Despite recent developments such as the Omnibus and the postponement of mandatory reporting, external assurance of sustainability information remains an important topic for organizations. Empact consultant Anne Rademaker recently completed the GRI Academy course on external assurance in sustainability reporting. In this article, we share key practical insights on ESG assurance.
External assurance: more than a future obligation
Most organizations see external assurance as a future requirement under the CSRD. But according to Anne, it offers more practical benefits:
“External assurance not only improves the reliability of your reporting, it also helps identify weaknesses in your data collection and processing, thereby improving the quality of your ESG information.”
Organizations that start working with assurance early notice three concrete benefits:
- Better internal processes: Your ESG data collection and controls become more systematic
- Increased stakeholder trust: Verified data supports your sustainability claims with facts
- Informed decision-making: Reliable ESG data helps make informed choices
Limited vs. Reasonable risk assurance for ESG
In practice, the difference between limited and reasonable assurance often causes confusion. It is important to understand this well:
Limited assurance will become mandatory for Stage 1 companies under the CSRD starting in 2025. This type of assurance focuses on identifying obvious misstatements. The auditor formulates his conclusion negatively: “Nothing has come to our attention that…” This requires less work but also provides less assurance.
Reasonable assurance, on the other hand, is similar to financial audits in depth and possibly mandatory from 2028. Here, the auditor formulates his conclusion positively: “In our opinion, the information gives a true and fair view…” This is labor-intensive, but provides a higher degree of assurance.
The 5 principles of a sound ESG assurance process
A robust assurance process is based on five fundamental principles:
- Three parties: The reporting organization, the independent assurance provider, and the users of the information (such as investors, regulators and other stakeholders)
- Clear subject matter: Concrete delineation of what exactly is being verified (e.g. the sustainability report or specific ESG indicators)
- Appropriate criteria: Use of recognized standards such as GRI, ESRS or other frameworks to benchmark the information against
- Sufficient evidence: Collect relevant, reliable data to support claims
- Written conclusion: A clearly worded assurance report that makes clear what has been examined and with what level of assurance
What organizations often run into
From our experience with clients, we know that organizations most often run into the following three problems when starting with assurance:
The gap between sustainability and finance teams
In financial auditing, processes and control systems have been standardized for years. In sustainability assurance, this experience is often lacking. This requires close cooperation between sustainability, finance and IT departments to establish reliable data flows.
The complexity of ESRS assurance
ESRS standards require reporting on more than 1,000 data points from a variety of sources. Unlike financial data, ESG information is usually not centrally available and more difficult to quantify. This makes both data collection and assurance more complex.
Finding the right assurance expertise
The CSRD framework requires the statutory auditor to provide an opinion, but many auditors still lack specific sustainability expertise. Therefore, look for a partner who:
- Has substantive knowledge of relevant sustainability topics
- Has experience with assurance methodologies
- Knowing and understanding your industry
Smartly preparing for sustainability assurance
Successful preparation for ESG assurance begins about a year before external auditors start work. The organizations that perform best start with what experts call an “assurance readiness assessment”: basically a trial run in which all processes are tested as if a real audit were already taking place.
During such a year of preparation, organizations often find that their ESG data is scattered across different departments and systems. Identifying data sources proves to be one of the biggest challenges, as information often comes from multiple sources spread across functional business units and parts of the value chain. By the time all the data is consolidated, the origin has sometimes become unknown.
Successful organizations tackle this systematically. They start with their dual materiality analysis as a compass: this determines exactly what needs to be audited. Then they literally go down the route of their data: from the initial measurement at a supplier’s site to the final numbers in the report. They train employees to help them understand what the audit process entails, what is expected of them, and how to prepare data and processes for the critical eye of an independent auditor.
By conducting a thorough review of ESG data and processes internally, organizations can identify and resolve problems before external auditors get involved. This not only improves the quality of reported information, but also makes the external assurance process much smoother.
Starting on time saves cost and effort
At Empact, we see that organizations that start external assurance early are not only better prepared for CSRD requirements, but also spend less time and money on last-minute adjustments. By working incrementally to obtain and process reliable ESG data, the assurance process becomes more efficient and effective.
Want to learn more about how your organization can prepare for external assurance? Then feel free to contact us. Together we will gladly look at how to set up your ESG assurance process perfectly.