For any of you who have ever written a CR report, you will know that deciding what to include and what to leave out is probably the toughest part of the process. The assurer of a report looks for what's in there, and what's not, and how accurate what's in there is. (An excellent assurer would look for how accurate what's not in there is, but he would probably charge more for this). The theory goes that if your report is assured, it has a better chance of being credible, and enhancing the trust of your stakeholders in your reporting and in your company.
CorporateRegister.com statistics show that around 25% of all reports are externally assured. And if you really want to know the nitty gritties, you can view the report by CorporateRegister.com issued in July 2008 called Assure View .You can read all about AccountAbility standards which set the framework for assurance at their website , and you can see what the GRI says about the criteria for good assurance.
Now that the formalities are over with, I guess the key point I would like to make in this post is that not many of the assurance statements I read actually assure me. Aside from all the fancy theory, what do I look for?
- the DETAILED EVIDENCE that sufficient practical work has been done to delve into the guts of the reporting process and content in order to assess accuracy and relevance.
- the NAME of the assurer or assuring team (not just a Company) who sign off on the statement
- the CREDIBILITY of the assuring team – their prior experience or qualifications in assuring CSR reports
- disclosure regarding the INDEPENDENCE of the assurer and the nature of the assurers relationship with the reporting company
- the GOOD NEWS and the BAD NEWS (recommendations for improvement) relating to the reporting process and content
- a CLEAR STATEMENT that the report has what I call integrity (a fair and balanced representation, in csr-speak).
I took a look at some 2009 reports to see how their assurance statements shape up. ( I do not name assurance providers – you can check out the reports if you want to see who they are – my intention is to focus on the work and not the workers) :
Barrick Gold Corporation, 2008 report : reporting level A+
An interesting statement, assuring two things: this mining company's adherence to the Sustainability Principles of International Council on Mining & Metals (ICMM) and adherence to the GRI framework. There is a very detailed list of activities the assurers performed and a longer list of points for improvement. The conclusion says that Barrick has aligned its sustainability policies to ICMM’s 10 Sustainable Development Principles and in all material respects, reported in accordance with the GRI Sustainability Reporting Guidelines (2006) - level A requirements and the associated GRI Mining and Metals Sector Supplement Pilot Version 1.0 (2005) as presented in the GRI Content Index. That's clear enough for me. Credibility added value: dix points.
Wartsila Annual Report 2008. reporting level A+
Wartsila is a power company operating power plants and providing power solutions.The assurance statement in this report is a turn-off. One page short, it barely describes the assurance process activities, though the two (yes, just two) interviews conducted with senior managers and 2 site visits are mentioned (Wartsila operates in 160 locations). This is one of those assurance statements that ends up with "Based on our work described above, nothing has come to our attention that causes us to believe that the Sustainability Information,based on the abovementioned criteria, is not fairly stated in all material respects." That really oozes decisiveness and builds credibility, right? I wouldn’t pay someone to make a statement like that. Credibility added value: zero points.
Trelleborg AB, Sweden, 2008 CSR report: reporting level B+
Trelleborg is an engineering group which develops products based on polymer tecnology. The Assurance statement in this report is based on a limited review of about 6 performance indicators. Activities for this limited review are included. Two site visits were made, and the rest was discussions and reviews. The conclusion is the multiple negative one – "nothing has come to our attention that …".
Credibility added value: zero points
Athens International Airport, 2008 report :reporting level B+
Published in the form of an eBook (what a painful way to read a report) (I downloaded it – 31 MB). This is a short but nice statement. It lists a fairly long number of assurance activities. It contains both a positive statement and a multi-negative statement. Positive: "the range of topics reported provide a fair and balanced representation…." and negative , relating to KPI's "nothing has come to our attention that causes us to believe. …".
Credibility added value: sept points
OHL Group.2008 report : reporting level A+
This is a Spanish holding group with a range of interests mainly around construction and real estate. The assurance statement is a scanned copy of a one-page letter, designed to be almost illegible. The activities are listed, but they are super-general – review of .. checking that … analysis of …testing on a sample basis … It's hard to get a real feel for what was actually done. I was encouraged to know that the "review procedures did not disclose any matter that would lead us to believe that the information furnished on the degree of progress on the Corporate Responsibility targets for 2008 is materially misstated". To put it another way, we didn’t find any major blunders in reporting against targets.
Credibility added value: deux points
Telefonica 2008 report: reporting level A+
This report has a great assurance statement – the detail included in the activity list includes ONE HUNDRED interviews with Telefonica people and states the purpose of these interviews - and much more. This gives me confidence that the assurance assignment was undertaken with seriousness and professionalism. It ends up with that double-negative again – "no significant matters that would lead us to believe that it wasn’t "etc. … but there is a crispness and comprehensiveness about this statement that gives you confidence.
Credibility added value: neuf points.
So, you know what?
I think assurance needs to get its act together. If the assurers aren’t prepared to put their neck out and say "we believe this report is credible" then why pay them? If they aren't prepared to do the leg work and list it in detail, why bother? If their credibility added value is below dix points, when why let them loose in your organization?
There is no accepted template for an assurance statement. There are general guidelines but no checklist that all assurers adhere to. And no qualitative assessment of assurance statements. And the GRI barely pays attention to this, checking only the existence of an assurance statement, and not its quality, in order to assign the coveted + to any reporting level. I think the time has come to establish a framework for the verification of CSR reports that includes prescriptive format and content, much like the GRI framework. The GRI should consider adding performance criteria relating to the quality of the assurance statement. And allocation of the coveted + should be a little more rigorous.
If assurance is to move up from its current 25%, it has to add more value.
The Wild West of assurance needs to stop.
elaine cohen is the joint CEO of BeyondBusiness, a leading reporting and social-environmental consulting firm . Visit our website at: www.b-yond.biz/en