Integrated reporting is increasingly being adopted around the world to communicate the story of “The Business” to investors and other stakeholders (reporting on The Business is defined in Accelerating Integrated Reporting Assurance in the Public Interest, page 3). To build the credibility of integrated reports, integrated reporting assurance is also on the rise. This article highlights recent developments in integrated reporting and the assurance of integrated reports, including the experience of a selection of organizations and their assurance providers.
IFAC’s The State of Play: Sustainability Disclosure and Assurance – 2019-2021 Trends & Analysis shows that over the three-year period to 2021, fewer companies relied on stand-alone sustainability reports. The use of integrated and annual reports as the location for sustainability disclosures significantly increased over that period. The adoption of integrated reports surged in specific jurisdictions including France which saw a 44% increase from 2020 to 2021.
Similarly, momentum for integrated reporting assurance has also increased since 2021, driven by corporate and investor demand with some jurisdictions mandating integrated reporting assurance in some form – including Brazil and some European Union countries, such as Spain, Italy and France.
What is Integrated Reporting Assurance?
Integrated reporting assurance is an assurance opinion expressed in terms of whether the integrated report, including the Board of Directors Responsibility Statement under paragraph 1.20 of the International Integrated Reporting Framework and the Basis of Preparation and Presentation under paragraphs 4.41 and 4.42, is in accordance with the Framework.
Integrated reporting assurance is 'whole-of-report’ assurance in relation to integrated reports or reports in an annual report prepared in accordance with the Framework.
Partial forms of integrated reporting assurance have emerged as stepping stones towards whole-of-report integrated reporting assurance. Disclosures under IFRS Sustainability Disclosure Standards and Article 19(a) of Directive 2022/2464/EU of the European Parliament (the ‘CSRD’) contain requirements for a partial description of The Business along the lines of the International Integrated Reporting Framework.
Integrated reporting assurance is explained in two IFAC publications:
- “Accelerating Integrated Reporting Assurance in the Public Interest” which highlights the nature and pathway to integrated reporting assurance; and
- “Executing the Board’s Governance Responsibility for Integrated Reporting” (with The Institute of Internal Auditors) which highlights the responsibility of the Board of Directors for the integrity of the integrated report and underlying reporting process, as well as the contribution of internal audit.
How will Developments in Reporting and Assurance Standards Relate to Integrated Reporting Assurance?
The International Sustainability Standards Board’s (ISSB) General Requirements for Disclosure of Sustainability-related Financial Information (IFRS S1) and Climate-related Disclosures (IFRS S2) will be effective and available for jurisdictional adoption for annual reporting periods beginning 1 January 2024. These IFRS Sustainability Disclosure Standards represent a global baseline for reporting on sustainability risks and opportunities that require sustainability-related financial disclosures to be issued at the same time as the financial statements, and for the same reporting period.
Aspects of the International Integrated Reporting Framework and the Financial Stability Board’s Task Force on Climate-Related Financial Disclosures (TCFD) Recommendations, including reporting on governance, strategy, risk management and metrics and targets in relation to sustainability risks and opportunities, have been embedded within IFRS S1 and S2.
Integrated reports usefully provide the business context for disclosures under these standards describing the connectivity between sustainability and financial value creation, and how a company’s ability to deliver financial value to investors is inextricably linked to the stakeholders with whom it works and serves, the society in which it operates and the natural resources upon which it draws. Accordingly, assurance of disclosures resulting from applying S1 and S2 could form part of an integrated reporting assurance engagement.
All instances of integrated reporting assurance to date have been delivered under ISAE 3000 (Revised) or jurisdictional equivalents and involve the assurance practitioner making a judgement that the organization’s Basis of Preparation and Presentation provides suitable criteria for assurance.
Going forward, integrated reporting assurance will be within the scope of the International Standard on Sustainability Assurance (ISSA) 5000, General Requirements for Sustainability Assurance Engagements, the International Auditing and Assurance Standards Board’s (IAASB) proposed Sustainability Reporting Assurance Standard which is a landmark global sustainability assurance standard to be issued in its final form in 2024.
ISSA 5000 should drive momentum towards integrated reporting assurance as well as assurance engagements in relation to sustainability reporting frameworks and standards, including the IFRS Sustainability Disclosure Standards.
Despite ISSA 5000 being a profession-agnostic standard (supporting its use by both professional accountant and non-accountant assurance practitioners), we believe that integrated reporting assurance should be led by financial statement (statutory) auditors, whose professional skills and training including assurance skills and techniques, and ethics and quality management will mean greater confidence in the assurance being delivered in integrated reporting assurance engagements. Ideally, companies should not need to duplicate their investment in assurance by having two separate practitioners acquire the requisite understanding of a business to deliver their audit / assurance conclusions on an integrated report.
Building Momentum - Drivers of Integrated Reporting Assurance
In some jurisdictions, integrated reporting assurance is driven by regulation. In Brazil, such assurance is required on an “opt in” basis, and in Spain, Italy and France, partial integrated reporting assurance is required through mandatory independent assurance over a partial description of The Business and associated metrics and KPIs in non-financial statement disclosures.
In other jurisdictions, integrated reporting assurance is driven by market demand. As can be seen from the statements below from companies that have obtained integrated reporting assurance, companies recognize the value it can provide to investors and other stakeholders, in terms of enhanced transparency and credibility.
Country Developments in Integrated Reporting Assurance
The Brazilian Securities Commission (CVM) mandated that companies who choose to prepare integrated reports must prepare those reports under the International Integrated Reporting Framework and have them assured by an independent external auditor.
The CVM adopted Resolution 14 in 2021 for first adoption in 2022:
- Article 1 makes it mandatory for publicly held companies who decide to prepare an integrated report, to do so in accordance with the Brazilian Committee for Accounting Pronouncements (CPC)’s Integrated Reporting Framework directive.
- Article 2 makes it mandatory to obtain limited assurance on such integrated reports from an independent auditor registered with the CVM in accordance with the rules of the CPC.
Some of the 700+ companies subject to this resolution, including Itaú Unibanco Holding S.A., the largest bank in Brazil, adopted this resolution in 2022 in relation to their 2021 reporting. In the first year in which the resolution was effective, 2023 in relation to 2022 reporting, 51 companies obtained integrated reporting assurance.
Itaú’s 2022 Integrated Annual Report was assured by PwC. Itaú’s integrated report follows the International Integrated Reporting Framework and GRI Standards to report on its performance and value creation.
Alessandro Broedel Lopes, Group CFO, said the following about the company’s decision to obtain assurance of its integrated report:
“We moved to integrated reporting assurance in the world’s first mandatory setting for integrated reporting assurance. This has helped improve engagement with our stakeholders through their having more confidence in the credibility of our integrated report.”
PwC’s assurance report is expressed in terms of the company’s Basis of Preparation and Presentation and included the following statement (page 81):
“Based on these procedures performed, described herein (in this report), and on the evidence obtained, no matter has come to our attention that causes us to believe that the non-financial information included in the Integrated Annual Report of Itaú Unibanco Holding S.A. has not been prepared, in all material respects, in accordance with the criteria of the basis of preparation and guidelines of the Global Reporting Initiative (GRI-Standards) and with the Guidance CPC 09 – Integrated Report.”
Article 19(a) of Directive 2022/2464/EU of the European Parliament (the Corporate Sustainability Reporting Directive) contains the following requirement for management report information necessary to understand how an organization’s (“the undertaking’s”) sustainability matters affect its development, performance and position:
- Paragraph 2(a) requires “a brief description of the undertaking’s business model and strategy including (i) the resilience of the undertaking’s business model and strategy in relation to risks related to sustainability matters; (ii) the opportunities for the undertaking related to sustainability matters; … (iv) how the undertaking’s business model and strategy take account of the interests of the undertaking’s stakeholders and of the impacts of the undertaking on sustainability matters.”
- Paragraph 2(g) requires a description of the principal risks to the undertaking related to sustainability matters, including a description of how the undertaking manages those risks.
- Paragraph 2(h) requires disclosure of relevant (performance) indicators.
These disclosure areas are also covered in the International Integrated Reporting Framework.
The general assurance mandate in relation to these paragraphs was originally set out in the Accounting Directive (2013/34/EU), which was amended to become 2014/95/EU (the Non-Financial Reporting Directive). The general assurance mandate remained intact in the amendments to Directive 2013/34/EU in Directive 2022/2464/EU, mainly in paragraphs 60-61, requiring Member States to transpose the general requirement that the disclosures on the business model, strategy and risk management be subject to some form of checking by the financial statements’ auditor.
Accountancy Europe’s Factsheet Towards Reliable Non-Financial Information Across Europe highlighted how EU Member States have transposed the Non-Financial Reporting Directive (NFRD) in their own jurisdictions. It explains that there are three possible approaches open to Member States in relation to how the mandatory requirements for the statutory auditor or the independent assurance services providers have been transposed:
- Existence approach, where the financial statement (statutory) auditor checks the existence of the required non-financial disclosures in the Management Report.
- Consistency approach, where the financial statement auditor checks the consistency of the required non-financial disclosures with the audited financial statements.
- Mandatory independent assurance, where the financial statement auditor assures the required non-financial disclosures on either a limited or reasonable assurance basis.
For example, Spain and Italy have requirements for mandatory independent assurance that would constitute partial integrated reporting assurance based on information in the management report being subject to independent assurance.
The Spanish mercantile legislation by way of Law 11/2018 establishes the direct link to the NFRD and now the CSRD. It transposes the Article 19(a) disclosure requirements into Spanish law. Pronouncement 11/2018 applies to the approximate 6,000 companies falling within its scope.
Banco Bilbao Vizcaya Argentaria (BBVA) is a large listed Spanish bank with assurance on its integrated annual report. The EY independent assurance report on the BBVA Annual Report 2022 includes a conclusion on non-financial disclosures required by the Spanish transposition of Article 19(a):
“Based on the procedures performed … nothing has come to our attention that causes us to believe that the [Non-Financial Statement] of [BBVA] for the year ended December 31, 2022 has not been prepared, in all material respects, with prevailing mercantile legislation … [that is, 11/2018]."
EY’s conclusion could equally have been expressed in terms of the International Integrated Reporting Framework, IFRS Sustainability Disclosure Standard S2 in relation to climate-related financial risks and opportunities and S1 in relation to other sustainability-related financial risks and opportunities.
Italian corporate law and regulation by way of Legislative Decree 254/2016 establish the direct link to Article 19(a). Legislative Decree 254/2016 applies to listed companies.
Generali Group, one of the world’s leading insurance and asset management companies, has independent assurance on its Annual Integrated Report and Consolidated Financial Statements 2022. The assurance report from KPMG, who is also the auditor of the Generali financial statements, stated:
“Based on the procedures performed, nothing has come to our attention that causes us to believe that the 2022 consolidated non-financial statement of the Generali Group has not been prepared, in all material respects, in accordance with the requirements of articles 3 and 4 of the decree and the GRI Standards - Referenced option, as well as performance indicators” [Legislative Decree 254/2016] …."
Legislative Decree 254/2016 requires disclosure of the management and organization of the company’s strategy and business model, its policies in the ‘non-financial sector’ and the main risks connected to the company’s activities and to its products, services and commercial relations.
KPMG’s conclusion could equally have been expressed in terms of the Integrated Reporting Framework, IFRS Sustainability Disclosure Standard S2 in relation to climate-related financial risks and opportunities and S1 in relation to other sustainability-related risks and opportunities.
Demand for Voluntary Integrated Reporting Assurance
Market forces have driven demand for integrated reporting assurance on a voluntary basis in the Netherlands, India and Australia.
The Netherlands chose to transpose the EU assurance mandate into the “consistency approach”. Notwithstanding this, ABN AMRO and Rabobank have both chosen to obtain integrated reporting assurance of their entire Integrated Reports on a voluntary basis.
ABN AMRO was one of the first organisations in the world to obtain integrated reporting assurance for its 2017 integrated annual report, and currently with its Integrated Annual Report 2022. Rabobank has followed ABN Amro, which could be an indication that peers in an industry may follow if one company obtains integrated reporting assurance.
The Global Head of Reporting, Regulation and Stakeholder Management, Tjeerd Krumpelman said:
“Moving to integrated reporting assurance was a natural step in the ABN AMRO integrated reporting journey. Having achieved a ‘core and more-based’ corporate reports portfolio, with the integrated report as the core report, it was time to give our stakeholders assurance as to the credibility of the integrated report. So we asked EY to assure our 2017 integrated annual review as a whole under the Integrated Reporting Framework on a limited assurance basis.
Integrated reporting assurance has itself been a journey. We believe that we became the first organisation to have the Integrated Reporting Framework referenced in our assurance and we have tried to develop the assurance further, with the description of our Materiality Determination Process being assured on a reasonable assurance basis by EY in 2020.”
Jan Niewold, EY signing engagement partner for its ABN AMRO integrated reporting assurance engagement, stated in his assurance report in 2022 (page 359):
“The reporting criteria used for the preparation of the non-financial information are the International <IR> Framework of the IFRS Foundation and the supplemental reporting criteria applied as disclosed in the appendix ‘Our approach to reporting’ in the Integrated Annual Report.”
“Based on our review procedures performed nothing has come to our attention that causes us to believe that the non-financial information is not prepared, in all material respects, in accordance with the ‘Reporting criteria’ [Limited assurance] … In our opinion the section ‘Our value creating topics’ is prepared, in all material respects, in accordance with the reporting criteria as included in the section ‘Reporting criteria’ [Reasonable assurance].”
Jan Niewold separately observed:
“It has been a pleasure to be involved as assurance provider in ABN AMRO’s integrated reporting and assurance journey. I believe that connectivity between the different capitals and with that integrated reporting are instrumental for the scope of the ‘audit of the future’, indeed increasingly the ‘audit of now’, and that it will be of value to investors and other stakeholders and in the public interest.”
Prominent companies known to be obtaining integrated reporting assurance on a voluntary basis are Tata Chemicals and Cipla.
Tata Chemicals is a member of the Tata Group and has interests in chemicals, crop protection and specialty chemistry products. Its Integrated Annual Report 2022-23 and Independent Assurance Statement disclosethe following about the reporting criteria for the integrated report:
“Criteria applied by Tata Chemicals Limited
In preparing the integrated report, Tata Chemicals Limited applied, The International Integrated Reporting Council (IIRC framework), and Global Reporting Initiative (GRI) Standards. In preparing the BRSR Report, Tata Chemicals Limited applied SEBI’s(Securities Exchange Board of India) Business Responsibility and Sustainability Reporting framework. IIRC framework and GRI Standards were specifically designed for Integrated Report FY 23.”
The integrated report assurance report for Tata Chemicals by EY contained the following statement:
“Based on our procedures and the evidence obtained, we are not aware of any material modifications that should be made to the Integrated Report FY 23 for the period from 1st April 2022 to 31st March 2023, in order for it to be in accordance with the International Integrated Reporting Council (IIRC framework) and SEBI’S BRSR Framework.”
Ramakrishnan Mukundan, Chief Executive Officer of Tata Chemicals made the following observation about the decision by Tata Chemicals to obtain integrated reporting assurance:
“Moving to integrated reporting assurance was a natural step in the Tata Chemicals integrated reporting journey. We felt it was time to give our investors and other stakeholders assurance as to the credibility of our integrated report. We asked EY to assure the Integrated Annual Report as a whole under the Integrated Reporting Framework on a limited assurance basis.”
Integrated reporting assurance is contemplated within Australia’s corporate governance code, the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations. Recommendation 4.3 requires that a listed entity:
“…disclose its process to verify the integrity of any periodic corporate report [defined to include separate integrated reports and operating and financial reviews prepared under the International Integrated Reporting Framework] it releases to the market that is not audited or reviewed by an external auditor.”
Recommendation 4.3 asks directors to report on an “if not, why not” basis on their processes for ensuring the integrity of their periodic corporate reports other than audited financial reports - such as Operating and Financial Reviews and separate integrated reports. Recommendation 4.3 is the equivalent of paragraph 1.24 of the Integrated Reporting Framework which recommends that Boards of Directors describe their process for ensuring the integrity of their integrated reports. Integrated reporting assurance provides a sound basis for Board of Directors to fulfil their requirements under Recommendation 4.3.
Construction and Building Unions Superannuation Fund (Cbus) is a large pension fund in Australia managing funds of approximately US$50 billion (as a non-listed pension fund, Cbus is not subject to the ASX Corporate Governance Principles and Recommendations but its joint venture partner, Dexus, is a listed property company which is subject to Recommendation 4.3). The CEO of Cbus at the time the decision was made to obtain integrated reporting assurance in 2019 was David Atkin, who is now CEO of the London-based Principles of Responsible Investment (PRI). The Cbus Annual Integrated Report 2022 is assured by KPMG Australia.
David Atkin observed:
“We embarked on integrated reporting to demonstrate by example that we were prepared to report on the same basis as we asked the companies in which we invest to report to us. As our integrated reporting journey continued, we found that we were able to improve the Cbus business by using the integrated thinking foundation of integrated reporting to drive business improvement.
As time went on, we thought again about the sort of reporting we like to receive from the companies in which we invest. It was only natural that we asked KPMG to assure our integrated report as we value independent external assurance of the reports we receive from the companies in which we invest.
At the PRI, as an investor advocate, we also value assurance and believe in the value to investors, analysts and other stakeholders of integrated reporting assurance. We will advocate its value to our stakeholders.”
KPMG assurance partner, Julia Bilyanska, said in KPMG’s assurance report (page 76):
“Based on the evidence we obtained from the procedures performed, we are not aware of any material misstatements in the information subject to assurance comprising pages 5 to 61 of the Cbus Annual Integrated Report 2022 for the year ended 30 June 2022, which has been prepared by Cbus in accordance with the Integrated Reporting <IR> Framework.”
Julia observed that:
“Integrated reporting assurance was new to us when we first assured the Cbus integrated report. We were experienced in assuring the metrics in reports containing GRI metrics and associated disclosures in integrated reports. Assuring the whole of an integrated report under the International Integrated Reporting Framework was new and involved new challenges such as evaluating the description of The Business and the Basis of Preparation and Presentation, particularly as it related to how the description of The Business was prepared and how the metrics disclosed were chosen.”
Momentum is building for Integrated Reporting assurance driven by:
- Increasing expectations and regulatory requirements for the assurance of sustainability-related disclosures which are increasingly located in integrated reports;
- Market demand from investors and companies to enhance confidence in integrated reporting and integrated thinking, and ultimately the resilience of companies;
- Jurisdictional assurance mandates such as in Brazil, Spain, Italy and France, where integrated reporting assurance is captured by assurance requirements for non-financial information and management reporting that includes descriptions of The Business; and
- The development of ISSA 5000 by the IAASB under which integrated reporting assurance is included in its scope.
As the practice of integrated reporting and integrated reporting assurance continues to grow globally, standard setting and best practices in relation to sustainability-related and integrated reporting assurance will progress, which will further enhance the quality of reporting as well the quality of assurance.
The population of organizations obtaining full or partial integrated reporting assurance is already significant and represents a contribution to assurance quality and investor confidence in capital markets. We encourage all organisations to take steps now to progress to and benefit from a more integrated form of assurance which will enhance the confidence of investors and other stakeholders in using the information in integrated reports.