CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

Dan Goelzer is a member of’s Advisory Board. We are pleased to republish a portion of his March-April 2021 Audit Update. My colleague Lynn Jokela also blogged on about this CAQ resource.

In July 2020, the Center for Audit Quality (CAQ) released a web-based report outlining the evolving role of auditors in ESG reporting. See The Role of Auditors in Company-Prepared ESG Information: Present and Future and New Report Reveals How Auditors Enhance The Reliability of Company-Reported ESG Information (CAQ Press Release, July 1, 2020). The 2020 CAQ report also examines the types of ESG information companies disclose and the reporting standards and frameworks for presenting ESG data. 

The CAQ has now issued a companion publication, The Role of Auditors in Company-Prepared ESG Information: A Deeper Dive on Assurance (March 2021). This report discusses the assurance services that auditors can provide to enhance confidence in ESG reporting and why companies may seek assurance on their ESG disclosures. The new publication also includes issues that boards should consider when planning to obtain assurance on ESG information. Audit committees may find this publication of particular interest, since the decision to retain the financial statement auditor to provide assurance on ESG reporting would fall within the committee’s responsibilities. Key points in the new publication that may be useful to audit committees considering third-party ESG assurance are summarized below. 

Why Might a Company Seek Assurance on ESG Information?

The CAQ suggests five reasons why a company might decide to obtain assurance of ESG disclosures: 

  • The board may want to assess whether public disclosures about ESG are of high quality, particularly considering the importance investors are increasingly placing on ESG performance. 
  • ESG disclosures are important to investors in understanding the company’s long-term value creation strategy, and third-party assurance can provide “insight into the reliability of management’s assertions, data, and disclosures.” 
  • Assurance can enhance management’s confidence in the company’s ESG disclosure, including in “the data, processes, procedures, expertise, and oversight necessary to produce reliable ESG information.” 
  • Third-party assurance can enhance the reliability of ESG information in the eyes of non-investor stakeholders, such as customers, suppliers, and prospective employees. 
  • Assurance may impact a company’s rankings and ratings on sustainability indices, such as the Dow Jones Sustainability Index. 

The 2020 CAQ report (cited above) includes examples of auditor-provided assurance on ESG disclosures.

Why Engage a Public Company Auditor to Provide Third-Party Assurance? 

Assurance on ESG reporting can be provided by a range of professionals, including audit, engineering, and consulting firms. (The latter two would provide “certification” or “verification” services). An audit firm can perform a review or examination attestation in accordance with the AICPA’s Statements on Standards for Attestation Engagements. The CAQ explains that an auditor attestation engagement differs from assurance obtained from other types of providers because, among other things, the auditor is required to be independent; required to maintain a system of quality control; and required to adhere to continuing professional education, ethics, and experience requirements. 

The CAQ notes that a public company may use the same accounting firm for both its financial statement audit and for attestation of its ESG information. “Performing a review or examination engagement of a public company’s ESG information is considered a permissible service for the independent accounting firm performing the financial statement audit, subject to pre-approval from the audit committee.” 

What ESG Information Can Be in the Scope of an Attestation Engagement? 

In an attestation engagement performed under the AICPA’s standards, the auditor obtains assurance that the information that is the subject of the attestation is measured, evaluated, or presented in accordance with specified criteria. The auditor’s ability to perform an attestation engagement depends on the information to be evaluated and the availability of measuring criteria. For example, quantitative metrics reported in accordance with the standards of the Sustainability Accounting Standards Board or the Global Reporting Initiative can be the subject of an attestation. In contrast, qualitative statements that cannot be measured or evaluated against a set of criteria may not be appropriate for an attestation engagement.

What Level of Attestation Service Can Be Obtained on ESG Information?

The CAQ describes two types of attestation engagement: 

  • Examination: An examination performed by an auditor results in an independent opinion indicating whether the ESG information is, in all material respects, in accordance with the specified criteria. An examination engagement provides the closest equivalent to the reasonable assurance obtained in a financial statement audit. 
  • Review engagement: Review engagements are more limited in scope than examination engagements. The objective of a review engagement is for the auditor to express a conclusion about whether any material modifications should be made to the ESG information for it to be in accordance with the specified criteria. 


The new CAQ report concludes with a series of questions that boards may want to ask of management as part of considering whether a company that is disclosing ESG information should enter into an attestation engagement. The 2020 CAQ report also suggests questions for board members when discussing ESG reporting with management and investors. 

Comment: As noted in ESG is Rapidly Becoming an SEC Priority in this Update, ESG reporting is likely to be a high priority SEC disclosure issue in 2021 and beyond. Further, investor demand for and use of ESG information has grown rapidly during the last several years and is continuing to increase. Audit committees will need to focus on what their company is disclosing and what systems and controls are in place to ensure that such disclosures are accurate and reliable. In this environment, third-party assurance of ESG disclosures is likely to become more common and may eventually be an SEC requirement. The CAQ’s publication is a good introduction to the subject of auditor ESG assurance. It is a topic with which many audit committees may need to become familiar. 

On Audit Committees

The EY Center for Board Matters has issued How audit committees can prepare for 2021 Q1 reporting. Climate change, and ESG issues more broadly, are a focus of the Biden Administration and the SEC. If ESG metrics are key performance indicators in an SEC filing, it is critical that audit committees consider: 

  • Data quality and controls. 
  • Disclosure processes and controls. 
  • Consistency in disclosures across the company’s various external reporting outlets (e.g., SEC filings, earnings releases, annual report and shareholder letter, and sustainability report). 
  • The role of internal and external audit. (Ed. note: I’ve written about this previously on how internal audit can benefit ESG disclosures here and here.

The EY Center’s report also lists the top ten global risks in 2021, as determined by the World Economic Forum (WEF). According to the WEF, the three highest 2021 risks, based on likelihood of occurrence, are extreme weather, climate action failure, and human environmental damage. The greatest risks, ranked by impact, are infectious diseases, climate action failure, and weapons of mass destruction. The Center suggests that “audit committees should evaluate whether management has considered these global risks in its risk assessments and risk mitigation strategies to be adaptive to the changing external environment.” 

Comment: While the EY Center’s report is aimed specifically at first quarter reporting, the topics discussed have broad relevance and are a good checklist for matters that audit committees may want to focus on throughout the current year. The list of issues is extensive and detailed, and audit committees may want to review it to identify any gaps in, or additions to, the issues the committee plans to consider in the first quarter of 2021 and beyond. For other agenda suggestions, see What Should be on the Audit Committee’s 2021 Agenda?, January-February 2021 Update.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile