Sustainability assurance is the latest in 'hot' topics in the sustainability accounting area. Recently, I was invited to contribute to a roundtable held by the IAASB, AASB and CPA Canada on the newly proposed ISSA 5000 Sustainability Assurance Standard. The session was held October 25th, 2023. There, we discussed the nuances of the proposed standard and many different participants, including myself, gave feedback. I subsequently contributed my thoughts to the ISSA's feedback survey and have included that feedback here matching the form they provided. If you are working in the assurance space, I encourage you to have a look at the standard, at minimum the associated Memorandum (an easier read;)). You'll see below that my thoughts mainly surround the expertise that will be needed to properly conduct these audits, the communication of exactly what is assured in the reports (you may already know that typically it is not the entire report that is assured but just select metrics), and over recommendations to (hopefully!) help mitigate greenwashing.
Feel free to share your thoughts!
1. Do you agree that it is important for ED-5000 to be capable of being applied for each of the items listed above to provide a global baseline for sustainability assurance engagements?
All sustainability topics
I love that double materiality has been included here; this is so important in this space. Generally, I think the standards are appropriate for all sustainability topics, but this may need to be modified as new topics emerge.
All mechanisms for reporting
Again, generally, I think the standards are appropriate for current approaches to sustainability reporting which include stand-alone reports, integrated reports, etc.
Any suitable criteria
Generally, I think the standards can apply to sustainability frameworks or other criteria.
All intended users
Generally, I think the standards can apply to all intended users.
Limited and reasonable assurance engagements
Generally, I think the standards can apply to both limited and reasonable assurance engagements.
Use by all assurance practitioners
Yes, broadly but I have some concerns. One of the big challenges here is going to be sustainability competence throughout all practitioners. We’re already seeing competency washing and it’s not clear what kind or what level of sustainability competence will be needed to implement this standard. How will this expertise/competency be verified? What we don't want are non-experts leading non-experts and currently, there are a lot of people who don’t know what they don’t know. My recommendation to address this is to add clarity around how expertise/competency will be determined and to add disclosure requirements on this. Specifically, how expertise/competency is determined by the leader, what processes were followed, how the expertise/competency is verified before an engagement and how individuals are selected to the team.
2. In your view, is the concept of “at least as demanding” clear?
Overall view: Yes.
This part makes sense to me; ethics is important; independence and disclosure of this is important.
3. Do you agree with the terminology for sustainability matters, sustainability information and disclosures in ED-5000?
Overall view: Yes.
4. Do you agree with the way in which ED-5000 addresses the entity’s “materiality process”?
Overall view: Undecided.
The challenge here is sometimes what is not said (e.g., the NHL did not discuss of player health/concussions in their first report). I think the practitioners need to actively consider what they know of the business, what they would expect to be discussed, and then identify what the firm has identified as material. At this stage, pointed questions need to be asked about missing stakeholders/issues/impacts/etc.
Overall, the other criteria listed are fair.
5. Do you agree that ED-5000 appropriately addresses the notion of “double materiality” in a framework-neutral way?
Overall view: Yes.
6. Do you agree that ED-5000 appropriately addresses the topic of fraud (including “greenwashing”) by focusing on the susceptibility of the sustainability information to material misstatement, whether due to fraud or error?
Overall view: No.
No, I think more clarity is needed to clearly identify up front what metrics/ measures/ information is actually being assured because many people assume assuring a sustainability report is like assuring a set of financial statements when it is not. Generally speaking, sustainability reports only have select metrics assured and not typically the entire report (unlike financial statements).
I recommend bolding the metrics up front (at the beginning of the assurance report) and/or identifying and stating the metrics/ information in a summary table (again in a visible, up front location). I believe that something additional is needed to make the actual assured information stand out because right now it is not clear. The examples provided in the standard are good but what is needed are real examples of partial assurance on reports (which is the norm currently).
Additionally, I'll echo my comments made elsewhere in this submission. Specifically, that the competency/expertise of the sustainability assurance providers be verified and disclosed and that assurance providers not only ask questions about the information that is provided but also about what is not provided and why (e.g., companies will often only disclose the 'good' stuff, we need to also ask about the 'bad' stuff to get a fair picture of what is happening).
7. Do you support the high-level requirement in ED-5000 regarding communication with management, those charged with governance and others, with the related application material on matters that may be appropriate to communicate?
Overall view: Undecided.
I recommend that any areas of weakness, issues that are likely to be material/ important to some stakeholders that were perhaps not included in the engagement, be reported to those charged with governance, management and others.
8. Do you agree that the requirements in ED-5000 will drive reporting on sustainability assurance engagements that meets the information needs of intended users?
As above, I think the identification of the specific information that is assured should be stated up front so there is clarity as well as identifying and disclosing which stakeholder groups the assurance providers considered in their work.
9. Do you agree with not addressing “key sustainability assurance matters” in ED-5000, and instead having the IAASB consider this in a future ISSA?
Overall view: No view.
10. Are there any other matters for which you wish to provide comments, or that the IAASB should consider in finalizing ED-5000? If so, please be specific about the matter(s) and whether you agree with the approach taken in ED-5000 and why. If you disagree with the approach taken, please indicate why and provide suggestions for how to improve or clarify the approach.