Sustainability Solutions | Anitech

ESG Assurance and Auditing: What Australian Companies Need to Know

ESG Assurance and Auditing: What Australian Companies Need to Know

External assurance is a critical component of credible AASB S1 and AASB S2 sustainability reporting. For Australian organisations subject to mandatory reporting, AASB S1 requires limited external assurance. Understanding assurance requirements, the process, and how to select assurance providers is essential for compliance and credibility.

For broader ESG strategy context, see our complete ESG guide for Australian businesses.

What Is ESG Assurance?

Definition and Purpose

ESG assurance is an independent, objective evaluation of an organisation’s sustainability-related information and processes. An external assurance provider reviews the organisation’s sustainability data, metrics, governance structures, and disclosure statements to provide an opinion on their accuracy, completeness, and alignment with reporting standards.

Assurance serves multiple purposes:

  • Credibility: Independent verification enhances stakeholder confidence in sustainability disclosures
  • Accountability: Assurance process holds organisations accountable for accuracy and completeness
  • Governance improvement: Assurance process often identifies data quality, governance, or disclosure gaps, leading to improvements
  • Regulatory compliance: AASB S1 requires limited assurance for mandatory reporters

Levels of Assurance

Limited Assurance:

  • Provides moderate level of confidence in accuracy of information
  • Assurance provider conducts inquiry and analytical procedures, but less extensive testing than reasonable assurance
  • Standard for AASB S1 requirement
  • Less costly than reasonable assurance
  • Typical scope: all material information in the report, or specific metrics (e.g., emissions)

Reasonable Assurance:

  • Provides high level of confidence in accuracy of information
  • Assurance provider conducts extensive testing and examination of evidence
  • Similar to financial audit in scope and rigour
  • More costly than limited assurance
  • May be pursued voluntarily if organisation seeks highest level of confidence

AASB S1 Assurance Requirements

Who Must Obtain Assurance

  • Group 1 entities: Must obtain limited external assurance from FY2025–26 (first reports due 31 March 2026)
  • Group 2 entities: Must obtain limited external assurance from FY2026–27 (first reports due 31 March 2027)
  • Group 3 entities: Must obtain limited external assurance from FY2027–28 (first reports due 31 March 2028)

What Must Be Assured

AASB S1 requires assurance of sustainability-related financial information. Typically, this includes:

  • All material disclosures across governance, strategy, risk management, and metrics sections
  • Greenhouse gas emissions (Scope 1, 2, and where material Scope 3)
  • ESG metrics underlying narrative disclosures
  • Quantitative data and supporting governance/control disclosures

Some organisations pursue limited scope assurance on specific metrics (e.g., emissions only) rather than all disclosures. However, the AASB requirement implies comprehensive assurance of sustainability-related financial information material to the organisation.

Assurance Standards: APES 3000

ESG assurance in Australia must comply with APES 3000 (Assurance Engagements on Sustainability Information), issued by the Accounting Professional & Ethical Standards Board (APESB). APES 3000 is an Australian professional standard aligned with international standards (ISAE 3000).

Key requirements under APES 3000:

  • Assurance engagement must be performed by qualified, independent provider
  • Provider must understand the entity’s business, systems, and data collection processes
  • Provider must assess materiality and focus assurance on material items
  • Provider must examine evidence supporting disclosures and metrics
  • Provider must issue a clear assurance report stating the level of assurance (limited or reasonable)
  • Provider must maintain independence and objectivity

Assurance Providers in Australia

Types of Providers

ESG assurance can be provided by:

  • Big Four accounting firms: Deloitte, EY, KPMG, PwC. Offer comprehensive ESG assurance services
  • Mid-tier accounting firms: Smaller, regional accounting firms. Often offer more tailored, cost-effective assurance
  • Specialist sustainability consultancies: Firms specialising exclusively in sustainability and ESG. Often have deep industry expertise

Provider Selection Considerations

  • APES 3000 qualification: Ensure provider has demonstrated competence in assurance on sustainability information
  • Industry experience: Does provider have experience with your industry? Industry-specific knowledge is valuable
  • Emissions expertise: Does provider have specific experience with greenhouse gas emissions measurement and verification?
  • ASX/ASIC alignment: If listed company, does provider understand ASX Listing Rules and ASIC expectations?
  • Team composition: Who will be the assurance team lead? Do they have appropriate senior experience?
  • Cost and timeline: What is the proposed cost? Can they complete assurance on your timeline (typically 4–8 weeks)?
  • References: Can they provide references from similar-sized organisations or industries?

The ESG Assurance Process

Phase 1: Planning and Scoping (Weeks 1–3)

  • Meet with assurance provider to discuss scope, timing, and expectations
  • Provider develops assurance plan outlining approach, materiality threshold, key audit areas
  • Provider identifies team members and engagement leader
  • Internal team prepares documentation: data collection procedures, system descriptions, materiality assessment

Phase 2: Testing and Evidence Gathering (Weeks 3–6)

  • Provider conducts inquiry of management and data owners about data collection processes, controls, assumptions
  • Provider obtains and examines supporting documentation (energy bills, HR records, emissions calculations, board minutes)
  • Provider performs analytical procedures (comparing metrics to industry benchmarks, comparing year-on-year changes, assessing reasonableness)
  • Provider tests calculation methodology and assumptions (emission factors, conversion assumptions, consolidation adjustments)
  • Provider may conduct site visits to verify facilities and data collection processes

Phase 3: Review and Reporting (Weeks 6–8)

  • Provider issues draft observations and queries to management
  • Management responds to queries and provides clarifications/corrections
  • Provider performs final review of revised information
  • Provider issues final limited assurance report

Phase 4: Publication and Communication (Post-assurance)

  • Include final assurance report in sustainability report or annual report
  • Disclose any qualifications or limitations in the assurance opinion
  • Communicate assurance outcome to board and stakeholders

Common Assurance Challenges and Solutions

Challenge: Data Quality Issues

Problem: Assurance provider identifies data gaps, inconsistencies, or lack of supporting documentation.

Solution: Strengthen internal data governance before assurance (conduct internal audit of data processes, reconcile metrics to supporting documents). Plan assurance engagement early so issues can be resolved before final reporting.

Challenge: Scope 3 Emissions Verification

Problem: Scope 3 emissions are estimated or rely on supplier data of varying quality.

Solution: Assurance provider will assess reasonableness of estimation methodology and assumptions. Clearly disclose sources, methodologies, and limitations of Scope 3 data. Commit to improving supplier data collection over time.

Challenge: Cost of Assurance

Problem: Limited assurance cost can be significant, particularly for first-time engagements.

Solution: Obtain multiple quotations. Consider limited scope assurance initially (e.g., emissions only) before expanding scope. Streamlined data documentation and governance reduce assurance cost.

Challenge: Timeline Constraints

Problem: Limited time between year-end and reporting deadline to complete assurance.

Solution: Engage assurance provider early (before year-end). Conduct interim assurance work on data collection processes and controls. Begin data consolidation immediately after year-end to facilitate timely assurance completion.

Best Practices for Smooth Assurance

  • Plan early: Engage assurance provider 6+ months before reporting deadline
  • Strengthen data governance: Implement robust data collection and documentation before assurance
  • Maintain audit trail: Document all assumptions, calculations, and changes to data
  • Establish single point of contact: Assign internal coordinator for assurance provider inquiries
  • Provide comprehensive documentation: Make it easy for assurance provider to locate and understand data sources
  • Be transparent about limitations: Openly disclose data quality issues or estimates; don’t hide them
  • Obtain adequate internal sign-offs: Before assurance, obtain management/board approval of disclosures so assurance isn’t delayed by internal approval issues

Frequently Asked Questions

Is limited assurance sufficient or should we pursue reasonable assurance?

AASB S1 requires limited assurance. Reasonable assurance is more costly and typically not necessary unless seeking highest level of stakeholder confidence or operating in highly sensitive sector.

Can our financial auditor also provide ESG assurance?

Many financial auditors offer ESG assurance services. However, you may also engage a separate ESG specialist. There are no restrictions on having different providers for financial and ESG assurance.

What happens if the assurance provider finds material misstatements?

Management must correct material misstatements. If corrections are made, assurance provider can re-test and confirm corrections. The final assurance opinion will address any remaining unresolved items.

How long does ESG assurance typically take?

Limited assurance of a comprehensive sustainability report typically takes 6–12 weeks from engagement through report issuance, depending on organisation size and data complexity. Plan accordingly in your reporting timeline.

Must we disclose limitations or qualifications in the assurance opinion?

Yes. If the assurance provider has limitations in scope (e.g., unable to verify Scope 3 data, certain sites not visited), these must be disclosed in the assurance report.

Can we change assurance providers year-to-year?

Yes, but consider consistency. Changing providers requires time for transition and may impact efficiency. Many organisations maintain the same provider for multi-year continuity and cost efficiency.

Moving Forward with ESG Assurance

ESG assurance is not just a compliance box to check—it’s an opportunity to validate governance structures, strengthen data systems, and build stakeholder confidence. Organisations that treat assurance as a governance partnership rather than a checkbox exercise gain maximum value and continuous improvement from the process.

Ready to select an ESG assurance provider and plan your first assurance engagement? Book a Free ESG Strategy Session to assess your data readiness and assurance needs.