Skip to main content
Giant Arctic Iceberg reflecting in the calm Arctic Ocean Waters

Best Practices for Selecting an ESG Assurance Provider

As ESG assurance is becoming mandatory, identifying the right ESG assurance providers is critical.

Publishing note: At the time of this article’s publication, the current status of the SEC climate disclosure rule has been voluntarily stayed pending judicial review of consolidated challenges by the Court of Appeals for the Eighth Circuit.

Environmental, social, and governance (ESG) reporting and ESG assurance are transitioning from voluntary to mandatory and are rapidly maturing. Organizations are implementing rigorous internal controls and increasingly obtaining assurance for their ESG information. Regulations, including the SEC climate rule, outline key considerations for selecting an ESG assurance provider, offering valuable insights even for non-SEC registrants.

The SEC climate rule states, “The identity of the assurance provider is a basic, but important, piece of information for investors, particularly considering the broad spectrum of providers that may provide assurance services (e.g., public accounting firms registered with the PCAOB, unregistered public accounting firms, and potentially other types of service providers)."1 Organizations need to be aware of the key considerations from the SEC climate rule when choosing the right ESG assurance providers, including oversight inspection programs and audit committee approval.

Oversight Inspection Programs

The SEC climate rule requires certain information to be disclosed about third-party greenhouse gas (GHG) assurance providers, including whether the assurance provider is subject to oversight inspection programs. The SEC climate rule states that oversight inspection programs are to be disclosed so that investors can understand the qualifications of the GHG assurance provider, which helps determine whether the assurance enhances the reliability of the GHG emissions disclosure. This is noteworthy because such information is currently rarely disclosed in GHG reports. The SEC climate rule lists two oversight inspection programs in the final SEC climate rule: PCAOB inspection program and American Institute of CPAs (AICPA) Peer Review Program. Accounting firms are subject to these oversight inspection programs, whereas non-accounting firms are not.

PCAOB Inspection

SOX created the PCAOB to oversee the audits of U.S.-listed public companies and SEC-registered broker-dealers. The PCAOB has several key responsibilities. Firms preparing audit reports for SEC issuers and SEC-registered broker-dealers must register with the PCAOB. The PCAOB then inspects the firms’ audits and quality control systems.2 The PCAOB also establishes auditing and related standards for quality control, ethics, and independence. In addition, the PCAOB investigates and disciplines firms and accountants within the firm, which includes assessing fines and revoking PCAOB registration, which bans firms from auditing U.S.-listed public companies.

Although the PCAOB does not currently inspect GHG assurance reports, PCAOB-registered firms have centralized quality control programs. Studies show “PCAOB inspections influence non-inspected engagements, with spillover effects detected at both partner and office levels."3 The SEC climate rule states that investors are better protected by requiring a PCAOB-regulated firm subject to oversight inspection programs to provide assurance. However, the SEC rule allowed firms that aren’t PCAOB-registered to provide assurance, primarily due to concerns about the availability of PCAOB-registered assurance providers.

AICPA Peer Review

The other oversight inspection program the SEC climate rule identified is the AICPA Peer Review Program. Firms enrolled in the AICPA Peer Review Program must participate in a peer review of their accounting and auditing practice once every three years. For enrolled firms providing audits or other reasonable assurance engagements, this peer review assesses the firm’s system of quality control. Specific assurance engagements not subject to PCAOB inspection are reviewed as part of this process. Firms address deficiencies identified in the peer review, which helps to improve the quality of accounting and assurance practices.

A certified public accountant (CPA) is required to lead AICPA assurance engagements. Another CPA not on the engagement team must serve as the engagement quality reviewer, who evaluates significant judgments and conclusions reached for AICPA assurance engagements. CPAs are licensed by state boards, which are responsible for monitoring continuing professional education (CPE) compliance and have the authority to take disciplinary action, including revoking CPA licenses. Therefore, this provides an additional external oversight. In addition, AICPA firms must conduct annual internal inspections as part of their quality control systems. These internal inspections are similar to an AICPA peer review; however, internal inspections are conducted by the firm instead of an independent firm.

The graphic below summarizes examples of oversight inspection programs for different types of firms:

Examples of Oversight Inspection Programs

PCAOB Inspections

AICPA Peer Review

AICPA Internal Inspection

Most Large Public Accounting Firms

Yes

Yes

Yes

Engineering Firms/Boutique Sustainability Firms

No

No

No

Audit Committee Approval

The assurance process for GHG emissions is similar to financial assurance, although GHG assurance engagements often have different risks of material misstatement. For example, omitting emission sources in the GHG inventory is often a key risk of material misstatement for GHG assurance.

Audit committees of the board of directors will play a larger role in ESG reporting with regulations requiring ESG information to be included in public investor reports. For SEC issuers, the audit committee must pre-approve services provided by the financial auditor; therefore, the audit committee approves the ESG assurance firm if the financial audit firm provides ESG assurance. However, the SEC climate rule urges audit committees to consider the level of involvement in the selection and retention of assurance providers for climate-related disclosures. It is important to understand the appetite of the audit committee to select assurance providers and propose assurance providers that meet the audit committee’s expectations.

Key Takeaways

Given the time required to prepare for GHG assurance, it is crucial for organizations to identify an assurance provider early. Large accounting firms have the quality programs in place with external oversight, including PCAOB inspections and AICPA peer reviews, which help improve the quality of assurance engagements. In the U.S., an expanding share of ESG assurance is obtained from large public accounting firms.4

By considering these factors, organizations can select a qualified ESG assurance provider that enhances the credibility of their ESG disclosures.

If you have questions or need assistance, please reach out to a professional at Forvis Mazars.

  • 1 “The Enhancement and Standardization of Climate-Related Disclosures for Investors,” sec.gov, March 6, 2024.
  • 2 PCAOB registered firms and their inspection reports can be found at https://pcaobus.org/oversight/registration/registered-firms.
  • 3 Aobdia, D. (2018). “The impact of the PCAOB individual engagement inspection process – Preliminary evidence.”
  • 4The State of Play: Sustainability Disclosure and Assurance – 2019-2022 Trends & Analysis,” ifac.org, February 22, 2024.

Related FORsights

Like what you see?
Subscribe to receive tailored insights directly to your inbox.