ESG Audit Checklist India: Documents, Process and Best Practices for Indian Companies

A company may have 3 valid licenses, 12 months of electricity bills and an internal ESG policy, but still fail an ESG audit if its water data, waste records, Consent to Operate conditions and EPR filings do not match. This is a common issue for Indian manufacturers, importers, recyclers, plant owners and ESG teams.

An ESG audit checklist India helps businesses check whether their sustainability claims are supported by real documents, numerical data and regulatory evidence. For example, if a company reports 15% reduction in energy consumption, the claim should be backed by electricity bills, production data, fuel invoices, meter readings and calculation sheets.

For listed companies, ESG audit readiness is directly linked with BRSR and BRSR Core. SEBI requirements apply to the top 1,000 listed entities by market capitalization for Business Responsibility and Sustainability Report disclosures, while BRSR Core assessment follows a glide path covering top 150 entities in FY 2023-24, top 250 in FY 2024-25, top 500 in FY 2025-26 and top 1,000 in FY 2026-27.

For unlisted companies, the pressure usually comes from banks, investors, listed customers, export buyers, supply chain audits and tender requirements. A supplier may not file BRSR directly, but if it contributes to a listed company’s value chain, it may still be asked to provide energy, water, emissions, waste, workforce and governance data.

ESG Audit Checklist

Why ESG Audit Matters for Indian Companies

An ESG audit is not only a sustainability exercise. It is also a compliance risk review. In India, environmental records are often spread across different departments. Finance keeps electricity bills. Plant teams maintain water logs. EHS teams handle waste records. HR keeps workforce data. Legal tracks permits. ESG teams prepare the final report.

This creates a high risk of mismatch. If the ESG report says water consumption was 20,000 KL in a year, but plant records show 24,500 KL, the company may face questions during assurance, investor review or customer audit. Similarly, if hazardous waste disposal is shown as 100% authorized, the company must prove it through manifests, recycler authorization, disposal invoices and annual returns.

SEBI’s March 2025 circular also focused on ease of doing business around assurance or assessment, ESG disclosures for value chain and voluntary green credit disclosure. This means ESG data quality is now becoming more structured, especially for companies linked to listed entities.

A strong ESG audit helps a business:

  • Reduce CPCB, SPCB and EPR compliance risk
  • Prepare reliable BRSR and BRSR Core data
  • Avoid unsupported green claims
  • Improve investor and buyer confidence

Table 1 – Regulatory Overview

Regulation Requirement Timeline Applicable To Business Risk
SEBI BRSR ESG disclosure in annual report Annual Top 1,000 listed entities Disclosure gaps and investor concern
BRSR Core Assessment of selected ESG KPIs FY-wise glide path Top 150 to top 1,000 listed entities Weak data credibility
SEBI Value Chain ESG ESG data from key value chain partners FY 2024-25 onward for top 250 listed entities on comply-or-explain basis Listed entities and suppliers Supplier audit failure
Environment Protection Act, 1986 Compliance with environmental rules, orders and directions Continuous Regulated industries Penalty risk
Water Act and Air Act CTE, CTO and pollution control compliance Before setup and operation Manufacturing and processing units CTO refusal or production halt
Plastic Waste Rules EPR registration, returns and certificate compliance Portal-based PIBOs and PWPs Portal rejection and EPR shortfall
Battery Waste Rules Registration and EPR compliance Portal-based Battery producers, importers and recyclers Import and sales disruption
E-Waste Rules Registration, EPR targets and recycler linkage Portal-based EEE producers, manufacturers, recyclers and refurbishers Revocation and compensation risk
ELV Rules 2025 EPR compliance for vehicle producers and RVSFs Effective from 1 April 2025 Vehicle producers, RVSFs and bulk consumers EPR certificate and target risk

The regulatory table shows why ESG audits in India cannot be limited to carbon reporting or sustainability policies. A factory-level ESG audit must also check CTO validity, EPR filings, hazardous waste records, air and water compliance, annual returns and customer disclosure requirements.

Under Section 15 of the Environment Protection Act, 1986, where no separate penalty is provided, non-compliance may attract a penalty from ₹10,000 to ₹15 lakh, with an additional ₹10,000 per day for continuing contravention.

ESG Audit Checklist India – Key Documents Required

1. Corporate and Governance Documents

The first step in an ESG audit is to verify whether the company has a clear governance structure. A business should not only have policies, but also records showing who approved them, when they were implemented and how they are monitored.

For example, an anti-bribery policy uploaded on the company server is not enough. The auditor may ask whether the policy was approved by management, whether employees were trained and whether complaints were reviewed during the year.

Companies should maintain at least 8 to 10 governance documents as part of their ESG file. These usually include code of conduct, anti-bribery policy, whistleblower policy, supplier code, ESG responsibility matrix, board or management review minutes, grievance redressal process and risk management policy.

Important records include:

  • Board or management review records for ESG matters
  • Code of conduct, anti-bribery and whistleblower policies
  • Supplier due diligence and vendor onboarding records
  • ESG responsibility matrix with department owners

2. Environmental Approval and License Documents

Environmental approvals are one of the strongest proof points in an ESG audit. If a company claims responsible operations, it must show that its plant is operating within approved limits.

The audit should check whether Consent to Establish, Consent to Operate, hazardous waste authorization, factory license, fire NOC, EPR registration and other permits are valid. It should also compare the approved capacity with actual production.

For example, if CTO allows 50 MT/day production but the plant reports 75 MT/day output, the ESG audit must flag it as a high-risk issue. If water withdrawal is approved for 100 KLD but actual usage is 130 KLD, the company may face regulatory and ESG reporting concerns.

The company should maintain:

  • CTE and CTO with validity dates
  • Hazardous waste authorization and annual returns
  • Fire NOC, factory license and site approvals
  • Capacity details in MT/day, KLPD, MTPA or units per year

3. Energy and GHG Emission Records

Energy data is one of the most important ESG audit areas because it directly affects carbon emissions. A company should maintain 12 months of electricity bills, fuel invoices, DG set diesel logs, renewable energy records and production data.

Scope 1 emissions are calculated from direct fuel use such as diesel, PNG, LPG, furnace oil, coal or biomass. Scope 2 emissions are calculated from purchased electricity. Scope 3 emissions may include transport, waste disposal, purchased goods, employee travel and product use, depending on business type.

A manufacturer producing 10,000 MT of goods annually should not only report total electricity use. It should also calculate energy intensity per MT of output. This makes ESG data more credible and comparable.

Audit records should include:

  • 12 monthly electricity bills
  • Fuel invoices and DG logbooks
  • Renewable energy certificates or solar generation logs
  • GHG calculation sheet for Scope 1, Scope 2 and relevant Scope 3 emissions

4. Water and Wastewater Records

Water is a high-risk ESG area for manufacturing, recycling, chemicals, textiles, food processing, battery recycling, ethanol, solar and plastic processing units. An ESG audit should check water withdrawal, consumption, treatment, recycling and discharge.

The company should prepare a water balance showing total water input, process use, domestic use, evaporation loss, treated water reuse and final discharge. If the company claims Zero Liquid Discharge, it must show daily records from ETP, RO, MEE, ATFD or other treatment systems.

Numerical tracking is important. Instead of saying “water usage is monitored,” the ESG audit should show figures such as 25 KLD freshwater consumption, 18 KLD treated water reuse, 3 KLD sludge generation or 80% recycling efficiency.

Water audit records include:

  • Flow meter readings and water bills
  • ETP, STP or ZLD operating logs
  • Treated water test reports
  • Sludge disposal records and manifests

5. Waste Management and EPR Compliance Records

Waste records are critical because they connect ESG claims with CPCB and SPCB compliance. Companies dealing with plastic packaging, e-waste, batteries, tyres, used oil, hazardous waste or end-of-life vehicles must maintain clear EPR and waste disposal evidence.

A strong ESG audit should check whether waste is generated, stored, transported and disposed of through authorized channels. If a company reports 100% responsible waste disposal, it should be able to show recycler agreements, invoices, weighbridge slips, manifests and return filings.

For ELV-related companies, the Environment Protection (End-of-Life Vehicles) Rules, 2025 were notified on 6 January 2025 and came into force from 1 April 2025. The Rules are based on EPR for environmentally sound vehicle scrapping and cover transport and non-transport vehicles, except specified agricultural vehicles such as agricultural tractors, agricultural trailers, combine harvesters and power tillers.

For EPR-linked businesses, ESG teams should check numerical obligations such as:

  • Product placed in market in kg, MT or units
  • EPR target percentage, such as 8%, 13% or 18% where applicable
  • Quarterly and annual return status
  • EPR certificate purchase, transfer or retirement records

6. BRSR and BRSR Core Data File

BRSR and BRSR Core require structured, auditable data. The company should not wait until the end of the financial year to collect ESG data. Monthly or quarterly collection reduces mismatch and missing evidence.

SEBI’s framework for BRSR Core covers assurance or assessment and ESG disclosures for the value chain. SEBI also issued industry standards on BRSR Core reporting in December 2024.
The value chain requirement is important because SEBI documents refer to upstream and downstream partners that cumulatively represent 75% of purchases or sales by value, subject to applicable framework and later ease-of-doing-business changes.

A BRSR-ready company should maintain:

  • BRSR indicator-wise data sheet
  • BRSR Core KPI calculation file
  • Source document mapping for each number
  • Department-wise sign-off from HR, EHS, finance, purchase and plant teams

Table 2 – ESG Compliance Timeline

Step Activity Suggested Timeline Documents Needed Risk If Delayed
1 Define ESG audit boundary 3 to 7 days Entity list, site list, product list Wrong reporting scope
2 Map regulations 7 to 10 days BRSR, EPR, CTE, CTO, CSR and permit records Missing legal obligation
3 Collect documents 15 to 30 days Bills, returns, permits, registers and policies Incomplete audit file
4 Verify plant data 3 to 7 days per site Site photos, logbooks, meter data and waste records Data mismatch
5 Prepare gap report 7 to 10 days Non-conformity list and risk rating Delayed corrective action
6 Close compliance gaps 30 to 90 days Updated filings, SOPs, licenses and returns Repeat audit failure
7 Prepare ESG disclosure file 10 to 20 days BRSR, ESG report and supporting files Unsupported public disclosure
8 Management review 1 to 2 meetings Final ESG dashboard and action plan Weak accountability

This timeline is practical for most Indian companies. A small office-led ESG review may take 3 to 4 weeks, while a multi-site manufacturing or recycling company may require 60 to 90 days, especially if licenses, EPR returns or plant-level records need correction.

ESG Audit Process for Indian Companies

Step 1 – Define the Scope

The company must first decide whether the audit covers one site, multiple plants, warehouses, subsidiaries, suppliers or the full value chain. This is important because ESG data changes significantly when the reporting boundary changes.

For example, a company with 1 corporate office and 3 factories should not report only office electricity if 95% of total energy consumption occurs at plant level. Similarly, importers and brand owners should include product placement, packaging and EPR exposure in the audit scope.

The output of this step should be a clear ESG audit boundary, covering entity name, locations, business activities, reporting year, applicable regulations and department owners.

Step 2 – Create a Document Room

The ESG document room should be arranged in a way that an auditor can trace every number. It should not be a random folder of scanned documents.

Each file should have a clear name, date and owner. For example, “Plant A Electricity Bill April 2025” is better than “Bill 1.” For ESG reporting, this simple discipline can reduce audit time by 20% to 30%.

The document room should include environmental approvals, energy data, water data, waste data, HR records, safety documents, governance policies, EPR records, BRSR files and corrective action reports.

Step 3 – Verify Data with Evidence

The audit team should compare reported ESG numbers with actual evidence. If a company reports 5,000 KL annual water use, the auditor should check flow meter logs, water bills and ETP records.

Similarly, if the company reports 100 MT hazardous waste disposal, the auditor should compare waste generation records with manifests, disposal invoices and authorized recycler certificates.

This step prevents greenwashing. It also helps companies identify weak records before customers, investors or regulators find them.

Step 4 – Prepare Risk-Rated Gap Report

Every gap should be rated as low, medium or high risk. A missing ESG policy may be a medium risk, but expired CTO, invalid EPR registration, wrong production capacity or unsupported emissions data should be treated as high risk.

The gap report should include the issue, evidence reviewed, risk level, responsible department, corrective action, target closure date and proof required for closure.

For better control, businesses should assign a 30-day target for urgent document gaps, 60-day target for internal process gaps and 90-day target for permit or system-level gaps.

Compliance Risks and Penalties

Poor ESG documentation can create 7 major business risks. These risks are not theoretical. They can affect production, imports, financing, customer contracts and management reputation.

A company with weak ESG records may face CPCB portal rejection, SPCB refusal, delayed CTO renewal, environmental compensation, EPR shortfall, customer audit failure or investor due diligence concerns.

For businesses dealing with environmental rules, the legal exposure can also be financial. Section 15 of the Environment Protection Act, 1986 provides penalty exposure from ₹10,000 to ₹15 lakh where no separate penalty is provided, with ₹10,000 per day for continuing contravention.

Common risks include:

  • CPCB rejection due to incomplete portal documents
  • SPCB refusal due to expired or mismatched consent data
  • Environmental compensation for non-compliance
  • Customs hold for importers with missing EPR or product compliance
  • Production halt due to invalid CTO
  • BRSR data qualification during assessment
  • Customer audit failure due to unsupported ESG claims

Best Practices for ESG Audit Readiness

Indian companies should maintain ESG data monthly, not only once a year. Monthly tracking makes it easier to detect missing bills, expired permits, unusual water use, waste mismatch and EPR shortfall.

Companies should also appoint department-wise ESG owners. Finance should own bills and cost data. EHS should own permits, waste and pollution control records. HR should own workforce and safety data. Purchase should own supplier records. Management should own governance review.

For companies preparing for BRSR, investor review, ESG certification or customer audits, one internal ESG audit every 6 months is recommended. High-risk sectors such as recycling, chemicals, batteries, plastics, electronics, automotive, textiles and food processing should conduct quarterly compliance checks.

Best practices include:

  • Maintain 12-month evidence for energy, water, waste and emissions
  • Review permits at least 90 days before expiry
  • Reconcile EPR data with GST, sales and import records
  • Keep all ESG numbers linked to source documents
  • Conduct internal ESG review every quarter for high-risk businesses

Conclusion

An ESG audit checklist India is not just a reporting format. It is a business protection tool. It helps companies identify weak documentation, regulatory gaps, unsupported claims and operational risks before they become penalties, customer rejections or investor concerns.

For Indian manufacturers, importers, recyclers, plant owners and ESG managers, the most important rule is simple: every ESG claim should have evidence. If the company reports 25% renewable energy, 80% water recycling, 100% authorized waste disposal or 15% emission reduction, each claim must be supported by documents, calculations and approvals.

Early ESG audit preparation reduces the cost of correction. It also helps businesses prepare for BRSR, BRSR Core assessment, CPCB and SPCB compliance, EPR obligations, export buyer audits and sustainability-linked financing.

📞 +91 78350 06182
📧 wecare@greenpermits.in

👉 Book a Consultation with Green Permits

 

Book a Technical Call with Expert

Green Permits