Assurance Standard (AA1000AS, 2008) : September 2018
Assurance Standard (AA1000AS, 2008) : September 2018
ASSURANCE STANDARD
(AA1000AS, 2008)
WITH 2018 ADDENDUM
SEPTEMBER 2018
AA1000 ASSURANCE STANDARD (AA1000AS, 2008) WITH 2018 ADDENDUM
ABOUT ACCOUNTABILITY
02
AccountAbility is a global consulting and sustainability standards firm that works with businesses,
governments and multilateral organisations to advance responsible business practices and improve
long-term performance. Since 1995, AccountAbility has been supporting corporations, nonprofits
and governments in embedding ethical, environmental, social and governance accountability in their
organisational DNA.
AccountAbility’s work is based on the AA1000 Series of Standards, which are founded on the Principles of:
Inclusivity – People should have a say in the decisions that impact them.
Materiality – Decision makers should identify and be clear about the sustainability topics that matter.
Responsiveness – Organisations should act transparently on material sustainability topics and their
related impacts.
Impact – Organisations should monitor, measure and be accountable for how their actions affect their
broader ecosystems.
Part of our Series of Standards, the new AA1000AP (2018) is an internationally accepted, principles-based
framework and guidance that organisations can use to identify, prioritise and respond to sustainability
challenges to improve long-term performance.
Ms. Amy Springsteel Assistant Vice President, Corporate Responsibility, Voya Financial, USA
Mr. Anant Nadkarni Corporate Sustainability and Leadership Advisor and Consultant;
Former Vice-President for Sustainability and CSR, TATA Group, India
Dr. Assheton L. Stewart Carter Head of Advisory Board, Equitable Origin; Managing Director,
Dragonfly Initiative, USA (Chair, AccountAbility Standards Board)
Mr. Dongsoo Kim Director of the Sustainability Management Center at the Korea
Productivity Center (KPC), Korea
(Chair, AA1000 Steering Committee)
Dr. Natasha M. Matic Chief Strategy Officer, King Khalid Foundation (KKF),
Saudi Arabia and USA
ACKNOWLEDGEMENTS
The AccountAbility Standards Board is most grateful for the contributions of the following AccountAbility
representatives, who provided extensive support to the AA1000AP Working Group through authorship,
critical review, subject-matter expertise, project coordination, design guidance and other valuable inputs:
Mr. Sunil A. Misser, Chief Executive Officer; Mr. David Pritchett, Global Head of Research; Mr. Udaya
Nanayakkara, AccountAbility Standards; and Mr. Daniel Metzger, Managing Associate.
1: The AA1000AP (2018) is available for download, free of charge, at: http://www.accountability.org/standards/
AA1000 ASSURANCE STANDARD (AA1000AS, 2008) WITH 2018 ADDENDUM
This addendum does not impose any changes to be made in the case of continuing usage of the AA1000
AccountAbility Principles Standard (AA1000APS, 2008) when applying the AA1000 Assurance Standard
(AA1000AS, 2008) - until an organisation’s transition to the latest AA1000 AccountAbility Principles
(AA1000AP, 2018).
2.4. RELATIONSHIP 12 The AA1000APS (2008) provides the The AA1000AP (2018) provides
TO OTHER criteria for evaluating adherence to the required criteria for evaluating
STANDARDS AND the AccountAbility Principles. adherence to the AccountAbility
GUIDANCE Principles.
3.1.2. SUITABLE 13 The assurance provider shall use The assurance provider shall use
CRITERIA the criteria in AA1000APS (2008) the required criteria in AA1000AP
to evaluate adherence to the (2018) to evaluate adherence to the
AccountAbility Principles. AccountAbility Principles.
CONTINUED
AA1000 ASSURANCE STANDARD (AA1000AS, 2008) WITH 2018 ADDENDUM
Please note, these changes also apply to the relevant guidance documents - Guidance for the use of
AA1000AS (2008) which is intended to be used by assurance practitioners, reporting
organisations seeking assurance and stakeholders using assurance statements.
For any clarifications on the content of this addendum or the application of the AA1000 series please
contact [email protected]
AA1000 ASSURANCE
STANDARD 2008
Contents
Foreword ..........................................................................................5
i. Evolution of the AA1000 Assurance Standard ..............................5
ii. Development process ................................................................5
Introduction ......................................................................................6
i. Aims and benefits of AA1000AS sustainability assurance ..............6
ii. Scope of the standard................................................................7
1. Purpose of the AA1000AS (2008) ..................................................8
2. Using the AA1000AS (2008) ..........................................................9
2.1. Types of AA1000AS (2008) engagement ................................9
2.2. Levels of AA1000AS (2008) assurance..................................10
2.3. References to the use of the standard ....................................12
2.4 Relationship to other standards and guidance ........................12
3. Accepting an AA1000AS (2008) Engagement ................................13
3.1. Scope of the engagement ....................................................13
3.1.1. Disclosures covered ..................................................13
3.1.2. Suitable criteria ........................................................13
3.1.3. Level of assurance ....................................................14
3.2. Independence and impartiality ............................................13
3.3. Competence ......................................................................15
3.3.1 Assurance practitioner competence ..............................15
3.3.2. Assurance provider competence ..................................15
3.4. Due care ............................................................................16
3.5. Engagement Agreement (contract) ........................................16
3
Contents
4
Foreword
The first edition of the AA1000 Assurance Standard was published in 2003 as the world’s
first sustainability assurance standard. It was developed to assure the credibility and quality
of sustainability performance and reporting, and was the result of an extensive, two-year,
worldwide consultation involving hundreds of organisations from the professions, the
investment community, non-governmental organisations (NGOs), labour and business.
The AA1000AS (2003) superseded the information on sustainability assurance provided in
the AA1000 Framework Standard published in 1999. The 2003 edition was supported by
a Guidance Note on the application of the principles; and a User Note including five case
studies on the application of the principles during assurance engagements. The 2008
edition of the AA1000 Assurance Standard, AA1000AS (2008), is the second edition
of AccountAbility’s assurance standard. It draws on the growing body of practice and
experience in sustainability assurance and supersedes all previous versions published
by AccountAbility.
The evolving nature ofl earning in the standards field means that the process of developing
standards is ongoing. By continually engaging with the AA1000AS (2008) users and
stakeholders, AccountAbility is able to reflect learning in the form of additional guidance
and revisions to the standard. AccountAbility invites you to share your AA1000AS (2008)
experiences with us so that we can continue to improve the AA1000 Series.
5
Introduction
AA1000AS (2008) assurance also provides a means to capture and place in context
a wide range of other verification and certification schemes that deal with specific
dimensions of sustainability such as those for greenhouse gas emissions, environmental
management systems, sustainable forest management or fair trade labeling.
The information found in sustainability reporting provides the starting point for AA1000AS
(2008) assurance, as sustainability reporting is designed to provide stakeholders with
sufficient information to understand the sustainability performance of an organisation
and to make informed decisions.
6
Introduction
7
1. Purpose of the
AA1000AS (2008)
the nature and extent of adherence to the AA1000 AccountAbility Principles, and
where applicable
the quality of publicly disclosed information on sustainability performance.
This standard is primarily intended for use by sustainability assurance practitioners and
providers. This standard may also be useful to report preparers seeking assurance in
accordance with this standard, as well as to users of sustainability assurance reports and
statements and other standards developers.
8
2. Using the AA1000AS (2008)
The assurance provider evaluates publicly disclosed information, the systems and
processes the organisation has in place to ensure adherence to the principles and the
performance information that demonstrates adherence. For Type 1 assurance, the
evaluation of performance information does not require the assurance provider to provide
conclusions on the reliability of the performance information. Rather, it uses information
on performance as a source of evidence when evaluating adherence to the principles.
An assurance provider is not restricted in the types ofi nformation it seeks as evidence.
The evaluation does not need to be based on explicit management assertions about
adherence to the Principles, although an assertion based approach to assurance accords
with the AA1000AS (2008).
9
Using the AA1000AS (2008)
When conducting a Type 2 engagement, the assurance provider shall also evaluate the
reliability of specified sustainability performance information. Specified sustainability
performance information is the information the assurance provider and the reporting
organisation agree to include in the scope of the assurance engagement. Specified
information is selected based on the materiality determination and needs to be
meaningful to the intended users of the assurance statement. An assurance engagement
that only includes an evaluation of the reliability of specified publicly disclosed
sustainability performance information is not in accordance with the AA1000AS (2008).
The following table outlines the characteristics of high and moderate assurance and the
related assurance procedures.
10
Using the AA1000AS (2008)
Objective The assurance provider achieves high The assurance provider achieves
assurance where sufficient evidence has moderate assurance where sufficient
been obtained to support their statement evidence has been obtained to support
such that the risk of their conclusion their statement such that the risk of their
being in error is very low but not zero. conclusion being in error is reduced but
not reduced to very low but not zero.
High assurance will provide users
with a high level of confidence in an Moderate assurance will enhance the user’s
organisation’s disclosures on the confidence in an organisation’s disclosures
subject matter it refers to. on the subject matter it refers to.
Evidence from internal and external Evidence from internal sources and
sources and parties including parties; evidence gathering generally
stakeholders; evidence gathering at all restricted to corporate/management
levels of the organisation. levels in the organisation.
11
Using the AA1000AS (2008)
Only assurance engagements that meet the requirements of this standard shall state that
assurance has been provided in accordance with the AA1000AS (2008).
The AA1000APS (2008) provides the criteria for evaluating adherence to the
AccountAbility Principles.
The AA1000AS (2008) is supported by a Guidance Note, Guidance for the use of
AA1000AS (2008) which is intended to be used by assurance practitioners, reporting
organisations seeking assurance and stakeholders using assurance statements.
12
3. Accepting an AA1000AS
(2008) Engagement
The assurance provider shall agree the scope of the engagement with the reporting
organisation based on the requirements in clause 2.1. The agreement shall be in writing.
When accepting a Type 2 engagement the assurance provider shall take into
consideration the material issues so that the specified performance information covered
by the assurance engagement is meaningful to the intended user of the assurance
statement.
Before accepting an engagement the assurance provider shall be satisfied that the
requirements of the AA1000AS (2008) can be met and that the reporting organisation
is acting in good faith. In particular, the assurance provider shall be satisfied that the
engagement subject matter is appropriate, and the practitioner will have access to
sufficient evidence to support findings and conclusions.
The assurance provider shall not accept a Type 2 engagement unless there are
suitable criteria for evaluating specified performance information.
Suitable criteria are those that are relevant, complete, reliable, neutral and
understandable. All criteria shall be publicly available.
13
Accepting an AA1000AS (2008) Engagement
The assurance provider shall be sufficiently confident that the agreed level
is achievable (e.g. that systems, processes and evidence exist) before the
engagement begins. The engagement shall be planned and conducted to obtain
sufficient evidence to achieve the agreed level.
The assurance provider shall not agree to a change to a lower level of assurance
during an engagement without good reason. This change shall be explained in the
assurance statement.
The assurance statement shall reflect the agreed level of assurance for the
engagement. If, for any reason, this is not achieved during the engagement,
the reasons shall be explained in the assurance statement.
An assurance provider shall not accept an engagement ifi t will be unduly limited by its
relationship with the organisation or its stakeholders in reaching and publishing an
independent and impartial assurance statement.
The assurance provider shall make a public statement ofi ndependence and
impartiality that includes disclosure of:
14
Accepting an AA1000AS (2008) Engagement
3.3. Competence
An assurance provider shall not accept an engagement ifi t does not possess the
necessary competencies.
Assurance providers shall ensure that the individual assurance practitioners and
organisations, including external experts, involved in an assurance engagement are
demonstrably competent.
The assurance provider shall be prepared, given the absence of any undue risk and
upon request by a reporting organisation, to make information available to interested
stakeholders about the competencies of the assurance practitioners involved in its
assurance engagement.
15
Accepting an AA1000AS (2008) Engagement
Assurance providers and individual assurance practitioners shall exercise due care at
all times in accordance with the needs of the users of their assurance statement,
the importance of the task and the competencies required.
16
4. Conducting an AA1000AS
(2008) Engagement
The assurance provider shall plan the assurance engagement so that it will be performed
effectively. Planning involves developing a clear strategy for evidence gathering and
evaluation for the agreed scope.
The nature and extent of the planning process will vary depending on the size and
complexity of the engagement. In planning an assurance provider shall consider:
The assurance provider shall document this in an engagement plan that includes as a
minimum:
17
Conducting an AA1000AS (2008) Engagement
The assurance provider shall perform the engagement with an attitude of professional
scepticism. This means assessing and questioning the validity of evidence obtained
and the implications of this evidence.
During the assurance engagement the assurance provider shall evaluate and
report findings and conclusions on the nature and extent of an organisation’s
adherence to the AA1000 AccountAbility Principles (Inclusivity, Materiality and
Responsiveness). The assurance provider shall use the criteria in the
AA1000APS (2008).
18
Conducting an AA1000AS (2008) Engagement
For a high level of assurance the assurance provider shall also seek more
extensive evidence in all areas as well as corroborative evidence where available,
including through direct engagement with stakeholders.
For a high level of assurance the assurance provider shall obtain sufficient evidence
such that the risk of their conclusion being in error is very low but not zero.
Further guidance can be found in the Guidance Note,Guidance for the use of
AA1000AS (2008).
The assurance provider shall evaluate the systems, processes, information and data
used to support sustainability performance disclosures on the issues agreed for
inclusion in the scope of the assurance engagement. The scope of the evaluation of
sustainability performance information shall state the performance information to
be concluded upon, which may include compliance with a reporting framework if
specified.
The assurance provider shall evaluate the quality of the public disclosures and the
underlying systems, processes, information and data.
19
Conducting an AA1000AS (2008) Engagement
For a high level of assurance the assurance provider shall also seek more extensive
evidence in all relevant areas as well as corroborative evidence where available.
For a high level of assurance the assurance provider shall obtain sufficient evidence
such that the risk of their conclusion being in error is very low but not zero.
Further guidance can be found in the Guidance Note,Guidance for the use of
AA1000AS (2008).
4.2.3. Limitations
Any limitations in the scope of the disclosures on sustainability, the assurance
engagement or the evidence gathering shall be addressed in the assurance statement
and reflected in the report to management if one is prepared.
Where the scope of a disclosure is limited the assurance provider shall indicate in
its statement this limitation and the need for communications to address other
sustainability issues and stakeholders.
The assurance provider shall determine ifl imitations encountered during the
engagement make it impossible to continue the engagement, and shall take
appropriate action.
20
Conducting an AA1000AS (2008) Engagement
4.2.4. Documentation
The assurance provider shall document evidence, retaining necessary copies of
relevant evidence. The assurance provider shall also document the assurance plan,
material assessments and judgements made, and conclusions.
To claim accordance with the AA1000AS (2008) in the assurance statement the
assurance provider shall meet all the requirements of this standard, including the
requirements for the assurance statement.
An AA1000AS (2008) assurance statement may also include any other legally
required statements that may apply as well as the requirements of any standard
used during the engagement.
21
Conducting an AA1000AS (2008) Engagement
22
5. Definitions
Assurance
The term usually describes the methods and processes employed by an assurance
provider to evaluate an organisation's public disclosures about its performance as well as
underlying systems, data and processes against suitable criteria and standards in order
to increase the credibility of public disclosure. Assurance includes the communication of
the results of the assurance process in an assurance statement.
Assurance engagement
An engagement in which an assurance provider evaluates and expresses a conclusion on
an organisation's public disclosure about its performance as well as underlying systems,
data and processes against suitable criteria and standards in order to increase the
credibility of the information for the intended audience.
Assurance practitioner
An individual who is qualified to provide assurance services.
Note: An assurance practitioner will typically be a member of a team and work for an
assurance provider.
Assurance provider
An organisation providing assurance services.
Reporting organisation
An organisation that is responsible for the preparation and publication of public
disclosures on sustainability issues and that engages an assurance provider to undertake
an assurance engagement relating to the sustainability report.
23
Definitions
Stakeholder
Stakeholders are those individuals, groups ofi ndividuals or organisations that affect
and/or could be affected by an organisation’s activities, products or services and
associated performance.
Note: This does not include all those who may have knowledge of or views about the organisation.
Organisations will have many stakeholders, each with distinct types and levels ofi nvolvement,
and often with diverse and sometimes conflicting interests and concerns.
Stakeholder engagement
The strategies and processes used by the organisation to engage with relevant
stakeholders and the results of the engagement.
Sustainability assurance
Assurance of public disclosures on sustainability performance as well as underlying
systems, data and processes against suitable criteria and standards.
Sustainable Development
Development that meets the needs of the present without compromising the ability of
future generations to meet their own needs. Source: 1987 report of the Brundtland
Commission: The World Commission on Environment and Development.
24
Annexes
The series is supported by Guidance Notes and User Notes. The Guidance Notes, for
example, Guidance for the use of AA1000AS (2008) , provide information on how to
apply the standards. The User Notes provide examples of the use of the standards.
25