While the external audit of financial reports has traditionally been mandated, independent assurance of sustainability reports has only been required in for certain countries (e.g., France, Italy and Spain). The Corporate Sustainability Reporting Directive (EU Directive 2022/2464, CSRD), amending the Accounting Directive (EU Directive 2013/34, AD), introduces a general assurance requirement for the sustainability reports of all in-scope companies. A report’s compliance with the European Sustainability Reporting Standards (ESRS) must be certified by an auditor, audit firm or other independent assurance provider.

This assurance requirement was introduced to ensure the reliability and credibility of sustainability reporting, to improve data quality, to avoid greenwashing, and to put sustainability reporting on the same level as financial reporting. However, companies face challenges in preparing and verifying the data for assurance.

In this newsletter we look at what kind of sustainability assurance is required under the CSRD, and what in-scope companies should do to ensure an effective assurance process.

What is sustainability assurance?

Simply put, sustainability assurance is the assurance of a company’s non-financial statements. Such assurance is designed to ensure the accuracy of reported sustainability information and its consistency with reported financial information. Any material misstatement, also in relation to the objective of the engagement, must be avoided.

The general requirements for the audit and assurance of sustainability reports are set out in Article 34 AD, according to which public interest entities, medium-sized, and large companies are subject to a sustainability assurance by one or more statutory auditors or audit firms approved by Member States.

What is the assurance process for ESRS reports?

The assurance profession distinguishes between limited assurance and reasonable assurance.

For limited assurance, the auditor performs fewer tests, and the conclusion is expressed in a “negative” form (~ “Nothing has come to our attention in all material respects, that the Company’s report has not been prepared in accordance with the applicable reporting framework.”). On the other hand, reasonable assurance involves extensive procedures, and the opinion is expressed in a “positive” form (~ “In our opinion, the disclosures in the Company’s report is presented in accordance with the applicable reporting standard and is, in all material respects, fairly stated.”).

According to Article 34 AD, the auditor shall express an opinion on the compliance of the sustainability reporting with the requirements of the AD based on a limited assurance engagement. This includes:

  • compliance of the sustainability reporting with the sustainability reporting standards [i.e., ESRS],
  • the process carried out by the undertaking to identify the information reported pursuant to those sustainability reporting standards [identifying key performance indicators according to the double materiality assessment],
  • compliance with the requirement to mark-up sustainability reporting [electronic tagging], and
  • compliance with the reporting requirements under Article 8 of Regulation (EU) 2020/852 [disclosures made under the EU Taxonomy Regulation].

The European Commission (EC) is taking a progressive approach and plans to raise the assurance level to reasonable assurance. This shift would provide users of sustainability information with the same level of comfort as financial information and demonstrate that sustainability information is as critical to business viability and stakeholder decision making as financial information.

What are the standards used for sustainability reporting assurance?

The Directive on Statutory Audits of Annual Accounts and Consolidated Accounts (EU Directive 2006/43/EC, Audit Directive) establishes rules for the assurance of annual and consolidated sustainability reports.

Article 26a Audit Directive sets out the assurance standards for auditing sustainability reports. The provision requires statutory auditors and audit firms to carry out the assurance process in accordance with the assurance standards adopted by the EC. In order to ensure consistent assurance practices and high quality assurance of sustainability reporting across the European Union, the EC has the power to adopt sustainability assurance standards through delegated acts. However, there is not yet an agreed EC assurance standard for ESRS reporting.

The EC shall adopt delegated acts to provide for limited assurance standards no later than 1 October 2026 and delegated acts to provide for reasonable assurance standards no later than 1 October 2028.

Until then, Article 26a Audit Directive allows Member States to apply national assurance standards. The current lack of a commonly agreed standard for assurance on sustainability reporting creates a certain risk of different interpretations and expectations of what an assurance engagement would entail.

Assurance providers may also use international standards, such as those developed by the International Auditing and Assurance Standards Board (IAASB). The IAASB’s standards are publicly available, part of a comprehensive global assurance framework, and accepted by the market.

IAASB’s international standards on sustainability assurance are the following:

i) International Standard on Assurance Engagements ISAE 3000 (Revised),

ii) Assurance Engagements on Greenhouse Gas Statements ISAE 3410, and

iii) Proposed International Standard on Sustainability Assurance ISSA 5000.

ISAE 3000 (Revised) provides the necessary methodological steps to respond to the need for either limited or reasonable assurance. Current assurance practice in Member States is mostly based on this standard, whether required by law or voluntarily undertaken by companies. ISAE 3410 provides assurance on greenhouse gas key performance indicators (KPIs). Finally, the Proposed ISSA 5000 will serve as a comprehensive standard suitable for all sustainability assurance engagements. The Proposed ISSA 5000 is closed to public consultation and the final standard will be issued before the end of 2024.The European Securities and Markets Authority (ESMA) also believes that Proposed ISSA 5000, as an internationally recognised sustainability assurance standard, will provide sufficient guidance for consistent application across all reporting frameworks and by all assurance providers, thereby significantly improving the quality of assurance and increasing users’ confidence in sustainability information.

How should an assurance report on sustainability reporting be prepared?

Article 28a Audit Directive regulates the preparation of the assurance report on sustainability reporting. The article provides that the assurance report should be in writing and

  • identify the entity, and the sustainability reporting framework used,
  • specify the annual or consolidated reporting and the date and period it covers,
  • include a description of the scope of the assurance, and
  • include the opinion.

Companies should prepare their sustainability reports with care, considering the requirements above. This will allow independent assurance providers to easily assess whether the information is accurate in all material respects.

What are the challenges of assurance for sustainability reports and how can companies address them?

Following the changes brought about by the CSRD, the number of companies requesting sustainability assurance will increase significantly. To meet this demand, assurance providers have the opportunity and challenge to expand their services to include sustainability assurance in addition to financial assurance. As mentioned above, there is currently no single sustainability assurance standard for ESRS reporting and disclosures will vary from country to country. Assurance providers will need to carefully assess each Member State’s national assurance standards as well as international standards such as the IASSB standards.

Another challenge is the subject matter of the information to be assured. Sustainability information covers different topics, including different units. In the case of financial information, the errors are easier to detect because the information in the report is in the same currency units (i.e. euros, US dollars, etc.). In sustainability reports, however, the units are different (tons, kilowatts, litres etc.) that may not always be labelled accurately. Therefore, there is a higher risk of confusion, and more scrutiny is required in the preparation and assurance of the reports.

To meet this challenge, companies should provide quality information in their sustainability reports and ensure that the information they report is comprehensible, consistent for the assurance provider and users, and correctly labelled. Companies can ask themselves the following questions when preparing sustainability information:

  • Does the company have a risk assessment for this key performance indicator?
  • Does the company have supporting processes in place as internal controls to ensure that the information is reliable?
  • Does the company ensure that there is no risk of greenwashing in the reported information?
  • How dependent is the company on the sustainability information obtained from third parties (value chain)?
  • How does the third party calculate the dependent sustainability information?

We advise companies to have a solid data base for their KPIs when reporting, to ensure they are getting the right data. This would ultimately help the assurance provider during the assurance process. Companies can also involve the assurance provider in the preparation of the sustainability report to check the accuracy and completeness of the data.

Conclusion

The CSRD introduces mandatory assurance of sustainability reports for in-scope companies. The CSRD provides for limited assurance, followed by reasonable assurance at a later stage. The AD and the Audit Directive set out the general requirements for the assurance of sustainability reports. To provide guidance to assurance providers and to have harmonised standards, the EC will develop assurance standards. Until then, national standards or international standards such as IAASB standards may be used.

The assurance process of sustainability information has specific challenges to overcome, such as the need for expert capacity in assurance of sustainability reporting, heterogeneity of assurance standards and measurement units, etc. To ensure a smooth assurance process, companies should pay particular attention to data quality and consistency and involve the assurance provider in the preparation of the sustainability reports.