External assurance standards provide guidelines on financial and non-financial reporting, helping to build trust and confidence in the information being published. 

It  is becoming more common in the UK, especially for ESG (environmental, social, and governance) reporting, thanks to increased demand for more reliable reporting and new regulations, such as the Corporate Sustainability Reporting Directive (CSRD). 

External assurance standards in the UK include the Financial Reporting Council's (FRC) Ethical Standard for Auditors and the standards set by the International Federation of Accountants (IFAC). 

FRC Ethical Standard for Auditors: This standard applies to audits of financial statements and other public interest assurance engagements. It applies to both the public and private sectors. 

IFAC standards: These standards are based on the International Standards on Auditing (ISAs) and International Standard on Quality Control (ISQC). They are published by the IFAC. 

Assurance standards cover a company’s  responsibilities for designing, implementing, and operating a quality management system for audits and reviews of financial statements. 

Common external assurance standards include: SAE 3000, AA1000 series, ISO 14001, GRI Standards, SASB standards.

ISAE 3000

ISAE 3000 is an international standard for assurance engagements that are not audits or reviews of financial information. It provides guidelines for the quality, performance, and ethical behaviour of these engagements. (1) 

The standard used in the UK to provide assurance on non-financial information, essentially acting as a framework for evaluating controls and processes within a company such as data security or operational efficiency, compliance with regulations, sustainability reporting, and information systems. (2)

It is mandatory for public interest assurance engagements specified by the FRC – these as yet unspecified. It is voluntary for other assurance engagements unless the FRC has issued a subject matter specific assurance standard relevant to the engagement. (1)

ISAE 3000 can be used to assess a wide range of subject matter and provides a general framework for performing assurance engagements, outlining the principles and procedures that practitioners should follow. 

An ISAE 3000 report would typically describe the scope of the engagement, the criteria used to evaluate the subject matter, and the auditor's opinion on the effectiveness of controls. 

The FRC has issued subject matter specific assurance standards for:

• Financial statement audits carried out in compliance with International Standards on Auditing (UK)

• Engagements providing assurance to the Financial Conduct Authority about client assets.

• Interim financial information reviews guided by the International Standard on Review Engagements (UK and Ireland) 2410

• Accountants acting in connection with investment circulars - the Standards for Investment Reporting (2)

ISAE (UK) 3000 covers assurance reports from September 15th 2020. Companies and personnel are subject to the FRC’s Ethical Standard requirements as well as sources such as the ICAEW Code of Ethics. Areas include:

• Management roles with an entity relevant to an engagement

• Loan staff assignments

• Financial interests held as trustee

• Financial interests held by firm pension schemes

• Partners and engagement team members joining and entity relevant to an engagement

• Employment with the firm

• Governance role with an entity relevant to an engagement

• Long association of the firm with engagements and entities relevant to engagements

• Remuneration and evaluation policies. (1)

AA1000 series

The AA1000 series is a set of standards helping companies to demonstrate accountability, responsibility, and sustainability. They are based on principles of inclusivity, materiality, responsiveness, and impact. The series has been developed by AccountAbility, a global advisory and standards firm. (3)

AA1000 are principles-based frameworks used by global businesses, private enterprises, governments, and other public and private organisations to demonstrate leadership and performance in accountability, responsibility, and sustainability.

AA1000 standards

• AA1000 Stakeholder Engagement Standard (SES): A framework that helps organisations engage with stakeholders in a balanced way. 

• AA1000 Assurance Standard (AA1000AS): Helps organisations demonstrate compliance with internationally accepted sustainability frameworks. 

• AA1000 AccountAbility Principles (AA1000AP): Guidelines for organisations that support implementation of the other standards. 

The AA1000 standards can help companies demonstrate leadership and performance,  while improving relations with regulators, investors, and stakeholders. 

AA1000 principles

• Inclusivity: Involving stakeholders in sustainability management

• Materiality: Identifying and understanding most relevant sustainability issues

• Reactivity: Handling stakeholder issues responsibly and transparently

• Impact: Monitoring and measuring the impact of activities.

ISO 14001

ISO 14001 is an international standard outlining requirements for a company’s environmental management system (EMS). It can help to improve environmental performance by reducing waste and using resources more efficiently. (4)

ISO 14001:

• Helps reduce waste and use resources more efficiently

• Helps gain the trust of stakeholders and a competitive advantage

• Provides a framework to follow.

Key elements

• Environmental policy: must be relevant to products, services, and activities.

• Planning:  included are identifying environmental risks and opportunities: developing environmental objectives and targets 

• Implementation and operation: includes putting the plan into action 

• Checking and corrective action: includes identifying and addressing issues 

• Management review: includes reviewing the EMS and making improvements. (4) 

ISO 14001 has a commitment to continual improvement, identifying environmental risks and opportunities, and developing clear environmental objectives and targets. 

ISO 14001 benefits
EMS implementation can give a company a systematic means to control environmental impact, with potential cost savings from greater productivity and efficiency. ISO14001 can provide a structure to develop higher levels of environmental performance and commitment to these goals.

GRI standards

Global Reporting Initiative (GRI) standards provide guidance for companies to report effectively on sustainability performance,  covering environmental, social, and governance (ESG) aspects. 

The standards are relevant to many stakeholders, including companies, investors, policymakers, capital markets, and civil society. 

The purpose of GRI is to hold companies and others accountable for environmental and social impacts, help them to report impacts in a transparent and comparable way, and to better understand impacts on people, the economy, and the environment.

Key elements

• Universal Standards: The foundation of GRI reporting, including the Foundation (GRI 101), General Disclosures (GRI 102), and Management Approach (GRI 103) 

• Topic Standards: Disclosures for specific topics, such as waste, occupational health and safety, and tax 

• Sector Standards: Criteria for different sectors (5)

Companies can use GRI to set reporting boundaries, identify material topics and engage stakeholders, while collecting relevant data and establishing reporting processes, allied to performance indicators and targets.

GRI helps companies:

• compare performance against others in their sector

• identify and reduce risks

• seize new opportunities

• become more transparent and trusted

SASB standards

Sustainability Accounting Standards Board (SASB) Standards are a framework for reporting on a company's environmental, social, and governance (ESG) impact. The standards help investors make informed decisions about a company's value and performance. (6) 

The standards:

Identify material issues, such as those around sustainability which could impact a company's financial performance. 

Group issues into five dimensions: environment, human capital, social capital, business model and innovation, and leadership & governance. 

Provide accounting metrics, to help companies measure and report on material issues. 

Benchmark with industry peers, providing means to compare a company with others in the same sector. 

While companies can use SASB Standards to report on their ESG impact, investors can reference them to make informed decisions about a company's value and performance. 

In 2022, the International Sustainability Standards Board (ISSB) of the IFRS Foundation took responsibility for the SASB Standards. 

Who uses external assurance?

In SaveMoneyCutCarbon’s experience, companies, particularly those focused on sustainability or ESG reporting, primarily use external assurance to verify the accuracy and reliability of their data and disclosures to stakeholders like investors, customers, regulators, and employees.

The goal is to build trust and credibility in reporting by having an independent third-party review the information, which is particularly important when reporting on ESG metrics where external assurance can demonstrate a commitment to transparency and accountability. 

Investors seek external assurance on ESG data to make informed investment decisions based on reliable information, while regulators may require companies to undergo external assurance, especially for certain types of reporting such as  sustainability data. 

Customers can often consider a company's ESG performance when making purchasing decisions, so external assurance can be valuable for building trust, while creditors and lenders may use external assurance to evaluate a company's financial health and sustainability practices before extending credit. 

There can also be pressure from NGOs and activist groups who might seek external assurance on sustainability claims. 

What are the benefits of external assurance?

External assurance can provide many benefits including:

• Accuracy -  Helping to identify and correct errors, gaps, and inconsistencies in data while improving  the quality and relevance of reports

• Trust - Help build trust and confidence with investors, customers, regulators, and employees. Demonstrate commitment to accountability and transparency

• Compliance - Can help to ensure compliance with standards and frameworks, identify gaps in policies or controls, reduce the risk of errors or fraud

• Learning and performance - Provide feedback and recommendations to set sustainability goals, help identify areas for improvement, enhance learning and performance.

• Attraction and retention – Help to attract and retain investors, customers, employees, and partners.

• ESG – improve ESG performance. (7)

Bibliography

1 “ISAE (UK) 3000” (Accessed February 2025) https://www.icaew.com/technical/audit-and-assurance/assurance/isae-uk-3000

2 INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (UK) 3000 (JULY 2020) (Accessed February 2025) https://www.frc.org.uk/getattachment/2dc92f3e-df64-47d8-a9de-0292795fc8c3/ISAE-(UK)-3000-Jul-2020.pdf

3“30 Years of Setting the Standard for Sustainability” (Accessed February 2025) https://www.accountability.org/standards

4 “ISO 14001 Summary” (Accessed February 2025) https://14000store.com/articles/iso-14000-info-iso-14001-summary/

5 “Continuous improvement” (Accessed February 2025) https://www.globalreporting.org/standards/

6“Understanding the SASB Standards” (Accessed February 2025)  https://sasb.ifrs.org/implementation-primer/

7 “The Value of External Assurance” (Accessed February 2025)https://sustainabilityknowledgegroup.com/the-value-of-external-assurance/