What is integrated reporting assurance all about? By Mark Hoffman
Following the gathering momentum behind the integrated reporting initiative, it was not long before the debate regarding how to go about obtaining the necessary assurance over integrated reporting ensued. The International Integrated Reporting Council (IIRC) in August 2014 released an insightful discussion paper entitled “Assurance of <IR>: an exploration of issues”, which is worth a read and response for those involved in the integrated reporting initiative (deadline for comments is 1 December 2014).
However, it is first necessary to take a step back and look at what integrated reporting assurance is all about in the first place. The ultimate assurance for any business would surely be the following:
- That we have developed the most appropriate strategy relative to our risk and opportunity profile to achieve maximum value creation in the short, medium and long term
- That we are executing against that strategy with a clear vision and accountability on the outlook and targets that we want to achieve
- That our strategy and business model is underpinned and supported by robust processes, controls, systems and governance structures consistent with the values and philosophy of the business
Conveniently, the International <IR> Framework (Framework) is built around the strategy and business model of an organisation and provides the ideal framework for such an assurance aspiration. Traditional assurance approaches are mostly risk or compliance based and do not address the strategy development and execution aspects of business as a core principle. Could integrated reporting present a more holistic business framework to achieving a more comprehensive concept of “assurance”?
The question then extends to: Who is responsible for assurance over the integrated reporting process and reporting produced therefrom?
The Framework and King III clearly call on those responsible for the governance of the organisation as those principally responsible for integrated reporting (that is, the board in South African private and public sector organisations). Recent discussions and debates around this mandate, including the panel discussion held by the Independent Regulatory Board of Auditors on the assurance of integrated reports on 20 August 2014 in Johannesburg, were clear that a combined assurance approach is required.
Combined assurance is a well-used term but is an often misunderstood or misapplied concept in the business world. Effective combined assurance requires a coordinated and balanced approach to achieving optimum levels of assurance. The IIRC discussion paper cites using a combination of:
- Leadership and governance
- Management controls
- Process and systems
- Internal audit
- Independent external assurance
The alignment of combined assurance to the Framework logically leads us to the concept of “integrated assurance”.
As businesses develop their integrated reporting processes, so, too, should they be looking at developing their “integrated assurance” approaches. This will entail adapting governance structures, processes, systems and people around the integrated reporting approach to business management and reporting, including the all-important concept of integrated thinking.
Internal auditors and external assurance providers will also need to develop and evolve their methodologies, frameworks and approaches; to effectively provide complete assurance that holistically embraces the principles and elements of integrated reporting. This will include ensuring that assurance teams have the diverse skills and experience required to apply themselves fully to the elements of integrated reporting. It will also require some deep rethinking of embedded concepts in existing frameworks like materiality, to embrace the more expansive value-driven and business-oriented materiality definition in the Framework.
Integrated reporting assurance would most likely be a combination of assurance over the underlying processes as well as the data and information reported. It will also need to be holistic and extend to all the elements and principles of integrated reporting – to the point that an overall opinion could be expressed on an integrated report. Interestingly, the Framework requires the board to express an opinion or conclusion as to whether an integrated report has been prepared in accordance with the Framework. It would then seem reasonable that an independent external assurance provider should provide an overall opinion on whether the report fairly presents in accordance with the Framework, although this aspiration could follow an incremental development journey.
Integrated assurance will need to firstly provide assurance to the board and management that robust integrated reporting processes are in place, as well as the completeness and reliability of information upon which management decisions are based.
Second, external stakeholders – particularly investors – will require assurance that robust strategic and business processes are in place and that they have access to complete, balanced and reliable information upon which to make investment and other key decisions about the organisation. It does not seem reasonable that investors will be able to make informed investment decisions based on audited financial statements only. As businesses start to provide more insightful integrated information, the expectation of assurance over the reliability of such information will surely follow.
Similarly boards and management, in executing their fiduciary responsibility over integrated reporting, will surely demand appropriate levels of assurance without needing regulatory compulsion to seek such assurance.
The key here will be extensive engagement with preparers, users, regulators and standard setters to develop appropriate assurance frameworks, including independent external assurance as well as the all-important concept of integrated assurance.
An impassioned plea seems to be that both users and preparers be able to properly understand the nature and extent of such assurance and that it ultimately meets their expectations. Such assurance needs to properly consider its audience and the purpose of such assurance to ultimately add value to users thereof. It is going to be an evolutionary process and the end goal has to be an understandable approach to assurance that is aligned to the needs of users and fully embraces the elements and principles of integrated reporting.
We must also accept that we are still on the journey to achieving the quality of corporate reporting that integrated reporting aspires to. It is inevitable and expected that assurance will follow a similar developmental journey, hopefully closely aligned to corporate reporting trends that will develop in time.
While engagement and due consideration are imperative, this should not be an excuse for apathy and delay. Assurance will be expected to evolve and innovate swiftly to meet the future needs of corporate reporting. The only sure thing is that assurance over corporate reporting is due for a change and we collectively need to make sure it is a change for the better. ❐
Author: Mark Hoffman CA(SA) is a partner at KPMG Inc Accounting Advisory Services & Integrated Reporting