• Print as PDF
  • Print as PDF
  • Page
  • Discussion
  • View source
  • History

    • AA1000 Assurance Standard 2008

    From AccountAbility AA1000 Wiki

    Jump to: navigation, search

    Foreword

    i. Evolution of the Standard

    The first edition of the AA1000 Assurance Standard was published in 2003 as the world’s first sustainability assurance standard. It was developed to ensure the credibility and quality of sustainability performance and reporting and was the result of an extensive, two-year, worldwide consultation involving hundreds of organisations from the professions, the investment community, non-governmental organisations (NGOs), labour and business. AA1000AS 2003 superseded the information on sustainability assurance provided in the AA1000 Framework standard published in 1999. The 2003 edition was supported by a guidance note on the application of the principles; a user note: five case studies on the application of the principles during assurance engagements; and a briefing note on assurance levels and assurance engagements. The AA1000 Assurance Standard (2008), AA1000AS (2008), is the second edition of AccountAbility’s assurance standard. It supersedes all previous versions published by AccountAbility. It draws on the growing body of practice and experience in sustainability assurance.


    ii. Development Process

    AA1000AS (2008) was developed using a broad based multi-stakeholder process. A period of initial research which included a widely broadcast e-survey was followed by face-to-face consultations in 20 countries with a comprehensive range of stakeholders and a series of workshops with specific stakeholder groups. All of the input received was considered by the drafting committee of the AccountAbililty Standards Technical Committee who prepared a draft standard for public review. There were three periods of public review of 60 - 90 days each. All public review took the form of collaborative drafting with full transparency using a wiki platform. Between each of these periods of public review and following the final one, the AccountAbility Standards Technical Committee reviewed and revised the draft. The final draft was prepared by the AccountAbility Standards Technical Committee and submitted to the AccountAbility Operating Board who approved it for publication.


    iii. Who this Standard is for

    This standard is primarily intended for use by sustainability assurance practitioners and providers. In addition, this standard may be useful to report preparers seeking assurance in accordance with this standard, as well as for users of sustainability assurance reports and statements, for other standards developers, and for professional development and training practitioners.

    The evolving nature of learning in the standards field means that the process of developing standards is ongoing. By continually engaging with AA1000 Assurance Standard users and stakeholders, AccountAbility is able to reflect learning in the form of additional guidance and revisions to the standard. AccountAbility invites you to share your AA1000 Assurance Standard experiences with us so that we can continue to improve the AA1000 Series.


    Introduction

    i. Aims and Benefits of Sustainability Assurance

    Sustainability reporting provides stakeholders with information about the social, economic and environmental management and performance of an organisation. Sustainability reporting should be of a high quality and communicated in a manner designed to provide stakeholders with sufficient information to be able to understand the sustainability performance of an organisation and to make informed decisions.

    Credibility is a prerequisite for effective sustainability reporting. Credibility can be considerably enhanced through independent external assurance using accepted professional standards. Reporting organisations and their stakeholders increasingly accept that robust independent external assurance is a key way of increasing the credibility and effectiveness of their reporting and, ultimately, their performance.


    ii. Structure of the Standard

    The AA1000AS (2008) is a standard in the AA1000 Series and is based on the principles found in the AA1000 AccountAbility Principles.

    The Structure of the AA1000AS (2008)

    • Foreword

    • Introduction

    • Purpose and use of the Standard

    • Scope of the Standard

    • References to the use of AA1000AS (2008)

    • Relationship to other Standards

    • Conducting Sustainability Assurance

    • The Sustainability Assurance Process

    • Quality of Information

    • Definitions


    The AA1000AS (2008) is also supported by a guidance document, Guidance for the use of the AA1000AS (2008), which includes three separate sections that provide additional guidance for assurance practitioners, reporting organisations seeking assurance and stakeholders using assurance statements. The guidance document also includes a series of informative annexes.


    1. Purpose of the Standard

    The purpose of the AA1000AS (2008) is to provide assurance related to an organisation´s public disclosure on its sustainability management and performance.

    The AA1000AS (2008) is an internationally accepted, non-proprietary, open-source sustainability assurance standard.

    Sustainability assurance in accordance with the AA1000AS (2008) evaluates and provides conclusions on

    • adherence to the AA1000 AccountAbility Principles, and

    • disclosures on performance.

    Note: The AA1000 AccountAbility Principles are found in the AA1000 AccountAbility Principles document.


    2. Scope of the Standard

    The standard covers

    • the methodology for conducting a sustainability assurance engagement

    • the sustainability assurance process, including subject matter, criteria, evidence, conclusions, and recommendations and

    • the quality of information criteria

    required by assurance providers to perform assurance engagements relating to public disclosures on sustainability management and performance, including the underlying data, systems and processes.


    3. References to the Use of the Standard

    Only assurance engagements that meet the requirements of the standard shall claim that assurance has been provided in accordance with the AA1000AS (2008).


    4. Relationship to other standards

    4.1 Binding References

    The AA1000 AccountAbility Principles document provides a binding reference for evaluating adherence to AA1000 AccountAbility Principles.


    4.2 Non-binding References

    The AA1000AS (2008) is designed to complement and enhance the use of guidelines for sustainability reporting and to be applicable within the context of other relevant assurance, performance, systems and process standards, guidelines and assurance frameworks.

    Given that this is an overarching standard it is to be expected that during an assurance engagement a range of other standards will be cited.

    The Guidance on the use of the AA10000 Assurance Standard 2008 document is non-binding.


    5. Conducting Sustainability Assurance

    5.1 Scope of the Engagement

    The assurance provider shall agree to the scope of the assurance engagement with the reporting organisation before the assurance engagement begins.

    Two types of sustainability assurance shall be deemed to be in accordance with the AA1000AS (2008). The two types are distinguished by their scope as described below.


    Type 1. Evaluation of adherence to the AA1000 AccountAbility Principles

    The assurance provider shall evaluate the quality and extent of adherence to the AA1000 AccountAbility Principles.

    To do this the assurance provider shall evaluate publicly disclosed information as well as the systems and processes the organisation has in place to ensure adherence to the principles.

    The evaluation does not need to be based on management assertions about adherence to the principles.

    Note: Quality and extent refer to the outputs of the systems and processes in addition to the systems and processes themselves.


    Type 2. Evaluation of adherence to the AA1000 AccountAbility Principles plus evaluation of specified performance information

    The assurance provider shall evaluate adherence to the AA1000 AccountAbility Principles as for Type 1.

    In addition, the assurance provider shall evaluate the quality and extent of specified publicly disclosed performance information as well as related systems, processes and data.

    Note: Specified performance information is information on the issues the assurance provider and the reporting organisation agree to include in the scope of the assurance engagement.


    An assurance engagement that includes within its scope only an evaluation of performance information shall not be deemed to be in accordance with the AA1000AS (2008).

    The assurance statement shall clearly state the type (including the title) of assurance provided.


    5.2 Intended Audience

    The assurance engagement shall include an evaluation of the process used by the organisation to determine the intended audience of the report and the results of that process.


    5.3 Report Boundary

    The assurance engagement shall include an evaluation of the process used by the organisation to determine the report boundaries (time, organisational, geographical) and the results of that process, and shall evaluate those boundaries within the context of the boundaries associated with the identification, understanding and response of the organisation to its material sustainability issues.


    5.4 Disclosures Covered

    The assurance provider and the reporting organisation shall identify and agree on all disclosures (e.g. reports and other forms of communication) covered by the assurance engagement.


    5.5 Level of Assurance

    The assurance provider shall agree with the reporting organisation on the level of assurance to be provided before the engagement begins.

    The assurance engagement agreement shall define the anticipated level of assurance. The assurance engagement plan shall ensure that sufficient evidence will be gathered to provide the agreed level of assurance. If during the performance of the engagement it becomes evident that information required to achieve the agreed level is not available, the assurance provider shall highlight this in the assurance statement and may qualify their conclusions.

    The statement on the level of assurance shall apply to the conclusions on the evaluation of performance information only.

    There shall be two levels of assurance: high and moderate.


    High level of assurance


    A high level of assurance does not mean absolute assurance.

    A high level of assurance means that sufficient and appropriate evidence has been obtained to reduce assurance engagement risk to an acceptably low level given the circumstances of the engagement.


    Sufficient and appropriate evidence is obtained as part of a systematic engagement process that includes:

    • obtaining an understanding of the engagement circumstances,

    • assessing risks,

    • responding to assessed risks,

    • performing further procedures using a combination of inspection, observation, confirmation, re-calculation, re-performance, analytical procedures and inquiry. Such procedures involve substantive procedures, including, where applicable, obtaining corroborating information, and depending on the nature of the subject matter, tests of the operating effectiveness of controls,

    • evaluating the evidence obtained


    Moderate level of assurance


    A moderate level of assurance shall mean that sufficient and appropriate evidence has been obtained to reduce assurance risk to a meaningful level that is acceptable given the circumstances of the engagement but which is greater than for a high assurance engagement.

    Sufficient appropriate evidence is obtained as part of a systematic engagement process that includes obtaining an understanding of the subject matter and other engagement circumstances, but in which procedures are deliberately limited relative to a high assurance engagement.


    The nature and amount of work to be undertaken for each level of assurance shall be determined the

    • existence and maturity of underlying systems and processes (e.g. management systems and information systems),

    • availability and sufficiency of information,

    • existence and maturity of internal systems (including internal controls, compliance and internal audit),

    • existence of assurance for specific areas (certifications, verifications), and

    • resources allocated for assurance.

    Note: For those required to use ISAE 3000 a high level of assurance relates to reasonable assurance and a moderate level of assurance relates to limited assurance. The ISAE 3000 terms may be used where required as long as the basic requirements of AA1000AS (2008) are met and the reference to use of the ISAE 3000 is explicit.


    5.6 Limitations

    Any limitations in the scope of the disclosures on sustainability, the assurance engagement or the evidence gathering shall be addressed in the assurance statement and reflected in the report to management.

    5.7 Engagement Acceptance

    5.7.1 Independence

    The assurance provider shall be demonstrably independent from the reporting organisation and its stakeholders. The assurance approach and the contract shall not dilute or unduly influence the ability of the assurance provider to fulfil its duties to the reporting organisation and its stakeholders. The assurance provider shall make a public statement of independence.

    Independence requires:

    • that any potential for conflict of interest must be disclosed, e.g. recent, ongoing or potential financial or commercial relationships between the assurance provider (including all individual practitioners on the assurance team) and the reporting organisation and its stakeholders,

    • no participation in governance and no ownership position, and

    • disclosure of any mechanisms or professional codes of practice designed to ensure independence to which the provider and practitioners are bound.


    5.7.2 Competence

    Organisational assurance providers and individual assurance practitioners shall ensure that the individuals and organisations involved in an assurance engagement are demonstrably competent.

    The assurance provider shall be prepared, given the absence of any undue risk and upon request by the reporting organisation, to make information available to interested stakeholders about the competencies of the individuals involved in the assurance engagement.


    5.7.2.1 Individual Practitioner Competence

    The assurance provider shall ensure that the individual assurance practitioners involved in the assurance engagement are demonstrably competent.

    The individual practitioners on any assurance team shall, as a group, be able to demonstrate competencies in the following areas:

    • stakeholder engagement,

    • reporting and assurance practices and standards, and

    • sustainability subject matter.


    5.2.7.2 Organisational Provider Competence

    The organisational assurance provider shall be able to demonstrate adequate institutional competencies.

    Competencies shall include:

    • assurance oversight mechanism,

    • understanding of the legal aspects of the assurance process, and

    • infrastructure and systems to ensure quality delivery of assurance.


    5.7.3 Due Care

    Assurance providers and individual practitioners shall exercise due care at all times in accordance with the importance of the task, the competencies required and the needs of the users of their assurance statement.


    5.7.4 Requirements of AA1000 Assurance Standard (2008)

    Before accepting an engagement the assurance provider shall be satisfied that the requirements of AA1000AS (2008) can be met during the course of the engagement and that the reporting organisation is acting in good faith.


    5.8 Engagement Letter

    The terms and conditions of the engagement shall be set out in a letter.

    The use of existing organisational procurement practices and agreements shall be acceptable if at a minimum this letter covers:

    • Objectives,

    • Responsibilities of the reporting organisation and assurance provider,

    • Scope,

    • Standards to be used,

    • Assurance Statement and Assurance Report to Management requirements,

    • Confidentiality requirements,

    • Level of assurance anticipated, and

    • Fees and costs.


    5.9 Performing the Engagement

    The assurance provider shall prepare a documented engagement plan for conducting the assurance engagement.

    At a minimum this plan shall set out:

    • the objectives of the engagement

    • the roles and relationships

    • the scope of the engagement

    • the evidence requirements

    • the criteria to be used

    • the tasks and activities, including:

    o gathering methods,

    o resources requirements, and

    o schedule.


    5.10 Assurance Reporting

    5.10.1 Assurance Statement

    The result of the assurance process is a set of conclusions and recommendations provided by the assurance provider in a publicly issued assurance statement.

    Any limitations to the scope of the sustainability report or the assurance engagement shall be addressed in the assurance statement.

    Any claim of accordance with the AA1000AS (2008) shall meet the requirements of this standard.

    The statement may also include any other legal requirements that may apply or the requirements of any standard used during the engagement.

    An assurance statement shall include the following information as a minimum:

    • intended audience,

    • description of the scope,

    • assurance standard/s used (must include reference to the AA1000AS (2008)),

    • description of disclosures covered,

    • description of methodology and statement of level of assurance where relevant,

    • conclusions concerning adherence to the AccountAbility Principles (in all instances),

    • conclusions concerning specified performance information (for Type 2 assurance only),

    • recommendations,

    • notes on competencies and independence of the assurance provider,

    • name of the assurance provider, and

    • date.

    5.10.2 Assurance Report to Management

    If agreed in the engagement letter, the assurance provider shall provide a separate assurance report to management.

    The report to management shall not communicate different or additional conclusions than those found in the publicly available assurance statement, in relation to the evaluation of the adherence to the AA1000 AccountAbility Principles and the evaluation of performance information.

    6. The Assurance Process

    The assurance process involves

    • evaluating evidence

    • about the subject matter

    • against criteria

    • to develop conclusions and

    • recommendations


    6.1 Subject Matter

    The subject matter for evaluating adherence to the AA1000 AccountAbility Principles shall include:

    • management practices, policies and commitments,

    • governance structures and practices,

    • systems and process used to implement management practices, policies and commitments


    The subject matter for evaluating performance information shall include:

    • disclosures of quantitative and qualitative performance information

    • systems and processes used to gather, manage and communicate this information


    6.2 Criteria

    Before accepting an engagement, the assurance provider shall agree with the reporting organisation on the criteria to be used during the assurance engagement. There shall be criteria for evaluating adherence to the AccountAbility Principles and, where applicable, criteria for evaluating performance information.

    The quality of information criteria in section 7 shall be used to evaluate both the information used to articulate adherence to the AA1000 AccountAbility Principles and performance information.

    Note: AA1000AS 2008 provides required criteria. The Guidance on the use of the AA1000 Assurance Standard 2008 provides information on best practice criteria for consideration by the assurance provider. The assurance provider may also choose to use criteria selected by the reporting organisation selected by the reporting organisation in the preparation of their report.


    6.2.1 Evaluation of Adherence to the AA1000 AccountAbility Principles

    During the assurance engagement the assurance provider shall evaluate and provide conclusions on the quality and extent of adherence to the AA1000 AccountAbility Principles in the disclosures covered by the engagement scope.


    6.2.1.1 The Principle of Inclusivity

    The assurance provider shall evaluate the extent to which the reporting organisation has developed and implemented stakeholder engagement strategies and practices that demonstrate the quality of adherence to the AA1000 AccountAbility Principle of Inclusivity.

    This shall include the organsiation’s systems and actions to:

    • identify, understand and prioritise relevant stakeholders,

    • involve relevant stakeholders in the process of identifying, understanding and coherently responding to their needs, concerns and aspirations, and

    • provide an account to its relevant stakeholders for its decisions, policies, standards, activities and impacts.


    6.2.1.2 The Principle of Materiality

    The Assurance Provider shall evaluate the extent to which the organisation demonstrates the quality of adherence to the AA1000 AccountAbility Principle of Materiality.

    This shall include:

    • how the organisation has determined what issues, concerns and impacts are relevant and important to its sustainability performance and its stakeholders,

    • why, how and at what point they are relevant and important to sustainability performance,

    • who they are relevant and important for, and

    • how the process for determining material sustainability issues has been integrated with core strategy and operations.


    6.2.1.3 The Principle of Completeness

    The assurance provider shall evaluate the extent to which the reporting organisation demonstrates the quality of adherence to the AA1000 AccountAbility Principle of Completeness.

    This shall include:

    • how the organisation ensures comprehensive identfication of the material issues and the stakeholders to whom they are material, and

    • how the organisation ensures comprehensive understanding (including internally) of the material issues, their associated impacts on performance and how they are relevant to stakeholders.


    6.2.1.4 The Principle of Responsiveness

    The assurance provider shall evaluate the extent to which the organisation demonstrates the quality of adherence to the AA1000 AccountAbility Principle of Responsiveness.

    This shall include:

    • how the organisation has responded to its material issues and, given the sustainable development context, the appropriateness of the response,

    • how the organisation has ensured that the response is embedded in core organisational strategy and operations, and

    • whether the organisation has appropriately communicated these responses to stakeholders without material omission or misstatement.


    6.2.2 Evaluation of Performance Information

    The assurance provider shall evaluate the systems, processes, information and data used to support performance disclosures on the issues agreed for inclusion in the scope of the assurance engagement.

    The scope of the evaluation of performance information shall state the sustainability issues included.

    Note: Quality of information criteria, see section 7, shall be used to evaluate performance information.


    6.3 Evidence

    In the engagement plan the assurance provider shall identify the evidence required to achieve the level of assurance agreed. The assurance provider shall use appropriate sampling protocols in order to determine the type, quality and quantity of evidence required. The assurance provider shall identify where evidence can best be gathered, including through:

    • documents,

    • interviews, and

    • site visits.


    6.4 Conclusions

    For Type 1 assurance the assurance provider shall provide conclusions on the quality and extent of adherence to the AccountAbility Principles. These conclusions shall be communicated in an assurance statement.

    For Type 2 assurance the assurance provider shall also provide conclusions on the quality and extent of specified performance information. These conclusions shall be communicated in an assurance statement.


    6.5 Recommendations

    The assurance provider shall provide recommendations on how to improve the quality and extent of adherence to the principles as well as (for Type 2 only) the quality of performance information.


    7. Quality of Information

    The assurance provider shall evaluate the quality of the public disclosures and the underlying systems, processes, information and data..

    The quality of information shall be evaluated using agreed quality of information criteria. These criteria shall be fit for purpose. Criteria that are deemed fit for purpose shall

    • have been developed by an independent peer reviewed or multi-stakeholder process,

    • be supported by sound argument and evidence, and

    • be publicly available.


    The following criteria shall be deemed acceptable:

    • reliability,

    • clarity,

    • balance,

    • comparability,

    • accuracy, and

    • timeliness.


    Note: Other criteria may also be deemed acceptable if they meet the tests for ‘fit for purpose’ criteria as stated above.


    8. Definitions

    These definitions apply to the requirements of this standard.

    Accuracy To assess whether information is sufficiently free from error and detailed for stakeholders to assess the reporting organisation’s performance.

    Assurance The term usually describes the methods and processes employed by an assurance provider to evaluate an organisation's public disclosures about its performance as well as underlying systems, data and processes against suitable criteria and standards in order to increase the credibility of public disclosure. Assurance includes the communication of the results of the assurance process in an assurance statement.

    Assurance engagement An engagement in which an assurance provider evaluates and expresses a conclusion on an organisation's public disclosure about its performance as well as underlying systems, data and processes against suitable criteria and standards in order to increase the credibility of the information for the intended audience.

    Assurance practitioner An individual who is qualified to provide assurance services.

    Note: An assurance practitioner will typically be a member of a team and work for an assurance provider.

    Assurance provider An organisation providing assurance services.

    Note: For an assurance engagement, an assurance provider will assemble a team of competent assurance practitioners and other experts.

    Balance To provide an unbiased picture of the reporting organisation’s performance that avoids selections, omissions, or presentation formats that are reasonably likely to unduly or inappropriately influence a decision or judgment by the report reader.

    Clarity To make available information in a manner that is understandable and accessible to the intended audience.

    Comparability To select, compile, and report consistently, and in a manner that enables stakeholders to analyze changes in the organisation’s performance over time, and could support analysis relative to other organisation's.

    Reliability To gather, record, compile, analyse, and disclose information in a way that, when examined, establishes the quality and materiality of the information.

    Reporting organisation An organisation that is responsible for the preparation and publication of public disclosures on sustainability issues and that engages an assurance provider to undertake an assurance engagement relating to the sustainability report.

    Scope of the standard The subject matter of the standard.

    Scope of the assurance engagement The subject matter of the engagement.

    Scope of the sustainability report The subject matter of the sustainability report.

    Stakeholder Stakeholders are those individuals or groups of individuals who affect and/or could be affected by an organisation’s activities, products or services and associated performance.

    Note: This does not include all those who may have knowledge of or views about the organisation.

    Organisations will have many stakeholders, each with distinct types and levels of involvement, and often with diverse and sometimes conflicting interests and concerns.

    Stakeholder engagement The strategies and processes used by the organisation to engage with relevant stakeholders and the results of the engagement.

    Subject matter The subjects about which the assurance provider gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance statement.

    Sustainable Development Development that meets the needs of the present without compromising the ability of future generations to meet their own needs. Source: 1987 report of the Brundtland Commission: The World Commission on Environment and Development.

    Sustainability assurance Assurance of public disclosures on sustainability performance as well as underlying systems, data and processes against suitable criteria and standards.

    Sustainability assurance engagement An assurance engagement in relation to public disclosure on sustainability performance.

    Timeliness To occur on a regular schedule be available in time for stakeholders to make informed decisions.

    Retrieved from "http://www.accountabilityaa1000wiki.net/index.php/AA1000_Assurance_Standard_2008"