Guidance for Stakeholders Using

AA1000AS (2008) Assurance Statements

September, 2009

September, 2009

Contents

Purpose of this guidance

A. Guidance for stakeholders using assurance statements

A.1. The Purpose of AA1000AS (2008) Assurance

A.2. The Assurance Process

A.3. Understanding an Assurance Statement

B. Informative Annexes

14

B.1 The AA1000 Series

14

B.2 The AA1000 Series in Translation

15

B.3 Keeping the AA1000 Series up-to-date

16

B.4 Useful References

17

B.5 Certification of Sustainability Assurance Practitioners

20

B.6 AA1000 Assurance Provider Membership and Licensing

22

B.7 AccountAbility Standards Technical Committee

23

B.8 About AccountAbility

24

September, 2009

Purpose of this guidance

This guidance is for stakeholders who may read assurance statements based on
AA1000AS (2008).
It aims to help the reader understand both what the assurance process involves and
how to read and understand the various sections of an AA1000AS (2008) assurance
statement.
This guidance is one of three guidance documents that support the AA1000AS (2008).
The other two are Guidance for Reporting Organisations Seeking Assurance to
AA1000AS (2008) and Guidance for AA1000AS (2008) Assurance Providers.
The standards and supporting documents can be freely downloaded from
www.accountability21.net/aa1000series

September, 2009

A. Guidance for stakeholders using assurance statements

A.1 The Purpose of AA1000AS (2008) Assurance
Companies are increasingly striving to present a positive and reliable picture of their
sustainability performance in their sustainability reports. For this they need readers to
take the information seriously. An important element of this process is obtaining an
independent view on whether stakeholders have been engaged, whether the company
understands and has responded to its most relevant issues and also whether the
information in their report is accurate. This process is called assurance.
AA1000AS (2008) is the standard used by independent assurance providers to ensure
they follow a rigorous process which ends with insightful, valuable and understandable
findings and conclusions in a public statement.
It includes an evaluation of the extent to which an organisation has adhered to the
AccountAbility Principles of Inclusivity, Materiality and Responsiveness. It may also
include an evaluation of the reliability of certain elements of sustainability
performance information such as carbon emissions or health and safety data.
Assurance based on the AccountAbility Principles is more than just checking the
reliability of data. One of the underlying concepts for AA1000 is that it is crucial to
know that the information is actually important to the organisations ability to create
private and public value, not just if the information is accurate.
Assurance does have its limits though. The assurance statement does not provide an
opinion on whether the company is performing well on sustainability. It does not mean
that all the important issues to every stakeholder are reported. Nor does it provide
absolute assurance that everything is correct, this would be very time-consuming (and
in some instances impossible). For opinion statements on performance stakeholder
panels, or individual opinions can support formal assurance.

September, 2009

A.2. The Assurance Process

At its most basic, sustainability assurance is about providing certainty about a
statement made by someone else. It means having an external party review and
evaluate evidence in order to come up with a conclusion on whether publicly disclosed
sustainability information is presented in a fair and balanced way.
The assurance providers role is not to judge the organisations performance, but
simply to ensure that the report provides a fair and reliable basis for readers to make
up their own minds.
It is important to know what the scope of the assurance engagement (what was
included and what wasnt), what criteria were used in the evaluation process, and
what and how evidence has been gathered and evaluated. Knowing this allows the
reader of the statement to make a judgement about the quality of the conclusions and
recommendations and how credible the organisations public disclosures are.
Before the assurance engagement begins, the assurance provider and reporting
organisation agree on what will be covered during the assurance process. For an
AA1000AS (2008) assurance engagement the assurance provider will evaluate an
organisations adherence to the AA1000 AccountAbility Principles as a minimum but
may also evaluate the reliability and accuracy of certain elements of sustainability
performance information.
When performing sustainability assurance the assurance provider gathers evidence.
This evidence usually includes documents, interviews, site visits and other analyses.
The evidence is then evaluated against agreed criteria.
The evaluation of this evidence enables an assurance provider to develop conclusions
and recommendations relating to how well the company has adhered to the AA1000
AccountAbility Principles. They may also provide conclusion on the reliability and
accuracy of disclosed information on sustainability performance and the systems and
processes used to gather, manage and communicate this information.
The assurance process is often iterative. Preliminary findings may lead the assurance
provider to challenge the reporting organisation on certain points. The assurance
providers role is to question the reporting organisation on issues where they feel that
5

September, 2009

what is being disclosed does not match the evidence they have collected. When this
iterative process takes place over the course of the reporting period rather than at the
end of the reporting period it gives the assurance provider a better opportunity to
understand and observe the systems and processes. It makes the assurance process
more valuable to the reporting organisation and readers of the assurance statement.
An end of pipe approach rarely produces the same depth of understanding and
therefore the conclusions are often less meaningful.
The conclusions and recommendations are publicly communicated in an assurance
statement. The statement also outlines the work done to arrive at those conclusions.
The reporting organisation does not have the right to revise or edit the assurance
statement which will most commonly be published in the organisations sustainability
report. It is the statement that needs to communicate to readers if the information
and systems behind it are credible.

September, 2009

A.3. Understanding an assurance statement

As the statement is the public output of an assurance process it is important that any
reader understands how to read these statements.
An AA1000AS (2008) assurance statement is required to include the following
information, although some statements may include additional information.
Understanding what each requirement asks for can help readers understand assurance
statements better and therefore benefit from using them more. Understanding what is
expected in an assurance statement can also help you distinguish the good statements
from the less good.
The following headings each outline one element of what is required in an AA1000AS
(2008) statement, what this means and why it is important.
Intended users of the statement
An assurance statement must identify the audience it is addressing, i.e. who it is
written for.
At its broadest the assurance provider will identify all stakeholders, or all readers as
the audience, but this will not always be the case.
Other assurance providers will state that the audience of the assurance statement is
just the executive management and board of the organisation. This is usually done for
legal liability reasons.
The user of the statement should take the declared audience into consideration when
reading the statement, but irrespective of the declared audience, any audiences may
read the statement and benefit from its findings.
Responsibilities of the reporting organisation and the assurance provider
An assurance statement should explain what the reporting organisation is responsible
for (this would usually be preparing the report) and what the assurance provider is
responsible for (this would usually be assessing the information in the report).
7

September, 2009

It must be clear that there is no conflict of interest in the roles and responsibilities. A
possible form of conflict is when the assurance provider has consulted on strategies
covered by the report, or has helped prepare the report.
Assurance Standard used
If AA1000AS (2008) is used by the assurance provider it must be stated in the assurance
statement.
Description of the scope of the assurance engagement, including the Type of
assurance
The statement must describe the scope of the assurance engagement, that is, the
boundaries to the evidence gathering and evaluation on which the conclusions in the
assurance statement are based.
AA1000AS (2008) allows for two types of scope.

Type 1, AccountAbility Principles: evaluation of adherence to the AA1000

AccountAbility Principles by looking at policies, practices, management systems
and processes and performance

Type 2, AccountAbility Principles and Performance Information: evaluation of

the principles plus the reliability of specified disclosed performance
information and the underlying systems that generate this information

Type 1 contains the unique aspect of AA1000 assurance, the principles. During this type
of assurance engagement the aim is to evaluate evidence with a review to providing a
conclusion in relation to each principle. The aim is not to undertake a detailed analysis
of the information and conclude whether it is reliable or not. The aim of a Type 1
assurance statement is to give readers confidence that the organisation is being
inclusive and adequately engaging stakeholders, that they have a comprehensive
understanding of what the most important sustainability issues are for them and that
they are responding to these issues.
An example of where Type 1 is valuable is when for example a tobacco company has
failed to talk about health implications, or an energy company has failed to address
8

September, 2009

climate change. In these examples an assurance is required to ask why and if no

reasonable explanation is provided, explain to readers of the statement that there
have been important omissions.
Type 2 considers all of the questions above in the same way, but it goes a step further
and requires a detailed evaluation of whether particular pieces of information are
reliable. For example an assurance provider could conclude in a Type 2 statement that
the organisation involves stakeholders and understands and responds to its most
important issues, but the data on CO2 is not reliable because of the way the data has
been collected or aggregated. A Type 1 would not give you the second part of this
conclusion. A further example would be when a company makes a qualitiative claim
e.g. our cars are the greenest. If this specific piece of information was included in a
Type 2 statement, the assurance provider would have to find out what this claim is
based on whether the evidence adequately supports the wording of this statement.
The assurance statement must state the type of assurance clearly in the statement.
Description of disclosures covered
The statement must identify the disclosures (i.e. reports or information) covered
during the assurance engagement and by the assurance statement.
This is important since more organisations are publishing information in a range of
places and formats and not always in a single report. There may be a summary report
supported by a detailed report and in depth data on a web site. There may be different
reports for different audiences: one for employees, one for shareholders, one for
communities or other stakeholders.
Since assurance is based on information that is publicly disclosure it must clearly state
what disclosure(s) its findings and conclusions relate to.
The statement must also be clearly attached to the disclosure in question. It is
important not to confuse assured from non-assured information.

September, 2009

Description of methodology
An assurance statement should provide a description of the assurance process and the
work done.
A description of the work done will include a description of the evidence gathering
methods., which may include site visits, document analysis and interviews. For
example, an assurance provider may state the number of interviews held and sites
visited, the sampling method used and the basis for the sampling method.
This is important particularly if you are interested whether particular sites where
visited in the field.
The amount and type of work done will vary on various things including the scope of
the engagement, the level of assurance (see below) and the type/sector of the
organisation.
Limitations
An assurance statement should mention any limitations in the sustainability report, the
engagement scope and the evidence gathering.
Any limitations, such as the unavailability of important evidence or the lack of
willingness to answer questions, should be reflected in the conclusions.
This will give the reader a sense of whether there are any caveats to the overall
conclusions, this information is useful in judging the credibility of the whole
statement.
Reference to criteria used
The assurance statement should state the criteria and standards the assurance provider
used to conduct the assurance engagement.
This will be particular criteria the assurance provider and reporting organisation have
agreed to use to evaluate particular issues against.

10

September, 2009

If you are interested in the conclusions on a particular topic you may be interested in
knowing what the criteria were used for that element as this again helps a reader
understand more about the credibility of the process.
Levels of assurance
There are two levels of assurance, high and moderate.
High assurance provides users with a high level of confidence in the reporting
organisations disclosures, underlying systems and processes such that the risk of their
conclusion being in error is not zero but very low.
Moderate assurance enhances the users confidence in the reporting organisations
disclosures, underlying systems and processes such that the risk of their conclusion
being in error is reduced but not reduced to zero but very low.
Levels of assurance relate to the depth of investigation and therefore the depth and
breadth of evidence evaluated by the assurance provider. A high level of assurance is
based on a greater depth and breadth of evidence. Understanding the level of
assurance obtained allows you as user to come to your own conclusion about the
credibility of the report.
To illustrate the difference between moderate and high imagine you go to a
childrens playground and are asked to check whether the ballpool contains only red
balls. You can do this to different degrees of detail and then give different opinions
about your conclusions.
In the first instance you ask to see the delivery notice which says all the balls delivered
were red and you also look at the ballpool to check whether, as far as you can see, the
balls are all red.
In the second instance you do the same as above, but you also get into the ballpool and
pick up a random number of balls from all over the ballpool, right down to the bottom
of the pool and check whether they are all red.

11

September, 2009

The first scenario gives a moderate level of confidence that all the balls are red, the
second a high level of confidence. Neither gives absolute certainty. This is obviously a
very simplified example and in practice involves more complexity.
If AA1000AS (2008) is used alongside ISAE 3000 (a non-financial assurance standard
developed by the accounting profession) the levels may be described as reasonable and
limited.
Findings and conclusions concerning the AA1000 AccountAbility Principles
An assurance statement must provide conclusions on adherence to the AA1000
AccountAbility Principles (AA1000APS 2008). These conclusions should provide
information on how an organisations systems, processes, policies and commitments
allow them to adhere to the AA1000 AccountAbility Principles of Inclusivity, Materiality
and Responsiveness.
A conclusion on adherence to the Principles is not a statement of compliance but
rather a statement on the current nature and extent of adherence.
Some assurance providers turn the three principles in a question to be answered in
their conclusions for examples:
Inclusivity: Does organisation X engage with stakeholders and involve them in
organisational decision making?
Materiality: Does organisation X identify the issues relevant and significant to it and
its stakeholders and include these in its disclosures?
Responsiveness: Does organisation X respond to stakeholder issues and feedback
through decisions, actions, performance and communication?
Conclusions should be written clearly and concisely in language that will enable the
intended audience (and other readers) to understand the assurance providers
conclusions.

12

September, 2009

Findings and conclusions concerning the reliability and accuracy of performance

information
An assurance statement for a Type 2 assurance engagement must also provide
conclusions on the reliability and accuracy of specified performance information.
The conclusions should also address the quality and credibility the systems and
processes used to gather, manage and communicate this information. The conclusion
on this are likely to much crisper and cleaner than the more subjective conclusions in
relation to the principles. The key question to be answered here is can I rely on the
information as stated, is it reliable.
Conclusions should also highlight any material omissions or misstatements.
Observations and/or recommendations
An assurance statement may include observations and recommendations related to
adherence to the AA1000 AccountAbility Principles and, for Type 2 assurance,
performance information.
These observations and recommendations may address the robustness of processes and
systems, opportunities for improvement, and past performance and future objectives
and give a more rounded and useful picture to the reader.
Competence and independence of the assurance provider

There must be an assertion in the statement of the assurance providers competence

and independence. The basis for this competence and independence may also be
stated but need not be. However, the provider must be able to defend the assertion of
competence and independence if asked to by appropriate bodies.
An important benchmark for assurance practitioner competence is the CSAP (Certified
Sustainability assurance practitioner) requirements, but due to the multi-disciplinary
nature of sustainability assurance other skills such as those of a certified accountant or
environmental auditor are crucial.

13

September, 2009

It is good practice for CSAP practitioners to use these initials after their name in a
statement if they are certified. Independence can be demonstrated by asserting
adherence to appropriate independence policies or adherence to an appropriate code
of ethics and conduct.
Name of the provider
The statement should be signed by the provider. There is flexibility here. But at a
minimum the name of the organisation providing the assurance must be stated. Some
organisations will include the name of the lead provider; other will also include key
team members.
Date and place
Since the statement is refers to information already disclosed the statement must be
dated.

14

September, 2009

B. Informative Annexes
B.1 The AA1000 Series
The AA1000 Series is comprised of:
AA1000APS (2008) AccountAbility Principles Standard
AA1000AS (2008) Assurance Standard
AA1000SES (2005) Stakeholder Engagement Standard
The series is supported by Guidance Notes and User Notes. The Guidance Notes, for
example, Guidance for the Use of AA1000AS (2008), provide information on how to
apply the standards. The User Notes provide examples of the use of the standards.
These standards can be freely downloaded from the AccountAbility website
www.accountability21.net/aa1000series

15

September, 2009

B.2 The AA1000 Series in Translation

The AA1000AS (2003) has been translated into a number of languages. Translating the
standard into multiple languages enables wider international use of the standard, a
greater depth of understanding at the local level and increased consistency in the
quality of assurance engagements worldwide.
It is our intention to translate AA1000APS (2008), AA1000AS (2008) and the Guidance on
the Use of the AA1000AS (2008) into a number of languages. AccountAbility is always
looking for partners to work with to translate the standard into new languages. If
partnering on this is of interest, please contact the Head of Standards at
AccountAbility.

16

September, 2009

B.3 Keeping Standards up-to-date

Standards are living documents that reflect progress in principles, practice, methods
and science. To maintain their currency, all standards are periodically reviewed (at a
minimum every five years) and where warranted new editions are published. Between
editions, amendments may be issued. Standards may also be withdrawn. It is important
that readers assure themselves they are using the current standard, which should
include any amendments which may have been published since the standard first
appeared.
Detailed information on The AA1000 Series of standards can be found on the
AccountAbility web site: www.accountability21.net/aa1000series
We welcome suggestions for improvement of our standards and encourage readers to
notify us immediately of any apparent inaccuracies or ambiguities. Please address any
comments to the Head of Standards at AccountAbility.

17

September, 2009

B.4 References

AA1000APS (2008)

Stakeholder Engagement

The Stakeholder Engagement Standard, AA1000SES

Stakeholder Engagement Manual, Volume 2

www.accountability21.net/publications.aspx?id=904

Critical Friends - Stakeholder Panels Report www.stakeholderpanels.net

www.accountability21.net/publications.aspx?id=1088

Reporting

GRI G3 Guidelines
www.globalreporting.org/ReportingFramework/G3Guidelines/

Accounting for Good: the Global Stakeholder Report 2005 (The Second Worldwide Survey on Stakeholder Attitudes to CSR Reporting) Pleon Kohtes Klewes
GmbH / Pleon b.v., 2005 ~

ACCA (2004) The Future of Sustainability Assurance

www.accaglobal.com/publicinterest/activities/research/reports/sustainable_a
nd_transparent/rr-086

Canadian Reporting guidance www.sustainabilityreporting.ca

Context (2006) Reporting in Context 2006: Global Corporate Responsibility

Reporting Trends www.econtext.co.uk/cover_scans/InContext2006.pdf

Corporate Register www.corporateregister.com (Library of Reports)

DEFRA Environmental Reporting Guidelines

www.defra.gov.uk/environment/business/envrp/guidelines.htm

FORGE - Guidelines on Environmental Management and Reporting for the

Financial Services Sector www.abi.org.uk/forge/

Friends of the Earth et al (2004) Lessons Not Learned: The Other Shell Report
www.foe.co.uk/resource/reports/lessons_not_learned.pdf

Prepared by KPMG and SustainAbility for GRI, 2008. "Count me in: The Readers
take on sustainability reporting",

KPMG (2005) KPMG International Survey of Corporate Responsibility Reporting

KPMG/ UNEP (2006) Carrots and Sticks for Starters: Current trends and

18

September, 2009

approaches in Voluntary and Mandatory Standards for Sustainability Reporting

www.unep.fr/outreach/reporting/docs/Public-UNEPKPMG-Report-FIN.pdf

UNEP/Sustainability (2004) Risk and Opportunity: Global Reporters 2004

Survey of Corporate Sustainability Reporting www.sustainability.com

UNEP/Sustainability (2006) Tomorrows Value Global Reporters 2006 Survey of

Corporate Sustainability Reporting www.sustainability.com

WBCSD- www.wbcsd.org/

GEMI (2004) Transparency: A Path to Public Trust www.gemi.org/TransparencyPathtoPublicTrust.pdf

WBCSD (2002) Sustainable Development Reporting: Striking the Balance

Eurobarometer 217: The attitudes of European citizens towards environment
(research Nov 2004, Published April 2005)

UN Global Compact www.globalcompact.org (also document - A practical guide

to Communication on Progress (United Nations Global Compact and Making the
Connection: Using the GRIs G3 Reporting Guidelines for the UN Global
Compacts Communication on Progress)

Environmental, Social and Sustainability Reporting on the World Wide Web: a

guide to best practice (ACCA/Corporateregister.com)

Materiality: Redefining Materiality

www.accountability21.net/publications.aspx?id=1168

Accountability (2006) The Materiality Report: Aligning Strategy, Performance

and Reporting www.accountability21.net/publications.aspx?id=560

Assurance

Assurance: Certification as a sustainability assurance practitioner

www.accountability21.net/publications.aspx?id=368

AA1000AS (2003): www.accountability21.net/publications.aspx?id=288

AA1000AS (2003) Guidance note on Principles:

www.accountability21.net/publications.aspx?id=380

Assurance Standards Briefing AA1000AS (2003) and ISAE3000:

www.accountability21.net/publications.aspx?id=390

User Note on the Application of the Principles of Materiality, Completeness and

Responsiveness as they Relate to the AA1000 Assurance Standard
www.accountability21.net/publications.aspx?id=1242

19

The Future of Assurance www.accountability21.net/publications.aspx?id=456

Assure View, Corporate Register, 2008

September, 2009

The Materiality Report www.accountability21.net/publications.aspx?id=560

Better Assurance through Better understanding

IFAC Framework

IAASB ISAE 3000

COS 3410N

FEE (2009), Policy Statement on Sustainability: Towards a Sustainable Economy:

the contribution of Assurance

20

FEE, Key Issues In Sustainability Assurance - An Overview

September, 2009

B.5 Certification of sustainability assurance practitioners

IRCA and AccountAbility have established a partnership to provide a professional
qualification in sustainability assurance, the Certified Sustainability Assurance
Practitioner Program (CSAP).
CSAP aims to:
Enable practitioners to develop, validate and communicate their competence in a
systematic manner.
Make it easier for organisations to identify credible assurance expertise.
Improve stakeholder confidence in the expertise of sustainability assurance
professionals engaged by organisations.
Develop a more systematic understanding of key competency requirements for
providing effective assurance, and so establish a basis for informing this and other
standards in future.
CSAP is intended for all practitioners worldwide including:
those who work in CSR departments involved in the development of corporate
accountability programs;
those who work in departments involved in internal (assurance) audit processes;
those who provide consultancy services for organisations on sustainability assurance;
independent assurance providers who undertake assurance processes; and
those just starting out in the area of sustainability assurance.
CSAP offers certification at three grades:
Associate Sustainability Assurance Practitioner: an understanding of the field of
sustainability assurance gained by attending relevant training. This grade is most
relevant to those beginning their career in sustainability assurance, and those involved
in related topics
Sustainability Assurance Practitioner: an active practitioner with demonstrable
experience over a number of assignments with different clients or, for internal
practitioners, over several assurance cycles covering a range of sustainability issues

21

September, 2009

Lead Sustainability Assurance Practitioner: active in the provision of sustainability

assurance and you have led a significant number of sustainability assurance
assignments either internally or as part of external assurance assignments. Experience
in stakeholder engagement as part of assurance assignments is essential, as is the lead
role in forming assurance judgements and the preparation of external or internal
assurance statements.

22

September, 2009

B.6 AccountAbility Assurance Provider Membership and Licensing

Assurance providers can be assurance provider members of AccountAbility.
Use of the standard to provide independent external assurance is under license.
For information on the Assurance provider member program and licensing please go to
the AccountAbility website: www.accountability21.net/aa1000series

23

September, 2009

B.7 AccountAbility Standards Technical Committee

Jennifer Iansen Rogers, KPMG Chair
Glenn Howard Frommer, MTR Corporation
Dominique Gangneux, ERM
Chuck Gatchell, Nike, Inc. (to February 2008)
Sean Gilbert, GRI
Adrian Henriques, Middlesex University
Vernon Jennings, Independent Consultant
Eileen Kohl Kaufman, SAI
Dave Lucas, Eskom
Paul Monaghan, Cooperative Financial Services
Johan Piet, Transparability
Preben J. Soerensen, Deloitte
Chris Tuppen, BT (to February 2008)
Ian Wood, BT (from February 2008)
David York, ACCA

24

September, 2009

B.8 About AccountAbility

AccountAbility (www.accountability21.net) works to promote accountability
innovations for sustainable development. AccountAbility, founded in 1995, is a global,
not-for-profit self-managed partnership with bases in Beijing, Geneva, London, Sao
Paulo and Washington D.C., and country representatives in Brazil, Canada, China,
Jordan, Spain, Sweden and the US.
AccountAbility is a global network of leading business, public and civil institutions
working to build and demonstrate the possibilities for tomorrows global markets and
governance through thought leadership and advisory services. We work to:
Enable open, fair and effective approaches to stakeholder engagement
Develop and reward strategies for responsible competitiveness in companies, sectors,
regions and nations
Create and develop effective collaborative governance strategies for partnerships
and multilateral organisations that are delivering innovation and value
Set and influence sustainability standards

25

September, 2009