that the metric asks for both an amount and a percentage. To work out the percentage you need a total to divide by, which is the value of your whole relevant asset base. That means you need values for all the assets you are counting, not only the ones that turn out to be vulnerable. Teams that value only their high-risk sites find they cannot work out the percentage at all.
The first two inputs are internal. You already hold your asset register and your asset values, even if they need cleaning up. The third input is the one most teams cannot build in-house. A forward-looking, location-by-location view of hazard risk across scenarios is specialist work, and it is usually brought in from an outside provider rather than built internally. Platforms such as Continuuiti produce this forward-looking, asset-by-asset hazard view across scenarios; that analysis is costed today for flooding, while hazards like wind, wildfire and drought can be flagged but are not yet costed the same way. The methodology that makes this number defensible is a topic in its own right.
The fourth input, the cut-off for what counts as vulnerable, is a judgement, not a dataset. It sets the total you divide by and decides which assets count, so it shapes the whole number. Write down the reasoning at the time you make it, because an assurance provider, the independent firm that checks your disclosure, will ask how you arrived at it. Reconstructing that reasoning a year later rarely holds up.
If you start the physical-risk work early and get the asset register clean, the rest of paragraph 29(c) follows. If you leave it late, it can become the item that holds up the whole disclosure.
5. Three moves to make this week
If you are preparing an IFRS S2 disclosure, three things are worth doing now, well before drafting.
First, build the list, organised by paragraph, and tag every item as have, partial, or gap. The exercise is quick, and it changes how you scope the rest of the project.
Second, start the physical-risk numbers before anything else on the new-data side, because they have the longest lead time.
Third, clean up your asset register now. A complete register with precise locations and values is the foundation the physical-risk metric is built on, and it is often more work than teams expect.
To see what a finished IFRS S2 disclosure looks like paragraph by paragraph, including how the physical-risk metric in paragraph 29(c) is laid out, work through our IFRS S2 worked example. If you want to know what the first wave of reporters actually skipped, and why paragraph 29(c) was near the top of that list, that is covered separately.
6. Sources
IFRS S2 Climate-related Disclosures (issued June 2023), including paragraph 13 (concentrations of climate-related risks across the business model and value chain), paragraph 22 (scenario analysis), paragraph 29 (cross-industry metrics, including the physical-risk metric at 29(c)), and the IFRS S1 general requirements on materiality that IFRS S2 applies. KPMG AASB S2 First Impressions: early findings from the first wave of AASB S2 reporters in Australia (March 2026); AASB S2 is Australia’s adoption of IFRS S2, so its first wave is the largest set of IFRS S2-aligned disclosures filed to date. KPMG Illustrative disclosures: Guide to sustainability reporting, IFRS Sustainability Disclosure Standards (October 2025), including the worked physical-risk exposure example for paragraph 29(c).
Worked Samples
See What a Finished IFRS S2 Disclosure Looks Like
A full worked disclosure, paragraph by paragraph, including how the physical-risk metric in paragraph 29(c) is laid out. The clearest way to see what your data work is building toward.
Frequently asked questions
How do I collect the data for an IFRS S2 climate disclosure?
Work backwards from the standard. Read each disclosure paragraph, write down the exact item it requires, and assign someone to find or build it. That turns IFRS S2 data collection from an open-ended “gather everything” effort into a finite checklist you can track and close out. Start with the physical-risk numbers under paragraph 29(c), because they take the longest to produce.
What data do I need for an IFRS S2 disclosure?
Most of it falls into two groups. The first is records you already hold: board minutes, committee charters, and your enterprise risk register cover most of the governance and risk-management requirements. The second is data you must create, mainly the physical-risk numbers showing the amount and percentage of assets exposed to climate hazards. The second group is where most of the work goes.
What is the hardest data to collect for IFRS S2?
The physical-risk metric under paragraph 29(c): the amount and percentage of assets vulnerable to climate-related physical risk. It needs a clean asset register with precise locations, a value for each asset, a forward-looking view of hazard risk at each site across future scenarios, and a cut-off that defines what counts as vulnerable. The forward-looking hazard view is the input most teams cannot build in-house.
When should I start collecting IFRS S2 data?
As early as possible, and well before drafting. A defensible first-year disclosure is built over many months, not assembled in the final quarter. Start the physical-risk numbers first because they have the longest lead time, and clean up your asset register now, since that is often more work than teams expect.
Can I reuse data I already have for IFRS S2?
Yes, for a large part of the disclosure. Governance and risk-management content usually exists somewhere in board minutes, committee charters, and the enterprise risk register, even if it needs tidying up. The genuinely new work is the physical-risk numbers under paragraph 29(c), which most reporters have not produced before.
