ESG assurance is a process whereby an independent practitioner10 performs procedures, obtains evidence and, after obtaining reasonable or limited assurance about the information, expresses an opinion or a conclusion designed to enhance the degree of confidence of decision-makers using that information. CPAs are the people best qualified to provide assurance, and they stand ready to work with companies by offering a variety of advisory and assurance services. An independent public accounting firm can provide the following services (subject to applicable independence requirements).
Advisory services
ESG advisory services are flexible in scope and performed under the AICPA’s consulting standards.11 Deliverables are subject to agreement between the CPA and the company and are not external facing.
An ESG assurance readiness assessment will evaluate governance and leadership support; human capital (having the right people with the right skills, education and experience to identify impediments to readiness and develop workable solutions); data processes and internal controls; evidence available to support the information; and information technology. Once a readiness assessment has been completed, company management may have a better understanding of what is necessary, including whether the criteria applied are suitable and available, its reporting processes, internal controls, the evidence available and governance related to ESG information, to provide the basis for an attestation engagement at the desired level of assurance.
A materiality assessment can help a company identify and prioritize ESG risks and opportunities, understand current performance against peers, and assess the value implications and change initiatives needed to mitigate ESG risks. This may assist management with understanding the ESG issues relevant to a company, developing and prioritizing a strategy, assessing the business case for change and evaluating sustainable investments.
Support for organizational transformation can help anticipate impacts to the operating model and recommend specific steps to be taken, for example, with regard to diversity-and-inclusion policies for a more inclusive workplace or transitioning investments and reducing emissions for a low-carbon future. This may include support for capital or research and development investment decisions; deals; workforce and skills development; products and services design; and customer experience decisions.
Assurance services
Types of engagements An independent public accounting firm can perform a review or examination engagement based on attestation standards, which results in the issuance of an independent accountant’s report. It is designed to enhance the reliability of ESG information by expressing a conclusion or opinion on that information. A CPA expresses a conclusion or an opinion based on the level of assurance obtained:
Reasonable assurance consists of a rigorous examination asserting whether the information is free of material misstatement.
Limited assurance entails fewer or different tests and procedures that result in a meaningful but lower level of assurance than reasonable assurance.
The objectives of an examination engagement are to obtain reasonable assurance (a high but not absolute level of assurance) and express an opinion about whether the ESG information is in accordance with the stated or referenced criteria, in all material respects. A practitioner obtains the same level of assurance in an examination engagement as the practitioner does in a financial statement audit; as a result, there may be less risk of users of the information misunderstanding the level of assurance than in a review (limited assurance) engagement.
The objective of a review engagement is to obtain limited assurance and express a conclusion about whether the practitioner is aware of any material modifications that should be made to the ESG information for it to be in accordance with the stated or referenced criteria. Review engagements are substantially less in scope than examination engagements and result in a meaningful but lower level of assurance.
Choosing the level of assurance The significance of the ESG information to decision-makers (internal and external) who will use it is one of the factors management should consider when determining the level of assurance. Companies that present ESG information along with their financial information may want to obtain reasonable assurance, commensurate with the level provided for their financial reporting. There may also be legal and regulatory12 requirements that determine the level of assurance for some or all of the ESG information reported.
A practitioner can assist the responsible party13 in understanding the requirements for each level of assurance and other considerations, including whether
a review or examination will meet the objectives of the intended users.
users will understand the difference between examination and review engagements and, consequently, will not place greater reliance on a review engagement than is warranted.
Additional factors affecting the level of attestation service that company management seeks from the practitioner would include the nature of the intended users. An examination may be more appropriate than a review when ESG disclosures and metrics are expected to be used for investment decision-making.
Another consideration that may be relevant is a cost-benefit analysis of the different levels of assurance as it relates to the expectations of users of the ESG information and their desired level of confidence. Different levels of assurance can be provided for different elements of the reported information; however, it is important that the sustainability information presented, and the associated scope of the assurance engagement, are not misleading.
