Image Image Image Image Image Image Image Image Image

External Assurance Archives - Sustainability Reporting and Risk Management

10 Aug


External Verification sustainability reporting

August 10, 2016 | By |

UPCOMING WEBINAR: Sept 22, 2016 / 1:00 pm to 2:00 pm (CT)

External Verification sustainability reporting / Big Data vs Quality Data

There is a growing trend in sustainability reporting that looks to take advantage of the external verification process. Whether reporting to CDP, GRESB, GRI, DJSI, Integrated ReportingSASB or global retailers via The Sustainability Consortium , organizations find that external assurance provides both internal and external benefits. Some of these benefits include opportunities for:

– Building organizational credibility
– Improving stakeholder trust
– Reflecting the seriousness in which the organization approaches the sustainability reporting process
– Increasing the probability of securing special project funding
– Positively influencing rating agencies and other analyst rating decisions
– Providing more reliability, accuracy and value to the entire reporting process
– Engaging higher management, Boards and employees in the reduction of sustainability-related risks
– Improving internal management systems and data quality
– Strengthening overall stakeholder communication

To work most effectively, the Assurance process should be considered as an essential component of the reporting process. That way, when crafting an annual CSR report or Questionnaire, organizations will ensure they: address the proper boundary, collect the right data, aggregate information using reliable methods, properly track supporting documentation, and rely on software solutions that are up to date with the latest industry standards, among other things.

A variety of groups including sustainability service consultancies, accountancy and engineering firms provide external assurance of non-financial reporting. When choosing the provider that is best for you, be sure the group is independent from your organization, objective, experienced in assurance practices, and knowledgeable about the subject matter presented in your report. Because there are several assurance standards, be sure to pick a provider that uses a standard that meets your organization’s needs. The AA1000 Assurance Standard is one of the most consistently used, internationally recognized standard for guiding assurance practitioners.

BIG Data vs QUALITY Data

With the increased demand for non-financial disclosure, there is clear recognition from leading reporters of the added value of external assurance – The world is demanding BIG data, but first, we need QUALITY data.

ISOS Group is one of the leading sustainability consultant agencies in the country, which caters to organizations of all sizes and across a large variety of sectors. In addition to the AA1000’s CSAP status, the team’s approach is guided by collective capabilities rooted in the ISO14064, ISAE 3000, SA8000 and key principles rooted in sustainability disclosure.

ISOS Group will be leading a free webinar on September 22 from 1:00 pm to 2:00 pm (CT) to guide organizations through the basics of the assurance process. Register now to hear from our experts about the assurance process, challenges and best practices.


22 May


Global Reporting Initiative-GRI G4

May 22, 2013 | By |

Previous iterations of the Global Reporting Initiative’s standards have been all-inclusive, encouraging reporters to report widely on their environmental, social and governance issues.  Some critics of the G3.1 and G3 standards complained that they rewarded breadth over depth by categorizing reports into three levels (A, B and C) – with the “best grade” given to the reports with the biggest scope. 

G4 represents a big shift in the standard – away from “put it all out there” to “less is more” – so long as what gets reported is material to the organization. The new standards ask reporters to use the sustainability report to document what really matters- a big shift away from reporting on everything the company monitors.

First things first. The G4 is split into two complementary documents: a manual consisting of the principles and standard disclosures themselves and a separate implementation manual to help reporters make their way through the process. The second document details the necessary steps a reporter needs to take to launch and manage a sustainability reporting process within any organization, regardless of their level of experience. The first document offers flexibility for preparers to choose which disclosures to focus on and how to align efforts to local/regional report requirements and frameworks. In addition, new clarifications on how to report on shared supply chain impacts outside of operational control will hopefully support organizations in taking additional responsibility for supply chain sustainability and governance.

Here are the key changes reporters need to know about from G4:


Gone are the lettered reporting levels (A, B, and C) that encouraged American reporters to go for that A+. There will now be an “in accordance” system with two distinct tracks: an entry level track for General disclosures and a more Comprehensive track.

The concept of full or partial coverage will no longer be relevant. Now, reports can only be “in accordance” or not. If a company does not have all the data available, in order to be “in accordance,” it now must disclose omissions using detailed guidance within the G4.

Organizations can still determine the depth of reporting they wish to undertake. For the immediate future (approximately three months), GRI will continue to offer Application Level Checks. The board of directors will then meet in September to discuss continuation and/or approach to offering this service now that the levels are going away.

What happens to companies that choose not to be “in accordance”? Reporters that refer to GRI as a guide, but do not fully implement the principles and components are not required to publish a Content Index. They are however, encouraged to state that the Guidelines were referred to.


Materiality will continue to be emphasized in prompts throughout the guidelines. Where issues are deemed material, reporters will be required to disclose on those issues.

When organizations are unable to measure and/or track all material aspects or indicators, they will need to acknowledge the relevance and admit limitations in data availablility.

G4 will not require a reporting organization to discuss each indicator – as with the previous A level scenario. Now reporters only need to discuss those that relate to a material aspect. That means that organizations with a large staff of knowledge workers in the U.S. and no physical products, probably do not need to spend much time addressing supply chain issues. For new reporters, this may make things easier as only one indicator from each material aspect requires a response. However, it may require more preparation as going through the materiality process is essential and more details may be required.

Materiality Revisited: It is likely that organizations will be asked to select aspects solely within one or a pair of categories, as opposed to the many different aspects A level reporters were previously expected to report on. This means that some of the reporting process will be a judgment call since organizations need to determine what they can feasibly report on.


DMAs will now be more focused at the Aspect level (GRI’s term for general fields of sustainability performance, like Energy Use or Labor/Management Relations) – meaning that companies will disclose on how they manage each Aspect separately. Makes sense, right? More Generic DMAs will allow for several aspects to be grouped together and addressed at the Category level (one step up). Three distinct elements will help guide reporters in reporting. First, organizations will explain why an Aspect is material and which impacts make it material, second, how the organization manages impacts, and third, which mechanisms are in place for evaluating the management approach.

Though a General Disclosure item will also prompt organizations to describe the supply chain and shared impacts, supply chain mapping as proposed in the exposure drafts will not be a required step in the process. Considering shared impacts across the supply chain and determining who is affected will be an integral concept fed throughout.


Current Sector Supplements (specific reporting guidelines for various industries) will be adapted to Sector Disclosure Tables- starting with Financial Services and Mining & Metals. All others will be adapted soon after along with additional sectors developed in time.


The guidelines now allow for external (third party) assurance to be conducted by different organizations for different impact areas. Disclosures about the assurance should be indicated in the Content Index accordingly.


All in all, these changes will make the G4 much more straightforward and easy for newcomers and experience reporters alike. The development of the guidelines took two years, and GRI went through nearly one thousand drafts to reach these final edits. The development of these guidelines required extensive stakeholder consultation. Working Groups from across the world contributed feedback as did thousands of individuals around the world. GRI should be applauded for conducting such a thorough process and using this enormous amount of feedback effectively to produce a simple and effective guideline for reporting.

If you want to learn more about the G4, a bridging module on the G4 will be incorporated into all the ISOS Group GRI certified sustainability reporter trainings happening after July 1st. A free webinar will also be available (soon!) for ISOS Group’s past course participants. Visit our GRI training page to sign up for a full course.

21 Sep


Seeking Assurance

September 21, 2011 | By |

Source: FA Green
September 2011 issue

The verification of sustainability reports by third parties is leading to hard questions about companies’ core business strategies.
By Ellie Winninghoff

What’s the difference between financial materiality and materiality with respect to sustainability? This question is at the heart of “assuring,” or verifying, a company’s sustainability report. And it’s not as simple and straightforward as it may seem.

Financial materiality is about how quantitatively significant something is. Although there is no specific hurdle rate, it’s what a reasonable person would view as important to be concerned about. As such, certain eco-metrics can qualify. Think carbon emissions for a power plant generating electricity or water consumption for a company like Coca-Cola.

But sustainability materiality is a much broader concept, says Peter Minan, KPMG’s assurance leader of U.S. climate change and sustainability.

“It’s not just about quantitatively significant data, but determining what type of data is meaningful to a company’s stakeholders,” he says. “If you don’t know which stakeholder groups are important and what’s important to them, it’s hard to put forth meaningful data.”

This article is the second of a three-part series. The first story ( traced the trajectory of the Global Reporting Initiative, or GRI, a multi-stakeholder-based, consensus-seeking global institution that has developed and continues to refine frameworks and guidelines for environmental, social and governance (ESG) reporting.

Despite its usefulness, ESG data––like the rest of the data collected by the investment industry––has become its own separate silo, unconnected to the whole. Ultimately, the idea is to help corporations, as well as investors and other stakeholders, to connect the dots between a company’s ultimate strategy and various ESG and financial issues.

This article discusses some of the tricky issues related to verification/assurance by accounting firms and others of the information contained in corporate sustainability reports.

Part three will look at efforts to create “integrated reports” designed to help investors analyze a company’s strategy and connect the dots between the complex and inter-related environmental, social, governance and financial issues that determine a company’s success. The players here range from Prince Charles and the Financial Accounting Standards Board to the GRI and Harvard University.

Beyond Judgement Calls
Sustainability reports are about transparency regarding ESG factors such as carbon emissions, workplace issues and corporate governance. According to Carrots and Sticks: Promoting Transparency & Sustainability, a 2010 report produced by KPMG, the United Nations Environmental Program and the University of Stellenbosch business school, there are now a total of 142 country standards or laws related to sustainability, and about two-thirds of those are mandatory and the rest voluntary.

But just as financial reporting has become so complex and so detailed as to render many corporate financial statements virtually non-transparent, sustainability data has the same potential. Investors want comparability among companies––something that has led some companies to publish everything suggested in the GRI Guidelines.

That said, publishing more data doesn’t necessarily equate to better data, Minan argues. Since there is a huge variation in the businesses that companies conduct, as well as a broad range of stakeholders, the relevance and materiality of different ESG issues varies by company and industry.

“You’ve got companies making different judgments and different interpretations within industries over data that is in some cases subjective,” Minan says. “That’s part of the reason we think assurance is such an important part of the future here.”

The GRI Guidelines stipulate that companies are required to list their stakeholders, show how they prioritized them, and explain how they reached out to them. But according to Nancy Mancilla, co-founder of the ISOS Group, a consultancy that assures sustainability reports, stakeholder engagement––along with materiality, which is closely related––is the weakest link in the sustainability reporting process.

“Many companies worry about interacting with their stakeholders, and are concerned about the feedback they might get from opening up in a community forum,” she says. “They are afraid that nonprofits will want too much from them, and they do not understand what they should be reporting in terms of stakeholder engagement. They may cite their presence at conferences or beach clean-ups. But it really should be a more focused engagement where they are discussing their key sustainability issues.”

Stakeholders, not shareholders? This is not as radical as it may seem. In their book, OneReport: Integrated Reporting for a Sustainable Strategy, Harvard University Business School professor Robert G. Eccles and Grant Thornton partner Michael R. Krzus argue that the information needs of institutional investors are converging with those of the broader stakeholder community––environmentalists, health activists and other NGOs, labor, communities, and the like.

Institutional investors are increasingly seen as “universal owners.” As such, they own parts of the entire economy, and they, like society at large, absorb the high cost of externalities. When, for example, companies in one part of their portfolio produce an externality like toxic chemicals that seep into the groundwater, companies in other parts of their portfolio (health insurers, for example) pay for it.

But according to Eric Hespenheide, Deloitte & Touche LLP’s global leader of sustainability and climate change, audit and enterprise risk services, the importance and value of different ESG information varies by constituency. And the degree of importance has yet to be worked out. “There are some [stakeholders] that are very much committed to it––NGOs, single issue folks,” he says. “For me, the issue is how to translate that to something that can be meaningfully acted upon by citizens.”

Comparability, Completeness, and Timeliness
Although the GRI provides a framework with guidelines recommending what information companies should report, it does not provide standards for how those indicators should be measured. Nor, in most cases, are there any yet. Carbon emissions are the notable exception. (The World Resources Institute/World Sustainable Business Council protocol is arguably the de facto standard for measuring carbon emissions.)

But even in terms of carbon emissions, organizations currently measure their indicators differently. This means that ESG information is not, for the most part, comparable across companies or even among those in the same sector.

Beyond that, much of the ESG information that is reported is fairly simplistic. Take water usage. “Most operations use water and discharge water, and often alter it in some fashion,” Hespenheide says. “But what’s the proper measure? Is it simply volume or should it include quality?”

And there is similar complexity around waste. Right now, most companies measure tons of waste that go to the landfill. But not all waste is created equal. Some of it, for example, can be recycled.

“There’s a whole variety of measurement issues yet to be vetted and addressed,” says Hespenheide, who describes the ultimate challenges as “comparability, completeness, and timeliness.”

The question arises: With so little understanding of stakeholder engagement and materiality and so few standards, how does the verification of sustainability reports by third parties actually work? Anybody, after all, can verify these reports.

If a company is following the GRI Guidelines, there are three levels of reporting (A, B and C,) which reflect the quantity of data a company is reporting. Since ESG reporting involves a learning curve, as well as putting the proper controls in place to collect the data, it takes at least a couple of years to reach the “A” level. Verification of a report by a third party is signified by a plus sign. Reports can be found at the GRI’s website,

All assurers are supposed to analyze the data that is reported, assess the systems that are in place, and then try to see if the claims that were made were valid. Even so, the methodologies that different assurers use can vary tremendously.

ISOS Group, for example, does not issue negative opinions at all. Rather, it scores companies based on the tests it runs and gives them a report of its findings. The score does not need to be made public, and companies have the opportunity to make corrections and request another review.

“We really want to encourage companies to improve their processes,” says ISOS co-founder Mancilla. “We have found a few cases where figures were not reported accurately in the report. Companies were allowed to correct them and then site that they had made a correction.”

If companies don’t receive a high enough score, she adds, they simply do not earn their plus. But that hasn’t happened. “They’ve all been determined to go back and correct things,” Mancilla says.

Professional auditing firms, long steeped in the tradition of verifying financial results, have a different approach. A “review,” or negative opinion, reflects inquiry and analysis and limited checking of underlying data. It is expressed as “nothing has come to our attention.”

A positive opinion, on the other hand, involves a more detailed examination and is expressed as “in our opinion, in all material respects.”

According to Ann Brockett, Ernst & Young’s Americas leader of climate change and sustainability assurance services, the greatest challenge is “working with systems and processes and controls that are really still under development.”

Lies, Damned Lies and Sarbanes Oxley
In the wake of Sarbanes-Oxley, companies were told that simply getting the numbers right was not enough; they also had to have the proper systems and controls in place to properly track their financial data. In a somewhat parallel fashion, traditional accounting firms are encouraging companies to put information technology systems in place to identify sustainability data.

“Compensation decisions and strategic decisions are being made based on sustainability data,” says KPMG’s Minan. “You want to be sure that the data is internally consistent and reliable, and you have to have controls and processes in place to do that. That’s even before you get to external assurance.”

According to Minan, the “better companies” are working on getting those internal controls and processes in place.

“Companies are starting to make business and strategic decisions that are, among other things, based upon data that is not traditionally financial data,” he says. “Some companies are having to look at the controls in place to generate that data because it’s becoming core and critical and strategic. What you’re not seeing is behind the scenes as these better companies are integrating their strategies played out in the sustainability reports with their core business.”

Although Deloitte’s Hespenheide says the focus on carbon emissions has created an opportunity to have deeper conversations with companies about the most cost-effective and efficient sources of energy and strategies for managing future energy costs, they often ask what that has to do with sustainability.

“If you’re in electricity generation, you require lots of water,” he says. “They are aware of that. But they have not recognized what that represents in terms of their future prospects if [for example] they are operating in an area where water is increasingly scarce due to climate change or just because other businesses that have moved in and are hogging up some of the water supply.

“They haven’t drawn the connection,” he says.

A former investment banker and veteran financial journalist, Ellie Winninghoff’s work can be found at: She can be contacted at: ellie.winninghoff (at)