The assurance of social, environmental and sustainability information

Part 1: The need to measure and report, with considerations for the assurance professional

Auditors may be asked to complete assurance engagements on non-financial information, and this is increasingly likely to include the review of management reports on social, environmental and sustainability information. When management provides this type of information it is known as Extended External Reporting (EER), which is a requirement for listed and larger private companies in some jurisdictions. In addition, many companies wish to provide additional information on the environmental impact of their operations on the environment.

There are challenges in undertaking such engagements, and although this can be a highly specialist area, there are still steps that the assurance provider can take to mitigate these issues.

This article considers the main reasons why companies produce these reports and the various methods of measurement used. Auditors may be asked to review the information as part of their review of the annual report, or as a separate assurance engagement.

This is the first of two articles which considers why sustainability information is published and a brief coverage of the measurement issues. An assurance professional is most likely to review sustainability information as part of the strategic report, which is covered briefly here. Increasingly though, assurance professionals are being tasked in reviewing specific sustainability reports, this is covered in the second article on the topic.

Why is there a need for companies to produce these reports?

  • National reporting requirements: Some regions require specific sized companies (larger, listed entities usually) or those in specific industries to report on their environmental, social and governance information. Examples include:

    • Corporate Sustainability Reporting Directive (CSRD) is legislation in the European Union (EU) requiring all large companies to publish reports on their social and environmental impact activities 1

    • UK premium listed companies must report their compliance with the Task Force on Climate-Related Financial Disclosures (TCFD) recommendations for periods commencing 1 January 2021. This is already effective in New Zealand and Japan 2
  • Stakeholder needs: Increasingly shareholders, especially larger investors like pension funds, are demanding more information of the impact of a company on the environment and society.

  • Voluntary disclosure: Companies may seek to gain a competitive advantage by declaring their ‘green credentials’. Such voluntary disclosure may be subject to management bias as the reporting requirements are not specified under legislation.

Companies can choose to include this type of information within their annual report or to produce stand-alone reports on social, environmental and sustainability matters. In the last decade, Integrated Reporting <IR> has become common, which aims to provide a holistic view of the company’s financial and non-financial performance and its potential for long term value creation.

Measuring and reporting on environmental, social and sustainability information

The measurement of specialised information can be problematic, because sustainability or environmental indicators may be reported in different ways even within the same industry and several differing reporting standards may be used, rather than a single, global reporting basis.

In 2022, the International Sustainability Standards Board (ISSB) commenced a consultation on two proposed sustainability standards, one regarding general sustainability related disclosures and one regarding climate related disclosures. There are a variety of different Key Performance Indicators (KPIs) and metrics in use, and comparison between companies and industries is challenging for the following reasons:

  • Rapid change in EER requirements and disclosure principles
  • Diversity of subject matter
  • Lack of single reporting basis for non financial information
  • Additional risk of management bias due to the subjective nature of measurement in many cases and selection of the criteria being presented

Examples of performance measures

The United Nations (UN) adopted a series of sustainable development goals (SDG) in 2015 and there are over 200 KPIs as published by the OECD in 2021. Therefore, there is a wide range of KPIs (‘sustainability indicators’) and targets which may be adopted by businesses, and these can vary by region, by industry and by individual company.

Assurance providers are faced with understanding what is being reported upon and why (legislative or commercial reasons), as well how the information is being obtained, collated and presented.

The reporting of these benchmarks may be presented in different ways, for example, one company may produce a table of financial information to report on subject matter, whereas another may choose to report using non-financial or narrative disclosures. Comparison between companies, even within the same industry, is problematic due to the lack of consistency in selecting which measures to disclose, how the information is presented and how metrics are quantified.

Examples of reporting benchmarks include:

  • Greenhouse gas emissions (GHG)
  • Waste minimisation and management
  • Finite resource consumption (oil, gas, coal, minerals, forestry)
  • Supply chain sustainability
  • Water and pollution
  • Employee welfare and equality

Example of a water consumption disclosure within the sustainability reporting section of the Annual Report 2020 for MMC Corporation: 3


Considerations when planning an assurance engagement

As with any assurance engagement, the auditor should consider the impact of risks on the planning and performance of the engagement. When faced with planning an assurance engagement of non-financial criteria, such as those relating to the environment or sustainability, the fundamentals of existing auditing and assurance standards may be used as a basis for the engagement team.

Sustainability information may be supplied in the annual report alongside the financial statements. It is worth bearing in mind that there is an expectation gap risk occurring, as some users expect that all information in an annual report is subject to a detailed assurance process by the auditor (beyond what is expected of ISA 720 (Revised) The Auditor’s Responsibilities Relating to Other Information). Where such information is to be presented, it is vital for the assurance provider to clearly state in their letter of engagement, as well as in their auditor’s report on the financial statements, the limitations of their assurance work.

Types of engagement

  1. Review of the contents of the annual report as part of the statutory financial statements audit engagement; or

  2. Independent assurance engagement over non-financial information which is outside of the statutory financial statements audit (this is covered in the second part of our article on Assurance on Sustainability Information: Part 2)

Review of non-financial information which is part of the annual report (such as the strategic report)

Guidance on the review of non-financial information as part of the annual report is covered by ISA 720 (Revised). Auditors need to consider whether there is a material inconsistency between the other information and the financial statements.

Auditors should consider all auditing standards, but a few key ones which may be relevant to the review of other information are:

ISA 540 (Revised) Auditing Accounting Estimates and Related Disclosures
  • Management bias – this may arise in both the calculation and the disclosure of information, especially if the information is provided voluntarily by the company in order to gain a competitive advantage.

  • Appropriateness of methods of calculation and whether the basis for estimations are reasonable and appropriate – this may be an issue where there are no industry standard measurements established and management is responsible for deciding on the parameters of the estimation. 
ISA 250 (Revised) Consideration of Laws and Regulations in an Audit of Financial Statements
  • If the requirement to report is required by legislation, there may be financial penalties or reputational issues for failure to report correctly for both the company and the auditor.

  • If there has been a breach of regulations, for example if any required environmental disclosures are not given, there may be implications for the financial statements, such as provisions for fines. This increases audit risk. Breaches of laws or regulations may even impact the ability of the company to continue to trade, for example licences to trade may be subject to adhering to laws and regulations, or fines or penalties may be substantial enough to significantly impact the cash flow of an entity.
ISA 315 (Revised 2019) Identifying and Assessing the Risks of Material Misstatement
  • Assurance providers need knowledge and experience of the industry and subject matter, this may be a highly specialized area. Independent experts may be required to assist in the assessment of specialist criteria, for example, greenhouse gas emissions, chemical levels in waste etc. or using an EER expert to manage the assurance process.

  • There may be industry standard measurements which are used (example) or the criteria may be more widely recognised, such as greenhouse gas emissions.

  • Internal controls of the client – consideration of the reliance which can be placed on the information and whether this information is internally or externally generated.

  • Information from third parties, these could include environmental bodies (governmental or private) and the reliance which can be placed on this information.
ISA 450 Evaluation of Misstatements Identified During the Audit
  • Omissions of information, both financial and operational for example, the impact of business interruption due to pollution, environmental damage or industrial action by employees, suppliers or third parties, such as environmental protesters.

  • Consideration of whether the omission of such information may affect the users of the financial statements.

This list is not exhaustive and other auditing standards may need to be considered in order to obtain the relevant sufficient evidence in an engagement.

The second article in this series considers the challenges of auditing sustainability information in more detail, as well as some tips on exam technique for your Advanced Audit and Assurance exam.

Further reading

It is also recommended to review an annual report from a large, listed company and review the sustainability report and the auditor’s report.

Written by a member of the AAA examining team


  1. The Corporate Sustainability Reporting Directive (CSRD) - Plan A Academy
  2. Task Force on Climate-Related Financial Disclosures,
  3. MMC Corporation Berhad Annual Report 2020,