What's Actually Inside a €3M Big 4 CSRD Quote — A Line-by-Line Breakdown

The first time a Japanese, Thai, or Chinese conglomerate’s CFO sees a Big 4 CSRD readiness proposal, the reaction is some variant of disbelief. €2–4M for the first year. €400–900K ongoing. Hourly rates that translate to JPY 60,000–100,000, RMB 3,000–5,000, or THB 13,000–22,000 per hour. The proposal arrives with a Gantt chart, a stakeholder map, an "ESRS readiness assessment" methodology slide, and a vague line item titled "data integration and systems work" that absorbs roughly half the total cost.

This post breaks down what’s actually inside that quote. Where the money goes, which line items are doing real work, which line items are absorbing risk that could be priced down, and which line items the buyer can reasonably push back on.

It is the post I wish someone had written for me the first time I was on the customer side of this conversation.

This is a satellite to the broader ESG Data Bridge flagship — that post explains why the integration layer is structurally hard. This one explains why it’s structurally expensive in the way Big 4 prices it.

The eight categories that make up a Big 4 CSRD quote

Behind the slick proposal cover, every CSRD readiness quote breaks down into roughly the same eight cost buckets. The labels vary by firm — Deloitte calls things slightly differently than EY or KPMG or PwC — but the substance is consistent.

A representative €3M, 12-month CSRD readiness engagement for a mid-cap Asian conglomerate with 8–15 entities in scope decomposes approximately as follows:

Cost bucket	Typical % of total	Typical €	What you actually get
Double materiality assessment	8–12%	€240–360K	Stakeholder interviews, materiality matrix, ESRS topic prioritization
Gap assessment vs ESRS	10–15%	€300–450K	Mapping current disclosures to 1,144 ESRS data points
Methodology design	8–12%	€240–360K	Calculation methodologies, emission factor selection, boundary setting
Data integration and systems work	35–45%	€1,050–1,350K	The black box this post is about
Change management & training	5–8%	€150–240K	Internal workshops, RACI charts, capability building
Reporting platform implementation	8–12%	€240–360K	Configuring Workiva/Sphera/Greenly etc.
Audit readiness & limited assurance prep	6–10%	€180–300K	Mock audits, evidence binders, controls documentation
Project management & PMO	6–10%	€180–300K	Steering committees, status reports, risk logs

The data integration line is the largest single bucket and also the one most loosely defined. That’s not an accident. That’s where the project risk is absorbed by the consulting firm’s pricing.

Let me walk through each, in plain terms, with notes on what’s defensible, what’s negotiable, and what’s fat.

Bucket 1 — Double materiality assessment

What it is: the formal process of identifying which ESRS topics are "material" — meaning which ones your business genuinely needs to report on. CSRD requires double materiality, meaning you assess both how sustainability issues affect your financial performance (financial materiality) and how your business affects the world (impact materiality).

What you actually get for €240–360K: Big 4 will run 15–25 stakeholder interviews (employees, suppliers, customers, NGOs, investors, regulators), produce a materiality matrix mapping topics on two axes, and deliver a "material topics" list that justifies what you will and won’t report on.

What’s real about this work: the methodology is standardized but the execution is genuinely consulting-heavy. Stakeholder identification, interview scheduling across multiple countries, and the synthesis of qualitative data into a defensible matrix is real work. EFRAG’s guidance on double materiality is also evolving — the firm carries the risk of being right on a moving target.

What’s negotiable: the number of stakeholder interviews. Big 4 default proposals often quote 25 interviews; you can usually negotiate to 15 without losing audit defensibility, especially if you supplement with documented existing engagement (employee surveys, customer NPS, supplier scorecards) you already have. That alone saves €40–80K.

What’s worth pushing back on: templated outputs sold as bespoke. If the materiality matrix slide template is the same one another client received last year with names changed, you’re paying senior-partner rates for junior-associate work. Ask to see the template and ask what’s customized for you specifically.

Bucket 2 — Gap assessment vs ESRS

What it is: a structured comparison of what your company currently discloses versus the 1,144 data points across 12 ESRS standards (ESRS 1–2 governance, E1–E5 environmental, S1–S4 social, G1 governance), identifying which data points you can already report, which you have data for but not in the right form, and which you have no data for at all.

What you actually get: a spreadsheet. A really detailed spreadsheet, often 1,500+ rows, mapping each ESRS data point to your current data sources, gap rating, and remediation effort estimate. Plus a written assessment summarizing themes.

What’s real about this work: the spreadsheet is genuine value if it’s done well. Done badly, it’s a junior-consultant exercise of copy-pasting ESRS standard text into rows and asking your team to fill in the blanks. The difference between a real gap assessment and a checkbox exercise is the consultant’s ability to ask "you say you have this data — show me the source system, the field name, the refresh frequency, and the data owner" instead of trusting your team’s verbal answer.

What’s negotiable: scope. You don’t need a full 12-standard gap assessment if your double-materiality work has already eliminated 4–5 standards as immaterial. A gap assessment scoped to the 6–8 material standards costs 50–60% of the full version. Big 4 default proposals often include the full assessment regardless. Push back.

What’s worth pushing back on: double-charging for data inventory work. If the data integration bucket (Bucket 4) includes "current state assessment of source systems," and the gap assessment also includes "data source mapping," you’re paying twice for substantially the same exercise. Make sure the work products are clearly different.

Bucket 3 — Methodology design

What it is: for each material topic, deciding how you’ll calculate the disclosed numbers. For Scope 2 emissions, market-based or location-based or both? For Scope 3 Category 1 (purchased goods and services), spend-based, average-data, or supplier-specific? For S1 workforce metrics, what’s the entity boundary? For G1 anti-corruption, which controls qualify as "in scope"?

What you actually get: a methodology document — typically 60–120 pages — that defines, per ESRS data point, the calculation approach, data sources used, boundaries (organizational, operational, geographical), emission factor sources, assumptions, and limitations. This document is what your auditor reads when forming an assurance opinion.

What’s real about this work: the document is the foundation of audit defensibility. If a methodology decision is wrong (e.g., you used spend-based Scope 3 when supplier-specific was reasonably available), the auditor can require restatement, which is expensive and reputation-damaging. The methodology doc is also where IFRS/ISSB alignment, GRI cross-reference, and ESRS interoperability decisions get made.

What’s negotiable: less than other buckets. This is the one place where Big 4 expertise is genuinely valuable, because methodology decisions interact with audit positions across all four major firms. A methodology doc reviewed by a Big 4 partner has implicit audit acceptance that an in-house doc doesn’t.

What’s worth pushing back on: the page count. A 200-page methodology doc isn’t more rigorous than a 90-page one — it’s just longer. If the proposal commits to a specific page range or word count, that’s a sign the firm is selling perceived heft rather than actual quality.

Bucket 4 — Data integration and systems work — the big one

What it is: building the technical pipes that move data from your operational systems (SAP, factory MES, BMS, fleet trackers, HR, accounting, supplier portals, spreadsheets, PDFs) into the format and structure required by your chosen reporting platform.

What you nominally get: an integration architecture document, source-system connectors, ETL pipelines, data quality rules, and audit trails wired up to feed your CSRD reporting tool.

What you actually get: this is the bucket where Big 4 economics break down. Big 4 firms are excellent at strategy, methodology, and audit — those are their core competencies and they hire accordingly. They are not, structurally, software engineering firms. The data integration work is typically subcontracted (often to an Indian or Eastern European delivery center) or staffed with consulting-track professionals who write reasonable PowerPoint but limited production code.

The output is often: an integration architecture diagram (a slide), a list of source systems and target fields (a spreadsheet), a sample of reference Python code (a notebook), and a set of recommendations for "in-house implementation" by your IT team — meaning the actual pipes still have to be built by someone, after the consulting engagement ends, at additional cost. Or the firm will quote a separate "Phase 2 implementation" engagement at another €1–3M.

In other words, the €1–1.35M data integration line in the readiness quote often does not include actually building working integrations. It includes specifying that integrations need to be built. The build phase is sold separately.

What’s real about this work: the architecture and target-state design has genuine value. The challenge is that 60–70% of the budget in this bucket is commonly going to documentation deliverables, not to functioning code or working pipelines.

What’s negotiable: almost everything. This is the single largest cost-reduction lever in the entire proposal. Three concrete moves:

Unbundle the integration work from the readiness engagement entirely. Have Big 4 do strategy, methodology, gap assessment, and audit prep — what they’re actually good at — and have a specialist integration vendor (a software firm, not a consulting firm) do the build. The math typically works out to 30–50% cost reduction on this bucket alone.
Demand named outputs, not deliverables. "Integration architecture" can mean a slide deck or a working data pipeline. Specify in the SOW that the deliverable is X working source-system connectors with Y data quality rules implemented, tested against Z reference scenarios. Watch how the price changes when the scope is concrete.
Refuse junior-staffed delivery at partner billing rates. If the work is being done by an offshore delivery center, the rate should reflect that, not the partner-on-rotation rate Big 4 defaults to charging.

What’s worth pushing back on: the bundling itself. The single biggest reason CSRD projects come in at €3M+ rather than €1.5M is that the integration work is bundled into the readiness engagement at consulting-firm pricing. Unbundling is the most consequential negotiation lever the buyer has.

Bucket 5 — Change management and training

What it is: workshops to bring your sustainability, finance, and operations teams up to speed on what CSRD requires, how the new processes work, and who owns what going forward.

What you actually get for €150–240K: typically 8–12 workshop sessions across business units, e-learning modules tailored to your company, a RACI matrix for sustainability data ownership, and possibly a "sustainability data governance handbook."

What’s real about this work: internal capability building has genuine value, and CSRD does require new processes and new roles. The auditor will ask who owns what data, and "the consultant did it" is not an acceptable answer beyond year one.

What’s negotiable: delivery format and audience size. Live workshop sessions for 8 business units cost more than recorded video plus 2 live Q&A sessions. The latter is often acceptable depending on your culture.

What’s worth pushing back on: templated training content sold as bespoke. The CSRD basics module that the firm gives every client should be priced as a license, not as bespoke development.

Bucket 6 — Reporting platform implementation

What it is: configuring whichever reporting tool you bought (Workiva, Sphera, Greenly, Sweep, Persefoni, IBM Envizi) — setting up the ESRS modules, mapping your data to the platform’s data model, configuring the iXBRL output, setting up users and approval workflows.

What you actually get for €240–360K: a configured tenant of the platform, ready to receive data from your integration layer.

What’s real about this work: implementation of these platforms is genuinely non-trivial, and certified implementation partners are required for audit defensibility on most platforms.

What’s negotiable: the implementation partner. The platform vendor often has a list of certified partners — Big 4 is on that list, but so are smaller specialist firms at 50–70% the rate. For Workiva especially, mid-tier implementation partners deliver equivalent quality at substantially lower cost. The platform vendor itself can usually recommend non-Big-4 certified partners.

What’s worth pushing back on: the assumption that your readiness consultant has to be your platform implementer. They don’t. Splitting these roles often saves cost and improves quality.

Bucket 7 — Audit readiness and limited assurance preparation

What it is: preparing your reports, evidence, and controls for the third-party limited assurance review that CSRD mandates. Mock audits, evidence binder construction, internal controls documentation, walkthroughs of how data flows from source to disclosure.

What you actually get for €180–300K: mock-audit reports identifying issues your real auditor will likely flag, evidence templates for each material disclosure, controls documentation aligned to assurance standards (ISAE 3000), and likely several rounds of remediation work on issues found.

What’s real about this work: essential and high-value. The cost of a failed limited assurance opinion is far higher than the cost of preparation. This is one of the buckets where Big 4 specifically earns its rate.

What’s negotiable: the scope of the mock audit. A mock audit covering all 12 ESRS standards costs more than one focused on the 6–8 material standards. Scope it to the material topics.

What’s worth pushing back on: if the firm doing your readiness work and the firm doing your actual assurance are the same firm, there are independence rules limiting how much advisory work can be done by the assurance team. Make sure you understand the independence implications — sometimes splitting readiness from assurance across two firms saves both money and audit risk.

Bucket 8 — Project management and PMO

What it is: the senior consultant or partner running the engagement, status reports to your executive committee, risk register maintenance, schedule management, change requests.

What you actually get for €180–300K: weekly status reports, biweekly steering committees, a project plan that gets updated, a risk log, and a single point of accountability.

What’s real about this work: real but often inflated. Project management of a complex multi-workstream engagement requires senior leadership. The question is how much senior leadership.

What’s negotiable: the seniority mix. A partner running PMO at 100% allocation is different from a partner at 20% with a senior manager at 80%. The latter is usually fine and substantially cheaper.

What’s worth pushing back on: PMO that exceeds 10% of total project cost. If it’s at 12–15%, that’s typically fat that can be removed without affecting outcomes.

What a smart unbundled approach actually costs

If the buyer takes the unbundling moves seriously — keeping Big 4 for the parts where they’re genuinely valuable (methodology, audit readiness, gap assessment), and going to specialist vendors for the parts where they’re not (integration build, platform implementation, training delivery) — the same scope of work commonly comes in at €1.2–1.8M instead of €2.5–4M.

A representative split:

Workstream	Vendor	Approximate cost
Double materiality, gap assessment, methodology, audit readiness	Big 4 (kept)	€700K–1.0M
Reporting platform implementation	Certified specialist partner (not Big 4)	€120–200K
Data integration build (the actual pipes)	Specialist integration vendor	€300–500K
Change management and training	In-house with light external support	€60–120K
Project management	Internal PMO + lightweight Big 4 oversight	€40–80K

The savings come from two places. First, putting the integration work with a software firm at engineering-firm rates rather than consulting-firm rates — typically 40–60% less per hour for higher-quality output. Second, eliminating the duplicated documentation work that comes from bundling everything under one consulting umbrella.

The buyer’s playbook, in three moves

Move 1: Demand the line-item breakdown before signing anything. If the proposal arrives as a single fixed-price number with no decomposition, ask for it. A reputable firm will provide it. A firm that resists is hiding something.

Move 2: Unbundle integration and platform implementation. This is the single highest-leverage move. Keep Big 4 for what they’re best at; don’t pay them consulting-firm rates for software work.

Move 3: Tie payment milestones to working artifacts, not hours billed. "X source system connectors live in production with audit trails verified" is a milestone. "Phase 2 of integration design complete" is not. The contract should reward delivered functionality, not delivered slides.

What this means for who actually builds the bridge

The point of this post is not that Big 4 is the wrong vendor for everything. They’re often the right vendor for the methodology, gap assessment, and audit-readiness work. The point is that the integration line item — the €1M+ bucket where most of the budget goes — is structurally mispriced when bundled with consulting work, and the buyer has substantial leverage to fix that pricing by treating integration as a separate procurement.

That separate procurement is exactly the kind of work software firms specialize in. It’s also the work where being physically and linguistically close to the source systems matters more than being in Frankfurt or London — which is the structural argument for an Asia-based integration vendor that the ESG Data Bridge flagship post lays out in detail.

If you’re in active CSRD scoping right now and a Big 4 quote is sitting on your desk that you need to pressure-test before signing, that’s exactly the conversation we have at Simplico. We’ve helped Asian conglomerates unbundle these proposals and re-procure the integration work at substantially lower cost without sacrificing audit defensibility. Send the redacted proposal and let’s walk through it.