Any information reported externally needs to be accurate and reliable. This is what the market demands and now expects. Investors in particular are asking for more and more ESG information from companies – and not just around climate risk, there’s a focus in 2021 on governance and social issues such as culture and diversity. Assurance provides an important part of building that trust in what is being disclosed. However, there is no ‘one size fits all’ solution to ESG assurance as it is mainly determined by the pressures of your stakeholders or whether your financing mandates it (e.g. ICMA Sustainability Linked Bond principles) but also where you are on your ESG reporting journey.
What do we mean by Assurance?
Assurance ranges from management controls through to internal audit up to external assurance opinions. The most widely used external assurance standard for non-financial information is ISAE 3000 (UK) and ISAE 3410 for Greenhouse gas KPIs more specifically.
The scope of independent assurance is either:
- Limited assurance – e.g. The opinion provided on a half-year review of financial statements is an example of a limited assurance
- Reasonable assurance – e.g. The opinion provided for an audit of financial statements is an example of a reasonable assurance conclusion.
The difference is the level assurance you get which will guide the scope of what is covered, and the amount of testing effort required. At present, due to the relative immaturity of ESG reporting and the cost/benefit associated, most opinions are limited assurance. Whilst the scope of what is covered for financial statement audits and reviews are the whole statement and disclosures, for ESG reporting most of the time it will be selected KPIs or a specific section of the ESG report or annual report. The Audit and Assurance Faculty of the Institute of Chartered Accountants in England and Wales (ICAEW) and the WBCSD issued a ‘Buyer’s guide to assurance on non-financial information’ that expands on the concepts of Assurance and an helpful reference.
What is everyone else doing?
Our recent survey revealed that of the top 100 companies (by revenue) across 52 countries, 80% have reporting on ESG, and half of those reporting have gone a step further to seek assurance.
The UK results show that over 95% of our top 100 sample are reporting on ESG and of those companies, 61% obtained assurance. And there is good reason for this.
What are the benefits of getting Assurance?
Whilst external assurance remains voluntary in the UK, we are seeing more and more bond/loan/facilities that are linked to ESG KPIs that often require the underlying KPIs to be assured, especially since executive remuneration now include ESG targets. Some benchmarks will also expect that data is third-party verified and Internal audits or management verification will not be sufficient.
As the matrix above shows, we expect that KPIs for which there is a high level of reliance and/or relevance to your stakeholders will need a higher level of assurance, whether it’s public or private (i.e. just for the benefit of the board). We are also seeing a shift for some KPIs (I.e. Climate related disclosures) which previously were only covered by management controls or Internal Audit reviews but now are under the scope of External Assurance driven by the level of reliance and relevance to the stakeholders.
Green House Gas (GHG) emissions are the mostly widely reported metric, this is usually the go to scope for external assurance as the disclosures currently sit in the Director’s report. There are very few full report assurance examples (e.g. Stichting Pensioenfonds ABP) but a growing trend of mixed opinion: i.e. reasonable assurance for GHG emissions and limited assurance for other KPIs (e.g Air France KLM), that’s because companies are ready to put their GHG emission KPIs though a higher level of assurance and because the level of reliance is increasing too.
Obtaining Assurance provides plenty of benefits to the organization, stakeholders and investors:
- It enhances credibility of what is being reported;
- Challenges your organization and pushes for more robust processes;
- Assurance brings less experienced members of your team up to speed with the external reporting process;
- Brings an independent pair of eyes that can challenge and benchmark; and
- Prepares you for the increased focus on ESG reporting that is likely to result in mandatory assurance or full report assurance.
What should you do now?
1) Map your key KPIs to assess current of level of assurance gained vs materiality
If not already done, I’d encourage you to map your key KPIs to assess the current level of assurance gained vs materiality – and that valid for all your Non-Financial KPIs.
2) Address any urgent gaps by engaging Internal Audit (IA) and external assurance
For any obvious gaps, engage internal resource to at least conduct end to end walkthroughs of the processes.
3) Report to the Audit Committee/Board on your assurance approach and future road map
It is a journey – there are a cost/benefit implication, engage with your AC to ensure everyone is comfortable with the approach
4) Engage with external stakeholders to update your materiality assessment and implement any process and control improvements from internal audit/external assurance reviews
5) Review the content of your ESG reporting/methodology statements to ensure they are up to date and fit for purpose for internal and external assurance
6) Plan for any pre-assurance/readiness assessments in Q3 and Assurance for Q4
Pre-assurance are helpful to identify gaps and limit the costs of an assurance engagement or risk of getting a qualified assurance option.