We are all aware of the greenwashing of ESG reporting that has happened in the last few years. Some of it has been more obvious than others, with some companies taking significant steps to tout their ESG credentials in an environment that is clearly patently false. Others have been more subtle and have used some poetic licence in their reporting – if you read closely, you will see phrases like ‘we intend to …’, ‘in the future, we plan …’, or the classic ‘we are taking steps …’ without ever explaining or defining what those steps are. Unfortunately, many companies saw ESG as a marketing and branding exercise rather than a substantive approach to building a more sustainable company and sustainable planet.
These days are likely to change soon, however, with ESG and sustainability reporting standards requiring companies to have their reporting independently assured. This means that a separate body will review the reports and confirm that they are accurate and complete. This process is similar to financial audits that are assessed and assured according to accounting standards: an independent company will provide some forms of assurance (these may vary depending on the options selected and the standards being used) on the ESG reporting system and the ESG report content itself.
Assurance of ESG content is important because it helps ensure that the information that is being reported is accurate and reliable. This is important for several reasons.
Build trust with stakeholders
ESG reporting is becoming increasingly important to stakeholders, such as investors, customers and employees. Assurance of ESG helps build trust with these stakeholders by providing them with confidence that the information that they are relying on is accurate and reliable.
Comply with regulations
In some cases ESG assurance is required by law. New industry-wide non-mandatory directives are also strongly suggesting assurance. Assurance of ESG can help ensure that organisations are complying with these standards and regulations while also addressing other laws that cover areas like ‘misleading and deceptive conduct’ or material misstatements (e.g. many countries’ corporation laws).
Identify and mitigate risks
Assurance of ESG can help identify and mitigate risks associated with ESG performance. For example, assurance can help identify areas where an organisation’s ESG performance is not meeting expectations, or where there are potential risks to the organisation’s reputation or financial performance. Having an independent expert review your ESG reporting and the process for which it has been prepared offers excellent guidance.
Assurance of ESG can help organisations make better decisions about ESG performance. For example, assurance can help organisations identify opportunities to improve their ESG performance and develop more effective ESG strategies. The guidance and direction offered by a (good) expert can certainly help in developing a stronger programme that will be more valuable to the business.
There are several ways to obtain assurance of ESG. The most common way will be to engage an ESG expert organisation that has the depth of auditing experience, independence and capacity to provide such services. These organisations are typically going to be companies that are engaged in certifications (of standards) or consulting groups that have developed auditing practices. Accounting firms will also provide ESG assurance services in addition to their current financial-driven audit schemes.
Current assurance initiatives within ESG are already developing and growing
The Global Reporting Initiative (GRI) is a non-profit organisation that develops sustainability reporting standards. GRI offers two levels of assurance for sustainability reports:
- limited assurance – this is the lower level of assurance and involves a limited review of the report to ensure that it complies with GRI standards
- reasonable assurance – this is the higher level of assurance and involves a more in-depth review of the report to ensure that the information is accurate and reliable.
The specific procedures for each level of assurance will vary depending on the organisation and its circumstances.
The following outlines some key differences between limited assurance and reasonable assurance.
Limited assurance covers a narrower scope of the report than reasonable assurance. For example, limited assurance may only cover the organisation’s compliance with GRI standards, while reasonable assurance may also cover the accuracy and reliability of the information in the report.
The level of detail that is reviewed is deeper for reasonable assurance than for limited assurance. For example, reasonable assurance may involve reviewing the organisation’s internal controls and procedures, while limited assurance may not.
The assurance provider will provide a different opinion for limited assurance and reasonable assurance. For limited assurance, the assurance provider will produce a statement that the report is consistent in all material respects with GRI standards. For reasonable assurance, the assurance provider will produce a statement that the report is free from material misstatement.
The required level of assurance will vary depending on the organisation; however, in general, organisations should aim to obtain the highest level of assurance that suits their specific needs. For most companies, the level of assurance will reflect the value that they place on their ESG initiatives and their ESG reporting.
There are also assurance options under the European Sustainability Reporting Standards (ESRS):
- limited assurance – this is the lower level of assurance, which involves a limited review of the report to ensure that it complies with the ESRS
- reasonable assurance – this is the higher level of assurance and involves a more in-depth review of the report to ensure that the information is accurate and reliable
- explanatory limited assurance – this is a new assurance option that was introduced in the latest version of the ESRS, which is similar to limited assurance but includes an explanatory statement from the assurance provider that provides additional information about the assurance engagement.
As with the GRI standards, the specific procedures that are followed for each level of assurance under the ESRS will vary depending on the organisation and its specific circumstances.
The following are some key differences between limited assurance, reasonable assurance and explanatory limited assurance under the ESRS.
Limited assurance covers a narrower scope of the report than reasonable assurance and explanatory limited assurance. Limited assurance may only cover the organisation’s compliance with ESRS, while reasonable assurance and explanatory limited assurance may also cover the accuracy and reliability of the information in the report.
The level of detail that is reviewed is deeper for reasonable assurance and explanatory limited assurance than for limited assurance. For example, reasonable assurance and explanatory limited assurance may involve reviewing the organisation’s internal controls and procedures, while limited assurance may not.
The assurance provider will provide a different opinion for limited assurance, reasonable assurance and explanatory limited assurance. For limited assurance, the assurance provider will produce a statement that the report is ‘consistent in all material respects’ with the ESRS. For reasonable assurance, the assurance provider will produce a statement that the report is ‘free from material misstatement’. For explanatory limited assurance, the assurance provider will produce a statement that the report is ‘consistent in all material respects’ with the ESRS and that the provider has performed additional procedures to give explanatory information about the assurance engagement.
Selecting your assurance provider will be the next task for companies
There are many factors to consider when selecting an assurance company to audit ESG.
The following is a simple (non-exhaustive) list of some of the most important factors.
The assurance company should have experience in auditing ESG reports. This includes experience with the specific ESG standards that you are using, as well as experience with the specific industry that your organisation operates in. You must find a company that has real experts who will be involved in the actual audit. There is no point in appointing a company that has experts if none of those ‘experts’ will work on your assurance project. You need to ensure that the company is a specialist in ESG and understand this as their niche. This is not a financial audit so accounting expertise is not ideal for this purpose.
Look for the names of the experts that will be listed in your project, considering both the project lead and the team that will work on the project. While there might be some perceived value in having junior people involved in the process, you might find that they focus on form over substance and give you a list of issues to address without considering whether solving those issues will add value. While there may be an immediate thought that involving junior people will save costs, you might find that a more senior resource can have the work done in a quarter of the time and save you cost in the long run.
The assurance company should have a good reputation. This means that they should be well-respected by other organisations, as well as by regulators.
Skills and expertise
The assurance company should have the skills and expertise to conduct an effective ESG audit. This includes having a team of experienced auditors who are familiar with ESG standards and with the specific industry that your organisation operates in. You want to make sure that the auditors have spent some time in-house working on ESG/sustainability or at least some of the key areas within ESG. You should expect that they have 10 to 15 years working in business and preferably in multiple countries. They should have had auditor training and be lead auditors under ISO-accredited certification bodies or other accreditation bodies.
The assurance company should be objective. This means that there should not be any conflicts of interest, and any potential conflicts should be disclosed at the start of the operation, with procedures put in place to address issues like prior contracts, prior training or use of technology from the audit firm (which may or may not be a conflict). The audit firm should have an independence policy that details the steps it takes to protect its independence.
The auditors should be able to clearly explain the results of the audit to you and to your stakeholders and be prepared to present findings and approaches in person to your board, management and employee groups. They should have excellent communication and explanatory skills and be able to clearly document their views and opinions.
The cost of the audit should be reasonable and the audit should provide value for money. Most audits are calculated on a daily rate based on locations and work being completed. Day rates for senior auditors will be around USD3500 per day or more, depending on the seniority of the person involved.
Form over substance
The company’s approach to ESG auditing should be closely reviewed. Some companies take a more traditional approach to ESG auditing, where form of the reports is the most important factor, while others take a more innovative approach, where substance is key. It is important to select a company with an approach that is aligned with your own views on ESG auditing. The use of new techniques around ongoing auditing, ‘constant auditing’, auditing tools and mechanisms to build a longer-term auditing/assurance relationship are great indicators of a good company to work with.
The company’s own commitment to ESG
The company should be committed to ESG. This means that it should have a strong ESG team and should be actively involved in ESG initiatives. You should be able to see the company’s own approach to ESG and how it is managing areas around ESG.
The company’s culture
The company should have a culture that is supportive of ESG and of constant improvement of its clients in terms of their ESG reporting. The auditing firm should be focused on giving direction, opportunities for improvement and observations rather than simply pointing out failures with no opportunity for improvement. The company should also be open to feedback and willing to learn and improve in its own approach to auditing with dedicated escalation procedures for the feedback.
Carefully considering each of the above factors when selecting an assurance company to audit ESG will ensure that you select a company that will provide you with the best possible service.