Limited Or Reasonable?

As regulations worldwide strengthen in the ESG (Environment, Social and Governance) space and the term non-financial is tending towards extinction, a new level of discussion is emerging around the assurance of ESG disclosures — Limited or Reasonable!

The European Commission’s (EC) Corporate Sustainability Reporting Directive (CSRD) proposal introduces an EU-wide requirement for limited assurance on sustainability information with the goal of moving to reasonable assurance in the longer term. While the current template of Business Responsibility and Sustainability Reporting (BRSR) mandated by the Securities and Exchange Board of India (SEBI) refers to assurance only under Principle 6, there are already discussions on expanding the assurance to other dimensions of BRSR. The US Securities and Exchange Commission (SEC) stipulates limited assurance during a phase-in period, followed by reasonable assurance in the proposed rule on climate disclosure requirements.  

In this business environment, companies need to understand what is limited and reasonable assurance. Before we get there, let us talk about assurance first. No, I am not seeking the theological meaning here, but in relation to ESG disclosures. 

Assurance is the practice of verifying and certifying the ESG disclosures done by a company. Wait, isn’t that called an audit? Let me try to explain the difference. Audit (generally associated with financial accounting) ensures that the reports are presented fairly, ethically, accurately, and comply with the accounting standards/principles. Assurance evaluates the accuracy of given reports/records and conveys the authenticity of such information to all stakeholders.

They might sound very similar but bear with me as I highlight the difference.

Let me try to explain through the standard ISAE 3000. International Standard on Assurance Engagements (ISAE) 3000 is a standard for assurance engagements other than audits or reviews of historical financial information; it’s the framework for assurance engagements. In ISAE 3000, Assurance engagement is an engagement in which a practitioner aims to obtain sufficient appropriate evidence to express a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the subject matter information. In layperson’s terms, the assurance assesses the procedures and processes followed in preparing the subject matter information. Assurance will provide confidence in whether the process is conducted based on the specified procedure to obtain optimum results. Even though it may not satisfy classic experts in the field, to move forward, let me state, audit focus is accuracy and assurance focus is reliability. Or remember, for Sustainability or ESG disclosures, we conduct assurance.

The intended user of assurance regarding sustainability or ESG disclosures is usually the company’s board of directors, as you will observe that most assurance statements are addressed to them. If other stakeholders rely on the assurance results, the assurance practitioner is not responsible for the outcome of their decision. Then you may ask why an assurance statement is published in public when it can be simply submitted to the board of the company. It is displayed as documentary proof of the assurance being conducted. It is a transparency action — to showcase the scope and the boundary setting of the assurance, the level of assurance and the conclusion by the practitioner. 

As the intended user, the board and the leadership of an organization should have a definite knowledge of what is limited and reasonable assurance. While the regulations make it accessible by stating that companies should conduct limited assurance in the initial years and later move to reasonable assurance, it is prudent for intended users to understand the difference. 

Limited assurance is likely to enhance the intended users’ confidence about the subject matter information to the degree that is clearly more than inconsequential (not to be compared to a limit tending to zero). Reasonable assurance is more detailed and gives the intended user a higher level of confidence (again, not limit tending to infinity). While in a reasonable assurance, the practitioner’s conclusion is expressed in a form that conveys the practitioner’s opinion on the outcome of the measurement or evaluation of the underlying subject matter against criteria. In a limited assurance, the conclusion conveys whether, based on the procedures performed and evidence obtained, a matter(s) has come to the practitioner’s attention to cause the practitioner to believe the subject matter information is materially misstated. In simple terms, in a reasonable assurance, the conclusion will be relatively more assertive than a limited assurance. 

This difference is better understood by explaining how a practitioner should evaluate before agreeing to conduct a reasonable assurance. As per ISAE 3000, a practitioner shall understand the internal control over the preparation of the subject matter information. This will include evaluating the controls’ designs, determining how the controls are implemented by performing procedures and evaluating the competence of the personnel involved. This requirement indicates to an organization the maturity level they should have before seeking reasonable assurance. An organization can also seek limited assurance on some subject matters and reasonable assurance on others depending on the maturity of its internal control mechanism (unless stipulated by regulation). 

In conclusion, any organization needs a plan to move from a limited assurance to a reasonable assurance within a time period as defined by them (or soon required under the disclosure regulations). I have seen many organizations in India continuing with limited assurance for over a decade, which should change. The regulations are evolving, and seeking that change is only a matter of time. The change is not easy for the organization as well as the practitioners. Assurance practitioners in India also have to improve their capability and competence to perform reasonable assurance. 

By Santhosh Jayaram

Adjunct Professor of Practice at Amrita School for Sustainable Futures, Amrita Vishwa Vidyapeetam. I also function as advisor for a leading IT Services company in India and a couple of start-ups. Earlier I was a partner with one of the leading professional services firm and lead the biggest advisory teams in the field of sustainability, ESG and Climate Change in Asia. My other interests spans to Nature Photography and a bit of painting. I published 2 books "Still Speaking" Volume 1 & 2, in 2020. These books are a collection of photographs (Stills) and what they spoke to me.

3 comments

  1. Very well said. However, I think it’s ‘reasonable’ to be ‘limited ‘ till systems really mature, both at the Organizations’ as well as Practioners’ end. Regulators should not enforce it as it might only encourage ‘ greenwashing ‘ . It’s also interesting why ISO certifications did not have such differentiation.

  2. Financial Market Participants has always been relying on finanical reporting because they had been audited it has helped provide a reasonable assurance for the financial numbers. The auditors have played a very vital and significant role in this.

    I always wonder and have thought we should have similar assurance standards which provide reasonable assurance on the ESG disclosures. This trust has been cornerstone to have some semblemance of trust in financial reporting. We need similar trust on ESG disclosures.

    But the challenge with the ESG has been the future trajectory and many of the actions are forward looking statements. In Financial world forward looking statements are disclaimed. How do you bridge that gap is other key question on assurance of ESG.

    1. Even in sustainability disclosures the assurance provider clearly states that the forward looking statements are out of scope of assurance. The assurance is on the disclosed results.

Comments are closed.