Assurance will be mandatory under the EU’s ESRA, California climate disclosure laws – and possibly other regulations.  Readiness helps companies avoid being called out in public auditor reports. 

Climate and Greenhouse Gas (GHG) emissions requirements apply to all organizations worldwide.  Many requirements for assurance requirements are being phased in during the next few years.  There are several standards, different types of assurance providers, audit objectives, and scopes.  Read more. 

Assurance readiness involves understanding the criteria (including how they were determined); the type of assurance; the scope; how assurance providers may consider risk and develop their procedures; the difference between design of controls and testing controls; and other factors. Assurance is – by definition – independent, so auditees won’t know exactly what will happen until it does.   Nonetheless, companies can improve the assurance process and outcome with walkthroughs and other support.  The most enlightened companies don’t obsess only on “getting the passing grade”; they apply learnings throughout their business to improve effectiveness and efficiency of their operations and compliance. 

COSO’s ICSR document begins the journey to apply principles to Sustainability reporting that are firmly embedded in financial reporting.  

Assurance providers are looking for completeness, accuracy, verifiability and appropriate access to content in Sustainability reporting and disclosures.  The first step typically focuses on the design of the program and internal controls.   Next steps will involve testing the internal controls: if you apply the procedures, do you get the output that is included in the report / disclosures? 

Sustainability reporting differs from financial reporting in three notable aspects.  The COSO ICSR document embraced these “Three Attributes”, as originally published by Douglas Hileman Consulting LLC in a white paper.  Control and Influence; Quantitative and Qualitative; and Retrospective and Prospective.  For the full white paper, click here. 

Assurance providers and companies are both finding their way in Sustainability reporting assurance.  This is eerily reminiscent of the first years after Sarbanes-Oxley was passed.  Companies had to learn about “internal controls.”  Many went overboard on designating “key controls.”  It was a painful – and expensive – experience for all.  DHC suggests that companies can save themselves grief – and money – be leveraging this experience.

DHC facilitates COSO ICSR workshops tailored to your situation.  DHC has worked with companies (cross-functional teams are ideal!).  DHC has led workshops at professional organizations for functional leaders in IT, Internal Audit, Compliance.  DHC has contributed to research on the emerging role of the Controller function in Sustainability reporting, and how COSO ICSR can help improve confidence in the results. 

Assurance of Sustainability reporting will become a recurring process – annual for many disclosures, perhaps periodic for others.  Companies may even have multiple assurance providers for different elements of Sustainability reporting, or for different business units or in different regions.  Decisions and efforts at the outset can have far-reaching implications. 

DHC has helped clients throughout this life cycle, including drafting RFPs, reviewing qualifications and proposals, interviewing candidates, and providing suggestions for contract language.  DHC has observed assurance/ auditor procedures, helping keep activities within scope, and avoiding irrelevant findings.