Environmental Finance
online news
News
Features
Subscribe
Conferences
Advertising
home
Archive
Reporting
About
home
Climate Change: Emissions: Weather: Investment: Lending: Insurance
 
 

Sustainability assurance – a reassuring trend?

As more and more companies produce non-financial reports, attention is turning to the ways in which this type of report can be verified. Roz Bulleid examines the growing field of assurance

As corporate social responsibility (CSR) reports have become more common, so have accusations that they are merely elaborate attempts at ‘greenwashing’ – full of glossy images, good intentions, and data that bears little relation to facts on the ground.

But in recent years, investors, NGOs and other readers have been given a helping hand to differentiate a reliable assessment of a company’s impact on the environment and society from a pretty piece of PR. CSR reports, and other types of non-financial disclosure, are increasingly likely to include a statement from an independent third-party assessor.

Maria Sillanpaa
Maria Sillanpaa, AccountAbility: giving
stakeholders their say

Such ‘assurance statements’ can range from a financial-style audit of figures in the report, through certification of the systems used by the company, to getting stakeholder feedback or a statement from a prominent environmentalist. Different approaches are developing in different countries, and the field is evolving fast, leading some to warn about the quality of this type of verification. And, at the recent Association of Chartered Certified Accountants (ACCA) UK sustainability reporting awards, the judges called for an improvement in the standard of assurance.

A survey carried out last summer by UK-based reporting consultancy Context found that 21 of Europe’s 50 largest companies included some kind of assurance statement in their latest CSR report. In the UK, where Context looked at reports from the 250 largest companies, there had been “quite a jump from the previous year,” with 60 firms seeking assurance, compared to 45 the year before, says managing director Simon Propper.

By contrast, Context found only two assurance statements among CSR reports collected from the 50 largest companies in the US, reflecting the more regulatory-driven situation in that country.

So what kind of guarantee do assurance statements actually provide, and is the cost of this kind of service worth it for the reporter?

The growing incidence of assurance suggests that some companies, at least, think it a valid exercise and some observers would go much further: “The business case has been won. Sustainability assurance for reports is no longer something people need convincing about,” says David York, head of auditing practice at ACCA.

This conviction, however, is not universal. Opinions about the importance of assurance vary quite widely, and reflect, to some extent, the different roles it can play. Propper at Context is among those who are sceptical about assurance: “The mantra is that you need some kind of assurance, but when we go to stakeholders, they don’t rate it very highly,” he says.

“In terms of credibility, I think it is wrong to look at assurance as the final line.You can very quickly decide whether [a particular report] is a serious and thorough document” simply by looking at the language, the contents list, the data and the targets it contains, he continues.

“My perception is that the most useful function is to drive internal processes … I think if you see it as a way of commenting on internal systems it is valuable – if you can afford it,” he adds.

At the most basic level, “companies need to know what they are publishing is right,” says Geoff Lane, UK-based partner for sustainable business solutions at PricewaterhouseCoopers (PWC). “You are starting to see a creeping realisation that if these issues are material to a company, they have to be audited.”

The ‘consumers’ of the information can also see benefits: “External verification gives a level of assurance that information is accurate and/or that processes are in place,” says Andy White, managing director at North America-based socially responsible investment research firm Innovest. "It also demonstrates that a company is willing to be transparent about its CSR performance.”

He does, nonetheless, have concerns about some assurance practices. For instance, if an assurer has concentrated on checking that particular policies are in place, it may miss the fact that, "while processes may appear squeaky clean, actual performance may be pretty poor," he says.

Another of White's concerns is that "verifiers may also be advising on process/performance improvements – this may represent a conflict of interest that would not be acceptable in a traditional audit.”

NGOs, in particular, frequently raise questions about the veracity of reports. “I think [assurance] is pretty important,” says Simon McRae, corporate accountability campaigner at Friends of the Earth. “If you don't have any assurance, the report can't be verified.”

“The failure at the moment is that they're not talking to real stakeholders” during the assurance process, he says. “Seeking comments from stakeholders is vital, and they seem to be a bit skewed towards [those simply offering] positive statements at the moment.”

Indeed, the type of assurance companies seek, and the kind of providers, varies quite considerably. A report on assurance written last year by ACCA and UK-based membership organisation AccountAbility, The future of assurance, identifies five different forms of assurance:

- data: the verification that the information presented is accurate and complete;

- systems: the validation of the systems used to collect data and manage performance;

- materiality/risk: an assessment of whether the information provided is sufficient;

- compliance/responsiveness: a judgement on whether the company is meeting its commitments to stakeholders and complying with standards; and

- commentary: a statement from an expert witness or panel on how the company is performing.

Traditional financial auditors, such as the 'big four' professional services firms, tend to be providers of the more quantitative types of assurance at the start of the list, while the other types may be offered by specialist consultancies, NGOs and prominent environmentalists.

Recent years have also seen the emergence of two main sets of standards. The International Standard on Assurance Engagements (ISAE) 3000, developed by the International Auditing and Assurance Standards Board (IAASB) in 2001 and revised for this year, covers non-financial auditing more broadly, and must be adhered to by all professional services firms. It takes a more objective approach than the other standard – the AA1000 Assurance Standard (AA1000AS), launched in 2003 by AccountAbility – which uses stakeholder feedback to assess the materiality of a report.

The AA1000AS addresses three core topics – materiality, completeness and responsiveness – and was used by 58 companies or organisations in their 2003 CSR reports and by 24 assurance providers.

The varying approaches to assurance and the differences between providers can create some conflict: “There’s a real tension between companies like us that have to work within a delineated set of rules, and those that don’t,” says Lane at PwC. “There are a lot of organisations using words like ‘true’,‘fair’ and ‘accurate’ which, in the financial world, have precise meanings.”

Organisations at the other end of the spectrum, such as NGOs and advocacy groups, are concerned that assessing the data provided by a company, or its processes, does not guarantee that the right issues are being addressed. They also question whether traditional auditors have the appropriate expertise and staff to provide this kind of service.

But, despite their differences, the two types of approach do not have to be mutually exclusive, says Douglas Johnston, UK leader of corporate responsibility services at Ernst & Young, which audits BP’s sustainability report in accordance with both the ISAE 3000 and the AA1000AS. He sees the latter as ‘best practice’ and would encourage clients to ask for it, but “at the end of the day, there’s no regulation on this, there’s a lot of latitude and clients can get what they want,” he says.

However, taking multiple approaches raises the issue of cost versus benefit, and Propper at Context urges some caution for companies considering the stakeholder-based assurance route as pursued by AccountAbility. “It is one huge experiment,” he says.“I feel that it’s unwise for clients to be spending shareholder resources on a scheme as experimental as that.”

Maria Sillanpaa, managing director of AccountAbility, concedes that the AA1000AS is a work in progress, but says that the organisation is working on guidance and practioners’ notes which will help auditors.

“The management systems and accuracy-focused approaches are getting to quite a developed stage,” she says. “But stakeholder engagement is important as that feeds so well into materiality.”

“Our view is that they probably will [coexist] but we are hoping they will converge,” she says. Different kinds of assurance have different benefits and are suitable for companies at different stages of reporting, she continues. When a company first starts producing CSR reports, it is important that it determines which issues are the most material and, at this stage, stakeholders are very important. “Once this becomes more robust, it becomes more sensible to bring in management systems,” she adds.

Given the growing use of assurance, and its generally acknowledged benefits, it seems natural to ask whether it should be made mandatory for those that produce CSR reports. But most in the field seem to agree that it would be better to see how far voluntary action can progress before resorting to regulation.

“I think legislation would be the worst thing because many of these issues are emerging” says Alun Bowen, a partner at KPMG. If you have legislation,“you get everything to yesterday’s best practice – you just get the laggards,” he says. Although he admits that “there will come a point when you have to catch the lowest common denominator.”

In the meantime, there are other developments on the horizon. A number of national accounting bodies, including those in Sweden, Germany and the Netherlands, are looking at creating standards for sustainability assurance aimed at traditional audit providers.

The Global Reporting Initiative (GRI), a Netherlands-based organisation which draws up guidelines for non-financial reporting, is also carrying out a review, one of the aims of which is to make its guidelines more auditable, says Alyson Slater, its associate director of communications. “In addition, we will say a little more on assurance than we currently say, but we will still be pretty neutral.”

Furthermore, the IAASB has published a work plan for a set of guidelines addressed specifically at sustainability reporting, says the ACCA’s York. This means that there should be an international standard for CSR assurance within three years. If this happens, and the GRI carries out its promise of making the next set of guidelines more auditable,“then I think it will all come together,” he says. EF

 

CASE STUDY British Telecom

British Telecom (BT) takes a three-pronged approach to assurance, says Chris Tuppen, head of sustainable development and corporate accountability at the telecommunications firm. “This makes sure we don’t duck the tricky issues but that we also get the figures verified.”

First, the firm’s internal audit department validates the information included in the report. This is then verified by an external auditor, UK-based Lloyd’s Register Quality Assurance (LRQA), which also assesses the report to see if it is in accordance with the Global Reporting Initiative and the AA1000 Assurance Standard. In the case of BT’s most recent report (for 2003), this involved evaluating BT’s stakeholder engagement processes, and then comparing the results with a separate stakeholder engagement carried out by LRQA.

The final assurance stage is an appraisal by BT’s leadership panel, made up of independent corporate responsibility experts. According to the statement released by this group to go alongside BT’s 2003 report, its assessment “covers all areas of CSR strategy and performance (ie, not just reporting) and includes our consideration of the main challenges ahead”.

 

CASE STUDY Novo Nordisk

Danish pharmaceutical company Novo Nordisk won the 2003 European Sustainability Reporting Awards, and its annual report for 2004 integrates financial and non-financial issues for the first time.

Novo Nordisk
Novo Nordisk: assuring the quality of its
non-financial reporting

As a result, the 2004 annual report has two statements from auditors.The first covers all the information in the report – including the non-financial sections – and its adherence to financial reporting requirements. Both PricewaterhouseCoopers and Ernst & Young were involved in this part of the audit.

The second statement relates specifically to sustainability and stakeholder engagement, and was written by PricewaterhouseCoopers alone. This reveals that assurance has been carried out against the AA1000 Assurance Standard and the International Standard for Assurance Engagements 3000, and that the non-financial sections of the report adhere to the Global Reporting Initiative guidelines.