ESG Assurance & Verification

External assurance of ESG data and disclosures enhances credibility, builds stakeholder trust, and is increasingly required by regulations. Robust assurance processes ensure accuracy, completeness, and reliability of sustainability information.

---

What is ESG Assurance?

ESG Assurance (also called verification or attestation) is an independent evaluation of an organization's ESG disclosures, data, and processes by a qualified third party.

Purpose:

• Enhance credibility and reliability of ESG information
• Build trust with investors, customers, and stakeholders
• Identify data quality issues and improvement opportunities
• Meet regulatory requirements (CSRD, SEC, etc.)
• Demonstrate commitment to transparency and accountability

---

Types of Assurance

Limited Assurance vs. Reasonable Assurance

Limited Assurance (Negative Assurance):

• Lower level of assurance
• Assurance provider performs limited procedures (inquiry, analytical review)
• Conclusion: "Nothing has come to our attention that causes us to believe the information is materially misstated"
• Cost: Lower
• Time: Shorter engagement
• Most Common: Current practice for voluntary ESG assurance

Reasonable Assurance (Positive Assurance):

• Higher level of assurance (similar to financial audit)
• Assurance provider performs extensive procedures (testing, verification, site visits)
• Conclusion: "In our opinion, the information is fairly stated in all material respects"
• Cost: Higher (2-3x limited assurance)
• Time: Longer engagement
• Regulatory Requirement: CSRD requires reasonable assurance (phased in by 2028)

---

Scope of Assurance

Full Report Assurance:

• Entire sustainability report assured
• Comprehensive but expensive

Selected Indicators Assurance:

• Specific KPIs assured (e.g., GHG emissions, energy, water, safety)
• Most common approach
• Prioritize material metrics

Process Assurance:

• Assurance of data collection and management processes
• Provides confidence in underlying systems

---

Assurance Standards

ISAE 3000 (International Standard on Assurance Engagements)

Issued by: International Auditing and Assurance Standards Board (IAASB)

Scope: General standard for assurance engagements other than financial audits

Key Requirements:

• Independence and professional skepticism
• Risk assessment and materiality determination
• Evidence gathering through inquiry, observation, inspection, recalculation
• Written assurance report with conclusion

Assurance Levels: Limited or reasonable assurance

Most Widely Used: Global standard for ESG assurance

---

ISAE 3410 (Assurance Engagements on Greenhouse Gas Statements)

Issued by: IAASB

Scope: Specific standard for GHG emissions assurance

Key Requirements:

• Assurance of GHG inventory prepared in accordance with GHG Protocol or ISO 14064-1
• Assessment of emission sources, calculation methodologies, data quality
• Site visits to key emission sources

Assurance Levels: Limited or reasonable assurance

---

AA1000 Assurance Standard (AA1000AS)

Issued by: AccountAbility

Scope: Assurance of sustainability information with emphasis on stakeholder engagement

Key Principles:

• Inclusivity: Stakeholder engagement
• Materiality: Focus on material topics
• Responsiveness: Response to stakeholder concerns
• Impact: Assessment of organization's impacts

Assurance Levels: Moderate (limited) or high (reasonable) assurance

Type 1: Evaluation of adherence to AA1000 principles only

Type 2: Evaluation of principles + reliability of specified performance information

---

CSRD/ESRS Assurance Requirements

Phased Implementation:

• 2024-2025 reporting: Limited assurance required
• 2028 reporting onwards: Reasonable assurance required (subject to EU adoption of standards)

Scope: All ESRS disclosures (qualitative and quantitative)

Assurance Provider: Must be accredited by EU member state competent authority

Standard: European Sustainability Reporting Assurance Standard (in development by IAASB)

---

Assurance Process

Step 1: Select Assurance Provider

Types of Assurance Providers:

• Big Four Accounting Firms: Deloitte, EY, KPMG, PwC (most common for large companies)
• Specialized Assurance Firms: Bureau Veritas, DNV, SGS, ERM
• Accounting Firms: Mid-tier and local firms

Selection Criteria:

• Independence: No conflicts of interest
• Competence: Experience in ESG assurance, industry knowledge, technical expertise
• Accreditation: ISO 14065 (GHG verification), AA1000 licensed assurance provider
• Cost: Fees vary by scope, assurance level, company size

---

Step 2: Define Scope and Criteria

Scope:

• Which ESG metrics will be assured? (e.g., Scope 1+2 emissions, energy, water, safety, diversity)
• Reporting boundary (entities, geographies, time period)
• Assurance level (limited or reasonable)

Criteria:

• Reporting frameworks (GRI, IFRS S1/S2, ESRS, GHG Protocol)
• Internal policies and methodologies
• Regulatory requirements

---

Step 3: Prepare for Assurance

Data Quality:

• Implement robust data collection and management processes
• Document calculation methodologies, assumptions, data sources
• Establish internal controls (segregation of duties, approvals, audit trails)

Documentation:

• Data collection templates and records
• Emission factor sources
• Organizational boundary documentation
• Evidence supporting qualitative disclosures

Internal Review:

• Conduct internal audit of ESG data before external assurance
• Identify and resolve data quality issues

---

Step 4: Assurance Engagement

Planning:

• Assurance provider assesses risks, determines materiality, plans procedures

Evidence Gathering:

• Inquiry: Interview data owners, ESG team, management
• Observation: Observe data collection processes
• Inspection: Review documentation, source data, calculations
• Recalculation: Independently recalculate metrics
• Site Visits: Visit key facilities to verify data and processes

Testing:

• Analytical Procedures: Compare data across time periods, benchmark against industry
• Substantive Testing: Test samples of transactions and data points
• Controls Testing: Evaluate effectiveness of internal controls (for reasonable assurance)

---

Step 5: Assurance Report

Key Elements:

• Scope: What was assured (metrics, boundary, period)
• Criteria: Standards and frameworks used
• Responsibilities: Management responsible for data, assurance provider responsible for conclusion
• Procedures: Summary of work performed
• Conclusion: Limited or reasonable assurance conclusion
• Findings: Material misstatements identified (if any)
• Recommendations: Suggestions for improving data quality and processes

Publication:

• Assurance statement published in sustainability report or as standalone document
• Assurance provider's signature and date

---

Costs and Timeline

Costs:

• Limited Assurance: $20,000 - $150,000+ (depending on company size, scope, complexity)
• Reasonable Assurance: $50,000 - $500,000+ (2-3x limited assurance)
• Factors: Number of metrics, number of sites, data quality, internal controls

Timeline:

• Limited Assurance: 4-8 weeks
• Reasonable Assurance: 8-16 weeks
• Planning: Start 6-12 months before report publication to allow time for data quality improvements

---

Benefits of Assurance

Credibility: Enhances trust in ESG disclosures among investors and stakeholders

Data Quality: Identifies gaps and errors, drives continuous improvement

Risk Management: Reduces risk of material misstatements and reputational damage

Regulatory Compliance: Meets mandatory assurance requirements (CSRD, etc.)

Competitive Advantage: Demonstrates leadership and transparency

Internal Value: Strengthens internal controls, improves ESG data management

---

Preparing for Assurance

Year 1-2 Before Assurance:

• Implement ESG data management system
• Document calculation methodologies and data sources
• Establish internal controls
• Conduct internal audit

Year of Assurance:

• Select assurance provider
• Define scope and criteria
• Collect and review data
• Engage with assurance provider
• Address findings and recommendations

Ongoing:

• Maintain data quality and controls
• Continuous improvement based on assurance feedback
• Expand scope over time (more metrics, higher assurance level)

---

Common Challenges

Challenge 1: Data Quality Issues

• Solution: Invest in data management systems, document methodologies, implement controls

Challenge 2: Lack of Documentation

• Solution: Maintain audit trails, save source documents, document assumptions

Challenge 3: Scope 3 Emissions Complexity

• Solution: Start with spend-based method, transition to activity-based, engage suppliers

Challenge 4: Cost and Resource Constraints

• Solution: Start with limited assurance of key metrics, expand scope over time

Challenge 5: Assurance Provider Availability

• Solution: Engage assurance provider early (6-12 months before report publication)

---

From ESG Library

• ESG Reporting Made Simple (IFRS/SASB) — Assurance considerations for IFRS reporting
• ESG & GRI Reporting Made Simple — Assurance for GRI reporting

View all books →

Key Resources

• IAASB Sustainability Assurance Standards
• AccountAbility AA1000 Standards

---

Related Topics

---