External assurance plays a key role in enhancing trust and confidence in financial and non-financial reporting. Both limited and reasonable assurance are relevant to ESG and sustainability reporting.
External Assurance & Sustainability Reporting
What is assurance?
Assurance is the opinion of an independent expert on information or data. This independent assessment will be based on professional standards and guidelines and provides assurance of the accuracy and reliability of ESG data and reporting processes. Assurance in this context is also referred to as sustainability assurance, non-financial assurance, external audit or verification.
Do you need help with External Assurance & Sustainability Reporting?
We have the expertise to give you the advice that you need to make smart choices for the future.
Get in touch and see what we can do for you.
Financial vs sustainability assurance
Financial assurance relies on established processes and standardised data. In contrast, ESG/sustainability assurance is still in its infancy. Assurance regulations in this sector are still developing, and capable practitioners are rare. Systems, controls, and processes for data checks are not yet established. Additionally, the data is multi-faceted and cross-functional, making it challenging to collect, analyse, and report reliably. This process is resource-intensive and complex.
Why is assurance necessary?
There is increasing stakeholder pressure for quality information and data. Although most companies are not required by regulation to collect this data, or have it assured, larger entities are required to report, and so push these requirements down through their value/supply chain.
Assurance helps to
- Ensure compliance with regulations
- Increase stakeholder confidence in the information reported
- Avoid greenwashing and consequent reputational / litigation risks
- Improve management systems and reporting
- Provide quality data for management decision-making and strategic planning
- Enables integration between sustainability and financial disclosures
- Can support green finance initiatives
- May increase access to capital
What can be assured?
For sustainability reporting, assurance is concerned with non-financial information such as Green House Gas (GHG) data, climate-related financial disclosures and green claims.
Who should provide the assurance?
A competent and qualified person over a clearly scoped subject matter.
Lines of defence
The three lines of defence is a framework to help visualise and assign clear roles and responsibilities across the organisation to ensure there are adequate controls and risk management procedures in place for effective risk management. This helps with data quality and reliability for auditing purposes.
Assurance – Lines of defence
The three lines of defence is widely used framework by organisations to ensure there are adequate systems, controls and processes within the organisation. This framework clarifies control and risk management responsibilities across the organisation to help with reliability and accuracy of data.
Types of assurance
Limited assurance
Limited assurance is often stated as a negative finding: ‘no matter has been identified to conclude that the subject matter is materially misstated’. The assurance provider’s conclusion provides comfort that the subject is plausible against the criteria.
Limited assurance relies on representations made by the company’s management team as an information source. It entails less verification to source documents when compared to a reasonable assurance engagement, a less detailed understanding of processes and controls and a lower level of scrutiny of source data and topics to include in the report.
Limited assurance is the most common form of assurance and is provided at a lower cost. It is also the established assurance currently offered on sustainability data.
Reasonable assurance
Reasonable assurance is the highest level of assurance and is the equivalent of a financial audit standard. As such, it is not currently offered on non-financial information due to the lack of common assurance standards. An exception would be when sustainability matters are included in financial statements.
Reasonable assurance requires the auditor to check metrics and disclosures, tracing them to their source to confirm accuracy. It ensures that the company presents a balanced report that is relevant to stakeholders, limiting greenwashing where a company might focus on areas where it performs well.
Reasonable assurance is more expensive, takes more time, requires more evidence, but reduces the risk of misstatement to an acceptably low level.
Reasonable ESG assurance demands a greater understanding of internal processes and controls.
For both types of assurance, the company must have the appropriate governance, controls, systems and processes in place to ensure that the information is credible, robust, clear and relevant. There must be a clearly defined scope of work, subject matter criteria and a written conclusion. The techniques used would include interviews, document reviews, evidence collection, sampling, verification and validation. The outputs would be a published independent assurance statement or certificate as part of a sustainability report and, possibly, recommendations to management on how ESG is managed.
What should you look for in an assurer?
- Expertise, professional ethics, independence, objectivity, confidentiality
and professional secrecy - Led by someone with experience in auditing
- A method for reporting irregularities
- Appointment and dismissal, investigations and sanctions
- Quality assurance systems
Assurance standards
- Assurance providers are generally approved by a national body – the EU Directive 2006/43/EC defines who can provide statutory auditing (including sustainability)
- There has historically been a difference between financial auditors and non-financial (i.e.: under ISO)
- Financial providers use ISAE standards, non-financial providers are often assured under ISO/IEC 17029
- The International Accreditation Forum (IAF – from the ISO world) and the International Standards Board for Accountants (IESBA – from the financial world) have proposed a plan to collaborate on a common framework for ethical standards for auditors
- A new IAASB standard (ISSA 5000) General Requirements for Sustainability Assurance Engagements is currently in draft and will become the future method for financial auditors – and possibly for all.
The Future
As sustainability disclosures grow in the management accounts of companies, the need to maximise trust and confidence in the underlying data will become ever more important. This leads to the need to have high quality independent assurance to ensure data is credible, robust and can inform decision making. This then avoids potential reputational damage and ensures consistent reporting in the management accounts, irrespective of the assurance mandated by the sustainability reporting requirements.
Under the Corporate Sustainability Reporting Directive (CSRD), assurance will be mandatory. The CSRD states that limited assurance of sustainability disclosures will be expected within three years of implementation (starting 2026) with reasonable assurance within 6 years of implementation (starting 2028).
Assurance will be against
- Double Materiality assessment process/methodology
- ESRS material disclosure requirements
- Digital tagging requirement to ensure machine-readable information (XBRL capability)
Although it may seem distant, businesses and organisations subject to the CSRD (and consequently the ESRS) will need limited assurance immediately, building to reasonable assurance by 2028 at the latest.
Let us Introduce Ourselves
To find your nearest office or get in touch with one of our specialist advisors to see how we can help your business, please go to our contact page.