The biggest challenge associated with new ESG reporting regulations isn’t that companies will be compelled to disclose ESG data — many already do so voluntarily — it is that they will need to have their ESG reports "assured," which means the data will be subject to the same scrutiny as financial reporting. 

New regulations, such as the European Union’s Corporate Sustainability Reporting Directive and anticipated rules from the U.S. Securities and Exchange Commission and California, will require corporations to get third-party assurance for their climate and ESG-related disclosures. The aim is to elevate the accuracy and legitimacy of ESG disclosures to standards that investors and regulators have come to expect for corporate financial reporting. 

That may catch many companies off guard.

Consider that 75 percent of businesses feel they don’t have the policies, skills and systems in place to meet ESG assurance requirements, according to a KPMG survey of 750 companies with an average revenue of $15.6 billion, conducted from April to  June.

With ESG assurance requirements expected to take effect as soon as 2025, companies will need systems to collect and manage their ESG data for the 2024 fiscal year. With deadlines rapidly approaching, what can companies do to get ESG assurance ready, and how much will it cost them? 

What is assurance? 

Before we dive into why ESG assurance matters to your organization, let’s define what it means. Assurance refers to an independent service, typically provided by certified or chartered accountants, that certifies the correctness and validity of the item being reviewed, usually financial statements. 

Assurance engagements analyze and assess the operations, processes and procedures related to an organization’s reporting activities to verify that its accounting record complies with regulatory standards and principles. 

For those familiar with financial audits, "At its core, ESG assurance and financial statement audit are looking to achieve the same thing, an independent third-party assessment of the completeness and the accuracy of the information that's being reported," said Maura Hodge, ESG audit leader at KPMG. 

There are two types of assurance, limited assurance and reasonable assurance. Here’s how KPMG defines them in its survey: 

Limited assurance: "A level of assurance at an acceptable level that, based on professional judgment, is meaningful for the intended users. It results in a negative conclusion (‘nothing has come to our attention to indicate that the information is materially misstated’)."

Reasonable assurance: "Expressing reasonable assurance requires the assurance provider to obtain sufficient appropriate evidence to conclude that the sustainability-related information prepared, in all material respects, in accordance with the applicable reporting criteria (positive conclusion)." 

Is it expensive? 

Assurance brings peace of mind, and that doesn’t come cheap. The SEC estimates its proposed climate disclosure rule will cost large "accelerated filers" — a term covering most public companies with more than $100 million of revenue — $75,000-$145,000 for limited assurance and $115,000-$235,000 for reasonable assurance.

That estimate is based on relative costs of assurance for financial statements. A 2022 survey from the consulting firm ERM found that U.S.-based companies spent an average of $82,000 on assurance related to climate. 

ESG assurance shouldn't just be thought about as a cost. If used strategically, ESG assurance can help companies identify and mitigate risks by adopting improved data systems and policies that build trust with key stakeholders. In fact, a study of 4,164 sustainability reports from 1993 to 2014 found that companies that obtained sustainability assurance enjoyed a 0.7 percent reduction in their cost of capital. 

How can companies get ready? 

Companies can prepare for ESG assurance requirements by consulting the people, processes and partners that drive their financial assurance as a starting point and then filling in any gaps with new roles, tools and professional services. 

Internal audit teams are responsible for monitoring an organization’s systems and processes for collecting, verifying, managing and reporting relevant information to stakeholders. When designing an ESG strategy, internal audit teams can help identify and understand risks, design controls and work to manage the cost of current and future ESG data compliance. 

The new wave of ESG reporting regulations has led some companies to create a new role, the ESG controller. Half of large banks with over $350 billion in assets have assigned