Browse Auditing and Attestation (AUD)

Communicating ESG Assurance Results in External Reports

Feb 7, 2025

How ESG assurance reports communicate scope, criteria, responsibilities, procedures, conclusions, and limitations to external users.

On this page

ESG reporting becomes assurance-relevant when external users rely on nonfinancial information and management asks a practitioner to report on it. The key exam issue is not the branding of the sustainability report. It is whether the communication clearly identifies the subject matter, criteria, responsibilities, scope, evidence work, level of assurance, conclusion, and limitations.

An ESG assurance report should not imply more assurance than the practitioner obtained. It should also avoid blurring management’s role in preparing the information with the practitioner’s role in evaluating it.

    flowchart LR
	    A["Management prepares ESG information"] --> B["Criteria and reporting boundary are identified"]
	    B --> C["Practitioner performs assurance procedures"]
	    C --> D["Evidence is evaluated against criteria"]
	    D --> E["Assurance conclusion is issued"]
	    E --> F["External users read scope, criteria, and limitations"]

Management and Practitioner Responsibilities

Management owns the ESG information. It selects or develops the criteria, determines the reporting boundary, measures the data, designs controls, maintains supporting records, and presents the disclosure.

The practitioner provides assurance only on the subject matter and period covered by the engagement. The practitioner should obtain evidence, evaluate whether the information is presented in accordance with the stated criteria, and report a conclusion at the agreed assurance level.

Responsibility Management Practitioner
Select criteria Yes Evaluate suitability
Prepare ESG information Yes No
Design controls over data Yes Understand or test as needed
Perform assurance procedures No Yes
Issue assurance conclusion No Yes
Own public sustainability claims Yes Only report within engagement scope

The exam trap is wording that makes the practitioner responsible for preparing the ESG report. That would confuse roles and may create objectivity or self-review concerns.

Where ESG Information Appears

ESG information may appear in standalone sustainability reports, annual reports, integrated reports, regulatory filings, investor presentations, websites, or separate assurance statements. The format changes the risk profile, but it does not remove the need for clear scope and criteria.

Common communication settings include:

  • Standalone sustainability report: may include a broad set of environmental, social, and governance metrics.
  • Annual or integrated report: combines financial and nonfinancial discussion, making consistency with financial statement disclosures important.
  • Regulatory filing or risk disclosure: may create higher sensitivity because users treat the information as part of formal external reporting.
  • Metric-specific assurance statement: covers selected metrics, such as greenhouse gas emissions, not the entire sustainability report.

If assurance covers only selected metrics, the report should say so clearly. Users should not have to infer whether unaudited narrative, targets, forward-looking statements, or excluded locations were covered.

Required Communication Elements

An ESG assurance report generally needs enough information for users to understand what was tested and what conclusion was reached.

Important elements include:

  1. identification of the subject matter or metrics covered
  2. reporting period and entity boundary
  3. criteria used to measure or evaluate the information
  4. management’s responsibility for the information
  5. practitioner’s responsibility and applicable professional standards
  6. level of assurance provided
  7. summary of procedures or nature of work performed
  8. inherent limitations of the subject matter or data
  9. assurance conclusion
  10. restriction on use when applicable

Scope clarity is especially important for ESG because reports often mix assured metrics, unaudited narrative, forward-looking targets, and management commentary in one document.

Limited Versus Reasonable Assurance Wording

Limited assurance and reasonable assurance differ in both procedure depth and report wording.

Level Typical wording Meaning
Limited assurance No matter came to our attention that caused us to believe the information is not prepared in accordance with the criteria Lower assurance based on limited procedures
Reasonable assurance In our opinion, the information is prepared, in all material respects, in accordance with the criteria Higher assurance based on more extensive procedures

Limited assurance is not “no assurance.” It still requires planning, evidence, professional skepticism, and documentation. Reasonable assurance is not a guarantee. It provides a high level of assurance, but not absolute assurance.

Consistency With Financial Reporting

ESG disclosures can create consistency issues with the financial statements and other external communications. For example, management may disclose aggressive emissions-reduction commitments while impairment testing assumes no significant capital spending, no regulatory change, or no demand shift.

The practitioner should consider whether ESG information is inconsistent with:

  • financial statement disclosures
  • impairment, useful life, or going-concern assumptions
  • contingencies and regulatory matters
  • risk factor disclosures
  • board minutes or public commitments
  • management representations

The proper response depends on the engagement, but the practitioner should not ignore a material inconsistency simply because it appears in a nonfinancial report.

Common Pitfalls

  • Reporting on a broad ESG report when procedures covered only selected metrics.
  • Using limited assurance wording that sounds like reasonable assurance.
  • Omitting management’s responsibility for the subject matter.
  • Failing to disclose criteria, boundary, or period.
  • Treating forward-looking targets as if they were historical measured data.
  • Ignoring inconsistencies between ESG narrative and financial statement assumptions.

Quick Review

ESG assurance communication is about precision. The report should tell users what was covered, which criteria were used, who prepared the information, what level of assurance was provided, what work was performed, what limitations exist, and what conclusion the practitioner reached.

Review Questions

### Who is responsible for preparing the ESG information in an assurance engagement? - [x] Management. - [ ] The assurance practitioner. - [ ] Intended users. - [ ] The external regulator in every case. > **Explanation:** Management prepares and presents the ESG information; the practitioner performs procedures and reports a conclusion. ### Why must an ESG assurance report identify the criteria used? - [ ] Criteria are optional in nonfinancial reporting. - [x] Users need to know the benchmark used to measure or evaluate the information. - [ ] Criteria convert limited assurance into reasonable assurance. - [ ] Criteria eliminate management responsibility. > **Explanation:** Criteria provide the basis for measuring the subject matter and evaluating the assurance conclusion. ### Which wording is most consistent with limited assurance? - [ ] We guarantee the information is complete. - [x] Nothing came to our attention that caused us to believe the information is not prepared in accordance with the criteria. - [ ] In our opinion, the information is free from all error. - [ ] Management is not responsible for the ESG report. > **Explanation:** Limited assurance commonly uses negative-form wording. ### Which wording is most consistent with reasonable assurance? - [x] In our opinion, the information is prepared, in all material respects, in accordance with the criteria. - [ ] We performed no procedures. - [ ] We noticed no obvious problems during a casual review. - [ ] The report is guaranteed to be accurate. > **Explanation:** Reasonable assurance generally uses positive-form opinion wording, but it is not a guarantee. ### What is a common scope problem in ESG assurance reporting? - [ ] Explaining the period covered. - [ ] Naming the criteria used. - [x] Letting users think the entire sustainability report was assured when only selected metrics were tested. - [ ] Stating management's responsibility. > **Explanation:** ESG reports often mix assured and unaudited information, so scope must be explicit. ### Why can ESG reporting create consistency issues for the auditor? - [ ] ESG information never appears with financial reporting. - [x] ESG claims or commitments may conflict with financial statement assumptions, estimates, or disclosures. - [ ] Nonfinancial information is always irrelevant. - [ ] Sustainability reports replace audit reports. > **Explanation:** ESG narratives may affect or contradict financial assumptions and disclosures. ### Which item should ordinarily appear in an ESG assurance report? - [ ] The practitioner's personal sustainability goals. - [x] Management's responsibility, practitioner's responsibility, criteria, scope, procedures, and conclusion. - [ ] A promise that no future ESG errors will occur. - [ ] A list of all unaudited marketing claims. > **Explanation:** Users need enough report elements to understand the assurance engagement and its limits. ### A forward-looking emissions target is included beside historical assured emissions data. What should the practitioner consider? - [ ] Whether the practitioner should automatically assure the target. - [ ] Whether the target can be guaranteed. - [ ] Whether management can avoid disclosing criteria. - [x] Whether users may confuse unaudited forward-looking targets with assured historical metrics. > **Explanation:** The report should distinguish assured historical subject matter from unaudited or forward-looking information. ### What is the main reason to disclose inherent limitations in ESG assurance? - [ ] To avoid doing any procedures. - [ ] To transfer management responsibility to users. - [x] To help users understand measurement uncertainty, estimates, and boundary limits. - [ ] To make the report promotional. > **Explanation:** ESG metrics often involve estimates, boundaries, and operational data limitations. ### Limited assurance still requires planning, evidence, professional skepticism, and documentation. - [x] True. - [ ] False. > **Explanation:** Limited assurance is lower than reasonable assurance, but it is still an assurance engagement.
Revised on Monday, June 15, 2026
ESG Audit Risk
ESG Metrics