Delving into the fundamentals of ESRS assurance readiness

Assurance is key in ensuring relevance and reliability

An assurance engagement involves having an independent third-party reviewing your organization’s reported information (e.g GHG Accounting) to check whether it is correct, measured up against a set of predetermined criteria (e.g GHG Protocols). In short, it’s about enhancing trust in the reported information, which is key to producing adequate public information about how non-financial issues impact the company, and how companies impact society and the environment. This will in turn support the general objectives of the CSRD, namely to:

1. Reduce systemic risk to the economy
2. Increase capital flows to companies that address social and environmental problems
3. Allow civil society and trade unions to effectively hold companies accountable for their impacts on society and the environment.

The CSRD requires the following five areas be subject to limited assurance: 

• Compliance of the sustainability reporting with the CSRD. 
• Compliance of the sustainability reporting with the ESRS. 
• The process carried out by the undertaking to identify the information spotted, i.e. the double materiality assessment.
• Compliance with the requirement to mark up sustainability reporting in accordance with Article 29d (ESEF).
• Compliance with the reporting requirements provided for in Article 8 of Regulation (EU) 2020/852 (The EU Taxonomy).

Limited vs reasonable assurance

There are two levels of assurance that can be obtained: reasonable assurance and limited assurance. In summary, the main difference is the degree of trust you provide the readers of the sustainability report with. 

A reasonable assurance requires significantly more evidence than a limited assurance. For a limited assurance, auditors perform fewer procedures and provide a lower level of confidence compared to a full audit. Limited assurance engagements are typically less extensive, and the statement of the assurance report will have a lower degree of certainty. Reasonable assurance is the highest level of assurance and involves a comprehensive examination of the company’s sustainability records and internal controls. Given the amount of evidence needed for reasonable assurance, the European Commission has opted for a limited assurance requirement for now, with an option to implement a reasonable assurance requirement at a later stage.

The assurance provider is required to follow a standard specifying how the engagement is to be performed. A specialized assurance standard for sustainability information is under works, named ISSA 5000. Until this standard is completed, it is expected that member states will require assurance providers to comply with ISAE 3000 – a standard for assurance engagements other than audits or reviews of historical financial information. 

How assurance comes into play in the CSRD readiness process

Typically, the CSRD readiness process can be divided into five key steps: 

• Double materiality assessment
• Gap analysis and planning
• Data management
• Organizational setup and capabilities
• Adjust reporting to reflect the CSRD

The assurance readiness interconnects with all steps in the CSRD readiness process. However, the double materiality assessment, data management and organisational setup and capabilities attract a greater assurance focus. The requirement for assurance is applicable to all companies subject to the CSRD.

Understanding the assurance process

Understanding the assurance process can help you better prepare for the assurance and communicate with the assurance team. The following 5 steps provides a high-level overview of how the process works:

1. Acceptance and continuance: The purpose of this step is to assess whether the pre-conditions of an engagement are present and decide on the scope of the engagement. Seeking assistance with an assurance readiness assessment can help pinpoint reporting process deficiencies that may hinder assurance providers from accepting the engagement.
   
2. Understanding the entity: To conduct an effective and efficient assurance engagement, the assurance service provider needs to understand the entity, including its business industry and operating environment, as well as the process to prepare the reported information and identify where there are risks of material misstatements.
   
3. Assurance procedures: Based on the understanding gained in step two, the assurance service provider designs the appropriate assurance procedures necessary to  obtain the evidence needed, allowing the practitioner to form an opinion on the correctness of the reported information.
   
4. Evaluation: After performing necessary assurance procedures, the assurance team evaluates any findings and assesses the impact on the assurance report.
   
5. Assurance report: Lastly, the assurance service provider communicates their conclusion in an assurance report.

Considering the risks of non-compliance 

If despite your best effort, issues are identified in your report, there are two main categories of risks to consider.

• Reputational risk: Issues can surface when there is insufficient evidence for the assurance provider to conclude or when material misstatements are identified. This might lead to a qualified or adverse report resulting in a reputational risk for your company.
• Non-compliance with publication requirements: Failing to obtain an assurance report will result in non-compliance with publication requirements, and the consequences imposed by government authorities will depend on the country of operations. Possible outcomes can include fees, and ultimately, forced dissolution of the company. 

It’s uncommon for companies to not obtain an audit report for their financial statements. However, as the assurance requirement for sustainability reporting is new, the extent to which assurance service providers will refrain from issuing assurance reports remains uncertain. What is clear, is that proactive preparation, along with adequate capacity and expertise will greatly mitigate the risk of non-compliance.

The cost for assurance depends on the circumstance 

The cost of assurance services is influenced by a multitude of factors, making it challenging to offer a one-size-fits-all answer. Nevertheless, several key considerations come into play, including the company’s size, complexity, industry sector, implementation phase, public interest entity (PIE) status, and listing status. It’s important to emphasize that assurance costs can be substantial. Therefore, effective preparation ahead of the reporting season is the most effective strategy for managing and minimizing these costs.

Leverage our full-cycle ESRS Solution

Position Green’s complete ESRS Solution helps you understand, prepare for and deliver on the complex requirements of the new ESRS and CSRD. Take steps to make your data collection and reporting structures ESRS and CSRD-compliant, achieve the transparency required for limited assurance, and drive your sustainability agenda with actionable insights.

Book a free demo with one of our experts to get you started.