At its March 2021 meeting last week, the IAASB approved Non-Authoritative Guidance on Applying ISAE 3000 (Revised) to Extended External Reporting (EER) Assurance Engagements, which will be published in April. This guidance marks a significant step forward in supporting the evolving field of assurance for non-financial reporting. EER encapsulates many different forms of reporting, including, but not limited to, sustainability or ESG (environmental, social and governance) reporting, integrated reporting, reporting on corporate social responsibility, greenhouse gas statements, and service performance reporting in the public sector.
The Guidance builds on our existing, well-tested assurance standard, International Standard on Assurance Engagements 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information. The Guidance responds to practitioner and user-identified challenges in the practical application of the standard to assurance engagements on EER.
Together with ISAE 3000 (Revised) and ISAE 3410, Assurance Engagements on Greenhouse Gas Statements, the Guidance forms a strong package aimed at enhancing confidence in and improving the reliability of assurance reports for their intended users. We believe this package of standards and Guidance is sufficiently robust to enable practitioners to respond to new reporting regimes, including those under consideration in the European Union and elsewhere. However, as gaps emerge, the IAASB remains ready to act.
Benefitting from our due process, the approval of the Guidance completes the work that we commenced in 2017 with the support of the World Business Council for Sustainable Development (WBCSD).
The Guidance Addresses Growing Demands for Extended External Reporting & Non-Financial Information Reporting
Non-financial information has become an important topic in reporting circles. As reporting evolves, auditors are increasingly asked to provide assurance on sustainability or ESG reporting. Where this type of reporting, and assurance thereon, have often been undertaken on a voluntary basis by entities, there is an increasing (and nowadays, urgent) focus on this being mandated by law or regulation. We at the IAASB have taken the view that we must rise to the challenge and assist, particularly as users of corporate reports are demanding a broader base of information to inform capital allocation decisions.
The Guidance responds to ten key stakeholder-identified challenges commonly encountered in applying ISAE 3000 (Revised), the umbrella standard for assurance engagements, in EER assurance engagements.
In response to strong requests from stakeholders, the Guidance also provides further explanation and examples to facilitate a better understanding of the distinction between limited assurance and reasonable assurance engagements as contemplated in ISAE 3000 (Revised).
Some may wonder why we chose the term “Extended External Reporting (EER)” rather than ESG or other forms of reporting now in common parlance. We chose EER to ensure broad-based impact of the Guidance. ISAE 3000 (Revised) applies to any assurance engagement other than an audit or review of historical financial information, including different forms of reporting of non-financial information as I have highlighted at the start.
EER information may be presented as a section(s) in an entity’s annual report or other mainstream periodic report, or in a regulatory filing, or it may be presented as a separate report(s) or statement(s) issued by an entity. Similarly, when an assurance engagement is requested, the EER information subject to assurance may be the whole report or may be one or more metric(s), section(s) or statement(s) within a report. ISAE 3000 (Revised) and the Guidance accommodate all these variations.
EER Engagements Must Include a Commitment to Quality and the Highest Ethical Standards
The Guidance supports the application of ISAE 3000 (Revised), which is the IAASB’s authoritative pronouncement. The Guidance does not introduce any further requirements beyond those in the standard or override or change any of the requirements or application material in the standard. Importantly, requirements related to quality and ethics are already deeply embedded in the standard.
ISAE 3000 (Revised) requires that:
- The practitioner is a member of a firm that is subject to International Standard on Quality Control 1, or other professional requirements or legal or regulatory requirements that are at least as demanding. This requirement will be updated and aligned with our new and revised quality management standards that were issued in December 2020.
- The practitioner and members of the engagement team are subject to the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants or other professional requirements or legal or regulatory requirements that are at least as demanding.
- The practitioner complies with the requirements of the standard addressing their own competence (including assurance skills and techniques) and the competence of others who perform the engagement.
Ensuring the Right Conditions Exist
The practitioner is only permitted to accept or continue an assurance engagement in accordance with ISAE 3000 (Revised) when the preconditions for an assurance engagement are present. Such preconditions relate to, among other matters, whether the engagement has a rational purpose taking into account, for example, the needs of users of the subject matter information, and the suitability of the criteria applied in the preparation of the information (e.g., a reporting framework or set of reporting standards that satisfies the requirements of the standard).
A significant part of the Guidance is devoted to supporting practitioners as they navigate the requirements of ISAE 3000 (Revised) relating to determining whether the preconditions are present.
The current global developments to establish a coherent set of sustainability reporting standards also will go a long way to address the preconditions for assurance engagements by providing suitable criteria.
Additional Support Material
We received considerable encouragement from respondents to our public consultation on the Guidance, which was accompanied by two supplements, to advance the development of certain elements of the supplements for publication; in particular, the supplement that provides longer worked examples relating to EER assurance engagements. Therefore, two additional items of non-authoritative support material will be published at the same time as the Guidance (note, these are not integral to the Guidance; the Guidance can be used without the need to refer to these materials, but they are available as additional resources, should practitioners wish to refer to them): (1) Credibility and Trust Model Relating to EER Reporting, and (2) Illustrative Examples of Selected Aspects of EER Assurance Engagements. The latter includes examples that cover a broad range of reporting frameworks.
What Lies Ahead
Together with ISAE 3000 (Revised) and ISAE 3410, the Guidance provides a solid foundation for consistent performance of quality assurance engagements relating to non-financial information reporting. At the same time, we know that this will not be our last action in this rapidly evolving area.
The IAASB is prepared to act to enhance our standards, frameworks and guidance to support progress. We will closely monitor relevant developments, engage with our stakeholders as part of our outreach program and seek a place at the table involving policy discussions that may impact our standards and our role as global auditing and assurance standard setter.