CSRD

Limited and Reasonable Assurance in CSRD Reporting

The CSRD establishes rigorous assurance requirements aimed at boosting the credibility of ESG disclosures. These assurance assessments ensure that corporate sustainability reports are transparent, reliable, and aligned with the ever-evolving EU standards. Starting with limited assurance engagements from the first year of reporting, even without finalised EU-wide standards, the CSRD sets a strong foundation for accountability. By 2028, companies may transition to reasonable assurance, providing an even higher level of confidence—should it be deemed feasible. This evolution will be critical in shaping how stakeholders evaluate and engage with companies on their sustainability efforts, ensuring a more sustainable and responsible business environment across the EU.

Limited and Reasonable Assurance in CSRD Reporting

In light of growing concerns over environmental, social, and governance (ESG), the EU's Corporate Sustainability Reporting Directive (CSRD) is a bold step to enhance transparency and accountability in corporate sustainability reporting. One of the Directive’s most notable provisions is the requirement for assurance engagements on sustainability reports, ensuring that companies provide reliable and accurate information about their material ESG impacts, risks and opportunities. 

This article explores the role of assurance in the CSRD, the phased approach to limited and reasonable assurance, and the implications for companies, auditors, and stakeholders in navigating this new regulatory landscape.

Assurance in CSRD: Timeline

According to the CSRD, companies in scope shall draw up sustainability statements following the European Sustainability Reporting Standards (ESRS), with the first tier of companies starting on the financial year starting on or after 1 January 2024. The resulting reports will be subject to a limited assurance engagement. 

The European Commission is set to adopt limited assurance standards by 1 October 2026 to clarify what is expected from the limited assurance engagement regarding the information reported according to the ESRS. As of today, there are no EU-wide standards, but the CSRD requires assurance from its initial reporting year. The European Commission will likely adopt the International Standard on Sustainability Assurance 5000 (ISSA 5000), the standards created by the International Auditing and Assurance Standards Board (IAASB). This approach is logical as the EU-wide limited assurance standards, after appropriate amendments, reflect the requirements of the CSRD. The ISSA 5000 were approved in September 2024 and the standards will be effective by 15th December 2026. 

Until the EU Commission adopts the limited assurance standards, the CSRD states that Member States can adopt or employ existing national standards until these EU standards are made available. To aid this process the EU Commission encouraged the Committee of European Auditing Oversight Bodies (CEAOB) to develop non-binding guidelines on limited assurance to set out the procedures to be performed when expressing an assurance opinion on sustainability reporting. 

Reasonable assurance standards are to be adopted by October 1, 2028. However, the adoption of these will depend on a feasibility study. 

Assurance in CSRD: Timeline

Limited vs Reasonable Assurance: The Differences 

In summary, the key differences between limited assurance and reasonable assurance lie in the level of confidence and the depth of procedures performed by auditors. In a limited assurance engagement, the auditor provides a lower level of confidence, providing a negative conclusion. The procedures performed are less comprehensive, focusing mainly on analytical reviews and inquiries, with a narrower scope and fewer detailed tests.

On the other hand, a reasonable assurance engagement offers a higher level of confidence, where the auditor states a positive conclusion, such as "In our opinion, the financial statements present fairly." This form of engagement involves more extensive procedures, such as detailed testing of transactions, gathering substantial evidence, and evaluating internal controls, resulting in a broader scope and more thorough examination of the subject matter. Despite the higher confidence level in reasonable assurance, it is not absolute. Let’s dive into these two concepts further.

Limited Assurance in CSRD

Limited assurance refers to a level of assurance provided by auditors or reviewers in the context of financial reporting, compliance, or other types of assessments. As mentioned, it offers a lower level of confidence compared to a reasonable (or full) assurance engagement.

Some of the key features of a limited assurance engagement:

  • Lower level of confidence: the practitioner expresses a conclusion that provides moderate or "limited" assurance that the subject matter under review is free from material misstatement. This is typically phrased as, "nothing has come to our attention that causes us to believe" there are material misstatements or issues. The outcome of such an engagement is usually reported in a negative form, for example, "Based on the procedures performed, nothing has come to our attention that causes us to believe that the subject matter is not in compliance with the applicable criteria." This reporting style reflects the limited scope of the engagement and the level of assurance provided.
  • Procedures performed: The procedures are less comprehensive than in a reasonable assurance engagement. The auditor or practitioner mainly performs analytical procedures, inquiries, and reviews rather than detailed testing of transactions or balances.
  • Scope: The focus of limited assurance is to understand the processes used to compile the information, including forward-looking data, and to identify areas where material misstatements are likely to occur. The scope of the engagement is narrower than that of a reasonable assurance engagement. This means fewer tests and a smaller sample size of data is examined.

The estimated yearly cost of limited assurance of sustainability reporting is 20-30% of the average financial assurance cost, according to EFRAG’s Cost-benefit analysis of the first set of draft ESRS. 

Reasonable Assurance in CSRD

Reasonable assurance refers to a high, but not absolute, level of assurance provided by auditors or reviewers during an engagement, typically in the context of financial statements or other assessments. The goal is to provide stakeholders with confidence that the information being reviewed is free from material misstatement or error.

Some of the key characteristics of reasonable assurance:

  • High level of confidence: The auditor provides a high level of confidence that the subject matter, such as financial statements, is free from material misstatement. This is reflected in a positive form of reporting, typically stating, "In our opinion, the financial statements present fairly, in all material respects..." This form of conclusion indicates that the auditor has gathered sufficient evidence to reasonably conclude that the information is reliable and that the financial statements provide a true and fair view.
  • Comprehensive procedures: In a reasonable assurance engagement, the auditor conducts extensive procedures, including
    • Detailed testing of transactions and balances
    • Gathering sufficient and appropriate evidence
    • Performing substantive tests, such as vouching and tracing
    • Conducting internal control assessments and inquiries with management
    • Analytical reviews
  • Scope: The scope of a reasonable assurance engagement is broader than a limited assurance engagement. Auditors test a significant number of transactions and gather evidence to support their opinion.

Despite its high level of assurance, reasonable assurance is not absolute. There is always a risk that material misstatements may not be detected due to factors such as fraud, error, or limitations in the audit process. Auditors rely on sampling, judgment, and reasonable evidence, but this does not guarantee the complete accuracy of the financial statements.

What will be Assured in CSRD? 

The CSRD contains specific provisions requiring sustainability information to be subject to assurance. After implementing the required procedures to disclose sustainability information based on established standards, independent assurance becomes crucial in evaluating the accuracy of the information in all material aspects. It should also consider whether the reporting provides the complete story in a neutral manner, i.e., without cherry-picking, undue emphasis, or omission of information.

When going through the CSRD it may be confusing to understand what data will be subject to assurance. The illustration below serves as a guide to visualise the requirements. 

What will be assured in CSRD, CSRD assurance what

Key Steps of the Assurance Process for CSRD 

Without the EU-wide standards or the non-binding guidelines, it is difficult to visualise the assurance process. Still, the Directive provides a high-level overview of the key steps expected in the process. The Greenomy interpretation of that process so far is as follows: 

  1. Gaining an understanding of the company's processes that form the basis of sustainability disclosures. Usually through walk-through interviews to understand the process from the data source to the KPI.
  2. Risk procedures: evaluate the potential for a significant misstatement in the disclosures
  3. The auditor performs additional procedures and analysis, e.g. substantive testing (tracing a sample of data) or validation of internal controls. 
  4. Final review of the undertaking’s sustainability report by the auditor. Review of the sustainability report and its compliance with CSRD and ESRS requirements.
  5. Assurance report provided by the auditor. The conclusion of the auditor is shared through an assurance report.

Auditing Options in the CSRD Transposition

The amendment to Article 34 in the CSRD states the following: “where applicable, express an opinion based on a limited assurance engagement as regards the compliance of the sustainability reporting with the requirements of this Directive, including the compliance of the sustainability reporting standards, the process carried out by the undertaking to identify the information reported pursuant to those sustainability reporting standards, and the compliance with the requirement to mark up sustainability reporting in accordance with the ESRS, and as regards the compliance with the reporting requirements provided for in Article 8 of the EU Taxonomy;” 

With the introduction of assurance, the CSRD provided some options for Member States to decide how the process was to be carried out and by whom. The current options for countries transposing the Directive are as follows: 

  • Member States may allow a statutory auditor or an audit firm other than the one(s) carrying out the statutory audit of financial statements to express the opinion based on a limited assurance engagement. 
  • Member States may allow an independent assurance services provider established in their territory to express the opinion based on a limited assurance engagement provided that such independent assurance services provider is subject to requirements that are equivalent to those set out in the Statutory Audit Directive as regards the assurance of sustainability reporting as defined it, in particular, the requirements on:
    (a) training and examination, ensuring that independent assurance services providers acquire the necessary expertise concerning sustainability reporting and the assurance of sustainability reporting;
    (b) continuing education;
    (c) quality assurance systems;
    (d) professional ethics, independence, objectivity, confidentiality and professional secrecy;
    (e) appointment and dismissal;
    (f) investigations and sanctions;
    (g) the organisation of the work of the independent assurance services provider, in particular in terms of sufficient resources and personnel and the maintenance of client account records and files; and
    (h) reporting irregularities.

Looking to take things further? Read our step-by-step guide to generating your CSRD report. In this ebook, you will find practical examples, realistic timeframes, Greenomy’s expert tips, and much more!

Member States’ Responsibilities: Independent Assurance Providers 

Under the European Union's CSRD, Member States are responsible for ensuring that limited assurance engagements are conducted in accordance with the Statutory Audit Directive. This includes the requirement that any opinion expressed by an independent assurance services provider is subject to oversight by the audit committee or a dedicated committee, which monitors the provider’s independence to uphold the objectivity and integrity of sustainability reports.

Furthermore, independent assurance providers accredited before January 1, 2024, under Regulation (EC) No 765/2008, are exempt from new training and examination requirements related to the assurance of sustainability reporting. Similarly, those undergoing the accreditation process as of January 2024 have until January 1, 2026, to complete their accreditation without being subjected to these additional requirements, as long as they finalise the process by the deadline. Despite these exemptions, all providers must continue acquiring the necessary knowledge in sustainability reporting through ongoing education to stay compliant with evolving standards.

In addition, if a Member State permits an independent assurance provider to deliver opinions based on a limited assurance engagement, statutory auditors other than those responsible for auditing financial statements must also be allowed to provide such opinions. This provision ensures that various accredited professionals can participate in the assurance process, offering flexibility in how companies meet the CSRD's requirements for sustainability reporting.

The Role of Assurance in the CSRD: A Rippling Effect

The CSRD marks a significant evolution in corporate reporting by introducing robust requirements for assurance on sustainability information. By mandating independent assurance engagements, starting with limited assurance and progressing toward reasonable assurance, the CSRD aims to enhance the credibility and reliability of sustainability reports across the EU.

The Directive ensures that both statutory auditors and accredited independent assurance providers play a critical role in verifying the accuracy and completeness of corporate sustainability disclosures. This ensures that companies are accountable for their environmental, social, and governance (ESG) impacts, providing stakeholders, including investors, regulators, and the public, with trusted information.

As sustainability becomes an integral part of corporate strategy and reporting, the assurance process will be pivotal in ensuring that companies adhere to standardised, comparable, and high-quality sustainability reporting frameworks, thus contributing to a more transparent and sustainable business landscape in the European Union.

Getting Started on CSRD Reporting

Greenomy's offering

Seeking assistance with your CSRD reporting? Collaborating with sustainability experts like Greenomy offers invaluable guidance and support, ensuring your organisation not only meets regulatory requirements but also utilises its sustainability reporting as a strategic asset. Discover Greenomy's innovative CSRD solution to streamline data capturing and reporting for long-term efficiency. Additionally, explore our Sustainability Advisory services, where our experts will help you initiate your CSRD reporting journey. Book a call for further details.

greenomy

Book your demo and accelerate your green transition today

wave 2