Browse Auditing and Attestation (AUD)

Managing ESG Reporting Challenges, Greenwashing Risk, and Evolving Criteria

Feb 7, 2025

How practitioners respond to changing ESG criteria, data-quality problems, reporting-boundary risk, and greenwashing concerns.

On this page

ESG assurance is difficult because the subject matter is broad, the data often comes from immature systems, and reporting criteria continue to evolve. A practitioner must be careful not to treat a polished sustainability narrative as reliable evidence.

The CPA exam focus is practical: identify what could make ESG information misleading, incomplete, inconsistent, or unsupported, then design procedures and reporting language that match the engagement scope.

    flowchart LR
	    A["ESG reporting challenge"] --> B["Identify affected metric, boundary, or claim"]
	    B --> C["Evaluate criteria and evidence"]
	    C --> D["Test data, controls, and consistency"]
	    D --> E["Address exceptions or limitations"]
	    E --> F["Report conclusion within scope"]

Evolving Criteria and Comparability

ESG reporting may use recognized external criteria, industry-specific metrics, climate-related frameworks, regulatory requirements, or management-developed criteria. This can create comparability problems when companies use different definitions, boundaries, or calculation methods for similar-sounding metrics.

The practitioner should evaluate whether criteria are suitable for the engagement. Suitable criteria should be relevant, objective, measurable, complete, and available to users. When criteria change from one period to the next, management should explain the change and its effect on comparability.

Common criteria risks include:

  • unclear metric definitions
  • inconsistent reporting boundaries
  • changed calculation methods without disclosure
  • selective use of favorable metrics
  • internally developed criteria that users cannot understand
  • criteria that do not match the assurance report’s stated subject matter

The exam trap is assuming that any named framework automatically solves the problem. A framework helps, but the practitioner still needs to evaluate how management applied it.

Data-Quality Challenges

ESG data often comes from outside the finance function. Facilities, human resources, legal, procurement, safety, logistics, suppliers, consultants, and third-party platforms may all contribute information.

Data challenge Assurance risk Practitioner response
Siloed systems Incomplete or inconsistent data Reconcile to master populations and compare sources
Manual spreadsheets Formula errors or unauthorized changes Inspect review controls and test recalculations
Supplier-provided information Unreliable third-party inputs Evaluate source reliability and perform targeted corroboration
Estimates and conversion factors Biased or outdated assumptions Test factor selection, units, and methodology
Changed boundaries Period-to-period inconsistency Review boundary documentation and disclosures

Completeness is often the hardest assertion. For example, testing a sample of reported facilities does not prove that all relevant facilities were included. The practitioner may need to reconcile reported sites to fixed asset records, lease listings, utility accounts, operational registers, or supplier populations.

Greenwashing and Selective Reporting

Greenwashing occurs when ESG communications overstate, selectively present, or obscure sustainability performance. It may involve explicit misstatements, vague claims, missing context, or a mismatch between public claims and underlying evidence.

Indicators of greenwashing risk include:

  • prominent claims that are not tied to measurable criteria
  • improvement percentages without a clear baseline
  • favorable metrics highlighted while unfavorable metrics are omitted
  • reliance on offsets or estimates without adequate explanation
  • targets presented beside historical data without separating assured and unaudited information
  • inconsistencies between ESG narrative and financial statement assumptions

The practitioner should apply professional skepticism. A broad claim such as “carbon neutral operations” needs a defined boundary, period, criteria, source data, offsets methodology if used, and evidence supporting the claim.

Regulatory and Jurisdictional Pressure

ESG reporting expectations may differ across jurisdictions and industries. Some entities face mandatory requirements, while others report voluntarily to meet investor, lender, customer, or supply-chain expectations. Requirements can also affect subsidiaries, suppliers, or foreign operations.

The enduring assurance lesson is that the practitioner should understand which reporting requirements or criteria apply to the engagement, coordinate with legal or subject-matter specialists when needed, and avoid giving legal conclusions outside the engagement role.

Regulatory pressure can affect:

  • reporting deadlines
  • required metrics and boundaries
  • assurance expectations
  • documentation retention
  • board and management review processes
  • consistency with financial statement disclosures

Because requirements can change, exam answers should favor a process response: identify applicable criteria, confirm scope, evaluate management’s process, and document conclusions.

Responding to Limitations

Not every ESG limitation invalidates an engagement, but important limitations must be addressed. The practitioner may need to expand procedures, request additional evidence, modify the report, disclose scope limits, or decline the engagement if the limitation prevents a meaningful conclusion.

Examples include:

  • management cannot identify all reporting locations
  • supplier data is unavailable for a material metric
  • the selected criteria are vague or unavailable to users
  • estimates use unsupported assumptions
  • prior-period data is not comparable because of a boundary change
  • management refuses to disclose a significant limitation

The correct response depends on severity, but ignoring the limitation is not acceptable.

Common Pitfalls

  • Treating ESG assurance as a branding exercise rather than an evidence engagement.
  • Assuming a public sustainability goal is the same as measured historical performance.
  • Testing only favorable metrics.
  • Failing to reconcile the reporting population for completeness.
  • Overlooking changes in criteria, boundary, or methodology.
  • Reporting a clean conclusion when the criteria are not suitable.

Quick Review

ESG assurance challenges usually involve criteria, data quality, completeness, comparability, greenwashing risk, and regulatory or jurisdictional expectations. The practitioner should respond with skepticism, clear scope, suitable criteria, evidence testing, limitation evaluation, and precise reporting.

Review Questions

### What is the best description of greenwashing risk? - [ ] A normal rounding difference in ESG data. - [x] The risk that ESG communications overstate, selectively present, or obscure sustainability performance. - [ ] The risk that all ESG claims are legally prohibited. - [ ] A requirement to avoid all environmental metrics. > **Explanation:** Greenwashing involves misleading presentation, selective disclosure, or unsupported sustainability claims. ### Why can changing ESG criteria create an assurance problem? - [ ] Criteria changes always make assurance impossible. - [x] They may reduce comparability unless the change and its effect are explained. - [ ] They automatically create reasonable assurance. - [ ] They remove management responsibility. > **Explanation:** Changes in criteria, boundary, or methods can affect comparability and user understanding. ### Which response best addresses siloed ESG data? - [ ] Accept each department's final number without review. - [x] Reconcile reported data to master populations and evaluate review controls. - [ ] Test only the sustainability report narrative. - [ ] Ignore data outside the general ledger. > **Explanation:** Siloed data creates completeness and consistency risk, so population reconciliation and control evaluation are important. ### Which item is a warning sign of greenwashing? - [ ] Clear criteria and balanced disclosure. - [x] A prominent improvement claim with no baseline, boundary, or evidence. - [ ] Disclosure of measurement limitations. - [ ] Reconciliation to source records. > **Explanation:** Unsupported claims without baseline or boundary are difficult for users to evaluate. ### What should a practitioner do if selected ESG criteria are vague and unavailable to users? - [ ] Assume the criteria are suitable because management selected them. - [ ] Issue a clean conclusion without mentioning criteria. - [x] Evaluate whether the criteria are unsuitable and whether the engagement can proceed or must be modified. - [ ] Replace management's criteria with personal preferences. > **Explanation:** Criteria must be suitable for assurance; vague or unavailable criteria may require modification or refusal. ### Why is supplier-provided ESG data often higher risk? - [ ] Supplier data is always audited. - [ ] Supplier data is always immaterial. - [x] It may rely on third-party systems, estimates, and controls outside the reporting entity. - [ ] It never affects Scope 3 or supply-chain metrics. > **Explanation:** External data sources may be less controllable and require reliability evaluation. ### Which limitation would most directly affect completeness? - [x] Management cannot identify all locations included in the reporting boundary. - [ ] The report includes a clear description of criteria. - [ ] The practitioner documents procedures performed. - [ ] The entity reconciles utility data to invoices. > **Explanation:** If the reporting population is unknown, completeness of the metric is difficult to support. ### What is the best response to evolving ESG requirements? - [ ] Memorize one framework and ignore all other criteria. - [x] Identify applicable criteria, confirm scope, evaluate management's process, and document conclusions. - [ ] Treat all ESG reporting as voluntary and unaudited. - [ ] Remove all ESG disclosures from external reports. > **Explanation:** The practitioner should use a disciplined process response rather than assume requirements are static. ### A sustainability target appears beside assured historical data. What is the main reporting risk? - [ ] The target automatically becomes historical evidence. - [ ] Targets are always prohibited in external reports. - [x] Users may confuse unaudited forward-looking information with assured historical subject matter. - [ ] Historical data cannot be assured. > **Explanation:** Assured and unaudited information should be clearly distinguished. ### ESG assurance conclusions should stay within the engagement scope, criteria, period, and reporting boundary. - [x] True. - [ ] False. > **Explanation:** A practitioner should not imply assurance over information that was not covered.
Revised on Monday, June 15, 2026
ESG Metrics
ESG Attestation