Sustainability metrics and disclosures have attracted significant attention globally. Yet, assurance practices vary in the amount of work performed and investors may be lulled into a false sense of security by the word “assurance.”
The voluntary nature of sustainability reporting has led to fragmented practices and concerns about greenwashing, prompting recent regulatory actions such as the European Union (EU) Corporate Sustainability Reporting Directive (CSRD) and the climate-related disclosure rule for U.S. Securities and Exchange Commission (SEC) registrants.
Investors and other stakeholders increasingly rely on sustainability information for decision-making given the rise of environmental, social, and governance (ESG) considerations. Naturally, this has increased demand for external assurance, even in the absence of regulatory requirements. For instance, the Center for Audit Quality noted that in 2021, 320 of the S&P 500 companies voluntarily purchased assurance services for some of their sustainability information.
However, these assurance practices vary in the level of assurance provided. The two common levels are “limited” and “reasonable.” So, what do they cover, and what sets them apart?
Assurance of Sustainability Reports: What is Covered?
Sustainability reports cover a wide range of topics, from environmental impacts to employee diversity, to governance oversight. They often communicate trends and key takeaways in the form of figures and tables.
Notably, sustainability assurance engagements do not automatically cover all the information disclosed in a sustainability report. To understand what is assured within a sustainability report, one must refer to the accompanying assurance report. The assurance report may be included in the sustainability report, or it may be available through referenced links (e.g., on the company’s website).
The assurance report should explicitly identify what is subject to assurance. For instance, the assurance report for the 2023 Sustainability Report of Siemens Healthineers states: “We have performed a limited assurance engagement on the disclosures marked with the [check mark] symbol (hereafter the “disclosures”) in the Sustainability Report of Siemens Healthineers AG.”
But the assurance statements for Coca-Cola’s 2022 Business and Sustainability Report have appendices listing the indicators that were subject to assurance.
The assurance report should also disclose the criteria against which the sustainability information is evaluated. For Siemens Healthineers, the criteria are the Global Reporting Initiative standards. For Coca-Cola, the criteria are also listed in the appendices and include company-specific manuals. Particularly in cases like the Coca-Cola example, investors are encouraged to go to the appendices and determine whether the chosen criteria seem reasonable given company-specific business operations.
In the absence of specific regulatory requirements, companies can opt for either limited or reasonable assurance services. Limited assurance and reasonable assurance represent different levels of confidence in the accuracy of reported information.
What is Reasonable Assurance?
Reasonable assurance is akin to what most investors may be familiar with from financial audits. It provides the highest level of assurance. The assurance provider reduces the risk that the sustainability information is materially misstated to a predefined acceptably low level, though never to zero.
Importantly, despite being the highest form of assurance service offered, reasonable assurance does not provide absolute certainty. The assurance provider does not guarantee that all possible errors or fraud indicators are detected.
Because the assurance engagement provides only “reasonable” assurance, the procedures are performed on a test basis. This means that the assurance provider draws samples and uses analytics to identify specific transactions or estimates that warrant further testing.
Testing may involve tracing evidence to supporting documents, confirming information with third parties or legal providers, consulting specialists to verify the reasonableness of assumptions made in estimates or calculations, and conducting on-site testing. It also includes gaining an in-depth understanding of the processes used by management to prepare the disclosures and testing the accuracy of data processed by information technology systems and manual spreadsheets.
Finally, the assurance provider will evaluate whether the procedures identified any errors or misstatements. To determine whether management needs to correct these errors or misstatements before the publication of the sustainability report, the assurance provider uses a predefined materiality threshold, which may or may not be disclosed in the assurance report.
If the total effect of the identified errors or misstatements is below the predefined materiality threshold, the assurance provider can sign off without additional disclosure about the identified issues because they are deemed less than material.
The conclusion in a reasonable assurance engagement report is expressed in a positive form, as exemplified by the 2022/2023 ESG Report of GUESS: “Our responsibility is to express an opinion on Management’s Assertion based on our examination. […] We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our opinion. […] In our opinion, Management’s Assertion related to the Key ESG Metrics and Disclosures as of and for the year ended January 29, 2022, and January 28, 2023, is fairly stated, in all material respects.”
Depending on the assurance standard used, the assurance provider will likely use the term “examination” or “audit” to describe the reasonable assurance engagement.
What is Limited Assurance?
In a limited assurance engagement, the assurance provider still aims to perform procedures that reduce the risk that the sustainability information is materially misstated. However, the accepted level of risk of material misstatement is higher compared to reasonable assurance engagements.
The procedures performed are limited in nature compared to those in reasonable assurance engagements. For instance, in the 2022 Greenhouse Gas (GHG) Emissions Assurance Statement of Coca-Cola, the assurance provider states: “The procedures we performed were based on our professional judgment. Our review consisted principally of applying analytical procedures, making inquiries of persons responsible for the subject matter, obtaining an understanding of the data management systems and processes used to generate, aggregate, and report the Subject Matter [i.e., selected GHG emission indicators] and performing such other procedures as we considered necessary in the circumstances.”
The conclusion in a limited assurance engagement report is expressed in a negative form. In the case of Coca-Cola, it reads: “Our responsibility is to express a conclusion on the Subject Matter [i.e., selected GHG emission indicators] based on our review. […] We believe that the review evidence obtained is sufficient and appropriate to provide a reasonable basis for our conclusion. […] Based on our review, we are not aware of any material modifications that should be made to the Schedule of Selected Greenhouse Gas Emissions Indicators for the year ended December 31, 2022, for it to be in accordance with the Criteria [i.e., Coca-Cola Company’s Carbon Accounting Manual].”
Depending on the assurance standard used, the assurance provider will likely use the term “review” to describe the limited assurance engagement.
Sustainability Assurance Engagements: Key Takeaways
Limited assurance engagements provide a lower level of assurance due to fewer procedures performed and less evidence obtained. Many companies opt for the lower level of assurance because it comes at a lower cost. Reasonable assurance engagements involve more comprehensive procedures and offer a higher level of confidence that any potential material misstatements will be caught and corrected.
A key takeaway is that a limited assurance engagement report states that the assurance provider is “not aware” of any material misstatement, whereas a reasonable assurance engagement report “affirms” that the information reported is materially correct.
To assess whether and what sustainability assurance engagement is provided, it is recommended that investors locate and read the assurance report to learn (1) which sustainability information is subject to assurance procedures, (2) which criteria the sustainability information is evaluated against, and (3) the level of assurance provided. This will help investors to gain a better understanding of the quality of sustainability information they receive.