EER Assurance implications
Assurance over EER is a rapidly-evolving area and, at present, there is significant variation across different countries.
Typically, the majority of assurance engagements for EER tend to be narrow in scope—covering only selected indicators rather than a complete report. Almost all can only be limited assurance engagements rather than reasonable assurance engagements.
The International Auditing and Assurance Standards Board (IAASB) is currently developing guidance for practitioners to apply the applicable assurance standard (ISAE (NZ) 3000 (Revised)) to emerging forms of external reporting in a consistent and appropriate way.
This will mean users and investors can have greater justified confidence and trust in the EER information— irrespective of the EER framework applied.
How is credibility and trust in EER established?
There are four factors at play here:
- Adopting a sound EER Framework.
- Providing strong governance.
- Providing consistent wider information to users.
- Seeking assurance.
The diagram shows that all these four factors together play a role in determining and enhancing credibility and trust.
[Taken from Supplement A of the IAASB’s developing EER Assurance exposure draft]
The following FAQs will help you determine if EER Assurance is right for you.
- To satisfy a legal requirement—for example, for some registered charities service performance information has to be assured.
- For internal decision making—for example, Boards may seek assurance of key performance metrics.
- In response to increased investor and stakeholder demands.
Before engaging an assurance practitioner, you need to ensure that there is a “rationale purpose”, i.e. you must establish the reason for having certain information assured. The scope of what information is to be assured is a key consideration, as it may not cover the full EER report.
The majority of assurance engagements over EER tend to be narrow in scope—typically covering only selected indicators rather than a whole report (for example, the assurance report may identify the key metrics that have been assured or may identify selected page references rather than the entire report). It is unlikely that a rationale purpose exists if only a subset of information is assured, but the assurance would not cover the most relevant information included in the EER report.
Assurance practitioners need to ensure that the following preconditions are met before they can accept an EER assurance engagement in accordance with XRB standards:
1. Three party relationship
An assurance engagement involves three parties: the assurance practitioner, the intended users of the EER report and the responsible party (including those that prepared the information). The roles and responsibilities of all three parties will need to be suitable for the circumstances.
As the responsible party it is important that you clearly identify the intended users, such as investors, employees, funders, customers, members and other stakeholders. Both the preparer and the practitioner will also need to understand what is relevant to the intended users.
2. Appropriate subject matter (Reporting topics)
You must ensure that the reporting topics are separately identifiable and capable of consistent measurement or evaluation. The assurance practitioner will need to understand exactly what non-financial reporting topics will be reported on.
3. Suitable criteria
There are multiple EER frameworks that may be used to prepare EER. Particular EER frameworks may specify how to identify, measure or evaluate, or make disclosures about relevant reporting topics.
Many of these require adherence to a set of high-level principles, without sufficient detail to identify reporting topics or how to measure or evaluate them. Such frameworks will not comprise suitable criteria on their own for assurance purposes. In many instances, as the preparer you will need to develop your own entity-specific criteria further.
You will need to develop a process to select suitable criteria for your entity from available EER frameworks, or to supplement or even establish your own.
The characteristics of suitable criteria include:
- neutrality, and
To illustrate this, for the key performance indicators in the cases below, you could state criteria as follows:
- greenhouse gas emissions—identify which emissions are included (e.g., scope 1 or 2 emissions) and if there are existing standards and protocols you could refer to (e.g. ISO standards)
- water use—define how water use is to be measured (e.g. actual take/use or as a function of production or litres per unit of product or service), or
- accident frequency—define an “accident” and set out how you measure them.
You need to make these criteria available to users of your EER report.
5. Expect to be able to obtain the evidence
The assurance practitioner will be able to accept the engagement only if they expect to be able to obtain the evidence needed to support their conclusion.
Consider whether you have a reasonable basis for the information being reported. This may include a sufficiently-developed system of internal control. The assurance practitioner will need to understand your process to collect, process and report the underlying data relevant to the EER report. The reporting process may be subject to specific controls and require greater governance and oversight.
6. Report the assurance conclusion in a report
The assurance practitioner is required to communicate to the intended user, in writing, the assurance conclusions. Whether the assurance report is made publicly available or not depends on the user’s requirements.
No assurance engagement can provide absolute assurance over the EER report.
Provides a high, but not absolute level of assurance
Provides a lower level of assurance than reasonable assurance
Opinion: Expressed in the positive
“…in our opinion, the EER information …”
Opinion: Expressed in the negative
“…based on the work performed, as described in the report, nothing has come to our attention…”
Drives a higher level of work effort
Drives a lower level of work effort
Current practice around the world is that the majority of EER assurance engagements are limited assurance engagements rather than reasonable assurance engagements.
Try these for useful further insight and information.
1. The International Auditing and Assurance Standards Board (IAASB) will soon be seeking feedback on draft guidance for practitioners to apply an applicable assurance standard in a consistent and appropriate way.
2. The World Business Council For Sustainable Development (WBCSD) has a buyer’s guide to assurance on non-financial information.