By Helena Barton, Partner – Sustainability, Deloitte Denmark
Member, ACCA Global Forum for Sustainability
Chair, GRI Stakeholder Council
The revised ISAE 3000 standard brings welcome guidance to assurance practitioners engaged to obtain assurance on sustainability reports.
A key feature is that the ISAE 3000 now ‘stands alone’, i.e. practitioners can use it without reference to other auditing standards. One of the other changes is the ‘opening up’ of the standard to use by non-accountants, who are not subject to the same independence and ethics codes as professional accountants. It was clear that a growing number of non-accountants were (and are) declaring that they “complied with” or performed the assurance engagement “in accordance with” ISAE 3000, without stating which independence requirements and ethical frameworks they had complied with to perform the engagement – or perhaps without even realising that some significant ethics requirements and quality control standards underpinned ISAE 3000.
So to encourage greater transparency and correct misapplication of the standard, the IAASB decided to make it explicit that non-professional accountants can use ISAE 3000 as a standard for performing assurance engagements provided that they comply with professional or legal requirements for independence and ethics which are at least as demanding as those in the IESBA Code of Ethics for professional accountants and that they identify such requirements in the assurance report.
However, this revision might present a hurdle for some assurance practitioners who have not yet put in place the comprehensive ethics frameworks and quality control programmes that enable compliance. We may therefore continue to see unsupported formulations of reports which reference ISAE 3000 – and they may go unchallenged, unless somebody takes it upon themselves to do so.
The revised ISAE 3000 clarifies the scope and work effort for limited assurance engagements through the inclusion of tables which allow practitioners to more clearly see how a limited assurance engagement differs from a reasonable assurance engagement in practice.
It also provides more guidance for limited assurance engagements, which includes a better understanding of risk and response. And it requires practitioners to provide more detail in the assurance report on the actual work performed. Particularly for a Limited Assurance engagement, a description of the “nature, timing and extent of procedures performed” helps the users to really understand the conclusion made in the assurance report.
All in all, these are good developments, which we welcome. Users are entitled to expect objectivity, quality and professional scepticism to underpin any independent assurance engagement, and increased transparency around the work effort and controls to ensure this.