The assurance of social, environmental and sustainability information

Part 2: Independent assurance engagements on sustainability information

Independent assurance engagement

The assurance provider will need to consider the scope of their assurance to be provided, whether it is a limited or reasonable scope engagement.

In accordance with ISAE 3000, the engagement should be planned to assess the scope, timing and direction of the engagement and to ensure that the procedures will enable the team to gain sufficient appropriate audit evidence. The assurance engagement team must ensure that they have adequate time and resources, including whether they may need to seek the assistance of an independent expert.

It would also be applicable to apply other auditing standards to assurance engagements of other information, such as those stated above to ensure a quality assurance engagement.

Providing assurance on performance measures

The assurance provider faces some challenges in reviewing and providing assurance on non-financial performance measures.

Information internally generated

There may be deficiencies in the controls and internal tools used by the company to collect and measure the information, and the controls may not be as established or robust as those within the financial reporting system which is more familiar to the assurance practitioner. This means that there is a higher risk of the assurance provider not identifying control deficiencies.

Information from third party sources

This may include information from sources such as:

  • entities within the supply chain (suppliers, contractors)
  • external agencies e.g. carbon offset registries, industry benchmark specialists, external carbon dioxide calculation tools.

The reliance which can be placed upon the evidence from third party sources will need to be assessed by the assurance provider using their professional judgement. There will need to be an understanding of how the information is collected and what, if any, recognized standards it adheres to. This is an area where the use of an independent expert may be required in order to identify whether any specialist information is consistent and relevant to the industry.

Substantive procedures to detect potential misstatements re socio-environmental and sustainability matters

ISA 500 Audit Evidence
The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence (para.6). Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures.

The assurance provider will need to ensure that they obtain sufficient appropriate evidence, and as there are a wide range of KPIs which may be used by management in sustainability reports, this may be challenging. However, there may be financial evidence to support some of the information in the report, as well as discussions with management or review of the board minutes.

Example
A manufacturer reports on the wastage and pollution in its sustainability report.

Tests which may be performed:

  • Review of any fines in the financial statements to see whether the company has incurred financial penalties as a result of environmental breaches.
  • Enquire and review the legal documentation, including legal expenses, to assess whether legal advice was sought in response to a breach of regulations.
  • Enquire whether there are financial impacts of increased waste, such as costs of disposal, or incentives by governmental bodies to increase recycling or waste reduction. These may be reflected in the financial statements within expenses or other income.
  • Significant issues may be reflected in the press or by third party ‘whistleblowers’.
  • If wastage increases, there may an increase in the cost per unit, this may be assessed by a review of the cost per unit and whether more material is required to manufacture the units. Performing analytical reviews of the costs may highlight potential issues in this area.

The audit evidence obtained, depending on the level of assurance required by the scope of the engagement (limited or reasonable), should be reviewed using the professional judgement of the assurance provider. Responses from management should be viewed with an element of professional scepticism and considered in the light of the substantive work undertaken.

Professional scepticism may need to be applied to mitigate the risk of management bias in the reported figures, especially where there are significant impacts on the business if the report is to be relied upon by third parties, such as financial institutions, government bodies or those issuing licences to trade, which is common in regulated industries like energy production and supply.

Example from the Annual Report 2021 from Kier Plc 2021:

aaa-sustain-2

The auditor would have to assess the contents of the sustainability report of Kier Plc to ensure that it is materially consistent with the information in the financial statements. Possible audit evidence may include:

  • Analysis of the costs attributable to waste and recycling with a comparison of year on year to assess whether the trend is consistent with the environmental information.
  • Discussion with management and review of any independent reports which detail the information regarding carbon emissions. Verify that the independent expert is suitably qualified or registered.

Form and content of independent verification statement of integrated or sustainability information

As in all assurance engagements, issues found during the assurance engagement should be reported to Those Charged with Governance.

The content and scope of the assurance provider’s report must be considered: If the report is to be included within the financial statements, which stakeholders will be relying upon it and what level of assurance is required. There should be an explicit reference to national or international standards for quality management and any reporting requirements which have been adhered to. ISAE 3000 also requires that the practitioner should be aware of whether any errors in the final assurance report may lead to reputational damage to the assurance provider.

EER and sustainability reporting is a rapidly changing specialism, and the assurance provider will need to ensure that they have sufficient expertise and experience when accepting engagements of this type.

Exam technique

The AAA exam does not require knowledge of specific sustainability or climate reporting standards, however students may be asked in the exam to assess a scenario whereby the assurance provider is asked to consider the risks of a non-financial engagement. Students should apply their knowledge of auditing and assurance standards and evaluate the risks in an exam question:

  1. Read the requirement carefully – consider whether the engagement is part of the statutory review of the annual report (and the application of ISA 720 is required) or a separate assurance engagement.
  2. Evaluate the risks in the engagement and consider how may the assurance practitioner mitigate these. Think about some of the problems faced by assurance providers such as challenges in measuring and comparing information across companies and industries (see 'Measuring and reporting' in Part 1 of this article).
  3. Application of knowledge of auditing and assurance standards (such as those stated above, although some scenarios may also benefit from reference to other standards) when asked to review or provide assurance on a report.
  4. Justify the responses, if procedures are requested in the exam, then consider what reasonable evidence may be obtained and why it is that this is being reviewed.

Further reading

It is also recommended to review an annual report from a large, listed company and review the sustainability report and the auditor’s report.

Written by a member of the AAA examining team