ISAE 3000

In contradiction to the detailed regulated audit of historical and future related financial reporting, assurance engagements other than an audit of historical financial information outlines a comparatively new field of activity.

With the ISAE 3000 „Assurance Engagements Other than Audits or Reviews of Historical Financial Information“ (revised in December 2015) the International Auditing and Assurance Standards Board (IAASB) set a framework, which covers a wide range of assurance engagements of an independent auditor. The IDW EPS 982, as of June 14, 2016, published by the Institute of Public Auditors in Germany (IDW) is a draft on the adaptation to the German regulatory environment.

Common use of the ISAE 3000 is the certification of Corporate Social Responsibility (CSR) or Carbon Footprint reporting, however, the scope of the ISAE 3000 is significantly broader due to the generic definition of the requirements and preconditions. Its use is limited only by the existence of specific auditing standards.

Other examples for ISAE 3000 assurance engagement are:

• Assessment and reporting on the company’s internal control system over non-financial information performed separately from financial audits, e.g. reporting on Key Performance Indicators (KPI), which the organization reports internally to the Management or to those charged with Governance, e.g. procurement gains or human resource management topics
• Disclosures in reports and publications
• Statements on compliance with laws or regulatory requirements
• Confirmation of compliance with contractual requirements, apart from financial reporting.

The generic design of the standard leads inevitably to complex regulations, requiring further interpretation, e.g. the meaning of the terms “reasonable assurance” and “limited assurance” or the distinction between “direct” and “indirect engagements”. Moreover, the roles of the parties involved need to be explicitly clarified, too.

Core considerations of the applicability of ISAE 3000, however, are the existence of suitable criteria, which preferably have passed through a due process (e.g. Sustainability Reporting Guidelines of the Global Reporting Initiative (GRI)) and is publicly available. Under certain circumstances, the reporting company itself may define the applicable criteria.

Overview of our services:

• Joint assessment of the applicability of the standard for your particular case
• Definition of the  applicable criteria
• Conducting the audit and highlight necessary or potential improvements
• Issuing  a formal certificate with reference to ISAE 3000 including distribution through our electronic platform by yourself)
• Consulting services for the implementation of an internal control system over the non-financial reporting (excluding subsequent examination and certification)