What accreditations should a sustainability assurance provider have?

A credible sustainability assurance provider should hold relevant accreditations that demonstrate their competence and quality management. Key accreditations include: ISO/IEC 17029 (Conformity assessment ? General requirements for bodies providing audit and certification of management systems) which is the overarching standard for assurance and validation/verification bodies; ISO 14065 (General principles and requirements for bodies validating and verifying environmental information) which is specifically relevant for GHG verification and environmental assurance; national accreditation under CSRD rules for Independent Assurance Services Providers (IASPs) where applicable; and membership or licensing under professional bodies such as IFAC member bodies for firms applying ISAE 3000. Under the CSRD, assurance providers must be either statutory auditors with sustainability assurance qualifications or IASPs accredited by a national accreditation body. Simply claiming to 'perform assurance' without recognised accreditation is a significant red flag.

Can the same firm that prepared or consulted on our sustainability report also provide assurance?

No ? this creates a fundamental independence conflict known as the 'self-review threat.' If the same firm prepared the sustainability report and then assures it, they are essentially reviewing their own work, which compromises the objectivity and credibility of the assurance conclusion. This is explicitly prohibited under ISAE 3000 independence requirements and under the CSRD's assurance provisions. The same firm should not have provided consulting or advisory services that directly contributed to the preparation of the sustainability information being assured. However, some limited pre-assurance or readiness assessment services may be permissible if they are clearly separated from the formal assurance engagement and do not involve the assurance provider making management decisions or preparing the report. The key test is whether the provider is evaluating information they had a role in creating ? if so, independence is compromised.

What is the difference between Big 4 accounting firms and specialist assurance bodies for sustainability assurance?

Big 4 firms (Deloitte, EY, KPMG, PwC) and specialist assurance bodies bring different strengths. Big 4 firms offer brand recognition, large global teams, and deep experience with ISAE 3000 and financial-grade assurance processes. They are the default choice for the largest listed companies and are well-positioned for CSRD assurance due to their existing statutory audit relationships. However, they are typically the most expensive option, may have less deep sustainability domain expertise (relying more on assurance process expertise), and may have capacity constraints as demand surges. Specialist assurance bodies (such as accredited certification bodies and sustainability assurance firms) often bring deeper sustainability domain expertise, sector-specific experience, and more flexible engagement models. They may offer better value for mid-market companies and organisations seeking voluntary assurance. The trade-off is that they may lack the brand recognition that some stakeholders expect. Certification bodies accredited under ISO 14065 bring strong GHG and environmental verification credentials but may be less experienced with broader ESG assurance covering social and governance topics.

What should be included in an RFP for sustainability assurance services?

A well-structured RFP for sustainability assurance services should include: (1) Company overview ? business description, sector, size, geographic footprint, and organisational structure; (2) Reporting scope ? which sustainability report or disclosures require assurance, applicable frameworks (ESRS, GRI, ISSB), and reporting boundaries; (3) Assurance requirements ? level of assurance required (limited or reasonable), applicable assurance standards (ISAE 3000, AA1000AS, ISSA 5000), specific indicators or topics in scope; (4) Regulatory context ? which regulations drive the requirement (CSRD, SEC, SGX, voluntary); (5) Current maturity ? description of current sustainability reporting processes, data systems, and any prior assurance history; (6) Timeline ? reporting period, expected engagement start and completion dates, report publication date; (7) Evaluation criteria ? how proposals will be evaluated (methodology, team, experience, cost, references); (8) Required information from bidders ? team qualifications, accreditation, relevant experience, methodology description, fee structure, independence confirmation, and references; and (9) Contract terms ? expected engagement terms, liability provisions, and confidentiality requirements.

How much does sustainability assurance typically cost and what are the key cost drivers?

Sustainability assurance costs vary significantly based on several factors. For limited assurance on a sustainability report, costs typically range from ?15,000-?50,000 for mid-market companies to ?50,000-?200,000+ for large multinational corporations. Reasonable assurance costs 2-3 times more than limited assurance due to the significantly more extensive procedures required. Key cost drivers include: (1) Level of assurance ? reasonable vs limited; (2) Scope complexity ? number of indicators, ESRS topics, and disclosures in scope; (3) Organisational complexity ? number of entities, geographies, sites requiring visits; (4) Data maturity ? less mature data systems require more assurance effort to resolve queries and verify data; (5) Provider type ? Big 4 firms typically charge premium rates; (6) First-year premium ? initial engagements cost more as the provider learns the organisation; (7) Site visits ? number and location of physical site visits; and (8) Reporting framework ? CSRD/ESRS assurance may cost more due to the breadth of mandatory disclosures. To manage costs effectively, companies should invest in pre-assurance readiness to improve data quality, clearly define scope upfront, and consider multi-year engagement agreements that provide fee predictability.

How to Choose a Sustainability Assurance Provider

Key Takeaways

Accreditation (ISO/IEC 17029, ISO 14065) and regulatory eligibility (CSRD IASP status) are non-negotiable starting criteria
Independence is the foundation of assurance credibility ? providers who also consult on report preparation create a fundamental conflict
Sector-specific sustainability expertise matters more than general audit experience for meaningful assurance
Provider types (Big 4, specialist bodies, certification bodies, boutique firms) suit different organisational needs and budgets
Cost transparency, clear scope definitions, and references from comparable organisations are essential evaluation criteria

Selecting a sustainability assurance provider is one of the most consequential decisions an organisation makes in its ESG journey. The provider you choose determines the credibility of your assurance statement, the quality of the assurance process, the usefulness of the findings, and ? increasingly under regulations like the CSRD ? your regulatory compliance.

Yet many organisations approach this decision with less rigour than they apply to selecting a financial auditor. Some default to their existing audit firm. Others choose the lowest-cost bidder. Both approaches carry significant risk. This guide provides a structured, criteria-based framework for evaluating and selecting a sustainability assurance provider.

Why Provider Selection Matters

The sustainability assurance market is maturing rapidly, but it remains less regulated and more heterogeneous than financial auditing. This means the quality of assurance varies significantly between providers. A well-chosen provider delivers genuine scrutiny, meaningful findings, and a credible assurance statement. A poorly chosen provider delivers a superficial exercise, a boilerplate statement, and false comfort.

The Stakes Are Higher Than Ever

Several converging trends make provider selection increasingly critical:

Regulatory mandates: The CSRD requires accredited assurance providers ? not all firms that claim to offer sustainability assurance are eligible
Investor scrutiny: Institutional investors increasingly evaluate the quality of assurance, not just its existence ? a weak assurance statement can be worse than no assurance at all
Litigation risk: If sustainability claims are challenged, the quality of the assurance engagement becomes a critical factor in legal defence
Data quality improvement: A good assurance provider drives genuine improvement in your sustainability data and processes; a poor one does not
Multi-year relationship: Assurance is typically an annual engagement ? the provider you choose today will likely serve you for several years

Accreditation: The Non-Negotiable Starting Point

Accreditation is the single most important criterion for selecting a sustainability assurance provider. It provides independent verification that the provider meets recognised quality standards and has the competence to perform assurance engagements.

Key Accreditation Standards

ISO/IEC 17029: The overarching international standard for conformity assessment bodies performing validation and verification. It establishes requirements for impartiality, competence, operational processes, and management systems. A provider accredited to ISO/IEC 17029 has been assessed by a national accreditation body against these requirements.
ISO 14065: Specifically addresses bodies validating and verifying environmental information, including greenhouse gas assertions. This accreditation is particularly relevant for providers performing GHG verification and environmental assurance under standards like ISO 14064-3. Organisations seeking assurance on carbon footprints, emissions data, or environmental performance should prioritise providers with ISO 14065 accreditation.
CSRD IASP accreditation: Under the CSRD, EU Member States can allow Independent Assurance Services Providers (IASPs) to perform sustainability assurance alongside statutory auditors. IASPs must be accredited by the relevant national accreditation body under specific CSRD requirements. This accreditation is essential for non-audit firms seeking to provide CSRD-mandated assurance.
National professional body membership: For statutory auditors providing sustainability assurance, membership in an IFAC member body and registration with the relevant national auditing regulator provides a baseline quality assurance framework.

Why Accreditation Is Non-Negotiable

Unaccredited providers may offer lower fees, but they introduce significant risks:

The assurance statement may not be accepted by regulators (particularly under CSRD)
Investors and rating agencies may not recognise the assurance as credible
The provider may lack the quality management systems to deliver consistent, reliable assurance
If the assurance is later questioned, the absence of accreditation weakens the organisation's defence

Always verify accreditation directly with the relevant national accreditation body ? do not rely solely on the provider's claims.

Independence and Conflict of Interest

Independence is the foundation of assurance credibility. Without it, the assurance statement is merely a paid endorsement. Evaluating independence requires understanding both structural and practical dimensions.

Structural Independence

Structural independence means the assurance provider has no financial, organisational, or operational relationship with the reporting organisation that could compromise objectivity. Key considerations include:

Self-review threat: Has the provider been involved in preparing, consulting on, or advising on the sustainability report or underlying data? If so, they are essentially reviewing their own work ? a fundamental independence violation
Financial interest: Does the provider have any financial interest in the reporting organisation (equity, debt, commercial arrangements beyond the assurance engagement)?
Advocacy threat: Has the provider previously advocated for the organisation's sustainability position or claims?
Familiarity threat: Has the same individual led the assurance engagement for many years, creating a relationship that could compromise professional scepticism?

Practical Independence

Beyond structural factors, practical independence matters:

Fee dependency: If the assurance fee represents a significant portion of the provider's revenue, the provider may be reluctant to issue findings that could jeopardise the relationship
Cross-selling pressure: Some providers use assurance engagements as a platform for selling additional consulting services ? this can compromise the willingness to identify and report issues
Engagement partner rotation: Best practice requires rotation of the engagement partner every 5-7 years to prevent familiarity threats

Critical Rule

The same firm should never both prepare/consult on and assure the same sustainability report. This is the most common and most damaging independence violation in the sustainability assurance market.

Competence and Sector Experience

Sustainability assurance requires a unique combination of assurance methodology skills and sustainability domain expertise. General audit experience alone is insufficient ? the provider must understand the subject matter being assured.

Sustainability Domain Knowledge

The assurance team should demonstrate competence in:

Reporting frameworks: Deep understanding of GRI Standards, ESRS, ISSB (IFRS S1/S2), GHG Protocol, and other applicable frameworks
Environmental metrics: Greenhouse gas calculations, emission factors, energy accounting, water and waste metrics, biodiversity indicators
Social metrics: Workforce data, health and safety statistics, human rights due diligence, community engagement measures
Governance topics: Business ethics, anti-corruption, responsible lobbying, tax transparency
Regulatory landscape: CSRD, SEC climate rules, ISSB adoption, EU Taxonomy, Green Claims Directive

Sector Experience

Sustainability issues and metrics vary significantly by sector. A provider with experience in your sector understands:

Which sustainability topics are material for your industry
Industry-standard methodologies and benchmarks
Common data challenges and their solutions
Regulatory expectations specific to your sector
What "good" looks like in comparable organisations

Ask potential providers for specific examples of assurance engagements in your sector. Generic responses suggesting broad experience across "all sectors" without specifics should be treated with caution.

Team Composition

Evaluate the specific team that will perform the engagement, not just the firm's overall capabilities. Key questions include:

Who will lead the engagement? What are their qualifications and experience?
Will the team include sustainability subject matter experts, or only audit/assurance generalists?
What is the ratio of experienced professionals to junior staff?
Will the team be consistent across the engagement, or will resources be rotated frequently?

Methodology and Assurance Standards

The assurance methodology determines the rigour and reliability of the engagement. Providers should apply recognised assurance standards and follow structured methodologies.

Recognised Assurance Standards

Standard	Issued By	Best For
ISAE 3000 (Revised)	IAASB	General sustainability assurance; CSRD assurance
ISAE 3410	IAASB	Greenhouse gas statements specifically
ISSA 5000	IAASB	New comprehensive sustainability assurance standard (expected to become global baseline)
AA1000AS v3	AccountAbility	Stakeholder-focused assurance; broader sustainability performance
ISO 14064-3	ISO	GHG verification and validation

Methodology Elements to Evaluate

When evaluating a provider's methodology, look for:

Risk-based planning: Does the provider assess risks and tailor procedures accordingly, or apply a one-size-fits-all approach?
Evidence gathering: Does the methodology include substantive data testing, source record verification, and analytical procedures ? or primarily management inquiry and document review?
Site visits: For multi-site organisations, does the provider visit operational sites, or rely entirely on remote procedures?
Materiality assessment: Does the provider define and apply materiality thresholds appropriate to the subject matter?
Quality control: Does the provider have internal quality review processes, including engagement quality reviews for significant engagements?

Provider Types: Comparison and Trade-Offs

The sustainability assurance market includes several categories of providers, each with distinct characteristics. Understanding these trade-offs is essential for making an informed choice.

Provider Type	Strengths	Limitations	Best Suited For
Big 4 Accounting Firms	Brand recognition, global reach, deep ISAE 3000 expertise, statutory auditor eligibility for CSRD	Highest cost, potential independence conflicts if also financial auditor, sustainability domain depth may vary, capacity constraints	Large listed companies, CSRD Wave 1, organisations where stakeholders expect Big 4 brand
Specialist Assurance Bodies	Deep sustainability expertise, focused practice, flexible engagement models, IASP eligibility	Less brand recognition with some stakeholders, smaller geographic footprint, may need local partners for multi-country engagements	Mid-market companies, sustainability leaders seeking substantive assurance, voluntary assurance
Certification Bodies	ISO 14065 accreditation, strong GHG verification capability, systematic audit methodology, multi-site coverage	May be less experienced with broader ESG (social, governance) assurance, may apply certification mindset rather than assurance mindset	GHG verification, ISO 14064, carbon credit projects, environmental-focused assurance
Boutique Consultancies	Personalised service, niche sector expertise, competitive pricing, senior partner involvement	Limited geographic coverage, may lack accreditation, may not meet CSRD eligibility, limited capacity	SMEs, first-time voluntary assurance, niche sectors, pre-assurance readiness

How to Choose Between Provider Types

The right provider type depends on your organisation's specific circumstances:

Regulatory requirement: If you need CSRD-compliant assurance, the provider must be either a statutory auditor or an accredited IASP ? this narrows the field immediately
Stakeholder expectations: If your primary stakeholders (investors, regulators) expect Big 4 brand recognition, this may guide your choice. If stakeholders value deep sustainability expertise, a specialist body may be preferable
Budget: Big 4 firms are typically the most expensive option. Specialist bodies and certification bodies often provide comparable quality at lower cost
Complexity: For large, complex multinational operations requiring site visits across multiple countries, a provider with global coverage is essential. For simpler engagements, a focused specialist may deliver better value
Relationship: Some organisations prefer a provider separate from their financial auditor to maintain clear independence. Others value the efficiency of the same firm doing both

Scope Clarity and Reporting Quality

The quality of a provider's scope definition and reporting significantly affects the value of the assurance engagement.

Scope Definition

A good provider works collaboratively with the organisation to define a scope that is:

Appropriate: Covers all material sustainability topics and all entities within the reporting boundary
Defensible: Exclusions are justified, documented, and disclosed in the assurance statement
Clear: The specific indicators, disclosures, and reporting criteria covered are precisely defined
Progressive: The scope expands over time as reporting matures ? the provider should guide this progression

Reporting Quality

Evaluate the provider's reporting quality by reviewing example assurance statements and management letters. Look for:

Clear, specific scope description ? not generic boilerplate
Detailed procedures summary ? readers should understand what the provider did
Standard-compliant conclusion ? using recognised ISAE 3000 or AA1000AS wording
Actionable management letter ? findings should include root cause analysis, risk assessment, and specific recommendations
Emphasis of matter paragraphs where appropriate ? demonstrating transparency about limitations and uncertainties

Geographic Coverage and Multi-Site Capability

For organisations with operations across multiple countries or sites, geographic coverage is a practical and important consideration.

Key Questions

Does the provider have qualified teams in all relevant geographies, or will they need to subcontract?
Can they conduct site visits in all operational locations?
Do they understand local regulatory requirements and reporting contexts?
How do they manage consistency across multi-country engagements?
Are local teams subject to the same quality control standards as the lead office?

Hub-and-Spoke vs Decentralised Models

Some providers use a hub-and-spoke model, where a central team directs the engagement and coordinates local resources. Others use a decentralised model with local partners. The hub-and-spoke model typically provides better consistency; the decentralised model may offer better local knowledge but requires stronger quality coordination.

Cost Transparency and Fee Structures

Cost is a legitimate consideration, but it should be evaluated in context of value, not in isolation. Beware of both unreasonably low and unreasonably high fees.

Fee Structure Components

Fixed fee: Most assurance engagements are quoted as a fixed fee based on estimated effort. Ensure the fee is based on a realistic effort estimate, not an artificially low bid that will result in scope cuts or additional charges
Travel and expenses: For multi-site engagements, travel costs can be significant. Understand whether these are included in the fixed fee or billed separately
Scope change provisions: Understand how changes in scope (additional indicators, additional entities) are handled commercially
Multi-year pricing: Multi-year engagement agreements can provide fee stability and reduce first-year premium effects

Understanding Cost Drivers

Cost Driver	Impact on Fee	How to Manage
Level of assurance	Reasonable = 2-3x limited	Start with limited; build toward reasonable
Number of indicators in scope	More indicators = more testing effort	Prioritise material indicators; expand scope progressively
Organisational complexity	More entities/sites = more effort	Clear consolidation rules; standardised data collection
Data maturity	Poor data = more queries/resolution time	Invest in pre-assurance readiness
First-year premium	20-30% higher in Year 1	Multi-year agreements; thorough onboarding

The False Economy of Low Fees

An unusually low fee should raise questions, not celebrations. Low fees often mean:

Fewer hours allocated ? resulting in superficial procedures
Junior-heavy teams with less sustainability expertise
Limited or no site visits
Boilerplate reporting without engagement-specific insights
Scope cuts to stay within budget

The purpose of assurance is to provide credible, independent verification. If the provider cannot deliver that at the quoted fee, the engagement delivers neither value nor protection.

Track Record and References

Past performance is one of the most reliable predictors of future quality. Evaluating a provider's track record should be a standard part of the selection process.

What to Ask For

Client references: Ask for 3-5 references from organisations of similar size, sector, and complexity. Speak to the sustainability team and the audit committee
Example assurance statements: Request anonymised or public example statements to evaluate reporting quality
Engagement history: How many sustainability assurance engagements has the provider completed? Under which standards? At what level of assurance?
Regulatory track record: Has the provider faced any regulatory sanctions, quality findings, or professional conduct issues?
Team retention: Is the proposed engagement team stable, or is there high turnover?

Questions to Ask References

Was the provider genuinely independent and willing to raise difficult issues?
Did the team demonstrate strong sustainability knowledge?
Were findings and recommendations actionable and valuable?
Was the engagement delivered on time and within budget?
How responsive was the team to questions and requests?
Would you engage them again?

Red Flags When Evaluating Providers

Certain characteristics should trigger caution or disqualification during the provider evaluation process:

Independence Red Flags

The provider also prepared or consulted on the sustainability report ? the most critical red flag
The provider offers to "help prepare" the report as part of the assurance engagement ? blurring the line between consulting and assurance
No formal independence declaration or conflict check process
The same partner has led the engagement for more than 7 years without rotation

Competence Red Flags

No sustainability-specific qualifications on the proposed team ? only general audit credentials
Cannot provide specific examples of sustainability assurance in your sector
The team appears to be drawn from the financial audit team with no sustainability domain expertise
Unfamiliarity with the reporting frameworks you use (GRI, ESRS, GHG Protocol)

Quality Red Flags

No accreditation or unverifiable accreditation claims
Unwillingness to describe their methodology in detail
Guaranteeing a clean conclusion before the engagement begins ? genuine assurance cannot predetermine the outcome
Example assurance statements that are boilerplate and non-specific
No engagement quality review process

Commercial Red Flags

Unusually low fees without clear explanation ? suggests scope cuts or superficial procedures
No fixed fee or unclear pricing ? creates budget uncertainty and potential for fee creep
Reluctance to provide references
Pressure to sign a long-term contract before completing the first engagement

Key RFP Elements for Sustainability Assurance Services

A well-structured Request for Proposal (RFP) ensures you receive comparable, evaluable responses from potential providers. Include the following elements:

About Your Organisation

Business overview, sector, size, and geographic footprint
Organisational structure and number of reporting entities
Current sustainability reporting maturity and history
Prior assurance history (if any)

Assurance Requirements

Scope: which reports, indicators, and disclosures require assurance
Level: limited or reasonable assurance
Standards: ISAE 3000, AA1000AS, ISSA 5000, or other
Regulatory driver: CSRD, voluntary, or other
Reporting criteria: GRI, ESRS, ISSB, GHG Protocol, or company-specific

Required Information from Bidders

Firm overview, accreditation, and regulatory eligibility
Proposed engagement team with CVs and qualifications
Relevant experience (sector-specific, framework-specific)
Methodology description
Independence confirmation and conflict check results
Quality control processes
Fee proposal (fixed fee, expense basis, scope change provisions)
Timeline and key milestones
3-5 client references

Evaluation Criteria

Clearly state how proposals will be evaluated. A weighted scoring model ensures consistency:

Criterion	Suggested Weighting
Accreditation and regulatory eligibility	Pass/Fail (mandatory)
Independence and conflict management	15%
Team competence and sector experience	25%
Methodology and quality controls	25%
References and track record	15%
Fee and value	20%

How Glocert International Meets These Criteria

For organisations evaluating sustainability assurance providers, here is how Glocert International addresses each of the selection criteria discussed in this article:

Accreditation and Eligibility

Glocert International operates as an accredited assurance and certification body with established quality management systems. Our sustainability assurance practice applies ISAE 3000, ISAE 3410, and AA1000AS standards under structured quality control processes.

Independence

We maintain strict independence policies. We do not provide consulting or advisory services that would create self-review threats for assurance engagements. Our conflict-of-interest assessment is performed before every engagement acceptance, and engagement partner rotation follows professional standards.

Competence

Our sustainability assurance team combines ESG domain expertise with assurance methodology skills. Team members hold relevant sustainability and assurance qualifications, and our practice covers environmental, social, and governance assurance across multiple sectors.

Methodology

We apply risk-based engagement planning, substantive data testing, site visits (where appropriate), and structured reporting. Our methodology is aligned with ISAE 3000 and AA1000AS requirements, adapted to the specific risks and complexities of each engagement.

Scope and Reporting

Our assurance statements follow standardised formats with clear scope definitions, detailed procedures descriptions, explicit independence declarations, and standard-compliant conclusions. Our management letters provide actionable, prioritised recommendations.

Cost Transparency

We provide fixed-fee proposals based on realistic effort estimates, with clear scope definitions and transparent handling of scope changes. We offer multi-year engagement structures for fee stability.

Our Approach

Glocert International's sustainability assurance practice is built on the principles outlined in this article: accredited, independent, competent, transparent, and focused on delivering genuine assurance value. We provide both pre-assurance readiness assessments and formal assurance engagements across ISAE 3000, ISAE 3410, and AA1000AS. Our team works with organisations at every stage of sustainability reporting maturity ? from first-time voluntary assurance to CSRD-mandated engagements. For an introduction to why assurance matters, see our article on why independent sustainability assurance matters.