Essay |
Nancy Kamp-Roelands‡
|
Corresponding author: Nancy Kamp-Roelands ( a.e.m.kamp-roelands@rug.nl ) Academic editor: Annemarie Oord
© 2025 Nancy Kamp-Roelands.
This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-NC-ND 4.0), which permits to copy and distribute the article for non-commercial purposes, provided that the article is not altered or modified and the original author and source are credited.
Citation:
Kamp-Roelands N (2025) ISSA 5000: key features of the International Sustainability Assurance Standard. Maandblad voor Accountancy en Bedrijfseconomie 99(2): 85-96. https://doi.org/10.5117/mab.99.149097
|
 |
Abstract
The article describes the structure and key concepts within the International Standard on Sustainability Assurance (ISSA) 5000 ‘General requirements for sustainability assurance engagements’. Because this international standard will form an important basis for the European sustainability assurance standards to be issued in 2026 the article also briefly discusses the relationship with the European developments and the Dutch sustainability assurance standard NV COS 3810N.
Keywords
ISSA 5000, sustainability assurance, assurance on sustainability information, CSRD assurance
Relevance to practice
The demand for sustainability assurance engagements worldwide is increasing rapidly. ISSA 5000 was issued end of 2024 to guide practitioners on how to perform high quality sustainability assurance engagements. This article describes how the key challenges in performing sustainability assurance engagements are addressed in ISSA 5000. Also how this relates to the European Commission’s standard setting for sustainability assurance and the Dutch sustainability assurance standard NV COS 3810N is of importance to practitioners.
1. Introduction
This article discusses the newly released International Standard on Sustainability Assurance (ISSA) 5000 ‘General requirements for sustainability assurance engagements’ and its key concepts (
To prevent inconsistencies in sustainability assurance practices that could undermine the credibility of sustainability assurance it was important that an international standard would become available in the area of sustainability assurance in addition to the general standard ISAE 3000 (Revised) International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information or the more specific ISAE 3410 Assurance Engagements on Greenhouse Gas Statements. The IAASB did already some work in the area of sustainability assurance (see paragraph 2), however this resulted in voluntary guidance only. The challenge for the IAASB was not only to develop the standard quite quickly (within two years), but also to ensure consistency with its existing standards, while not creating an unnecessary burden for those practitioners already active in the sustainability assurance space, and often using their firm global sustainability assurance methodology. Similar to ISAE 3000 the standard should be applicable to professionals that conduct the assurance engagement (practitioners), meaning not only accountants but also other type of practitioners such as environmental auditors, that were also already active in the sustainability assurance area.
ISSA 5000 defines the assurance engagement in article 18 as: An engagement in which the practitioner aims to obtain sufficient appropriate evidence in order to express a conclusion designed to enhance the degree of confidence of the intended users about the sustainability information. Paragraph 2.2.1 describes the types of assurance engagements: the reasonable and the limited assurance engagements.
With this international assurance standard (
The ISSA 5000 standard will become effective for assurance engagements focused on sustainability information that relate to the period on or after 15 December 2026 (so effective for reporting year 2027). An earlier application of the assurance standard is permitted. Policymakers, standard setters and regulators in each jurisdiction in the world will have to make decisions on whether ISSA 5000 will be required, whether additional requirements are needed, and who is allowed to conduct assurance engagements based on their local needs (
Paragraph 2 describes the content and the key concepts of ISSA 5000. Paragraph 3 discusses the European developments in sustainability assurance in relation to ISAA 5000 and the impact in the Netherlands and paragraph 4 ends the article with a summary and conclusion.
2. Content and key concepts of ISSA 5000
2.1. General remarks
2.1.1. Foundations of the stand-alone standard ISSA 5000
The standard is a stand-alone standard, therefore the practitioner is not required to also apply ISAE 3000 (Revised) when performing the assurance engagement. ISSA 5000 was developed in the very short timeframe of two years. This was possible because it could draw on various existing IAASB standards and publications and many other resources. ISSA 5000 includes matters that are currently also included in the Framework Assurance Engagements and ISAE 3000, such as the preconditions for an assurance engagement. Also, content was drawn from the International Standards on Auditing (ISA’s) for auditing financial statements and ISAE 3410 Assurance Engagements on Greenhouse Gas Statements, which was actually the first specific standard in the field of sustainability information from the IAASB. In addition to the standards, ISSA 5000 draws on publications such as the discussion paper of the IAASB’s Integrated Reporting Working Group Ten key challenges for assurance engagements on emerging forms of external reporting (
The standard can be used by practitioners (accountants and other auditors) under the premise that:
- members of the engagement team and the engagement quality reviewer are subject to the provisions of the International Code of Ethics for professional accountants (including independence standards) of the International Ethics Standards Board (IESBA code) OR professional requirements or requirements in law or regulation that are at least demanding as the IESBA code and;
- the practitioner who is performing the engagement is a member of a firm that is subject to IAASBs International Standard on Quality Management (ISQM 1) Quality Management for Firms That Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements OR professional requirements or requirements in law or regulation that are at least demanding as ISQM 1.
Because the standard is stand-alone ISSA 5000 covers the key features of ethics and quality management (see also paragraph 2.3). In addition, the International Ethics Standards Board for Accountants issued in January 2025 International Ethics Standards for Sustainability Assurance (IESSA) that is focused on sustainability assurance practitioners (
2.1.2. Scalability and flexibility
ISSA 5000 is very relevant in the European context of the CSRD, yet the aim of ISSA 5000 is that it can be applied to a broad scope of sustainability information, not only covering broader sustainability reports, but also information on environmental matters (such as greenhouse gas emissions), information on social matters (such as labor practices and diversity) and information on governance (such as on risk management and on oversight of sustainability matters). ISSA 5000 also acknowledges the diversity in how sustainability information can be presented and is applicable to the wide range of reports, such as sustainability information in sustainability reports, annual reports, or integrated reports. The scope of the assurance engagement may extend to all the sustainability information to be reported or only part of that information. In all cases, the practitioner must ensure that the scope of the assurance engagement is clearly defined to ensure that stakeholders understand the extent to which the sustainability information has been subject to assurance. ISSA 5000 also acknowledges that sustainability information can be compiled using different types of criteria such as local regulations, international frameworks, or voluntary standards. In addition to flexibility, also scalability is an important feature. The principles and procedures outlined in ISSA 5000 remain applicable whether the engagement involves a small business or a large multinational corporation. In various parts of ISSA 5000 this scalability is further explained. Due to the flexibility and scalability, the standard can accommodate the variety in the growing demand for sustainability assurance.
2.1.3. Structure
The standard covers the entire assurance process, from the principles for accepting an assurance engagement to communication via the assurance report. The standard includes requirements and application material. Application material provides more details about how to apply or interpret the particular requirement. The standard covers 53 pages of requirements (212 requirements) and around 130 pages of application material (602 statements), plus some appendices and four illustrations for the content of assurance reports. Figure
- Scope, definitions, quality- and ethics-management and the preconditions for the assurance engagement;
- the process of performing the evidence-gathering procedures and evaluating the evidence and come to the conclusion;
- the assurance report, content, form of conclusion and subsequent events.
Figure
| Sustainability assurance process |
|---|
| 1. Planning |
| 2. Materiality |
| 3. Risk assessment procedures |
| - Understanding the sustainability matters and the sustainability information |
| - Determining the suitability of the applicable criteria |
| - Understanding the entity’s reporting policies |
| - Understanding the entity and its environment |
| - Understanding the legal and regulatory framework |
| - Inquiries and discussion with appropriate parties |
| - Understanding components of the entity’s system of internal control |
| - Evaluating design and implementation of controls |
| - Identifying control deficiencies |
| - Identifying and assessing risks of material misstatements at disclosure level (Limited Assurance-LA) and assertion level (Reasonable Assurance-RA) |
| - Evaluating evidence obtained from risks assessment procedures |
| 4. Designing and performing further procedures |
| - Overall responses |
| - Responding to fraud or non-compliance with laws and regulations (NOCLAR) |
| - Test of controls |
| - Substantive procedures |
| - Analytical procedures |
| - Sampling |
| - Estimates and future-looking information |
| - Revising risk assessment (RA) – Determining whether additional procedures are necessary (LA) |
| - Entity’s process for assembling sustainability information |
| 5. Accumulating and considering identified material misstatements and effect of uncorrected misstatements |
| 6. Evaluating the description of applicable criteria |
| 7. Subsequent events |
| 8. Written representations from management and those charged with governance |
| 9. Considering other information and material inconsistencies or material misstatements |
| 10. Forming the assurance conclusion |
| 11. Preparing the assurance report |
The other half of the standard deals with the acceptance of the assurance engagement, the quality of the assurance engagement and the communication on the assurance engagement, including via the assurance report. There are relatively many requirements with respect to the assurance report. This is in my view good, because, in practice, worldwide there were many differences in the content of assurance reports and, in the end, this is what the intended user will see from the assurance engagement.
There is also a separate appendix, which clearly explains the distinction between the sustainability matter (topic or aspect of the topic) and the information about the sustainability matter. Understanding this distinction is important to prevent a possible expectation gap (
Paragraph 2.2 describes the key concepts in ISSA 5000 and describes how in the requirements the challenges in sustainability assurance as earlier identified by the IAASB (
2.2. Key concepts and requirements in ISSA 5000
2.2.1. Limited and reasonable assurance
The standard provides much more clarity between the differences in nature, timing and extent of the work effort in a reasonable and a limited assurance engagement. Where applicable, this is shown in separate boxes. Reasonable assurance is defined in article 18 as: In a reasonable assurance engagement, the practitioner reduces the engagement risk to an acceptable low level in the circumstances of the engagement as the basis for the practitioner’s conclusion. Limited assurance has an elaborated description: In a limited assurance engagement the practitioner reduces engagement risk to a level that is acceptable under the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement…The nature, timing and extent of procedures performed in a limited assurance engagement is limited compared with that necessary in a reasonable assurance engagement but is planned to obtain a level of assurance that is, in the practitioner’s professional judgment, meaningful. To be meaningful, the level of assurance obtained by the practitioner is likely to enhance the intended users’ confidence about the sustainability information to a degree that is clearly more than inconsequential.
The description of a limited assurance engagement conveys that limited assurance enhances a continuum. What is meaningful in the practitioner’s professional judgement may vary between more than inconsequential up to almost reasonable assurance. It is explicitly mentioned that the procedures in a limited assurance engagement will vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. ISSA 5000 shows the different procedures to be performed for reasonable and limited assurance engagements in separate boxes (see also Table
| Limited assurance | Reasonable assurance |
|---|---|
| Emphasis on inquiry, underlying documents and analytical procedures | Emphasis on more in-depth understanding of internal control system, analytics with detailed expectations, tests of details using multiple sources and procedures |
| • Risk of misstatements at disclosure level | |
| • Inquiry to understand IC | |
| • Limited understanding of IT | • Risks of misstatements at assertion level |
| • If testing the operating effectiveness then more in-depth understanding of controls, incl IT | • Inquiry and other procedures to understand IC in more detail |
| • Design and existence IC and if testing the operating effectiveness then understanding of each relevant control, incl IT | |
| • Less emphasis on test of controls and obtaining evidence from external sources | |
| • Analytical procedures focused on finding misstatements | |
| • No or few test of details: | • Verifying reliability of sources that will be used to perform further procedures on |
| • Fewer items to test | |
| • Fewer procedures | • Tests of details using multiple internal and external sources and different types of procedure |
| • Less site visits | |
| • Use of more aggregated data | • Analytical procedures – aimed at identifying fluctuations or relationships that are inconsistent with other relevant information or differ significantly from expected and precise quantities or ratio’s |
| • Use of data that has not been subject to separate procedures to test reliability | |
| • Analytical procedures – aimed at identifying fluctuations or relationships that are inconsistent with other relevant information or differ significantly from expected result | • If so → Inquiries of management and obtaining additional evidence and perform other procedures |
| • Estimates and forward-looking information – idem limited assurance plus test how estimate was developed, evaluate in method selected the assumptions used and appropriateness of data, development of own point estimate | |
| • If fluctuations, inconsistencies or significant differences from expectations → inquiries of management and depending on responses consider additional procedures | |
| • Estimates and forward-looking information – application of requirements criteria, methods used appropriately and consistent and changes, if any, appropriate |
2.2.2. Criteria
The practitioner must ensure that the criteria used by the entity to report sustainability information are suitable for the assurance engagement. Suitable criteria are key to assess the sustainability information because they embody the requirements for the sustainability information, both in relation to content and quality. ISSA 5000 clearly notes that if criteria are unsuitable for a reasonable assurance engagement, they are also unsuitable for a limited assurance engagement. If the criteria are unclear or insufficient, the practitioner needs to request the entity to establish more robust criteria or, in extreme cases, exclude the information on the sustainability matter from the assurance engagement, if this is permitted within laws and regulations or otherwise consider the impact on the assurance conclusion. ISSA 5000 therefore dedicates especially in the application material many explanations to suitable criteria, as can be seen under the sections about preconditions for the assurance engagement, the engagement acceptance and continuance and under the risk assessment procedures.
Framework criteria and entity-developed criteria
To be suitable, the criteria need to be relevant, complete, reliable, neutral, understandable and available to the intended users. These characteristics are further explained in ISSA 5000. ISSA 5000 distinguishes between framework criteria and entity-developed criteria. The application material shows that there is a broad range of framework criteria from those embodied in laws and regulations up to those in scholarly journals or developed for sale on a proprietary basis. Framework criteria embodied in law or regulation or established by an authorized or recognized organization that follows a transparent due process may be presumed to be suitable in the absence of indicators of the contrary. ISSA 5000 is criteria-neutral and therefore no references to particular criteria are included. However, one can think of the Global Reporting Initiative (GRI), the International Sustainability Standards Board (ISSB) or the Task Force on Climate-Related Financial Disclosures (TCFD). In practice, entities use criteria from multiple frameworks (
Fair presentation criteria and compliance criteria
ISSA 5000 distinguishes between fair presentation criteria and compliance criteria. The term “fair presentation criteria” is used to refer to a sustainability reporting framework that requires compliance with the requirements of the framework and (a) acknowledges explicitly or implicitly that, to achieve fair presentation of the sustainability information, it may be necessary for management to provide information beyond that specifically required by the framework; or (b) acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework to achieve fair presentation of the sustainability information. Such departures are expected to be necessary only in extremely rare circumstances (article 18).
The CSRD and ESRS can be seen as fair presentation criteria (
2.2.3. Materiality and a risk-based approach
ISSA 5000 provides detailed guidance on the two concepts that are key during the whole assurance engagement: (assurance) materiality and the assessment of a risk of a material misstatement (ROMM). Materiality is not defined in article 18, except for performance materiality. To prevent confusion with materiality used by the entity to select the most material topics, ISSA 5000 refers to this as the entity’s process to identify sustainability information to be reported. In a separate appendix the relation between the entity’s materiality process and that of the practitioner is explained (appendix 2). ISSA 5000 provides detailed guidance on the assessment of this process as part of the evidence-gathering procedures on the internal control system. ISSA 5000 emphasizes the importance that the entity has a suitable process for identifying the sustainability information to be reported, including the topics, aspects of topics and the reporting boundary. Otherwise, the sustainability information may be incomplete, not relevant, or obscure material sustainability information. Therefore, the more precise suitable criteria on the company’s process for identifying material sustainability information are, the less opportunity for management bias there will be.
The materiality-assessment of the practitioner for identifying and evaluating material misstatements at the disclosure level includes much guidance in the section on the planning procedures and distinguishes between two types of materiality:
- Materiality for qualitative disclosures; and
- Materiality for quantitative disclosures.
There is no difference between limited or reasonable assurance engagements, because materiality is based on the relevance to the information needs and decisions of the intended users.
Also the CSRD has been taken into account. Article 99 explicitly addresses: If the applicable criteria require the entity to apply both financial materiality and impact materiality in preparing the sustainability information, the practitioner shall take into account both perspectives when considering or determining materiality.
In considering or determining materiality, the practitioner considers disclosures that may be important to intended users. For sustainability information there may be many different types of users. However, in ISSA 5000 the practitioner may assume the common information needs of the intended users as a group. In addition, the application material shows that the practitioner may assume that intended users are informed users, for example by having reasonable knowledge of sustainability matters, understanding materiality concepts and understanding inherent uncertainties involved in measuring or evaluating the sustainability matters.
ISSA 5000 provides especially in the application material much guidance on qualitative factors that may be of relevance when considering materiality for qualitative disclosures and even for quantitative disclosures. Sustainability information covers various types of matters and as a result ordinarily, materiality is considered or determined for different types of disclosures. ISSA 5000 includes much guidance on performance materiality for quantitative disclosures. Quantitative disclosures may include financial information that is also reported in the financial statements, such as training expenses. The materiality for such disclosures can be different than for the audit of financial statements. The context in which the information is presented is different and often it is much more highlighted and thus may require a lower level of materiality. Materiality can be revised as a result of a change in the circumstances during the assurance engagement.
Assurance engagements are designed using a risk-based approach that is iterative and dynamic and can therefore be refined or revised during the course of the assurance engagement. ISSA 5000 requires the risk assessment procedures to be designed and performed to identify and assess risks of material misstatement (ROMM), for the limited assurance engagement at the disclosure level and for the reasonable assurance engagement at the assertion level for the disclosures. For a limited assurance engagement, the ROMM is less specific than for a reasonable assurance engagement because it is based on more limited information. A material misstatement occurs when the sustainability information reported by the entity deviates from the criteria to such an extent that it could result in different decisions by the intended users. This may arise from error or fraud, or unintended misstatements and it includes omissions, incorrect and biased information. ROMM may occur due to for example the complexity of the data, management bias, or weaknesses in the entity’s internal controls. In addition to considering individual types of misstatements, ISSA 5000 also includes considering the aggregation risk that arises when sustainability information is disaggregated (over components) and consider what types of errors or omissions would potentially constitute a material misstatement when aggregated with other misstatements, including the aggregate of uncorrected and undetected misstatements.
Table
2.2.4. Immature internal control systems
In principle, it is management of the entity that is responsible for designing, implementing and maintaining such internal controls that management determines is necessary to enable the preparation of sustainability information in accordance with the applicable criteria that is free from material misstatement, whether due to fraud or error. This is confirmed in the engagement letter and in the letter of representation. ISSA 5000 provides quite detailed information on the various components of an internal control system. It follows largely the components as identified earlier by COSO on internal control systems in the context of sustainability information (COSO 2023). The elements in ISSA 5000 relate to:
- the control environment
- the entity’s risk assessment process
- the entity’s process for monitoring the system of internal control
- the information system and communication, including:
- understanding the entity’s process to identify sustainability information to be reported
- understanding how information from external sources is recorded, processed, corrected and incorporated
- evaluating the information system to support the preparation of the sustainability information and
- control activities.
The descriptions in ISSA 5000 relate to a mature internal control system, while entities are still developing their sustainability information systems and related internal controls. On the immaturity itself there is limited guidance in ISSA 5000 other than that this increases the risks of a material misstatement and would require obtaining more persuasive evidence as noted in A427. Also, it is noted that robust criteria are helpful: The greater the degree to which the reporting framework or law or regulation specifies in detail the sustainability information to be reported, the lower the risk of material misstatement may be as there is less opportunity for management bias (A383). However, including only the areas where the processes are more mature is not always permitted by law. Because scalability is an important feature of ISSA 5000, the application material of ISSA 5000 does include some guidance on less complex entities where information systems are likely to be less sophisticated (A381).
2.2.5. Responding to risks of material misstatement
After the risk assessment procedures, the practitioner needs to design further procedures to respond to those risks and gather further evidence that supports the conclusion. The procedures to be performed will vary depending on whether the engagement is aimed at obtaining reasonable or limited assurance. In a reasonable assurance engagement, the practitioner performs a wide range of procedures. Substantive procedures may include tests of details, such as verifying the accuracy of sustainability metrics, reconciling recorded data, reperforming calculations, and analytical procedures. Control testing involves evaluating the effectiveness of the entity’s internal controls over sustainability reporting, ensuring that the systems in place can produce reliable information. For limited assurance engagements, the nature, timing and extent of procedures are more limited in scope. Table
2.2.6. Qualitative and forward-looking information
One of the challenges in sustainability assurance is the qualitative nature of various information. Some qualitative disclosures may be factual and directly observable or easy to obtain evidence on. Other qualitative disclosures may be inherently judgmental and susceptible to management bias. Although ISSA 5000 includes much guidance on the potential ROMMs, on the procedures to obtain further evidence there is limited guidance other than how this is governed by reviewing the entity’s information system or the source of information (A241).
ISSA 5000 provides more guidance on forward-looking information, both under the section on evidence (art.89) and the section estimates and forward-looking information (art. 146), especially in the application material. Reporting criteria may require disclosure of the entity’s intended future strategy, targets, future plans or other intentions. For such forward-looking information, the practitioner is not required to obtain evidence about whether the strategy, target or intention will be achieved, or to come to a conclusion to that effect (A452). The practitioner does have to consider, based on the practitioner’s knowledge and experience, whether there are reasons to believe that the forward-looking information is clearly unrealistic. In addition, evidence can be obtained from minutes of meetings or reports on the business’s operations to evaluate whether management or those charged with governance have an intention and ability to follow the strategy, the target or intention actually exists or whether here is a reasonable basis for the intended strategy or target. Sometimes the reporting criteria themselves include how to develop estimates and forward-looking information and the related disclosures, including selecting and using appropriate methods, assumptions and data. Then the practitioner needs to evaluate whether the method has been appropriately selected and applied, whether the assumptions are appropriate and whether the data that have been used are appropriate. For a reasonable assurance engagement, a more detailed point estimate needs to be developed (see Table
2.2.7. Evidence gathering, professional judgement and documentation
Proper documentation is the cornerstone of a high-quality sustainability assurance engagement. ISSA 5000 has separate requirements for documentation in each section. These requirements are shown in one appendix in the implementation guide (
The sufficiency and appropriateness of evidence are critical considerations in sustainability assurance. Therefore, what constitutes sufficient and appropriate is explained in ISSA 5000. The practitioner must ensure that the evidence gathered is reliable, relevant, and adequate to support the assurance conclusion. Due to the difference in nature, timing and depth of the assurance procedures, the type of evidence in a reasonable assurance engagement is different from that in a limited assurance engagement. Especially for limited assurance engagements it may be difficult to conclude when sufficient and appropriate evidence has been gathered.
Reading ISSA 5000 one may notice that the practitioner quite often will need to apply professional judgement during the course of the sustainability assurance engagement. Such decisions include the type of action that is most appropriate in the circumstances. Therefore, the engagement circumstances and the conclusion reached need to be properly documented. Examples of professional judgement include considering materiality, the risks of material misstatement, the nature, timing and extent of procedures to be performed, evaluating whether sufficient and appropriate evidence has been obtained, the type of conclusion to draw based on the evidence obtained, but also the appropriateness of qualitative disclosures or forward-looking information.
The more robust the reporting criteria are, the less professional judgment will be needed. Sustainability is however a matter on which views on what it enhances will continuously change in time, and as a result reporting criteria for sustainability information will always change in time. Therefore, it is important to document under which engagement circumstances the professional judgement was made.
2.2.8. Forming the conclusion and assurance report
The assurance report is the key deliverable to users of the sustainability information. ISSA 5000 provides detailed guidance on the structure and content of the assurance report, ensuring that it is clear, transparent and informative. In a reasonable assurance engagement, the practitioner’s conclusion is expressed in positive terms, indicating that the sustainability information is free from material misstatement. In contrast, a limited assurance engagement uses negative terms, stating that based on the procedures performed nothing has come to the practitioner’s attention to suggest that the sustainability information is materially misstated. Therefore, for limited assurance engagements the assurance report must include a summary of the work performed.
ISSA 5000 requires for the assurance report that certain elements are included in the assurance report as a minimum. Although this is referred as a short form assurance report, the number of elements to be included is quite a lot, and various wording is prescribed. In this way there is much similarity to the financial auditor’s report. What is new as a basic element, if applicable, is “Inherent Limitations in Preparing the Sustainability Information” (art. 190g). If such inherent limitations are fundamental for the intended user’s understanding this section can be included to draw the attention to the inherent limitations management encountered when preparing the sustainability information, such as for certain estimates, forward-looking information, or information from the upstream or downstream valuechain. The application material also notes that the practitioner can describe the effects on the practitioner’s procedures. Including such a paragraph does not imply that the practitioner needs to obtain less sufficient and appropriate evidence. The IAASB notes that such a specifically headed section is seen as more appropriate than including inherent limitations in an “Emphasis of Matter” paragraph. It is the intention that practitioners tailor such a paragraph to the facts and circumstances of the assurance engagement. ISSA 5000 itself has no examples to prevent boilerplate wording by practitioners, but the implementation guidance contains three examples: estimates, forward-looking information and value chain information.
In addition to the short form style of reporting, containing only the basic elements (art. 190) ISSA 5000 allows also for the option of a long form style of assurance report (A567). Long-form reports include other information and explanations. ISSA 5000 requires that if additional information is included that it should be clearly separated and noted that this is not intended to affect the practitioner’s conclusion (art.189).
Additional information may include:
- Emphasis of Matter paragraph: to draw the intended users’ attention to a matter presented or disclosed in the sustainability information that, in the practitioner’s judgment, is of such importance that it is fundamental to intended users’ understanding of that information. An Emphasis of Matter paragraph can only draw attention to a matter which is presented or disclosed by management in the sustainability information;
- Other Matter paragraphs: to communicate a matter other than those that are presented or disclosed in the sustainability information that, in the practitioner’s judgment, is relevant to intended users’ understanding of the engagement, the practitioner’s responsibilities or the assurance report. For example, the scope of the engagement has changed significantly from the prior period;
- Findings related to particular aspects of the engagement;
- Recommendations: if relevant to the intended user and clearly worded to prevent that it will be understood as a qualification to the practitioner’s conclusion; or
- Additional information: such as details on the competencies of the multidisciplinary team or details on the considerations of materiality.
Although ISSA 5000 notes that the widespread use of emphasis of matter paragraphs and other matter paragraphs may diminish the effectiveness of the conclusion, in this current stage of sustainability assurance the long form of reporting, in my view, maybe insightful to the intended users.
The IAASB has not included key assurance matters (KAM) in ISSA 5000 because respondents to the draft ISSA 5000 noted that communicating KAM in a limited assurance engagement could be confusing to the intended users given that already a Summary of Work Section was required. The IAASB may consider KAM in the future in a post-implementation review of ISSA 5000 (
Overall, in my view, it is very good that ISSA 5000 provides much more guidance on the content of the assurance report, since they are very different worldwide. In contrast to the NBA in the Netherlands, in many countries there are no templates made available by professional bodies on the content of the sustainability assurance report.
2.3. Ethics and quality management
2.3.1. Ethics and quality management
In the comments to the draft ISSA 5000 it was noted by various stakeholder groups that key principles should be further explained in ISSA 5000 itself. Therefore, in ISSA 5000 more requirements and application material were included on quality and ethics. In addition, IESBA issued a separate pronouncement: International Ethics Standards for Sustainability Assurance (IESSA); a 250 pages document with requirements and application material (
ISSA 5000 describes quality requirements at the firm level and at the engagement level. The firm level requirements describe the key characteristics of a quality management system, that is aimed at a continuous improvement process to ensure that the firm can consistently deliver high-quality assurance services, even when the complexity of sustainability engagements increases. The quality requirements at the engagements level, include that the engagement leader is ultimately responsible for ensuring that the engagement is conducted in accordance with professional standards and that the conclusions reached are appropriate given the evidence obtained. This includes overseeing the work of the engagement team, reviewing key judgments and conclusions, and ensuring that any issues or concerns are addressed promptly.
2.3.2. Multidisciplinary teams and using the work of experts
ISSA 5000 dedicates much attention to the competence of the team. It is a prerequisite to perform the engagement. Sustainability assurance engagements often require specialized knowledge of environmental, social, and governance issues, in addition to traditional assurance skills. It is the engagement leader’s responsibility that all involved in the engagement collectively have the appropriate competence in sustainability, competence and capabilities in assurance skills and techniques, and sufficient time, to perform the engagement. This involves members of the engagement team, and any practitioner’s external experts and internal auditors who provide direct assistance. Within larger audit firms engagement leaders can often compose an in-house multidisciplinary team. Still there may be a need for work by experts in particular areas. Smaller firms will often have to engage with external experts. ISSA 5000 defines a practitioner’s expert as: An individual or organization possessing expertise in a field other than assurance, whose work in that field is used by the practitioner to assist in obtaining sufficient appropriate evidence. A practitioner’s expert may be either a practitioner’s internal expert (who is a partner or staff, including temporary staff, of the practitioner’s firm or a network firm), or a practitioner’s external expert. When using the work of an internal or external expert, the practitioner must assess the expert’s competence and objectivity and determine whether the expert’s work can be relied upon as assurance evidence. To take the responsibility for the conclusions reached this assessment includes reviewing the methods used by the expert, their conclusions, and any potential biases that could affect their conclusions. ISSA 5000 allows to refer in the assurance report to the practitioner’s expert, if it remains clear that the practitioner has sole responsibility for the assurance conclusion expressed (art.192 and A574). The practitioner can also consider using the work of internal auditors when performing certain assurance procedures. If there is an internal audit department, they are often involved in operational audits that increasingly include sustainability matters. Internal auditors, while not independent of the organization, therefore may be able to provide valuable insights into the organization’s sustainability controls and reporting processes. ISSA 5000 also includes the requirements and steps to be taken for using the work of another practitioner who has already performed an assurance engagement on some information that is part of the sustainability assurance engagement.
2.2.3. Professional skepticism
Professional skepticism, being an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of evidence, is an essential attitude that practitioners must have when performing the assurance procedures. ISSA 5000 explains this concept, what behavior or skills may support the exercise of professional skepticism, what might impede professional skepticism and what actions can be taken to mitigate those impediments. ISSA 5000 discusses how practitioners should exercise professional skepticism when reviewing sustainability disclosures, ensuring that they are not influenced by management’s representations. Sustainability information is often subject to high levels of uncertainty, particularly when it involves forward-looking disclosures or qualitative judgments. Maintaining professional skepticism involves critically evaluating the evidence obtained during the engagement. Practitioners must be alert to inconsistencies or contradictions in the data, as well as any potential biases in the way the sustainability information has been reported. Sustainability disclosures may be subject to “greenwashing” where entities overstate their environmental achievements to improve their public image. Since good sustainability performance becomes more relevant to investors and access to finance, also the risk of fraud increases. ISSA 5000 provides guidance on potential fraud risks in relation to sustainability information, such as potential manipulation of sustainability data.
3. Relationship with European and Dutch sustainability assurance standards
In Europe from reporting year 2024, entities that need to report sustainability information in accordance with the CSRD and the European Sustainability Reporting Standards (ESRS), also need to have a limited assurance engagement on the mandatory sustainability information. The CSRD provides for the adoption of a limited assurance standard by the European Commission by October 2026 and originally envisaged the adoption of a standard for reasonable assurance by October 2028. However, in the Omnibus proposal the requirement for reasonable assurance in the future has been deleted. The CSRD states that Member States may adopt national standards or pronouncements as long as the European Commission has not adopted European standards. The European Commission asked the Central European Auditing Oversight Board (CEAOB) for advice on developing the European sustainability assurance standard (
The CEAOB provided input on the development of ISSA 5000 (
The input of the CEAOB to the IAASB focused on the requirements for limited assurance and ensuring that much of the European developments are considered in ISSA 5000 (CEOAB 2023). The focus of ISSA 5000 on all practitioners and not just statutory auditors aligns with the options within the CSRD. In addition, the request of the CEAOB to clarify the relevant ethical and quality requirements in ISSA 5000 itself was granted. Further, various elements of the specific European context as highlighted by the CEAOB can be seen in ISSA 5000 such as the double materiality, attention to fraud and ‘greenwashing’, the attention to particular forward-looking information and compliance with specific legal provisions. With respect to the assurance report however the CEAOB’s comments that it should be concise (
Pending the adoption by the European Commission of an assurance standard the European Commission asked the CEAOB to develop non-binding guidelines to facilitate harmonization amongst Member States. The CEAOB published in September 2024 non-binding guidelines for limited assurance engagements under the CSRD, immediately after the IAASB approved ISSA 5000. They don’t have the status of a standard and should be read in conjunction with any national or other rules applicable. Although the CEAOB guidance doesn’t contain any reference to ISSA 5000, it is clear that ISSA 5000 forms an important basis, as was requested by the European Commission (
In addition to some ‘standard’ elements for the assurance report, the CEAOB guidelines contain the option to include emphasis of matters paragraph(s) or a description of key (assurance) matters addressed by the practitioners during the limited assurance engagement. As noted in paragraph 2.2.8 ISSA 5000 does not have any reference to key assurance matters.
The question now is whether the European Commission is going to endorse ISSA 5000. The IAASB calls upon policymakers and practitioners to adopt ISSA 5000. We are pleased that the European Commission has asked the CEAOB to advise the Commission on how to incorporate ISSA 5000 into CSRD-related requirements. This commitment to a global baseline has and will serve as a catalyst for other jurisdictions to use ISSA 5000 as well. (
ISSA 5000 does address many of the elements in CSRD, but because it is a global standard, it does not incorporate the specific requirements unique to Europe, such as the Taxonomy Regulation. In the view of the IAASB, jurisdictions can add on requirements to meet their regulatory mandates. The European Commission asked the CEOAB for technical advice by May 2025 for the development of EU specific add-ons (and possible carve-outs) to ISSA 5000 to be used for the preparation of the Delegated Act adopting limited assurance sustainability standards. Carve-outs will cover items which are contradictory with EU legal provisions, if any, and those specific to reasonable assurance. Add-ons will cover items not or not appropriately covered by ISSA 5000. In my view it is therefore likely that the European Commission will only use the ISSA 5000 material with respect to limited assurance engagements, will add particular material for the European context and will hopefully not do any carve-outs. With respect to the assurance report the European Commission will come with a version that is tailored to the CSRD-ESRS and the Taxonomy Regulation.
In the Netherlands the CSRD is not yet implemented in national law. The Netherlands therefore have exceeded the legal transposition period. The draft legislative proposal that is currently on hold until there is more clarity on the impact of the Omnibus (
ISSA 5000 thus forms an important basis for the European sustainability assurance standards and therefore, once these will become available in 2026. Practitioners may refer to both the European sustainability standards and ISSA 5000 if they are not contradictory and if the practioner still complies with ISSA 5000.
4. Summary and conclusion
The development of ISSA 5000 comes just in time given the increasing demand for sustainability assurance worldwide. Sustainability information is increasingly required in various laws and regulations worldwide and stakeholders such as investors are requiring relevant and reliable sustainability information to make informed decisions about the environmental, social, and governance (ESG) performance of an organization. It is very good that ISSA 5000 can be used by both accountants and other practitioners. This will increase consistency and aligns with current practice where both accountants and other practitioners are already performing sustainability assurance engagements.
It is also good in this regard that the standard comprises not only requirements for planning, executing, and reporting on sustainability assurance engagements, but also includes ethical and quality requirements. Internationally, there is a wide variety in subject matters for sustainability assurance and in addition various types of reporting criteria are used to compile the sustainability information. ISSA 5000 provides the flexibility to be applied in these different circumstances. In addition, ISSA 5000 is scalable and can be applied for sustainability assurance engagements on sustainability information from large and small entities.
ISSA 5000 represents a significant advancement in the harmonization of sustainability assurance practices. While the IAASB already issued in 1997 the draft version of the assurance framework to acknowledge other types of assurance engagements than financial statement audits, the IAASB never initiated the deep dive into standards for sustainability information. With ISSA 5000 the IAASB, in my view, took again its frontrunner role to prevent international inconsistencies that can undermine the relevance of assurance engagements.
Because the standard was developed using previous materials from the IAASB and other existing materials, such as the sustainability assurance methodologies of large audit forms, in my view, it doesn’t lead to an increasing burden for existing practices. In addition, there is consistency with the ISAs. This accommodates not only an integrated assurance approach at entities that have both a financial audit and a sustainability assurance engagement performed, but also accommodates financial auditors who are increasingly performing sustainability assurance engagements.
In conclusion, ISSA 5000 is an important development that influences the execution of European sustainability assurance engagements. It supports high quality sustainability assurance. Sustainability assurance in turn assures that sustainability disclosures are accurate, reliable, and meaningful to stakeholders. This leads to better informed decisions and helps to drive positive change in business practices and eventually contributes to a more sustainable future. In my view, a perfect fit to the societal role the accountancy profession and other assurance practitioners have.
Prof. dr. A.E.M. Kamp-Roelands RA - Nancy, professor non-financial information, integrated reporting and assurance at the University of Groningen. She was the deputy director of the IAASB from 2013–2016, a member of the sustainability expert advisory panel of the IAASB/IFAC from 2005–2011 and a member of the IAASB project group for the development of the first draft of ISAE 3410.
References
- CEAOB [Committee of European Auditing Oversight Boards] (2023) Comment letter relating to IAASB’s proposed ISSA 5000 (ED5000). 1 December 2023. https://finance.ec.europa.eu/system/files/2023-12/231201-ceaob-comment-letter-iaasb-issa-5000_en.pdf
- CEAOB [Committee of European Auditing Oversight Boards] (2024) CEAOB guidelines on limited assurance on sustainability reporting. 30 September 2024. https://finance.ec.europa.eu/document/download/8ac2df18-2ae1-4bc7-9d87-a4a740e48f5e_en?filename=240930-ceaob-guidelines-limited-assurance-sustainability-reporting_en.pdf
- COSO [Committee of Sponsoring Organizations of the Treadway Committee] (2023) Achieving effective internal control over sustainability reporting (ICSR): Building Trust and Confidence through the COSO Internal Control—Integrated Framework. https://www.coso.org/_files/ugd/719ba0_0b33989b84454d1682399ab5c71e49cb.pdf
- European Commission (2024a) Frequently asked questions on the implementation of the EU corporate sustainability reporting rules – Q 70. Published on 7 August 2024. https://finance.ec.europa.eu/publications/frequently-asked-questions-implementation-eu-corporate-sustainability-reporting-rules_en
- European Commission (2024b) Request for the adoption of non-binding assurance guidelines and for a technical advice for the development of EU specific add-ons and carve-outs (if applicable) to be included in the Delegated Act adopting limited assurance sustainability standards based on the final version of ISSA 5000. Published 7 March 2024. https://finance.ec.europa.eu/system/files/2024-03/240307-ceaob-commission-letter-non-binding-assurance-guidelines_en.pdf
- European Commission (2025) Questions and answers on simplification Omnibus I and II. 26 Published February 2025.
- IAASB-IRWG [International Auditing and Assurance Standards Board – Integrated Reporting Working Group] (2016) Supporting Credibility and Trust in Emerging Forms of External Reporting: Ten Key Challenges for Assurance Engagements. August 2016. www.iaasb.org/_flysystem/azure-private/publications/files/IAASB-Discussion-Paper-Integrated-Reporting_0.pdf
- IAASB [International Auditing and Assurance Standards Board] (2021) Non-Authoritative Guidance on Applying ISAE 3000 (Revised) to Sustainability and Other Extended External Reporting Assurance Engagements. April 2021. https://www.iaasb.org/publications/non-authoritative-guidance-applying-isae-3000-revised-sustainability-and-other-extended-external
- IAASB [International Auditing and Assurance Standards Board] (2023) Exposure draft International Standard on Sustainability Assurance 5000. August 2023. https://www.iaasb.org/publications/proposed-international-standard-sustainability-assurance-5000-general-requirements-sustainability
- IAASB [International Auditing and Assurance Standards Board] (2024a) International Standard on Sustainability Assurance 5000. November 2024. https://www.iaasb.org/publications/international-standard-sustainability-assurance-5000-general-requirements-sustainability-assurance
- IAASB [International Auditing and Assurance Standards Board] (2024b) Frequently Asked Questions ISSA 5000. https://www.iaasb.org/publications/issa-5000-frequently-asked-questions
- IAASB [International Auditing and Assurance Standards Board] (2024c) Basis for Conclusions November 2024. https://www.iaasb.org/publications/international-standard-sustainability-assurance-5000-general-requirements-sustainability-assurance
- IAASB [International Auditing and Assurance Standards Board] (2025a) International Standard on Sustainability Assurance 5000 – Implementation Guide. January 2025. https://www.iaasb.org/publications/issa-5000-implementation-guide
- IAASB [International Auditing and Assurance Standards Board] (2025b) Frequently Asked Questions. https://www.iaasb.org/publications/issa-5000-frequently-asked-questions
- IESBA [International Ethics Standards Board for Accountants] (2025) International Ethics Standards for Sustainability Assurance (including International Independence Standards) and Other Revisions to the Code Relating to Sustainability Assurance and Reporting. January 2025. https://www.ethicsboard.org/publications/final-pronouncement-international-ethics-standards-sustainability-assurance-including-international
- Kamp-Roelands N (2002) Towards a framework for auditing environmental reports. https://pure.uvt.nl/ws/portalfiles/portal/485107/kamp-roelands.pdf
- Kamp-Roelands N (2022) Assurance bij duurzaamheidsinformatie, wat is de status bij Nederlandse beursfondsen? (Assurance on sustainability information: what is the status at Dutch listed entities?). Maandblad voor Accountancy en Bedrijfseconomie 96(3/4): 89–100. https://doi.org/10.5117/mab.96.83110
- Kamp-Roelands N, De Waard DA (2025) Op maat verklaard: een transparant assurancerapport. [To be published]
- KPMG (2024) The move towards mandatory sustainability reporting – Survey of sustainability reporting 2024. https://assets.kpmg.com/content/dam/kpmgsites/xx/pdf/2024/11/the-move-to-mandatory-reporting-web-copy.pdf.coredownload.inline.pdf
- NBA [Nederlandse Beroepsvereniging van Accountants] (2022) NV COS 3810N Assurance bij duurzaamheidsverslaggeving. https://www.nba.nl/nieuws/2022/november/publicatie-herziene-standaard-3810n/
- NBA [Nederlandse Beroepsvereniging van Accountants] (2024) Projectpagina Herziening Standaard 3810N (Projectpage Revision Standard 3810). Last revision 7 March 2024. https://www.nba.nl/wet--en-regelgeving/projecten-regelgeving/definitief/2022/herziening-standaard-3810n/
- RVO Rijksdienst voor Ondernemend Nederland] (2025) Overzicht Omnibus I: Voorstel voor vereenvoudiging van Europese duurzaamheidswetgeving (Proposal for simplification of European sustainability legislation). Published 29 april 2025. https://www.rvo.nl/onderwerpen/omnibusvoorstel
- Seidenstein T (2024) Strengthening the Foundations of Sustainability Reporting: ISSA 5000 and Assurance, Core Elements of Building Trust, key-note speech at webinar: Shaping the Future of Sustainability Assurance Engagements, organized by IFAC, Accountancy Europe. https://www.iaasb.org/news-events/2024-11/strengthening-foundations-sustainability-reporting-issa-5000-and-assurance-core-elements-building
- UNCTAD [United Nations Conference on Trade and Development] (2024) Review of progress in harmonization and practical implementation of sustainability reporting, assurance and ethical considerations. https://unctad.org/system/files/official-document/ciiisard109_en.pdf