Introduction to the mandatory audit of sustainability reporting (limited assurance)
External auditing of sustainability reporting is steadily increasing. According to an international study published in Austria in 2020, 59 percent of the largest domestic reporting companies had an external audit of the information they provided. Among the audits that have been voluntary to date, limited assurance currently predominates. The new EU Corporate Sustainability Reporting Directive (CSRD) requires limited assurance of sustainability information an expansion of the scope to reasonable assurance is planned in the medium term.
What is the difference between Limited vs. Reasonable Assurance?
An audit can be performed in different ways depending on the scope and nature of the audit procedures: with "limited assurance" or "reasonable assurance."
An audit with limited assurance is comparatively less extensive and has less depth than an audit with reasonable assurance. The focus of a limited assurance audit is mainly on matters with an increased risk of misrepresentation. The final assessment of the sustainability information in the audit report is formulated negatively in the case of limited assurance, i.e., it is stated that "no knowledge was obtained that the information was not prepared, in all material respects, following the applied criteria."
In contrast, reasonable assurance auditing involves obtaining sufficient evidence to conclude with an appropriate assurance that the subject matter complies with the applied criteria (positive statement) in all material respects. This involves, for example, collecting and assessing the effectiveness of controls in the reporting process and carrying out independent surveys or on-site inspections to a greater (random) extent.
Audit of sustainability reporting
The purpose of the audit of sustainability reporting is to increase the validity, the data quality, and enabling the comparability of information. The requirements for an audit of sustainability reporting are defined in audit standards. For such engagements, the auditor must refer to the audit standard International Standard on Assurance Engagements ISAE 3000 (Revised).
In Austria, the supervisory board must also review non-financial information according to Sec. 96 (1) AktG and Sec. 30k (1) GmbHG. As part of the regular audit under Section 273 (1) UGB, the auditor currently only has to determine in the audit report whether a non-financial statement or non-financial information was prepared ("existence test"). Although a substantive content check is not required, management- and supervisory boards often perform it voluntarily.
Article 26a CSRD mentions possible limited and reasonable assurance standards for sustainability reporting in the form of delegated acts, which should be published in October 2026 and October 2028 at the latest. Member States may apply national assurance standards, procedures, or requirements as long as the Commission has not adopted an assurance standard covering the same subject matter.
For inquiries please contact:
RBI Regulatory Advisory
Raiffeisen Bank International AG | Member of RBI Group | Am Stadtpark 9, 1030 Vienna, Austria | Tel: +43 1 71707 - 5923