As we outlined in our recent article ‘the future of corporate reporting’, global challenges such as climate change, biodiversity loss and social issues are increasingly core issues for companies. The nature of these risks and the drivers of value for companies today means that broader information – outside of solely financial metrics – is essential for resilient business and sustainable investment decisions. Conor Holland, Colm O’Sé and UK Partner George Richards discuss.

As we move inexorably toward unified sustainability reporting, companies will need to ensure they provide comprehensive non-financial information (ESG) disclosures, to address the evolving reporting requirements – both from regulators and broader stakeholders. 

Why are companies looking for assurance over their ESG disclosures?

Any information reported externally, which is material to understanding a company’s development, performance or position – including the impact of its activities on environmental and social matters – needs to be consistent, accurate and reliable. Stakeholders are increasingly looking for more comprehensive ESG information from companies – and not just around climate risk, but on governance and social issues, such as culture and diversity. Assurance over non-financial information disclosed by an entity enables organisations build trust in the accuracy and veracity of what they disclose. The nature and extent of assurance obtained can vary, and will be determined with reference to factors such as: who the company’s stakeholders are; whether the company has specific ESG related financing mandates; whether the company is public or private; what industry the company is in; and, how evolved the company is in their ESG reporting.

What do we mean by Assurance?

The most widely used external assurance standard for non-financial information is ISAE 3000 and, to a lesser extent, ISAE 3410 for Greenhouse gas Key Performance Indicators (KPIs)

The scope of independent assurance obtained is either:

  • Limited assurance – e.g. the opinion provided on a half-year review of financial statements is an example of a limited assurance; or
  • Reasonable assurance – e.g. the opinion provided for an audit of financial statements is an example of a reasonable assurance conclusion.

Accordingly, the scope of what is covered in an ESG assurance engagement, and the amount of testing effort required, depends on the level of assurance an organisation obtains. Currently, given ESG reporting is relatively nascent across most companies and sectors, most reports provided by an independent practitioner have been an ISAE 3000 limited assurance opinion. However, companies who are more sophisticated and advanced ESG reporting are beginning to obtain more comprehensive (reasonable) assurance opinions under ISAE 3000.

For context, readers will appreciate that in financial statement audits the full primary statements and associated disclosures will all be under the scope of testing by the auditor; conversely, for ESG reporting, it is generally selected KPIs, or specific sections of the annual report, that are subject to independent assurance. 

Hand arranging paper cuts into graphs on desk

What are companies doing today?

Our recent KPMG survey revealed that of the top 100 companies (by revenue) across 52 countries, a significant 80% have reporting on ESG, with up to 61% of those reporting also obtaining assurance. The significant numbers of entities obtaining ESG assurance underscores the increasing relevance and importance of the ESG disclosures to a company’s stakeholders.

Presently, ESG reporting frameworks adopted by companies are largely voluntary; consequently, the associated assurance obtained, is also voluntary. However, as we move toward mandatory, unified sustainability reporting standards, through developments such as the amended Non-Financial Reporting Directive (NFRD) and the creation of the IFRS foundation’s sustainability standards, prescript and detailed ESG reporting will become mandatory. As a result, it is expected that the enhanced mandatory disclosures will also be required to have some form of independent assurance (in the same way as financial reporting information is subject to assurance through an audit). These developments are expected to come into effect on a straddled basis from 2023; however, in the meantime, there is a growing trend of companies already preparing separate ESG/sustainability reports (in tandem with, or as part of, their annual reports) that contain an independent assurance report over the identified ESG KPIs.

What are companies getting assurance on?

And how is it evolving?

As the matrix below illustrates, we expect that for those KPIs for which there is a high level of reliance and/or relevance to a company’s stakeholders, there will be a need for a higher level of assurance, whether it’s public or private (i.e. just for the benefit of the board). 

ESG KPI graph

We are also noting a shift across all sectors in the level of assurance obtained for certain KPIs – particularly, climate related – which are now increasingly subject to reasonable assurance. While the KPIs reported for each company will vary, climate related metrics are the most common disclosed and subject to assurance, with Green House Gas (GHG) emissions the most widely reported KPI. Moreover, a significant number of entities continue to report against multiple frameworks (TCFD, GRI, SASB) in their sustainability report – with certain KPIs from each framework, subject to assurance.

In summary, obtaining assurance over material ESG disclosures provides multiple benefits to both the company and its key stakeholders, including:

  • enhanced credibility over the accuracy and veracity of what is being reported;
  • driving the organisation to improve and enhance internal processes and controls over the collation and reporting of ESG data;
  • allows a company to benchmark their disclosures to best practice and enhance the overall quality of non-financial reporting that is of critical importance to stakeholders; and
  • enables a company to prepare for the mandatory ESG reporting obligations coming into effect in the next 2-3 years.

What should you do now?

  1. Identify the KPIs
    Companies should identify their identified non-financial reporting KPIs and assess whether they are supported by robust internal processes over their completeness and accuracy.
  2. Address any gaps by engaging Internal Audit and external assurance
  3. Report to the Audit Committee/Board on your assurance approach and future road map
    The nature and extent of ESG reporting will evolve as regulation crystallises over the next 2-3 years; engage with your audit committee to ensure there is an understanding of direction of travel for how the entity will build the reporting infrastructure over ESG reporting.
  4. Engage with external stakeholders to develop a materiality assessment on ESG disclosures, and implement any process and control improvements that may be needed arising from this
  5. Review the content of your ESG reporting/methodology statements to ensure they are consistent with industry practice and emerging regulatory developments
  6. Consider undertaking a pre-assurance/readiness assessment before first publication of any assurance report
    Pre-assurance are helpful to identify gaps and limit the costs of an assurance engagement or risk of getting a qualified assurance option.

Get in touch

For more information about ESG reporting assurance, contact our Sustainability assurance experts, below.

Our Sustainability assurance team

More in Sustainability