Reasonable Assurance
Reasonable assurance is the high, positively worded level of assurance that the external audit of sustainability reports is intended to reach in later CSRD phases, going beyond the limited assurance required at the outset.
Reasonable assurance denotes the high level of audit assurance under which the assurance provider issues a positively worded conclusion, for example that the sustainability information has, in all material respects, been prepared in accordance with the applicable standards. Conceptually it matches the level of a classic financial statement audit and requires extensive, in-depth assurance procedures in order to reduce the risk of an incorrect conclusion to an acceptably low level. It contrasts with limited assurance, which only permits a negatively worded conclusion.
The Corporate Sustainability Reporting Directive (CSRD) provides for a phased increase in assurance depth. In the introductory phase, sustainability reporting must initially be assured to a limited assurance level. The European Commission is mandated to assess by 1 October 2028 at the latest whether and when a transition to reasonable assurance is feasible and appropriate, and to adopt a corresponding reasonable assurance standard by 2028. The phased approach is intended to give companies and assurance providers time to build up data quality, internal controls and assurance methodology for the higher level of assurance.
The step from limited to reasonable assurance has significant practical consequences. The assurance provider must not only conduct critical enquiries and analytical procedures, but also understand and test the internal control system for sustainability data, perform substantive testing and reliably trace the underlying ESRS data points. For companies this means building auditable processes early on: documented data lineage, transparent calculation methods (for example for Scope 1, 2 and 3 emissions), controls over estimates, and audit-proof record keeping along the entire value chain.
Legal Basis
Art. 34 Directive 2013/34/EU (Accounting Directive) as amended by the CSRD (Directive (EU) 2022/2464); ISAE 3000 (Revised); ESRS under Delegated Regulation (EU) 2023/2772
Practical Example
A compliance officer at a mid-sized industrial company is preparing the third CSRD reporting cycle. So far the sustainability report has been assured with limited assurance. In view of the expected transition to reasonable assurance, she introduces an internal control system for the material ESRS data points: she defines a clear data source for each metric, documents calculation methods and estimation assumptions, establishes a four-eyes principle for data sign-off, and stores evidence in an audit-proof manner. This allows the assurance provider not merely to plausibility-check the data but to test controls and examine individual evidence, significantly reducing the later effort required for the higher level of assurance.