The engine that powers sustainable organisations
The Corporate Sustainability Reporting Directive (CSRD) regards sustainability reporting as one part of a company’s management report and therefore should be subject to similar standards of assurance. There are, however, slight differences, as the quality and nature of data can differ significantly between financial and non-financial information. The CSRD stipulates assurance requirements for sustainability reporting. In this article, we explore the provisions for sustainability-related audits in accordance with the CSRD mandate.
CSRD-aligned sustainability disclosures must obtain “limited assurance” as opposed to the “reasonable assurance” required of financial reporting. For a limited assurance, auditors perform fewer procedures and provide a lower level of confidence compared to a reasonable-assurance audit. Limited assurance engagements are typically less extensive, and the statement of the assurance report will have a lower degree of certainty. To satisfy this provision, minimum external assurance is required for the following:
1. Compliance with the reportingrequirements under Article 19b, essentially the European Sustainability Reporting Standards (ESRS)
2. The process which information is identified and selected for reporting, i.e. the materiality assessment - learn more in our ESRS Super Guide
3. Compliance with the required single electronic reporting format in accordance with Article 3 of Commission Delegated Regulation (EU) 2019/815*15, which introduces the XBRL format and digital tagging of disclosures for machine readability
4. Mark-up of disclosures stipulated in Article 8 of Regulation (EU) 2020/852
Assurance must be conducted by an independent third party. The CSRD allows for assurance by an external provider different than the accountant used for financial auditing. Who qualifies to conduct the assessment will depend on each Member State’s implementation of the CSRD.
The assurance provider is required to follow a standard specifying how the engagement is to be performed. A specialised assurance standard for sustainability information is under works, named ISSA 5000. Until this standard is completed, it is expected that member states will require assurance providers to comply with ISAE 3000 – a standard for assurance engagements other than audits or reviews of historical financial information.
As the reporting framework under the CSRD, the ESRS does not explicitly define auditing measures, but it defines the “Characteristics of information quality” under section 2.1 of the draft ESRS 1 General Principles. The latter is one of two cross-cutting standards that apply to all reports regardless of industry.
Of the five characteristics outlined, the one related to auditing is verifiability. This principle requires data to be verifiable by independent observers, meaning that different parties should be able to gather or substantiate data to the same effect. Verifiability of data is dependent on traceability, and this is why having a systematic data management system is highly recommended.
Having an automated data management system in place not only simplifies the internal data collection processes for a company, it also ensures traceability of every single data point. This is especially useful for large operations with complicated value chains or multiple subsidiaries, where data ownership may be held by different entities or personnel.
With Daato’s ESG data management software, you can securely share access to your data with external assurance providers, thus enabling your information to be verified efficiently. Using an ESG software can also help you assess if your disclosures comply with the CSRD even before you hire an external assessor. You’ll be able to pinpoint the areas of reporting that are lacking or the disclosures that fail to satisfy conditions for limited assurance.
Many external auditors limit the number of auditing rounds their clients are allowed to make as it can be a costly process. With a smart management system, you can work on improving the quality of reporting to get itin the best state possible before launching the external assurance process, saving you time and money.
Clearly, the strength of an organisation’s data management determines whether or not they can obtain assurance. Here are a few more ways a complete data management system can help you in this process: