ESG assurance explained: limited vs reasonable assurance
ESG (environmental, social and governance) assurance is where sustainability reporting becomes more like financial reporting.
ESG (environmental, social and governance) assurance is where sustainability reporting becomes more like financial reporting. The assurance provider will not be satisfied with a polished report if the numbers, claims and controls behind it are weak.
Quick answer: limited assurance gives a lower level of confidence than reasonable assurance. Both require evidence, clear methods, controls and management ownership. Companies should prepare for assurance before drafting the final report, not after.
For related guidance, use the CSRD guide, CSRD gap analysis checklist, ESG data room checklist and double materiality guide.
Limited vs reasonable assurance
| Feature | Limited assurance | Reasonable assurance |
|---|---|---|
| Level of comfort | Lower, often expressed negatively. | Higher, closer to financial audit-style confidence. |
| Procedures | Inquiry, analytical procedures, limited testing. | More extensive testing, evidence and control work. |
| Company burden | Still significant. | More demanding and usually more expensive. |
| Best preparation | Clear methodology, evidence and ownership. | Formalised controls, systems and repeatable processes. |
What assurance providers will test
Assurance work usually focuses on whether disclosures are prepared according to the stated criteria, whether data has a reasonable evidence trail, whether assumptions are documented and whether management has appropriate controls.
For climate data, this may include emissions boundaries, emission factors, activity data, estimates, supplier data, renewable energy claims, recalculations and year-on-year consistency. For broader ESG data, it may include workforce metrics, incidents, policies, governance records, training data, supply-chain evidence and complaints processes.
What assurance does not mean
Assurance is not a guarantee that a company is sustainable. It is not a stamp that every supplier claim is true. It is not a substitute for management judgment. Assurance is a structured engagement over specified information, against specified criteria, at a specified level of assurance.
That distinction matters because readers may overinterpret an assured sustainability report. A company can have limited assurance over selected metrics while still having wider sustainability risks. A company can also have a well-controlled metric that does not prove the strategy is good. Assurance improves confidence in reported information, but it does not replace scrutiny of the underlying business model.
Assurance readiness checklist
- Named data owner for each metric.
- Documented methodology for each calculation.
- Evidence source saved for each number or claim.
- Clear separation between measured data and estimates.
- Management review and sign-off record.
- Version control for spreadsheets, reports and source files.
- Explanation for prior-year restatements or methodology changes.
Evidence pack by metric type
| Metric type | Evidence examples | Control question |
|---|---|---|
| Energy and emissions | Invoices, meter data, fuel records, emission factors, calculation workbook. | Can the figure be recalculated by someone independent? |
| Supplier data | Supplier submissions, methodology notes, certificates, data quality score. | Is the supplier data comparable and dated? |
| Workforce data | HR exports, definitions, inclusion rules, sign-off from HR owner. | Are definitions consistent across entities? |
| Policies and training | Approved policy, training records, attendance logs, board minutes. | Is there evidence the policy is implemented? |
| Targets | Baseline, target method, assumptions, board approval, progress data. | Does progress use the same boundary as the baseline? |
Pre-assurance readiness timeline
- Three to six months before reporting: confirm scope, reporting criteria, material topics and data owners.
- Two to three months before reporting: collect evidence, lock methodologies and run internal quality checks.
- One to two months before reporting: run a dry review with finance, legal and sustainability leads.
- Before publication: resolve evidence gaps, document judgments and retain final sign-off records.
Common readiness gaps
The most common gap is not the lack of a sustainability report. It is the lack of controlled data behind the report. Companies often rely on scattered spreadsheets, supplier emails, manual calculations and undocumented estimates. That can work for a first internal baseline, but it becomes fragile when the report is subject to external review.
Another common gap is ownership. Sustainability teams may collect the information, but finance, HR, procurement, legal, facilities and operations often own the underlying data. Assurance readiness therefore needs cross-functional governance.
Common assurance findings
Findings often cluster around inconsistent boundaries, unclear emission factors, missing source files, manual spreadsheet errors, unsupported green claims, weak supplier evidence, limited review controls and disclosures that say more than the data supports. These are fixable, but only if found early enough.
A practical first goal is not perfection. It is repeatability. If the company can rerun the same metric next year with the same boundary, a clear source trail and documented changes, it is moving toward assurance maturity.
What finance teams should do
Finance teams are increasingly important in sustainability assurance because they understand controls, reconciliations, sign-off and reporting calendars. They should help sustainability teams design review procedures, lock reporting periods, document estimates and manage evidence. This does not mean finance owns every ESG metric. It means sustainability data should be governed with the same seriousness as other external reporting inputs.
A useful step is to create an ESG close calendar. Set deadlines for data collection, owner review, management challenge, draft disclosure, assurance queries and final sign-off. Without a close calendar, sustainability reporting often becomes a rushed exercise after the financial reporting process is already under pressure.
Example assurance query log
| Query | Likely evidence | Owner |
|---|---|---|
| Why did electricity emissions fall year on year? | Consumption record, tariff evidence, location-based and market-based calculation note. | Facilities and finance. |
| How was employee commuting estimated? | Survey method, response rate, assumptions and calculation workbook. | HR and sustainability. |
| What supports the renewable energy claim? | Contract, certificates, tariff documents and claim wording review. | Procurement and legal. |
| Why was a supplier value excluded? | Materiality rationale, data limitation note and improvement plan. | Procurement. |
FAQ
Does limited assurance mean the data is weak?
No. Limited assurance refers to the level of assurance engagement, not necessarily the quality of the data. However, limited assurance still requires a company to support the information with evidence, methodology and controls.
Can a company choose only a few metrics for assurance?
It depends on the reporting regime and the assurance scope. Voluntary assurance can be narrow, but regulatory reporting may require assurance over the required sustainability statement. Always check the stated assurance scope before relying on the conclusion.
Should assurance be done by the financial auditor?
Some companies use their statutory auditor, while others use a specialist provider where allowed. The key question is whether the provider has the competence, independence and methodology needed for the reporting criteria.