Aa1000

Contents
• 1 AA1000 AccountAbility Commitment and Principles
• 2 AA1000 Assurance Standard Introduction
• 3 AA1000 Assurance Standard Requirements
• 4 AA1000 AS Guidance for Assurance Practitioners
• 5 AA1000 AS Guidance for Report Preparers Seeking
Assurance
• 6 AA1000 AS Guidance for Stakeholders using Assurance
Reports
• 7 Informative Annexes
• 8 Foreword
♦ 8.1 Evolution of the standard
♦ 8.2 Development process
♦ 8.3 Who this standard is for
• 9 Introduction
♦ 9.1 Aims and benefits of sustainability assurance
♦ 9.2 Structure of the standard
• 10 AA1000 AS Guidance
• 11 AccountAbility Principles
♦ 11.1 1.1. Inclusivity - Stakeholder Engagement
♦ 11.2 1.2. Materiality
♦ 11.3 1.3. Completeness
♦ 11.4 1.4. Responsiveness
♦ 11.5 '2. Quality of information principles
♦ 11.6 2.1. Reliability
♦ 11.7 2.2. Clarity
♦ 11.8 2.3. Balance
♦ 11.9 2.4. Comparability
♦ 11.10 2.5. Accuracy
♦ 11.11 2.6. Timeliness
• 12 Methodology for Conducting Sustainability Assurance
♦ 12.1 Defining the scope of the engagement
◊ 12.1.1 Content
⋅ 12.1.1.1 Process for identifying
Intended audience / user
⋅ 12.1.1.2 Process for identifying the
material issues for the report
⋅ 12.1.1.3 Process for determining the
report boundary
⋅ 12.1.1.4 Limitations
◊ 12.1.2 Quality of information
⋅ 12.1.2.1 Disclosures covered
⋅ 12.1.2.2 Level of assurance
⋅ 12.1.2.3 Limitations
♦ 12.2 Engagement acceptance
◊ 12.2.1 Independence and impartiality
◊ 12.2.2 Competence
◊ 12.2.3 Duty of care
◊ 12.2.4 Reporting criteria and evidence

Contents 1
 Aa1000

◊ 12.2.5 Requirements of AA1000AS (2008)

◊ 12.2.6 Engagement Letter
♦ 12.3 Performing the Engagement
♦ 12.4 Reporting
◊ 12.4.1 Assurance statement
◊ 12.4.2 Report to management
• 13 Informative Annexes
♦ 13.1 References
♦ 13.2 AccountAbility Standards Technical
Committee
♦ 13.3 Keeping Standards up-to-date
♦ 13.4 Certification of sustainability assurance
practitioners
♦ 13.5 Accreditation of sustainability assurance
providers
♦ 13.6 Translating AA1000AS
♦ 13.7 The value of sustainability assurance

AA1000 AccountAbility Commitment and Principles

The AA1000 AccountAbility Commitment and Principles section will form a new and separate document and
will be referenced in the AA1000 Assurance Standard.

AA1000 Assurance Standard Introduction

Foreword

Introduction

AA1000 Assurance Standard Requirements

1. Purpose and use of the standard
2. Scope of the standard
3. References to the use of AA1000AS
4. Relationship to other standards
5. Conducting sustainability assurance
6. Evaluating adherence to AccountAbility Commitment and Principles
7. Evaluating adherence to Quality of Information principles
8. Glossary

AA1000 AS Guidance for Assurance Practitioners

1. AccountAbility Principles
2. Quality of information principles

AA1000 AccountAbility Commitment and Principles 2

 Aa1000

AA1000 AS Guidance for Report Preparers Seeking Assurance

1. AccountAbility Principles
2. Quality of information principles

AA1000 AS Guidance for Stakeholders using Assurance Reports

Informative Annexes
1. References
2. AccountAbility Standards Technical Committee
3. Keeping Standards up-to-date
4. Certification of sustainability assurance practitioners
5. Accreditation of sustainability assurance providers
6. Translating AA1000AS
7. The value of sustainability assurance

Foreword

Evolution of the standard

The first edition of the AA1000 Assurance Standard was launched in 2003 as the world?s first sustainability
assurance standard. It was developed to ensure the credibility and quality of sustainability performance and
reporting and was the result of an extensive, two-year, worldwide consultation involving hundreds of
organisations from the professions, the investment community, nongovernmental organisations (NGOs),
labour and business. AA1000AS 2003 superseded the information on sustainability assurance provided in the
AA1000 Framework standard published in 1999. The 2003 edition was supported by a guidance note on the
application of the principles; a user note: five case studies on the application of the principles during
assurance engagements; and a briefing note on assurance levels and assurance engagements. AA1000AS
2008, is the second edition of AccountAbility?s assurance standard. It supersedes all previous versions and
related guidance on sustainability assurance published by AccountAbility. It draws on the growing body of
practice and experience in sustainability assurance.

Development process

AA1000AS 2008 was developed using a broad based multi-stakeholder process. A period of initial research
which included a widely broadcast e-survey was followed by face-to-face consultations in 20 countries with a
comprehensive range of stakeholders and a series of workshops with specific stakeholder groups. All of the
input received was then considered by the drafting committee of the AccountAbililty standards technical
committee who prepared a draft standard for public review. There were three periods of public review of 60 -
90 days each. All public review took the form of collaborative drafting with full transparency using a wiki
platform. Between each of these periods of public review and following the final one, the AccountAbility
standards technical committee reviewed and revised the draft. The final draft was prepared by the technical
committee and submitted to the AccountAbility Operating Board who approved it for publication.

AA1000 AS Guidance for Report Preparers Seeking Assurance 3

 Aa1000
Who this standard is for

This standard is primarily intended for use by sustainability assurance practitioners and providers. In addition,
this standard may be useful to those preparing for assurance in accordance with this standard, as well as for
users of sustainability assurance reports and statements, for other standards developers, and for professional
development and training practitioners.

The evolving nature of learning in the standards field means that the process of developing standards is
ongoing. By continually engaging with AA1000 Assurance Standard users and stakeholders, AccountAbility
is able to reflect learning in the form of additional guidance and revisions to the standard. AccountAbility
invites you to share your AA1000 Assurance Standard experiences with us so that we can continue to improve
the AA1000 Series.

Introduction

Aims and benefits of sustainability assurance

Sustainability reporting provides stakeholders with information about the social, economic and environmental
management and performance of an organisation. Sustainability reporting should be of a high quality and
communicated in a manner designed to provide stakeholders with sufficient information to be able to
understand the sustainability performance of an organisation.

Credibility is a pre-requisite for effective sustainability reporting. Credibility can be considerably enhanced
through assurance using accepted professional standards. Reporting organisations and their stakeholders
increasingly accept that robust independent external assurance is a key way of increasing the credibility and
effectiveness of their reporting and, ultimately, their performance.

Structure of the standard

The AA1000 Assurance Standard, AA1000AS (2008), is a standard in the AA1000 Series and as such is
based on the general commitment and principles found in the AA1000 AccountAbility Commitment and
Principles, AA1000ACP (2008).

The Structure of the AA1000AS (2008)

? Foreword

? Introduction

? Purpose and use of the standard

? Scope of the standard

? References to the use of AA1000AS

? Relationship to other standards

Who this standard is for 4

 Aa1000

? Conducting sustainability assurance

? Evaluating adherence to AccountAbility Commitment and Principles

? Evaluating adherence to Quality of Information principles

? Glossary

There are also three guidance sections providing additional guidance for assurance practitioners, reporting
organisations seeking assurance and stakeholders using assurance reports

A series of informative annexes are also included.

AA1000 AS Guidance
A. Guidance for Assurance Practitioners

AccountAbility Principles

1.1. Inclusivity - Stakeholder Engagement

The following tests provide guidance for evaluating adherence to the principle. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.
Different levels of assurance may require different levels of evidence testing.

Basic level ? consistent with GRI

1.1.1. Can the organization describe the stakeholders to whom it considers itself accountable?

1.1.2. Does the report content draw upon the outcomes of stakeholder engagement processes used by the
organization in its ongoing activities, and as required by the legal and institutional framework in which it
operates?

1.1.3. Does the report content draw upon the outcomes of any stakeholder engagement processes undertaken
specifically for the report?

1.1.4. Are the stakeholder engagement processes that inform decisions about the report consistent with the
scope and boundary of the report?

Advanced level

1.1.5. Does the reporting organisation have in place a stakeholder strategy and adequate processes sufficient to
deliver this strategy?

1.1.6. The AA1000 Stakeholder Engagement Standard (AA1000SES) establishes requirements for effective,

Structure of the standard 5

 Aa1000

quality stakeholder engagement. The following steps are included in the AA1000SES and any evaluation of
adequate stakeholder engagement processes needs to consider the following, (refer to the AA1000SES for
further guidance):

1.1.7. Identify stakeholders

1.1.8. Initial identification of material issues

1.1.9. Determine and define engagement strategy, objective and scope

1.1.10. Establish engagement plan and implementation schedule

1.1.11. Identify effective ways of engaging that work

1.1.12. Build and strengthen capacity

1.1.13. Engage with stakeholders in ways that facilitate understanding, learning and improvement

1.1.14. Operationalise, internalise and communicate learning

1.1.15. Measure and assess performance

1.1.16. Assess, re-map and re-define

1.1.17. Have stakeholders been involved in the determination of material issues?

1.1.18. Is there a process for resolving conflicts or dilemmas between different stakeholder expectations
regarding materiality?

1.2. Materiality
The concept of materiality comes from financial auditing and reporting. Materiality for financial reporting is
defined as follows: ?Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements. Materiality depends on the size of the item or
error judged in the particular circumstances of its omission or misstatement. Thus, materiality provides a
threshold or cut-off point rather than being a primary qualitative characteristic which information must have if
it is to be useful.?

In practice, financial impact thresholds are established that define the ?magnitudes? that are deemed material.
The European Federation of Accountants (FEE) guidance on materiality during audit engagements indicates
that it is important to consider materiality when determining evidence gathering requirements; and that when
considering materiality the practitioner should understand what factors will influence the decisions of
intended users. The relative importance of qualitative and quantitative factors in determining materiality is a
matter of professional judgment.

The AA1000 Assurance Standard builds on this and requires that an Assurance Provider assess an
organisation?s determination of materiality in relation to a range of criteria and not just in relation to financial

1.1. Inclusivity - Stakeholder Engagement 6

 Aa1000

thresholds. As in the case of financial auditing and reporting, an issue, concern or impact is material if it could
influence the decisions and behaviour of Stakeholders or the organisation itself.

The AA1000 Assurance Standard, by recognising Stakeholders as users and by requiring that Stakeholders
participate in the determination of materiality makes it clear that they are an important source of evidence and
that their views count in the determination of materiality.

An Assurance Provider should evaluate an organisation?s determination of the issues, concerns and impacts
material to the organisation and its Stakeholders, and whether there are any material misrepresentations or
omissions in its reporting of the results of this process.

A material misrepresentation or omission occurs when information is not disclosed or, if disclosed, is in some
way distorted such that in either case it likely to change the decisions, actions and behaviour of Stakeholders
or the organisation itself.

Relevance and Importance

Scope should take into consideration physical, organizational and time boundaries. The Assurance Provider
should clearly state the boundaries of enquiry in the assurance statement.

Determining What Is Material

The reporting organisation is responsible for determining what it considers to be material. It should be made
clear in the assurance statement and/or final report where the final responsibility for determining materiality
lies.

Process For Determining Materiality

The determination of materiality should be systematic and defensible. An Assurance Provider should analyse
the process used to determine materiality, as well as its systematic application.

An assurance provider should assess whether there has been an evaluation of relevance and importance based
on clearly identified criteria, taking into account whether there is a has been an process for establishing and
justifying the basis for determining the past, present or likely future occurrence and the severity of the
(predicted) impact.

An assurance provider should evalutate the process through which stakeholders have been involved. The
following tests provide guidance for evaluating adherence to the Principle. An Assurance Provider will need
to establish what is required to determine that these criteria are met and what evidence is necessary. Different
levels of assurance may require different levels of evidence testing.

Basic Level

1.2.1. Did the reporting organisation, in defining material issues, take into account external factors, including:

1.2.1.1. Main sustainability interests/topics and Indicators raised by stakeholders.

1.2.1.2. The main topics and future challenges for the sector reported by peers and competitors.

1.2.1.3. Relevant laws, regulations, international agreements, or voluntary agreements with strategic
significance to the organization and its stakeholders.

1.2. Materiality 7
 Aa1000

1.2.1.4. Reasonably estimable sustainability impacts, risks, or opportunities (e.g., global warming, HIV-AIDS,
poverty) identified through sound investigation by people with recognized expertise, or by expert bodies with
recognized credentials in the field.

1.2.1.5. Did the reporting organisation, in defining material topics, take into account internal factors,
including:

1.2.1.6. Key organizational values, policies, strategies, operational management systems, goals, and targets.

1.2.1.7. The interests/expectations of stakeholders specifically invested in the success of the organization (e.g.,
employees, shareholders, and suppliers).

1.2.1.8. Significant risks to the organization.

1.2.1.9. Critical factors for enabling organizational success.

1.2.2. The core competencies of the organization and the manner in which they can or could contribute to
sustainable development.

1.2.3. Has the reporting organisation prioritised material issues adequately?

Advanced Level

1.2.4. Is there a process in place to determine what is material?

1.2.5. Does the process include an evaluation of relevance?

1.2.6. Does the process include an evaluation of importance?

1.2.7. Does the process fairly represent the views and significant of stakeholders?

1.2.8. Are the criteria for evaluation clear and understandable?

1.2.9. Have the processes been systematically applied?

1.2.10. Is the determination of materiality consistent with stakeholder views?

1.2.11. In your professional judgment, are there any material omissions or misrepresentations?

1.2.12. In your professional judgment, does the report address all material performance issues? 1.2.13. Is the
relative significance of material issues and related performance put into context?

1.3. Completeness
Fairness and Balance

An organisation?s understanding of its performance should be comprehensive, fair and balanced. An

assurance practitioner should evaluate whether reported information is detailed for stakeholders using the
report to make decisions with a high degree of confidence.

1.3. Completeness 8
 Aa1000

An assurance practitioner should evaluate whether all information that is material to users, both favourable
and unfavourable, for assessing the reporting organisation?s economic, environmental, and social performance
appears in a manner consistent with the declared scope.

Determining the Extent of Completeness

An Assurance Provider should analyse the way in which the reporting organisation has established boundaries
for:

? the discussion of the organisation?s performance,

? the discussion of stakeholders? concerns, and

? the scope of the assurance engagement.

Completeness and Communications

There is a growing trend towards reporting on specific issues and to specific stakeholders or users, and to
providing assurance appropriate to those users. An Assurance Provider may therefore be asked to provide
assurance where there is no single report but rather a range of communications, for example, summary and
full reports, on-line versions, presentations, podcasts etc.

In such a case assurance should consider individual communications in relation to their intended users and
within the context of the underlying data, systems, processes, organisational conduct and competencies that
the individual communications draw on. The same tests for fairness and balance should be used.

Any assurance statement attached to a specific report or communication should clearly acknowledge the
difference in scope between an assurance engagement and the scope of the report or communication, and
make it clear what the assurance statement refers to. This also applies when providing an assurance statement
for the summary version of a full sustainability report. The statement should apply only to the information
within that particular report, or make it clear that it is referring to content in the full report to avoid confusing
readers. The following tests provide guidance for evaluating adherence to the principle. An Assurance
Provider will need to establish what is required to determine that these criteria are met and what evidence is
necessary. Different levels of assurance may require different levels of evidence testing.

Basic Level

1.3.1 Does the report cover and prioritise all information that should reasonably be considered material?

1.3.2 Does the report include all entities that meet the criteria of being subject to control or significant
influence of the reporting organization unless otherwise declared?

1.3.3 Does the information in the report include all significant actions or events in the reporting period, and
reasonable estimates of significant future impacts of past events when those impacts are reasonably
foreseeable and may become unavoidable or irreversible?

1.3.4 Does the report omit relevant information that would influence or inform stakeholder assessments or
decisions, or that would reflect significant economic, environmental, and social impacts?

Advanced Level

1.3. Completeness 9
 Aa1000

1.3.5 Is there a process in place to determine boundaries (e.g. of the organisation?s influence or control, of the
report, of the assurance engagement)?

1.3.6 there a process in place to fully research and understand the range of issues and concerns material to the
organization and its stakeholders?

1.3.7 Is there a process in place to address the range of issues and concerns raised by stakeholders?

1.3.8 Does the organisation have a process for deciding what is fair and balanced for any specific report?

1.3.9 Have the above processes (1-4) been systematically applied?

1.3.10 Are the specific reports and communications being assured fair and balanced?

1.4. Responsiveness
Prioritising Response

An assurance practitioner should evaluate whether a reporting organisation has in place a process to respond
to material issues and how an organisation has prioritised response.

Resources for Response

An assurance provider should evaluate whether the reporting organisation has allocated adequate resources.
Resources are adequate when they allow the reporting organisation to achieve within the stated time frame its
stated commitments and to communicate its response in a way that is consistent with stakeholder interests.

Timeliness of Response

An assurance provider should evaluate whether the reporting organisation has responded in a timely fashion.
Communicating the Response

An assurance provider should evaluate Rresponsiveness in relation to the intended users and within the
context of the overall response to material issues and concerns.

Participation in and Access to Response

An Assurance Provider should evaluate the access of stakeholders

? to the process for developing responses (policies, strategies, plans), and

? to information about responses.

A reporting organisation?s processes and mechanisms for providing access should reflect the different needs
and capacities of its stakeholders and should not require unreasonable effort. Information should be clear and
understandable.

The following tests provide guidance for evaluating adherence to the principle. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.

1.4. Responsiveness 10
 Aa1000

Different levels of assurance may require different levels of evidence testing.

Basic Level

1.4.1. Does the organisation have in place a process to decide what issues to respond to?

1.4.2. Is the information on the organisation?s response available and accessible to stakeholders?

Advanced Level

1.4.3. Does the organisation have a process in place to integrate its responses into its management, governance
and change processes?

1.4.4. Have the above processes been systematically applied?

1.4.5. Does the organisation allocate adequate resources to enable the implementation of commitments?

1.4.6. Is communication of the response consistent with stakeholder views?

1.4.7. Does the organisation have processes in place to prevent material misstatements when communicating
its response to stakeholders?

1.4.8. Does the organisation identify any shortfalls and implement corrective action in relation to its
responsiveness?

'2. Quality of information principles

These principles enable the assurance provider to evaluate the quality of information.

Note: These principles are consistent with those in GRI G3.

2.1. Reliability
Assurance providers should evaluate whether the information and data included in a report about the
organisation?s performance is supported by internal systems, controls and documentation.

The following tests provide guidance for evaluating adherence to the criteria. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.
Different levels of assurance may require different levels of evidence testing.

2.1.1 Is the scope and extent of external assurance is identified?

2.1.2 Can the original source of the information in the report can be identified?

'2. Quality of information principles 11

 Aa1000
2.1.3 Is there reliable evidence to support assumptions or complex calculations? 2.1.4 Is representation
available from the original data or information owners, attesting to its accuracy within acceptable margins of
error?

2.2. Clarity
An assurance provider should evaluate whether the report presents information in a way that is
understandable, accessible, and usable by the organization?s range of stakeholders (whether in print form or
through other channels).

The following tests provide guidance for evaluating adherence to the criteria. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.
Different levels of assurance may require different levels of evidence testing.

2.2.1 Does the report contain the level of information required by stakeholders, but avoids excessive and
unnecessary detail?

2.2.2 Could stakeholders find the specific information they want without unreasonable effort through tables of
contents, maps, links, or other aids?

2.2.3 Does the report avoid (where practical) technical terms, acronyms, jargon, or other content likely to be
unfamiliar to stakeholders, and does it include explanations (where necessary) in the relevant section or in a
glossary?

2.2.4 Is the data and information in the report available to stakeholders, including those with particular
accessibility needs (e.g., differing abilities, language, or technology).

2.3. Balance
An assurance provider should evaluate whether the overall presentation of the report?s content provides an
unbiased picture of the reporting organization?s performance and avoids selections, omissions, or presentation
formats that are reasonably likely to unduly or inappropriately influence a decision or judgment by the report
reader.

The following tests provide guidance for evaluating adherence to the criteria. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.
Different levels of assurance may require different levels of evidence testing.

2.3.1 Does the report disclose both favorable and unfavorable results and topics.

2.3.2 Is the information in the report presented in a format that allows users to see positive and negative trends
in performance on a year-to-year basis (including both the quantitative data and commentary on observed
trends)

2.3.3 Is the emphasis on the various topics in the report proportionate to their relative materiality.

2.1. Reliability 12
 Aa1000

2.4. Comparability
Comparability is necessary for evaluating performance. Assurance practitioners should evaluate whether
stakeholders using the report are able to compare information reported on

economic, environmental, and social performance against the organization?s past performance, its objectives,
and, to the degree possible, against the performance of other organizations.

The following tests provide guidance for evaluating adherence to the principle. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.
Different levels of assurance may require different levels of evidence testing.

2.4.1 Can the report and the information contained within it be compared on a year-to-year basis?

2.4.2 Can the report and the information within it be compared on a year to year basis to that of industry
peers?

2.4.3 Can the organization?s performance be compared with appropriate benchmarks?

2.4.4 Can any significant variation between reporting periods in the boundary, scope, length of reporting
period, or information covered in the report be identified and explained?

2.4.5 Where they are available, does the report utilizes generally accepted protocols for compiling, measuring,
and presenting information, including the GRI Technical Protocols for Indicators contained in the Guidelines?
2.4.6 Does the report use GRI Sector Supplements, where available?

2.5. Accuracy
An assurance provider should evaluate the accuracy of quantitative and qualitative information in the report.
The specific threshold of accuracy that is necessary will depend partly on the intended use of the information.
Certain decisions will require higher levels of accuracy in reported information than others.

Tests

The following tests provide guidance for evaluating adherence to the criteria. An Assurance Provider will
need to establish what is required to determine that these criteria are met and what evidence is necessary.
Different levels of assurance may require different levels of evidence testing.

2.5.1 Does the report indicate the data that has been measured?

2.5.2 Are data measurement techniques and bases for calculations are adequately described, and can they be
replicated with similar results?

2.5.3 The margin of error for quantitative data is not sufficient to substantially influence the ability of
stakeholders to reach appropriate and informed conclusions on performance.

2.5.4 The report indicates which data has been estimated and the underlying assumptions and techniques used
to produce the estimates, or where that information can be found.

2.4. Comparability 13
 Aa1000
2.5.5 The qualitative statements in the report are valid on the basis of other reported information and other
evidence reviewed.

2.6. Timeliness
The usefulness of information is closely tied to whether the timing of its disclosure to stakeholders enables
them to effectively integrate it into their decision-making and assurance practitioners should evaluate whether
this is possible with the report they are considering? The following tests provide guidance for evaluating
adherence to the criteria. An Assurance Provider will need to establish what is required to determine that these
criteria are met and what evidence is necessary. Different levels of assurance may require different levels of
evidence testing.

2.6.1 Has information in the report been disclosed while it is recent relative to the reporting period?

2.6.2 Is the collection and publication of key performance information aligned with the sustainability
reporting schedule?

2.6.3 Does the information in the report (including web based reports) clearly indicates the time period to
which it relates, when it will be updated, and when the last updates were made?

Methodology for Conducting Sustainability

Assurance

Defining the scope of the engagement

Requirement

The scope of the assurance engagement will determine the level of assurance being sought, and shall be
agreed between the reporting organisation and the assurance provider before the assurance engagement
begins. The agreement on scope shall take into consideration the affect on engagement scope that may result
from the application of the content principles. The assurance statement should declare the scope of the
assurance engagement.

Guidance

The AA1000 Assurance Standard advocates an open scope. This means applying the principles within the
context of stakeholder engagement to an organisation?s issues and concerns. This includes issues that the
organization can influence as well as those over which it has management control. It encompasses both direct
and indirect impacts. An Assurance Provider should analyse the way in which the organisation has established
boundaries for the identification of issues and concerns. Assurance Providers should consider organisational,
physical and time boundaries. Assurance Providers can refer to the GRI guidance on boundary definition.

Methodology for Conducting Sustainability Assurance 14

 Aa1000

The scope of an assurance engagement may be different from the scope of a report. The AA1000 Assurance
Standard requires that where the scope of an assurance engagement is limited, any limitations in scope are
clearly stated in the assurance statement.

Content

Process for identifying Intended audience / user

Requirement

The scope of the assurance engagement shall include an evaluation of the process used by the organisation to
determine the intended users of the report and the results of that determination. The intended users shall be
evaluated in the context of the organization?s reporting policy and the material concerns of the intended users.

Guidance

Process for identifying the material issues for the report

Requirement

The scope of the assurance engagement shall include an evaluation of the process the organisation has used to
determine its material sustainability issues and the results of that process.

Guidance

The consideration of material issues must take place within the context of financial concerns and not just
social, environmental and economic issues. There are, for example, financial issues with social implications
such as incentive systems.

Process for determining the report boundary

Requirement

The scope of the assurance engagement shall include an evaluation of the process the organisation has used to
determine the report boundaries and the results of that process, and shall evaluate those boundaries within the
context of the boundaries associated with the identification, understanding and response of the organisation to
its material sustainability issues.

Guidance Oranization have to consider financial statement bonduary to determine the report bondaries. The
bonduary of the sustainability report an of the financial report should be the same.

Defining the scope of the engagement 15

 Aa1000

Limitations

Requirement

Any restrictions in the scope of the assurance engagement shall be addressed in the sustainability report and in
the assurance statement

Guidance

Where the full list of material sustainability issues of the organisation is not included in the report because of
the defined material issues of interests to the intended audience, or where the boundaries covered in the report
are restricted because of the defined interest of the intended audience, the reporting organisation shall ensure
that this is made clear in the report and in the assurance statement.

Quality of information

Disclosures covered

Requirement

The scope of the assurance engagement shall identify all disclosures (i.e. reports and other forms of
communication) covered by the engagement. The assurance statement shall identify those disclosures covered
by the engagement.

Guidance

An organisation may produce in print or electronically a number of different reports on its sustainability
performance. It is important to make clear exactly which of these disclosures are covered by the assurance
statement. This may mean attaching an ?assured? statement or notice to each individual web page that has
been assured and noted on pages that are not assured that ?the information on this page has not been assured.
This may be the case where the assurance engagement covered all information produced before a given date
and then the organisation provides more recent, un-assured information on its website.

Level of assurance

Requirement

The scope of the engagement shall define the anticipated level of assurance. The assurance engagement plan
shall ensure that sufficient evidence is gathered to provide the level of assurance. If during the performance of
the engagement it becomes evident that information required to achieve the agreed level is not available the
Assurance Provider will highlight this in the Assurance Statement and may qualify their conclusions.

Guidance

Based on the current state of the debate of its technical committee and other stakeholders, AccountAbility
defines ?level of assurance? as the level of confidence the Assurance Provider obtains concerning:

Limitations 16
 Aa1000

1. The scope of the subject matter (i.e. have you identified and are you addressing the right issues?)

2. The reliability of the information (i.e. is information accurate and consistent).

During the assurance engagement, the Assurance Provider obtains a level of assurance about the organisation
and articulates this in the assurance statement, recognizing that in practice the level of assurance is usually
agreed between the organisation and Assurance Provider at the outset of the engagement and is related to
work effort; and that assurance is an iterative process during which weaknesses in the evidence and the
disclosure are resolved or explained in the Report and may result in qualified conclusions.

The question then becomes: how do you name or identify the levels? The technical committee has considered
options ranging from:

? not naming levels but instead requiring a high level of transparency on the methodology used to assess the
scope of the subject matter and the reliability of information (this would mean that the users of the assurance
statement would have to determine for themselves the level of assurance); to

? using the same names for levels as those used in ISAE 3000 - ?limited? and ?reasonable? (this would
provide a high level of consistency with existing usage and allow for greater alignment between AA1000AS
and the standards of the accounting profession).

There has, however, been hesitation to adopt either of these two options. It has been argued that to simply
provide greater transparency of methodology makes comparing statements more subjective and difficult. On
the other hand, others argue that the terms ?limited? and ?reasonable? do not adequately reflect the nature of
levels to the lay reader and that the definition of these terms is not precise. There is also concern with the
language required to express these levels: ?limited? assurance must be expressed in negative language.

A middle road has been suggested. This would require more transparency of methodology alongside more
appropriately named levels. The named levels would allow for correspondence with ?limited? and
?reasonable? where this is desired, but would use more accessible language. It has also been suggested that
the named levels be explained as reference points along a spectrum in order to allow for assurance providers
to further refine their description of levels should they wish.

These two ?reference? levels have been referred to during technical committee discussions as the ?highest
level obtainable? and ?the level below which assurance is not possible.? The level obtained would be
described in relation to the work needed to reduce the risk of misstatement. The highest level of assurance is
not a guarantee but an acknowledgement on the part of the Assurance Provider that any additional information
would not increase their level of confidence in the conclusions has reached. The level below which assurance
is not possible means that the type and quality of information available does not provide the Assurance
Provider with any level of confidence.

Any refinement to the statement of level obtained would explain why the highest level of confidence has not
been obtained, for example, something to do with:

? deficiencies in the nature, timing or extent of evidence gathering procedures, or

? the lack of resources available to fully assess reliability.

It should be possible to come up with acceptable terms for these reference levels as well as with further
guidance on how to refine their description in an assurance statement.

Level of assurance 17
 Aa1000

ISAE 3000 provides guidance on the approach and procedures that enable an assurance engagement to be
undertaken in a systematic and consistent manner and in line with professional auditing standards and codes
of conduct. AA1000AS is a principles-based assurance standard that defines the necessary processes required
to apply these principles during an assurance engagement. The two standards differ in their approach to the
scope of the subject matter. ISAE 3000 requires the Assurance Provider to agree on the scope of the subject
matter of the assurance engagement with the reporting organisation at the outset, and to apply considerations
of materiality in relation to this predetermined scope. The AA1000AS takes an open-scope approach
determined by stakeholder-based materiality. It defines stakeholders as individuals and groups that affect
and/or are affected by the organisation and requires that Assurance Providers assess the quality of the
organisation?s engagement with these stakeholders and the robustness of its decision-making processes
regarding "stakeholder-based" materiality.

Both standards require an evaluation of the reliability of the underlying systems, data and information. ISAE
3000 reduces the risk of errors or omissions in the assured information to an acceptable level by choosing
between a ?reasonable assurance engagement? (risk reduced to a low level) and a ?limited assurance
engagement? (risk reduced to a moderate level) or a combination of these for different information. The
choice determines the amount/depth of work which the Assurance Provider undertakes. The AA1000AS
defines level of assurance as the level of confidence the assurance provider obtains concerning the reliability
of information and the scope of the subject matter, and does not define specific levels of assurance.

Limitations

Requirement

Any restrictions in the scope of the assurance engagement shall be addressed in the sustainability report and in
the assurance statement

Guidance

Engagement acceptance

Independence and impartiality

Requirement

The Assurance Provider shall be demonstrably independent from the Reporting Organisation.

The Assurance Provider shall be impartial in its dealings with the Reporting Organisation and its
Stakeholders.

Guidance

The Assurance approach and associated contractual framework agreed between the Assurance Provider and
the Reporting Organisation must not dilute or unduly influence the ability of the Assurance Provider to fulfil
its responsibility to the Reporting entity?s Stakeholders.

Limitations 18
 Aa1000
Many codes and mechanisms exist that might usefully guide Assurance Providers in ensuring independence,
depending for example on their professional base, and their institutional and geographic location. Given the
diversity of possible Assurance Providers and contexts, the Provider is required to make a public Statement of
Independence covering each Assurance assignment that would include:

? Declaration of independence with respect to the Reporting Organisation.

? Conflict-of-interest policies that it adheres to, concerning employment relationships, for example, including
any professional codes that it adheres to on a voluntary or mandatory basis.

? An account of any recent, ongoing or potential financial or commercial relationships between the Assurance
Provider and the Reporting Organisation, for example, fee-forservice (e.g. consultancy, research, other forms
of accounting, Assurance, or advice), governance arrangements and/or ownership (e.g. directorships or
shareholdings). This should apply to both the organizations concerned and the individuals involved in the
Assurance assignment. Good practice would require that the fee for the current assurance engagement should
be disclosed within the statement.

Impartiality concerns the ability and willingness of the Assurance Provider to fulfil the agreed Assurance
assignment without its understanding, judgement or statements being unduly influenced by the nature of its
relationships with the Reporting Organisation?s Stakeholders (including shareholders).

Given the diversity of possible Assurance Providers and contexts, the Assurance Provider is required to make
public a Statement of Impartiality covering each Assurance assignment that would include:

? Declaration of impartiality with respect to Stakeholder interests.

? Recent, ongoing or potential financial or commercial relationships between the Assurance Provider and the
Reporting Organisation?s Stakeholders involving fee-for service (e.g. consultancy, research, other forms of
accounting, Assurance, or advice), governance arrangements and/or ownership (e.g. directorships or
shareholdings) or membership. This should apply to both the organisations concerned

Competence
Requirement

Assurance Practitioners, Providers and the Reporting Organisation shall ensure that the individuals and
organisations involved in an Assurance Engagement are demonstrably competent. The Reporting Organisation
shall require the Assurance Provider to be prepared to make information available to interested Stakeholders
about the competencies of the individuals involved in the Assurance Engagement.

The Assurance Providers, that is, the organisations through which individuals provide Assurance, shall be able
to demonstrate adequate institutional competencies.

Guidance

The credibility of a Report?s Assurance relies on the Assurance Provider?s competencies as well as the use of
appropriate standards, including the AA1000 Assurance Standard.

The competencies of individual Assurance Practitioners providing Assurance should include:

Independence and impartiality 19

 Aa1000

? An understanding of Sustainability Assurance, including accounting and data review procedures and
auditing practice

? An understanding of and ability to apply and to embed techniques and processes of stakeholder engagement
and to assess and assure against these principles

? An overall understanding of sustainable development encompassing: Social and ethical issues

Environmental issues Economic issues

? The ability to make informed professional judgements on an organization?s sustainability performance

The CSAP qualification demonstrates the required competence (see the Annex below).

The competencies of the Assurance Providers, that is the organizations through which Assurance practitioners
provide assurance should include:

? Adequate Assurance oversight to ensure that the organisation is undertaking Assurance to the highest
possible standards and is not compromised by commercial interests or inadequate competencies. Oversight of
Assurance work is required by one or more mechanisms or processes, such as an Assurance Committee,
involving people neither undertaking nor benefiting from the Assurance work in question.

? Adequate understanding of the legal aspects of the Assurance process, and adequate professional indemnity
insurance.

? Infrastructure to ensure the above as well as the secure, long-term storage of Assurance-related material.
Individual Assurance Providers (i.e. not part of any organisation) must ensure that they have equivalent
arrangements in place.

Duty of care
Requirement

Assurance providers shall exercise care in accordance with the importance of the task and the confidence
placed in them by the users of their assurance statement. Possessing the necessary competence is a necessary
prerequisite.

Guidance

Reporting criteria and evidence

Requirement

Before accepting an engagement, the Assurance Provider shall satisfy himself that it is reasonable to assume
that the reporting criteria used by the reporting organisation are suitable (fit for purpose) and that sufficient
evidence is available.

Competence 20
 Aa1000

Guidance

Requirements of AA1000AS (2008)

Requirement

Before accepting an engagement the Assurance Provider shall satisfy himself that it is reasonable to assume
that the requirements of AA1000AS (2008) can be met during the course of the engagement and that the
Reporting Organisation is acting in good faith.

Guidance

Engagement Letter
Requirement

The terms and conditions shall be set out in an engagement letter which shall cover:

? Objectives

? Responsibilities of reporter and assurance provider

? Applicable Code of Conduct

? Scope

? Standards to be used

? Assumptions regarding reporting criteria and evidence

? Requirements for reports and statements

? Summary of activities, including milestones, timeframes and progress reporting requirements

? Assurance Report and Assurance Statement requirements

? Confidentiality requirements

? A declaration of independence from the assurance provider

? Level of assurance anticipated

Reporting criteria and evidence 21

 Aa1000
? Risks and constraints

? Fees and costs

Guidance

? Objectives

? Responsibilities of reporter and assurance provider

? Applicable Code of Conduct

? Scope

? Standards to be used

? Assumptions regarding reporting criteria and evidence

? Requirements for reports and statements

? Summary of activities, including milestones, timeframes and progress reporting requirements

? Assurance Report and Assurance Statement requirements

? Confidentiality requirements

? A declaration of independence from the assurance provider

? Level of assurance anticipated

? Risks and constraints

? Fees and costs

Engagement Letter 22
 Aa1000

Performing the Engagement

Requirement

The Assurance provider shall prepare a documented plan for conducting the assurance engagement. In
addition to addressing the items in the engagement letter, the Assurance provider shall provide detail on:

? Identification of key Reporting Organisation and Assurance Provider contacts

? Risk assessment and planning

? Review of reporting criteria

? Evidence gathering plan for evaluations against both the content principles and the quality of information
principles, including,

? Depth and breadth of evidence gathering (to demonstrate how the anticipated level of assurance will be
achieved)

? Types of evidence

? Sources of evidence

? Activities schedule including dates and durations

? Resource requirements (human, financial, technological)

? Sampling plans to be used and rationale

? Assurance procedures to be used

? Reference documents, protocols, checklists and other working documents to be used

Guidance

? Identification of key Reporting Organisation and Assurance Provider contacts

? Risk assessment and planning

? Review of reporting criteria

There shall be a system in place that articulates the reporting process and structure ? for example GRI ? and it
shall be publicly available. There shall be information systems in place for reporting indicators including
indicator protocols (either GRI or own) that are publicly available.

? Evidence gathering plan for evaluations against both the content principles and the quality of information
principles, including,

Performing the Engagement 23

 Aa1000

? Depth and breadth of evidence gathering (to demonstrate how the anticipated level of assurance will be
achieved)

? Types of evidence

? Sources of evidence

? Activities schedule including dates and durations

? Resource requirements (human, financial, technological)

? Sampling plans to be used and rationale

? Assurance procedures to be used

? Document and quality control procedures to be used

? Reference documents, protocols, checklists and other working documents to be used

Reporting

Assurance statement
Requirement

An assurance statement shall be issued. Any restrictions to the scope of the sustainability report or assurance
engagement shall be addressed in the assurance statement. Any Claim of accordance with AA1000AS (2008)
shall meet all requirements of the standard. An assurance Statement shall include the following information:

? Title

? Note on audience

? Note on roles and responsibilities

? Description of the scope of the assurance engagement

? Note on criteria

Reporting 24
 Aa1000

? Disclosure of methodology

? Conclusions concerning the principles

? Statement on level of assurance obtained

? Findings, commentary and recommendations - including whether previous years' recommendations have
been implemented (where appropriate)

? Disclosure on competencies, impartiality and independence

? Signature

Guidance

Introduction by the reporting organization

An introduction to the Assurance Statement by the Reporting Organisation though not mandatory can be
useful. It could explain the organisation?s current and future approach to assurance, including:

? why assurance was used, including expectations and perceived benefits (and actual benefits if assurance has
been carried out in previous years);

? the design of the assurance process; and

? which standards and frameworks were chosen for the engagement and why.

The assurance statement

Title

A simple and clear title should be used, for example: Independent Assurance Statement

Note on audience

If there is no list of intended users provided in the Report, the organisation leading the assurance engagement
should consider identifying the agreed audience of the Report in the Assurance Statement, where practical.
Otherwise, a reference to the location of the list in the Report can be useful to readers.

Note on roles and responsibilities

The roles and responsibilities of the assurance provider and reporting organization should be clearly stated.
The lead provider as well as the other experts on the team should be identified. The organisation should
identify who within the organization commissioned the engagement.

Description of the scope of the assurance engagement

The statement should state which sections of the report are the subject of the assurance engagement. Any
exclusions and limitations should be explained.

Assurance statement 25
 Aa1000

Note on criteria

The statement should identify the criteria used for the engagement, their suitability and their source.

Disclosure of methodology

The statement should provide a description of the methodology used during the engagement. This should
include:

? the identification of the standards and principles used and how they were used (e.g. for reference or as the
basis for determining compliance) including any limitations to use;

? the evidence sought (quantity and quality of information);

? a description of the evidence gathering methods, including the depth of investigation; and

? any constraints or limitations on the access to or sufficiency of evidence.

Conclusions concerning the principles

At a minimum this should include conclusions on:

? the level of assurance obtained

? any material omissions or misstatements;

Findings, commentary and recommendations

This could include:

? the robustness of the process and systems used by the organisation to determine material issues;

? the robustness of the process and systems used to understand as completely as possible the impacts and
opportunities associated with material issues;

? the reliability of the data and information;

? the robustness of the process and systems used to identify responses;

? the responses provided (i.e. policies, targets) in relation to stakeholder interests

? findings concerning assertions relating to compliance to agreed standards, codes, regulations and policies;

? commentary and recommendations on areas of past and future improvement;

? commentary and recommendations on current and future values & strategy;

? commentary and recommendations on Report and assurance scope.

Assurance statement 26
 Aa1000

Disclosure on competencies, impartiality and independence

This should be provided for all Assurance Providers and experts involved in the assurance process.

Signature

Name of the Assurance Provider, date and location of the organization.

Report to management
Requirement

If agreed in the letter of engagement, the Assurance provider shall provide a report to management. The report
to management shall provide a greater level of detail on the conduct of the engagement and the findings. The
report to management shall not communicate different or additional conclusions than those found in the
assurance statement except in those cases where there is an agreed and justified need for confidentiality.

Guidance

The content and style of the report should be discussed with the Reporting organisation as part of the design
of the engagement.

The report will typically follow the structure of the assurance statement. In addition to further detail on the
conduct and findings of the engagement, the report may also include information that benchmarks the
reporting organisation with peer organisations.

Additional detail on the conduct of the engagement should address in detail any constraints encountered
during the engagement and should outline the relative strengths and limitations of the process used in the
collection and analysis of information.

The existence of a report to management should be disclosed in the assurance statement.

Informative Annexes

References
Stakeholder Engagement

The Stakeholder Engagement Standard, AA1000SES

Stakeholder Engagement Manual, Volume 2 http://www.accountability21.net/publications.aspx?id=904

Critical Friends - Stakeholder Panels Report http://www.stakeholderpanels.net

http://www.accountability21.net/publications.aspx?id=1088

Informative Annexes 27
 Aa1000

Reporting

GRI G3 Guidelines http://www.globalreporting.org/ReportingFramework/G3Guidelines/

Accounting for Good: the Global Stakeholder Report 2005 (The Second World-wide Survey on Stakeholder
Attitudes to CSR Reporting) Pleon Kohtes Klewes GmbH / Pleon b.v., 2005 ~

ACCA (2004) The Future of Sustainability Assurance

http://www.accaglobal.com/publicinterest/activities/research/reports/sustainable_and_transparent/rr-086

Canadian Reporting guidance http://www.sustainabilityreporting.ca

Context (2006) Reporting in Context 2006: Global Corporate Responsibility Reporting Trends
http://www.econtext.co.uk/cover_scans/InContext2006.pdf

Corporate Register http://www.corporateregister.com (Library of Reports)

DEFRA Environmental Reporting Guidelines

http://www.defra.gov.uk/environment/business/envrp/guidelines.htm

FORGE - Guidelines on Environmental Management and Reporting for the Financial Services Sector
http://www.abi.org.uk/forge/

Friends of the Earth et al (2004) Lessons Not Learned: The Other Shell Report
http://www.foe.co.uk/resource/reports/lessons_not_learned.pdf

KPMG (2005) KPMG International Survey of Corporate Responsibility Reporting KPMG/ UNEP (2006)
Carrots and Sticks for Starters: Current trends and approaches in Voluntary and Mandatory Standards for
Sustainability Reporting http://www.unep.fr/outreach/reporting/docs/Public-UNEPKPMG-Report-FIN.pdf

UNEP/Sustainability (2004) ?Risk and Opportunity?: Global Reporters 2004 Survey of Corporate
Sustainability Reporting http://www.sustainability.com

UNEP/Sustainability (2006) ?Tomorrow?s Value? Global Reporters 2006 Survey of Corporate Sustainability
Reporting http://www.sustainability.com

WBCSD- http://www.wbcsd.org/

GEMI (2004) Transparency: A Path to Public Trust www.gemi.org/Transparency-PathtoPublicTrust.pdf

WBCSD (2002) Sustainable Development Reporting: Striking the Balance Eurobarometer 217: The attitudes
of European citizens towards environment (research Nov 2004, Published April 2005)

UN Global Compact http://www.globalcompact.org (also document - A practical guide to Communication on

Progress (United Nations Global Compact and Making the Connection: Using the GRI?s G3 Reporting
Guidelines for the UN Global Compact?s Communication on Progress)

Environmental, Social and Sustainability Reporting on the World Wide Web: a guide to best practice
(ACCA/Corporateregister.com)

Materiality: Redefining Materiality http://www.accountability21.net/publications.aspx?id=1168

References 28
 Aa1000

Accountability (2006) The Materiality Report: Aligning Strategy, Performance and Reporting
http://www.accountability21.net/publications.aspx?id=560

Assurance: Certification as a sustainability assurance practitioner

htpp://www.accountability21.net/publications.aspx?id=368

AA1000 Assurance Standard: http://www.accountability21.net/publications.aspx?id=288

AA1000AS Guidance note on Principles: http://www.accountability21.net/publications.aspx?id=380

Assurance Standards Briefing AA1000AS and ISAE3000:

http://www.accountability21.net/publications.aspx?id=390

User Note on the Application of the Principles of Materiality, Completeness and Responsiveness as they
Relate to the AA1000 Assurance Standard http://www.accountability21.net/publications.aspx?id=1242

The Future of Assurance http://www.accountability21.net/publications.aspx?id=456

The Materiality Report

Better Assurance through Better understanding

IFAC Framework

IAASB ISAE 3000

COS 3410N

References to the use of AA1000AS

Only assurance engagements that meet the requirements of the standard shall claim that assurance has been
provided in accordance with AA1000AS (2008) and be eligible for inclusion on the Corporate Register list of
AA1000AS assured reports. Users of the standard should notify Corporate Register that they have used the
standard.

AccountAbility Standards Technical Committee

Jennifer Iansen Rogers, KPMG ? Chair

Glenn Howard Frommer, MTR

Dominique Gangneux, ERM

Chuck Gatchell, Nike, Inc.

Sean Gilbert, GRI

Adrian Henriques, Middlesex University

AccountAbility Standards Technical Committee 29

 Aa1000

Vernon Jennings, Independent Consultant

Eileen Kohl Kaufman, SAI

Dave Lucas, Eskom

Paul Monaghan, Cooperative Financial Services

Johan Piet, Transparability

Preben J. Soerensen, Deloitte

Chris Tuppen, BT (to 4 February 2008)

David York, ACCA

Keeping Standards up-to-date

Standards are living documents that reflect progress in principles, practice, methods and science. To maintain
their currency, all standards are periodically reviewed (at a minimum every five years) and where warranted
new editions are published. Between editions, amendments may be issued. Standards may also be withdrawn.
It is important that readers assure themselves they are using the current standard, which should include any
amendments which may have been published since the standard first appeared.

Detailed information on The AA1000 Series of standards can be found on the AccountAbility web site:
http://www.accountability21.net

We welcome suggestions for improvement of our standards and encourage readers to notify us immediately of
any apparent inaccuracies or ambiguities. Please address your comments to the Head of Standards at
AccountAbility.

Certification of sustainability assurance practitioners

IRCA and AccountAbility have established a partnership to provide a professional qualification in
sustainability assurance.

The Certified Sustainability Assurance Practitioner Program (CSAP) aims to:

? Enable practitioners to develop, validate and communicate their competence in a systematic manner.

? Make it easier for organisations to identify credible assurance expertise.

? Improve stakeholder confidence in the expertise of sustainability assurance professionals engaged by

organisations.

? Develop a more systematic understanding of key competency requirements for providing effective
assurance, and so establish a basis for informing this and other standards in future.

Keeping Standards up-to-date 30

 Aa1000

This Program is intended for all practitioners worldwide including:

? those who work in CSR departments involved in the development of corporate accountability programs;

? those who work in departments involved in internal (assurance) audit processes;

? those who provide consultancy services for organisations on sustainability assurance;

? independent assurance providers who undertake assurance processes; and

? those just starting out in the area of sustainability assurance.

The Program offers certification at three grades:

? Associate Sustainability Assurance Practitioner: an understanding of the field of sustainability assurance

gained by attending relevant training. This grade is most relevant to those beginning their career in
sustainability assurance, and those involved in related topics

? Sustainability Assurance Practitioner: an active practitioner with demonstrable experience over a number of
assignments with different clients or, for internal practitioners, over several assurance cycles covering a range
of sustainability issues

? Lead Sustainability Assurance Practitioner: active in the provision of sustainability assurance and you have
led a significant number of sustainability assurance assignments either internally or as part of external
assurance assignments. Experience in stakeholder engagement as part of assurance assignments is essential, as
is the lead role in forming assurance judgements and the preparation of external or internal assurance
statements

Accreditation of sustainability assurance providers

There is currently no requirement for the accreditation of sustainability assurance providers in order to
perform assurance engagements using AA1000AS. Furthermore there is no formal scheme at present which
attempts to accredit providers in the same way as the CSAP programme accredits individual practitioners.

The revision consultations have illustrated that there is significant interest in organisational accreditation to
address the experience gap and to ensure the quality of assurance. This is something that will have to be
considered and developed over time with those in the field.

Engaging a sustainability assurance provider

A reporting organisation needs to take into account a number of considerations when engaging a sustainability
assurance provider. Listed below is a selection of some (but not all) of the factors a reporting organisation
should consider when engaging a sustainability assurance provider.

Certification of sustainability assurance practitioners 31

 Aa1000

Administrative Requirements

? Has current engagement with the assurance provider given confidence that they will be able to provide
adequate account management and timely communications?

Organisational Profile

? Is the summary of the providers services and the markets in which it operates suitably relevant

? Is the experience in providing similar services to other organisations relevant to your organisation?

? How many similar assurance engagements has the organisation done in the last three years?

? Is the organisational structure, ownership relationships clear and suitable?

? Is the organisation financially sound?

Assurance Team

? Are the necessary skills represented on the team?

? Can team members demonstrate the necessary qualifications and competencies? Are they CSAP certified?

? Does the lead assurance practitioner have the necessary qualifications and competencies? Is he CSAP
certified?

Technical Proposal

? Does the assurance provider have a clear and detailed understanding of:

o Product issues

o Market issues

o Supply chain issues

? Does the assurance provider have a clear and detailed understanding of:

o Conducting assurance in accordance with AA1000 AS principles

o How to evaluate materiality

o How to conduct stakeholder engagement

o GRI criteria

o Data verification techniques

Accreditation of sustainability assurance providers 32

 Aa1000

? Does the provider illustrate a clear understanding of the scope of work required in the assurance engagement
(assurance, issues, organisation, time)?

? Is a clear and detailed work plan proposed that understands stakeholder concerns and will lead to a fit for
purpose assurance statement?

? Is there a clear plan on the proposed deliverables?

? Is there a clear illustration of the competencies and capacity to deliver

? Is there a clear and detailed presentation of the organisation and structure for delivery of assurance services?

? Is the cost proposal satisfactory?

Translating AA1000AS
The AA1000AS 2003 edition has been translated into a number of languages. Translating the standard into
multiple languages enables wider international use of the standard, a greater depth of understanding at the
local level and increased consistency in the quality of assurance engagements worldwide.

It is our intention to translate AA1000 2008 into a number of languages. AccountAbility is always looking for
partners to work with to translate the standard into new languages. If you are interested in partnering on this,
please contact the Head of Standards at AccountAbility.

The value of sustainability assurance

There are a number of drivers which lead companies to seek independent assurance for their sustainability
report and these provide a useful framework for assessing the value of sustainability assurance.

Compliance (Regulation/Threat of Regulation):

Although limited in sustainability reporting, regulation is the clear driver for independent assurance in the
financial world. Similarly the ability to illustrate compliance to various codes and standards is an important
element of the value of assurance. This is particularly true in countries such as France where elements of
non-financial reporting are mandatory. Voluntary reporting and assurance on sustainability issues is often seen
as a way of avoiding regulation on certain issues, which many companies value.

Convincing:

Independent sustainability assurance can help to convince stakeholders of a company?s claims and
performance in a number of areas. It can help a company illustrate that it is meeting organisational
commitments or that it is improving performance on a previously weak area.

More positively, independent assurance can reaffirm where a company is going beyond best practice and
developing clear brand differentiations. Independent assurance can help embed a company?s reputation for
strong sustainability performance.

Translating AA1000AS 33
 Aa1000

Assurance which accurately considers materiality and stakeholder engagement can give confidence to
stakeholders that the organisation is reporting on the issues it should be and is not ignoring anything relevant
and important.

Decision Making:

Assurance of timely and appropriate data and underlying systems is essential to enable stakeholder
decision-making. As much of a company?s value is bound up in intangible non-financial assets there is
increasing stakeholder pressure for many of these issues to be assured independently to give those who make
decisions on the company greater confidence.

Decision-makers informed by assurance can range from those in the investment community, to NGOs
deciding where to focus their campaigns, to consumers deciding which products to buy. Assurance on a single
report can provide a central place for decisions makers to go to, improving access and reducing the need for
organisations to respond to endless questionnaires.

Learning and Performance Improvement:

Assurance can help as much internally as externally. Independent verification of policies, strategies, systems,
understanding and data can help an organisation enhance and improve international management systems
and/or strategies. It can help a company identify what more is needed to be done in order to satisfy certain
organisational commitments (e.g. UNGC) or more generically can identify where a company?s sustainability
performance is strong and where it can be improved.

Assurance is able to provide an evaluation of an organisation?s overall performance and forward-looking

indications of its abilities. This is not only a matter of aggregating information flows from within the company
and from specific assurance processes but also of ensuring the quality of these systems, which underpin
performance.

Assurance that incorporates stakeholder engagement will go further in capturing controversial and contested
areas of responsibility and driving necessary learning and innovation.

What is clear is that the value of assurance is not restricted to the reporting organisation, but is appreciated by
all of it?s stakeholders. Indoor stakeholders (management) gain a greater understanding of areas of risk and
value creation. Back-door stakeholders (investors and regulators) are able to analyse risks, opportunities and
compliance more easily. Although front-door stakeholders (media, NGOs, Customers) remain cynical about
assurance they are generally responsive to ideas of independent verification of company activities.

The value of sustainability assurance 34