ISO/DIS 14019-2:2024(en)

ISO/TC 207/SC 2

Secretariat: UNI

Date: 2024-09-11

Sustainability information — Part 2: Principles and requirements for verification processes

Informations sur la durabilité — Partie 2: Principes et exigences pour les processus de vérification

© ISO 2024

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: +41 22 749 01 11

Email: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents

Foreword 4

Introduction 5

1 Scope 8

2 Normative references 8

3 Terms and definitions 8

4 Pre-engagement 8

4.1 General 8

4.2 Required information 9

4.3 Suitability of specified requirements and criteria 9

4.4 Relevance determination process and rational purpose 10

4.5 Common understanding 11

4.6 Conditions not met after acceptance of the engagement 11

4.7 Objectives 11

4.8 Type of deliverable 11

4.9 Specification of scope, requirements, and criteria 11

4.10 Materiality 12

4.11 Level of assurance 12

4.12 Inherent limitations and scope limitations 13

4.12.1 General 13

4.12.2 Evaluating consequences of inherent limitation 13

5 Engagement 13

6 Planning 14

6.1 Verification team selection 14

6.2 Strategic analysis 14

6.2.1 General 14

6.2.2 Context for the strategic analysis 14

6.2.3 Strategic analysis approach 14

6.2.4 Output from and review of strategic analysis 15

6.3 Risk assessment 15

6.3.1 General 15

6.3.2 Context for risk assessment 16

6.3.3 Process for risk assessment 16

6.3.4 Output from and review of the risk assessment 17

6.4 Assessment of materiality 17

6.4.1 Process for assessing materiality 17

6.4.2 Output of assessing materiality 18

6.5 Evidence-gathering activities 19

6.5.1 General 19

6.5.2 Designing evidence-gathering activities 19

6.5.3 Use of the responsible party’s internal controls 20

6.5.4 Evidence gathering for quantitative information 20

6.5.5 Evidence gathering for qualitative information 20

6.5.6 Evidence-gathering techniques 21

6.5.7 Process for evidence gathering 22

6.5.8 Evidence-gathering plan 22

6.5.9 Verification plan 22

6.5.10 Approval of evidence-gathering plan and verification plan 23

6.6 Scope limitations 23

7 Execution 24

7.1 General 24

7.2 Communication 24

7.3 Insufficient Information 24

7.4 Intentional misstatement or noncompliance 24

7.5 Determination of evidence 25

8 Review 25

9 Decision 25

10 Assurance opinion 25

10.1 Content of the assurance statement 25

10.1.1 General 25

10.1.2 Content of assurance information 26

10.1.3 Subject covered in the assurance opinion 26

10.2 Opinion –input, extent and types 27

10.3 Unmodified opinion 27

10.4 Level of assurance – linkage to unmodified opinion 28

10.5 Modified opinions – two types 28

10.6 Modified - Adverse opinion 28

10.7 Modified - Disclaimer of opinion 28

10.8 Amplifications in assurance opinion 28

10.9 Opinion when changes have been made to the declared sustainability information to state that there are material misstatements 29

10.10 Quantitative and qualitative information 29

11 Facts discovered after issue of the assurance opinion 29

12 Records 29

Annex A (informative) Sampling 31

Annex B (informative) Level of assurance 33

Annex C (informative) Inherent risk 34

Annex D (informative) Uncertainty 35

Annex E (Normative) Verification approach for qualitative information 36

Bibliography 37

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity, or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 207, Environmental management, Subcommittee SC 2, Environmental auditing, and related environmental investigations in conjunction with ISO/CASCO, Committee on Conformity Assessment.

A list of all parts in the ISO 14019 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

0.1   With increasing public demand and advancing legal provisions (regulatory and contractual) for declarations, disclosures and reporting of sustainability information, there is a significant market need for the validation, verification and assurance of this information.

0.2   Standards are needed for both:

a) identifying metrics and indicators, monitoring, compiling, reporting, declaring and disclosing information about sustainability matters (including environmental, social and governance (ESG) matters); and

b) harmonised approaches to validation/verification and assurance of that information.

Validated and verified sustainability information can be used for decision making including investment decisions, procurement decisions, or individual choices during consumer purchasing, the use of services and decisions on where to work.

0.3   In this document, the sustainability information that is declared by a responsible party is the object of the validation or verification. Validation and verification bodies assess the declared sustainability information for its conformity and fulfilment of ‘specified requirements and criteria’.

0.4   Specified requirements and criteria are set by a validation/verification programme, which could be a mandatory regulatory reporting programme, or a voluntary programme for a specific sector or sustainability matter. The result of a completed validation/verification activity can be the provision of an assurance opinion which attests that the specified requirements and criteria have been fulfilled and:

a) the reasonableness of the assumptions, limitations and methods that support declared sustainability information about a future outcome has been validated; and

b) the material correctness and fair representation of historical data and information has been verified.

NOTE The primary outcome of validation/verification activities under the ISO 14019 series of standards is an assurance opinion. In addition, the ISO 14019 series of standards allows for alternative non-assurance outcomes or deliverables. The deliverable chosen for each specific validation/verification activity (i.e. an assurance opinion or a non-assurance deliverable) is specified in the relevant validation/verification programme and confirmed between the validation/verification body and it’s client in a specific engagement agreement. Non-assurance deliverables include reports of factual findings based on agreed-upon procedure (AUP report), findings reports and evidence reports. These non-assurance deliverables can be appropriate for situations where an assurance opinion is not required, for example, in voluntary or internal reporting, reporting from organizations upstream or downstream in the value chain, or for small-medium sized enterprises (SMEs), or in situations where capacity building is being undertaken, or when the expense of an assurance opinion is prohibitive (see Annex H of ISO 14019-1 for more information).

0.5   The overall aim of validation/verification is to give confidence to intended users that the declared sustainability information is fairly stated, can be used for the defined purpose and fulfils specified requirements and criteria. This confidence is provided through an impartial validation or verification process undertaken by a competent validator/verifier.

0.6   Parties that have an interest in validation/verification include, but are not limited to:

a) clients of validation/verification bodies;

b) validation/verification programme owners and other developers of standards;

c) regulatory authorities;

d) intended users of validated/verified declared sustainability information (e.g. investors, supply chain partners, industry bodies, NGOs, consumers) and other interested parties.

0.7   Frameworks, principles and processes guiding validation/verification rules and procedures should be compatible with the globally accepted quality infrastructure (standardisation, conformity assessment by validation/verification, peer assessment, accreditation). Furthermore, developing these rules and procedures as ISO standards would allow all interested parties, especially those with already implemented structures and existing instruments, to participate.

0.8   Standards for the declaration and reporting of sustainability information (already existing or under development) relate, for instance, to entities (e.g. listed companies or suppliers) that are increasingly required to report specific ESG or sustainability matters under voluntary or mandatory arrangements (e.g. as a pre-requisite to supply chain or market access, pre-condition for tenders and government procurement, and as part of securities exchange or regulatory annual reporting).

0.9   Within the existing legal framework of many countries and regions, the global system of conformity assessment and its recognition (e.g. through multilateral arrangements between accreditation bodies), the tools for assessing declared sustainability information (claims, reports etc.) and providing assurance on its fair presentation currently exist. However, standardised specifications of a consistent process for validating and verifying declared sustainability information is lacking.

0.10   Parties interested in qualitatively trustworthy and quantitatively comparable information will benefit from standardised validation/verification processes to be performed by legal entities that fulfil the requirements of ISO/IEC 17029, Conformity assessment — General principles and requirements for validation and verification bodies.

0.11   While validation and verification both result in a confirmation of declared information, they differ significantly in their execution. Assessing historic data with respect to truthful and correct statements in a verification requires different methodological approaches than determining whether declarations on an intended purpose or future effect is reasonable and plausible in a validation. It is therefore decided to develop separate ISO 14019 parts dedicated to the validation process (ISO 14019-Part 3) and the verification process (ISO 14019 Part 2, this document).

0.12   As for the type of information to be validated or verified, distinction could be made according to the subject matter (e.g. environmental, social, governance). However, taking the perspective of describing methodologies, the distinction according to the nature of the assessed information, being quantitative or qualitative, appears more rational.

0.13   Verification processes are generally planned and performed to reach a decision on providing assurance whether or not the declared sustainability information fulfils the specified requirements and criteria. This conclusion is issued as assurance opinion. Where the process is organized to gather evidence regarding the fulfilment of specified requirements and criteria only, the report on these evidence gathering results can be issued as non-assurance deliverable. Resulting from a review of the evidence, a non-assurance report can include findings on the suitability, adequacy and effectiveness of the evidence gathering considered with regard to fulfilment of specified requirements and criteria. Different terms can be used to make reference to such non-assurance deliverables with reviewed evidence (e.g. findings report) or without (e.g. evidence report).

0.14   ISO 14019 is developed in separate parts to provide a consistent overview of the entire validation/verification of sustainability information, and give general and specific requirements for validation/verification processes. Where the principles and requirements undergo rapid development, the individual parts can undergo revision separately as required.

0.15   In summary, the parts to ISO 14019 are:

— Part 1 specifies terminology, principles, and general requirements applicable to both validation and verification.

— The process specifics of verification (Part 2, this document) and validation (Part 3, development intended) are provided in separate documents.

— Part 4 (under development) contains the specific requirements applying to the validation/verification bodies and their personnel, the validators and verifiers, in addition to generic requirements of ISO/IEC 17029.

0.16   For the verification of quantitative information, Part 2 details the approach for continuous and discrete forms of data and the types of evidence gathering activities that can be applicable to each. Continuous data can be further categorized as ratio and interval data. Verification approaches include an assessment of data collection, data editing, data transformation, data control processes as well as numerical techniques that aid in verification of analytical testing.

0.17   For verification of qualitative information, which can be based on numerical and non-numerical information, Part 2 details the approach to both types, including review of language, terms, adjectives used in the declared sustainability information to ensure it is appropriate, consistent with the available information and truthful. Verification approaches include an assessment of the selection, determination, collection, editing, control processes associated with the qualitative information. It can also include use of professional judgement to review the overall qualitative information to ensure it is fair and truthful and can be relied on by interested parties.

Sustainability information — Part 2: Principles and requirements for verification processes

This document specifies requirements and includes guidance for the verification of declared sustainability information, including information presented in quantitative and qualitative formats.

NOTE Declared sustainability information can include reporting on environmental, social, governance and other sustainability matters.

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 17029:2019, Conformity assessment — General principles and requirements for validation and verification bodies

ISO 14019‑1:xxxx, Validation and verification of sustainability information —Part 1: General principles and requirements

For the purposes of this document, the terms and definitions given in ISO 14019-1:xxxx and the following apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at https://www.electropedia.org/

In pre-engagement, the verification body shall confirm the following:

a) fulfilment of preconditions, including specified requirements and criteria for declared sustainability information (see 4.2), suitability of specified requirements and criteria (see 4.3), relevance determination process and rational purpose (see 4.4), common understanding (4.5) and the actions that may be undertaken if preconditions are found not to have been fulfilled after the execution has been started (see 4.6);

b) the objective is verification (see 4.7), or a mixture of both validation and verification;

NOTE Declared sustainability information can have elements that need validation/verification.

c) type of deliverable (i.e. report of factual findings or assurance opinion) (see 4.8);

d) scope of verification, specified requirements and criteria to be used to prepare the information to be verified (e.g. specified requirements for declaring information, including categories of sustainability matter) (see 4.9);

e) materiality (see 4.10);

f) level of assurance (see 4.11); and

g) inherent limitations of the deliverable (see 4.12).

4.2.1 The verification body shall ensure that the verification programme that has been agreed with the client includes:

a) applicable specified requirements and criteria for the declared sustainability information;

b) a process for verification consistent with the requirements of this document; and

c) the process and methodology to confirm the relevance determination process of the responsible party’s declared sustainability information (see 4.4).

4.2.2 The verification body shall ensure that the client obtains from the responsible party sufficient information to fulfil the requirements of:

a) ISO/IEC 17029:2019, 9.2.1; and

b) the applicable parts of this ISO 14019 series.

4.2.3 The verification body shall consider whether the party responsible for the declared sustainability information has adequately identified and taken into account the specified requirements and criteria, reporting boundaries, relevance determination process and value chain considerations that have been specified in:

a) the agreed verification programme;

b) any external reporting framework for the declared sustainability information; or

c) a framework established by the responsible party or the verification body.

4.2.4 The verification body shall ensure that the client has obtained confirmation from the responsible party that the responsible party has a reasonable basis for issuing the declared sustainability information.

4.3.1 The verification body shall assess whether the specified requirements and criteria proposed by the responsible party are suitable for the verification to be agreed on with the engagement, including whether the declared sustainability information and sustainability matters:

a) are capable of consistent measurement (quantitative information) or evaluation (qualitative information) against applicable specified requirements and criteria;

b) have been subjected to a relevance determination process; and

c) can be subjected to verification activities for obtaining sufficient appropriate evidence.

NOTE Specified requirements and criteria in established programmes (such as regulatory or voluntary reporting programmes, applicable ISO or other assurance standards) are considered to satisfy this clause.

4.3.2 In assessing the suitability of specified requirements and criteria, the verification body shall:

a) evaluate whether there are specified requirements and criteria applicable to the declared sustainability information that will be verified;

b) identify and confirm the sources of the specified requirements and criteria;

c) evaluate whether the specified requirements and criteria exhibit the following characteristics:

i. relevance;

ii. completeness;

iii. reliability;

iv. neutrality; and

v. understandability.

4.3.3 Specified requirements and criteria shall be available to intended users identified by the responsible party and, if applicable, interested parties identified by the responsible party or the verification programme.

4.3.4 If the expected outcome of the verification is an assurance opinion, the verification body shall assess whether it expects to be able to obtain the evidence needed to support its conclusions.

4.4.1 Unless otherwise specified in the verification programme, the verification body shall:

a) review the relevance determination process that the responsible party has undertaken to identify:

i. its relevant sustainability matters, including scope and boundary conditions and any consultation with interested parties;

ii. intended users and the types of decision that they will make for specific purposes based on the declared sustainability information;

iii. criteria which are used for determining relevance;

iv. the metrics, units of measurement, and changes in sustainability performance that are included in the declared sustainability information; and

v. likely effects of the decisions that are based on the declared sustainability information on sustainability outcomes, intended users and their purpose.

b) question the responsible party on the declared sustainability information to determine whether it covers the relevant sustainability matters and includes meaningful metrics, units of measurement, and changes in sustainability performance;

c) select the declared sustainability information that will be used in the verification; and

d) identify any limitations or omissions with regard to relevant sustainability matters, and explicitly state those inherent limitations or omissions in any assurance opinion.

NOTE 1 The intent of this subclause is to establish a “relevance determination process test” early on in the verification process and allow for the verification body to question the responsible party’s declared sustainability information so that it includes relevant sustainability matters and meaningful metrics, units of measurement, and performance information. By doing this, it is expected that verification activities will avoid focusing on peripheral or unimportant sustainability matters, metrics etc. and avoid verifying declared sustainability information that has little or no actual value in terms of sustainability outcomes (e.g. to avoid “green-washing“ or misleading claims or declarations).

NOTE 2 The “relevance determination process test” in this subclause is not to be confused with the separate consideration of materiality (see 4.10). The separate assessment of materiality is in relation to the confirmed declared sustainability information after the “relevancy test” has been completed.

4.4.2 The verification body shall decide whether the proposed verification exhibits a rational purpose. In making this decision the verification body shall confirm that:

a) it is able to obtain a meaningful level of assurance in the case of an engagement agreement for verification with a limited assurance;

b) the results of the verification will be useful and not misleading to intended users;

c) the scope of the verification is appropriate; and

d) when the scope of the verification excludes part of the declared sustainability information, how this exclusion is to be communicated to intended users and included in any assurance opinion.

If the requirements of 4.1 – 4.4 are not met, the verification body shall not accept the engagement agreement on providing assurance, unless required by law or regulation to do so.

4.6.1 If it is discovered after the engagement agreement has been accepted that one or more conditions for verification activities to provide assurance are not met, the verifier shall discuss the matter with the appropriate parties and determine whether the matter can be resolved to the verification body’s satisfaction.

4.6.2 If the matter cannot be resolved to the verification body’s satisfaction, the verification body shall:

a) withdraw from the engagement agreement if that is possible under applicable law or regulation; or

b) if withdrawal is not possible under applicable law or regulation, continue with the verification and express a qualified or adverse conclusion, or disclaimer of conclusion, as appropriate in the circumstances.

4.7.1 The verifier and client shall agree on the verification objectives taking into account:

a) the verification programme;

b) intended users;

c) relevant interested parties; and

d) the type of deliverable.

4.7.2 Where the verification will result in an assurance opinion, the verification objectives shall include reaching a decision about the fair presentation of the declared sustainability information and its conformity to the specified requirements and criteria.

The verification body and the client shall agree on the type of deliverable (see ISO 14019-1) that is intended to result from the verification.

NOTE 1 Types of deliverables are:

a) assurance opinion;

b) non-assurance results, such as reports of factual findings.

NOTE 2 A single engagement agreement can include more than one type of deliverable.

4.9.1 The verification body and the client shall agree on relevant information to be included in the declared sustainability information.

4.9.2 The verification body shall apply verification programmes (see ISO 14019-1) that address at least the following:

a) description of the declared sustainability information to be verified (e.g. reporting and disclosure, sustainability matter and its context, qualitative or quantitative information, and, if applicable, responsible party’s relevance determination process and its outcome);

b) the applicable sustainability matter criteria including the criteria used in the responsible party’s relevance determination process for selecting the declared sustainability information;

c) exclusions of declared sustainability information from the scope proposed by the client or the responsible party and accepted by the verification body, including the responsible party’s reasons for each exclusion;

NOTE 1 Programmes can allow exclusion of declared sustainable information from the agreed scope under specific conditions, such as:

— legal constraints prevent the disclosure as declared sustainability information;

— rare instances where sustainability information to be declared is confidential or disclosure as declared sustainability information would cause more harm than benefit, such as compromising an investigation.

NOTE 2 In some programmes an exclusion is known as an “omission”.

d) requirements and methodology for verification.

The verification body and client shall agree on materiality for the declared sustainability information (both: quantitative and qualitative information).

NOTE 1 Materiality relates to possibility of misstatements, errors etc. in the sustainability matters (quantitative and/or qualitative) that is presented in the declared sustainability information. Such declared sustainability information can include performance metrics, comparisons, graphs, relevance determination process, value chain information, product, or service information.

NOTE 2 Professional judgment about materiality is based on the verifier’s perception of the common information needs of intended users and their purpose, as an individual or group (as applicable) and relate to surrounding circumstances.

NOTE 3 Professional judgement related to materiality is not influenced by the agreed level of assurance. As an example, for the same intended users and their purpose, materiality for a verification with reasonable assurance is the same as for a verification with limited assurance because materiality is based on the information needs of intended users.

NOTE 4 Materiality relates to the sustainability matter covered by the declared sustainability information.

NOTE 5 A verification may include the evaluation of the responsible party’s determination of the relevance of its sustainability information and hence what the responsible party will declare.

NOTE 6 See 6.4 for requirements on the process of assessing materiality.

4.11.1 The verification body and the client shall agree on the level of assurance to be applied, if applicable and not specified by the verification programme. On determining the level of assurance, the verification body shall check whether the responsible party has taken into consideration the needs of the intended users and their purpose.

NOTE The level of assurance is specified prior to the start of the verification because the level of assurance establishes the nature, extent, and timing (i.e. the design) of the evidence-gathering activities.

4.11.2 The verifier shall not change the level of assurance during the verification but may terminate the verification and agree on a new engagement agreement with a different level of assurance.

NOTE Annex B provides further information on level of assurance.

4.12.1.1 Where inherent limitations are known to exist prior to accepting an engagement agreement (see 5.2), the verification body shall determine whether the conditions (see clause 4) for a verification are met. In particular, the verification body shall assess whether the evidence can be assessed for the declared sustainability information.

4.12.1.2 If a further limitation is imposed by the client or responsible party after an engagement agreement to provide assurance has been accepted, the verification body shall consider whether to withdraw from the engagement agreement, where withdrawal is possible under applicable law or regulation.

4.12.1.3 The verifier shall communicate in the assurance opinion any limitations found during the planning or execution stages.

4.12.2.1 The verifier shall evaluate the proposed scope, specified requirements and criteria, level of assurance, access to relevant material on the quantitative and qualitative information in the declared sustainability information, to identify any limitations imposed by the responsible party on the verification activities (see 10.5).

4.12.2.2 Where limitations are found, the verifier shall consider whether they can result in the verifier being unable to make a decision on assurance of the declared sustainability information; if so, the verifier shall not accept the engagement agreement as an engagement agreement to provide assurance (see 10.5).

4.12.2.3 The verifier shall document its evaluation of any potential limitations and the outcome of the evaluation.

NOTE The evaluation of limitations normally occurs as part of risk assessment (see 6.3) and assessment of materiality (see 6.4).

The verification body shall have an engagement agreement with each client for the provision of verification activities that includes:

a) identification of:

i. the declared sustainability information;

ii. the applicable specified requirements and criteria, including the relevance determination process for selecting the declared sustainability information; and

iii. rules and procedures for the methodology of verification.

b) the scope of verification;

c) reference to the requirements for the verification body providing the verification for example, but not limited to, competence, impartiality, and consistent operation;

d) a statement from the responsible party that confirms that it is responsible for its declared sustainability information and for conformity with the agreed specified requirements and criteria;

e) provisions for managing any changes to the agreement or ending the agreement;

f) use of the assurance opinion by the responsible party and client;

g) how to reference the assurance opinion or assurance process in case disclosed sustainability information is different from declared sustainability information; specifically if disclosed sustainability information includes sustainability matters that are not included in declared sustainability information.

The verification body shall select a team that has the necessary competence (knowledge, skills, behaviours, experience, training etc.) to undertake the verification.

NOTE See ISO 14019-1, 4.3.5 and ISO 14019-4, 7.3 and Annex A.

The verifier shall perform and document a strategic analysis to inform the risk assessment (see 6.3).

The context of the strategic analysis shall be the following:

a) the declared sustainability information, and its associated sustainability matters, background and perspective, including issues such as its language and form;

b) the agreement (see Clause 5) related to:

i. the declared sustainability information;

ii. the specified requirements and criteria for verification, including the relevance determination process.

c) information about issues of concern to intended users; and

d) the verifier’s own research related to the responsible party’s public commitments and communication related to sustainability (this includes information outside the scope of the declared sustainability information);

e) whether an intended user has been identified to act in interests of interested parties.

6.2.3.1 The verifier shall include the following matters when undertaking strategic analysis:

a) agreed sustainability matter, its background and perspective;

b) matters agreed in the engagement agreement such as relevance determination process, intended users and their purpose, level of assurance, materiality, type of deliverables, consideration of the outcome of previous verifications;

c) evaluation of the responsible party’s public commitments and communication related to sustainability (this includes information outside the scope of the declared sustainability information, including the nature of the parties in the value chain, systems thinking and life cycle approach);

d) responsible party’s business model and operations as they related to the declared sustainability information;

e) statement from the responsible party that the declared sustainability information is correct and true;

f) matters related to the declared sustainability information, including:

i. likely accuracy and completeness of the sustainability information, including data integrity, and uncertainty (for uncertainty see Annex D);

ii. the time boundary for data;

iii. sustainability indicators and their contribution to the overall information;

iv. if applicable, changes in sustainability information from prior periods;

v. appropriateness of quantification and reporting methods and any changes;

vi. appropriateness of process for determining qualitative information and links to associated declared sustainability information and any changes.

g) responsible party’s internal control system, its scope and approach to ensure no material misstatements in quantitative and qualitative information linked to the declared sustainability information; and

h) other considerations including:

i. governance of:

1. the declared sustainability information as well as the underlying information (e.g. corruption, fraud, hacking);

2. any digital storage, control, software management etc. that is used to generate the information, as applicable;

3. internal activities to prevent fraud and illegal activity associated with the sustainability matter;

4. information and its management, storage, and retrieval; and

ii. any other issue that may come up related to the declared sustainability information.

6.2.3.2 When performing strategic analysis, the verifier shall consider the following:

a) life cycle thinking related to the nature and extent of the declared sustainability information and verification activities;

b) what-if scenarios and the potential for omission of material information;

c) how individual team members’ competencies contribute to the collective competence of the verification team; and how individual team members should be deployed to carry out the verification and deliver the outcome as agreed in the engagement agreement (see).

6.2.4.1 The verifier shall ensure the output of the strategic analysis is used as input to the risk assessment (see 6.3), evidence-gathering activities (see 6.5), the evidence-gathering plan (see 6.5.8), and verification plan (see 6.5.9).

6.2.4.2 The strategic analysis shall be documented in sufficient detail to allow it to be reproduced, including the inputs, outputs, links between the strategic analysis, the risk assessment, the assessment of materiality, the evidence-gathering plan, and the verification plan.

6.2.4.3 The verifier shall review the strategic analysis and revise the outcome as findings or issues encountered during the verification process arise.

6.3.1.1 A risk assessment shall be carried out that includes risks:

a) associated with the sustainability matter covered by the declared sustainability information (inherent risk);

b) that responsible party’s internal control does not prevent or detect and correct errors, omissions, misstatements, or fraud in the management of data that support the declared sustainability information (control risks). This includes the responsible party having conducted its own risk assessment of errors, omissions, or fraud occurring and the mitigation of such risks;

c) that the verification methodology, evidence-gathering plan, verification plan, and the team competences does not detect a materiality issue as defined in the engagement agreement (detection risk);

d) of a material misstatement or nonconformity with the specified requirements and criteria of the declared sustainability information as agreed in the engagement agreement (see ISO 14019-1); and

e) of a misstatement.

6.3.1.2 The verifier’s assessment of the risks described in 6.3.1.1 a) – e) above shall determine the planned nature and extent of evidence-gathering activities.

NOTE 1 Not all the above may be relevant to every verification.

NOTE 2 In this context, risks can be a matter of professional judgment and not of quantitative risk assessment.

NOTE 3 Risk assessment excludes the verification body business risks associated with the verification.

The context of the risk assessment shall be the following:

a) objectives of the verification and the engagement agreement to:

i. the declared sustainability information;

ii. the applicable specified requirements and criteria including the relevance determination process for selecting declared sustainability information; and

iii. requirements and methodology for verification including the level of assurance to be achieved and the corresponding evidence gathered during the verification process.

b) relevant legal and regulatory issues;

c) the operating environment of the responsible party and its internal control system;

d) understanding of intended users’ taking in to account their purpose and decisions related to the declared sustainability information;

e) responsible party’s governance processes, risk control, and opportunities for improvement processes;

f) possibility for misleading declared sustainability information;

g) results of the assessment of materiality (see 6.4);

h) written confirmation from the responsible party that the declared sustainability information is correct and true; and

i) principles in ISO 14019-1, related to the information and the declared sustainability information;

j) output of strategic analysis.

The risk assessment shall be performed considering by the inputs to, and outputs from, the strategic analysis (see 5) and the following:

a) likelihood:

i. that design criteria for software, machine learning, remote methods (such as drones) include errors or omission or limitation that may impact the quantitative or qualitative information supporting the declared sustainability information or being used in the declared sustainability information;

ii. of intentional misstatements;

iii. of omission of a potentially significant information.

b) outcome of the verifier’s internal research – see strategic analysis;

c) whether there is any significant sustainability information that is outside the normal course of business for the responsible party or that otherwise appear to be unusual;

d) nature and complexity of the operations of the responsible party or of the declared sustainability information to be verified;

e) likelihood that non-compliance with applicable laws and regulations can have a direct effect on the content of the declared sustainability information, including any significant economic or regulatory changes that might impact the reporting and disclosure of sustainability information;

f) declared sustainability information related matters such as:

i. selection, quality, and sources of information (quantitative and qualitative);

ii. level of detail provided in pre-engagement materials;

iii. nature and complexity of quantification methods;

iv. bias in the identification of qualitative information included in the declared sustainability information;

v. degree of subjectivity in the weighting of indicators;

vi. significant estimates and the quantitative and/or qualitative information on which they are based;

vii. characteristics of the internal controls and the apparent effectiveness of the controls in identifying and preventing errors, omissions, or fraud;

viii. experience, skills, and training of responsible party personnel involved in the generation, determination, collection, and collation of the quantitative and qualitative information.

g) if applicable, changes in declared sustainability information (changes could be due to progress in the same declared sustainability information or different sustainability matters being included in the declared sustainability information) from prior verifications.

6.3.4.1 The verifier shall ensure the output from the risk assessment is used as an input into the:

a) evidence-gathering planning; and

b) verification planning.

6.3.4.2 The risk assessment shall be documented in sufficient detail to allow it to be reproduced. The link between the outcome of the risk assessment and the evidence-gathering plan and the verification plan shall be clear in the documentation.

6.3.4.3 The verifier shall review the risk assessment, and revise the outcome as findings or issues encountered during the verification process arise.

6.4.1.1 The verifier shall consider materiality at various stages during the verification, including:

a) planning, while determining the nature, timing, and extent of verification activities;

b) performing the verification, when evaluating whether the declared sustainability information is free from misstatements and conforms to the verification programme as set out in the engagement agreement.

The verifier shall determine during execution (see Clause 7), whether the declared sustainability information is free from material misstatements.

6.4.1.2 The verifier’s process for assessing materiality shall include:

a) the specified requirements and criteria for the declared sustainability information, including the responsible party’s relevance determination process (see 4.3) for selecting the declared sustainability information;

b) the objectives of the verification and the needs of intended users for their purposes;

c) the declared sustainability information that is being verified;

d) agreed level of materiality;

e) outputs from the strategic analysis;

f) outputs from the risk assessment; and

g) the responsible party’s internal controls related to declared sustainability information.

6.4.1.3 Considering materiality shall take into account the possibility that:

a) any parameter included in the declared sustainability information will generate a material misstatement, even if internal controls are implemented;

b) any qualitative information that will misrepresent a factual situation related to the statement of quantitative information, even if internal controls are implemented.

6.4.2.1 The verifier shall ensure that considering materiality includes:

a) at the planning stage:

i. critical quantitative information and supporting information that needs evaluating, the types and detail of evidence gathering, and the output expected from such evaluation;

ii. critical qualitative information statements and the supporting information that needs evaluation, the types and details of evidence gathering, and the output expected from such evaluation;

b) during the execution:

i. evaluation of the critical quantitative information sets, and supporting information, and the types and detail of evidence gathered to ensure that nothing has emerged that necessitates changes to the evidence-gathering plan;

ii. evaluation of the critical qualitative information statements and the supporting information and the types and detail of evidence gathered to ensure that nothing has emerged that necessitates changes to the evidence-gathering plan;

c) at the end of the verification:

i. evaluation of critical quantitative information sets and supporting information;

ii. evaluation of critical qualitative information statements and supporting information; and

iii. any adjustment to the evidence-gathering plan.

6.4.2.2 The inputs and outputs and links between the risk assessment, the assessment of materiality, the evidence-gathering plan, and verification plan shall be clearly documented.

6.4.2.3 The verifier shall evaluate the assessment of materiality and revise it, as necessary, to take into account any changes in risks and materiality that may have occurred over the course of the verification.

The verifier shall design evidence-gathering activities to assess the declared sustainability information based on inputs from the strategic analysis, risk assessment, and the assessment of materiality.

NOTE Quantitative information evaluation includes, for example, hypothesis testing, measurement, data analysis, statistical interference, and qualitative information evaluation includes, for example, questioning framing, listening, data analysis, data presentation, research.

6.5.2.1 The evidence-gathering activities shall be designed to collect sufficient and appropriate evidence upon which the decision can be based.

6.5.2.2 The verifier shall obtain more persuasive evidence to counter the risk of misstatement (quantitative information) and/or misrepresentation (qualitative information).

6.5.2.3 The verifier shall consider inherent risk, control risk, and detection risk in designing the evidence-gathering activities.

6.5.2.4 The verifier shall consider the inherent risks associated with data management, including data smoothing, exclusion, and use of outside or modelled data.

NOTE Annex C has further information about inherent risk and Annex D about uncertainty.

6.5.2.5 Irrespective of the risks identified, the verifier shall – as determined by the strategic analysis, risk assessment, and assessment of materiality – design and perform evidence-gathering activities for elements of the quantitative declared sustainability information.

6.5.2.6 Irrespective of the risk identified, the verifier shall – as determined by the strategic analysis, risk assessment, and assessment of materiality – design and evaluate procedures to evaluate qualitative information, and use of professional judgement to ensure that declared sustainability information is fairly stated and can be relied upon by intended users.

6.5.2.7 The verifier shall develop evidence-gathering activities to determine whether the declared sustainability information conforms to specified requirements and criteria including the relevance determination process as agreed in the engagement agreement.

6.5.2.8 In cases where the scope of verification includes the responsible party’s relevance determination process and its outcome, the evidence gathering shall determine whether:

a) the responsible party’s relevance determination process and its outcome are complete;

b) the boundaries of the responsible party’s relevance determination process are consistent with the declared sustainability information;

c) the outcome from the responsible party’s relevance determination process:

i. is consistent with the declared sustainability information;

ii. fairly reflects what interested parties expect to be disclosed in the declared sustainability information;

iii. includes quantitative information that is complete, plausible and truthful; and

iv. includes qualitative information that is fair, plausible and truthful.

6.5.2.9 The verifier shall ensure that the evidence-gathering activities are designed to determine the quantitative and/or qualitative information trails necessary to meet the objective considering the level of assurance agreed.

6.5.3.1 The verifier shall determine the extent to which reliance on the responsible party’s internal controls will be made depending on the results of the risk assessment, assessment of materiality, and the level of assurance agreed in the engagement agreement.

6.5.3.2 The verifier shall consider the responsible party’s information system and controls that relate to the quantitative information and qualitative information as applicable to the declared sustainability information.

6.5.3.3 Depending on the level of assurance, the verifier shall ensure that the evidence-gathering activities assess the design and effectiveness of the responsible party’s internal controls, including:

a) the selection and management of the sustainability information, as related to the declared sustainability information;

b) the processes for collecting, processing, consolidating and reporting sustainability information, as related to the declared sustainability information;

c) the internal controls and processes that ensure the validity and accuracy of the sustainability information, as related to the declared sustainability information;

d) the design and maintenance of the internal controls;

e) systems, processes, and personnel procedures that support the internal controls, including activities for ensuring information quality; and

f) the results of previous verifications, if available and appropriate;

g) tests of the responsible party’s approach to identifying and engaging with interested parties which can include confirmation of statements attributed to interested parties.

The verifier shall design evidence-gathering activities that relate to the quantitative information aggregation process, including reconciling the quantitative information in the declared sustainability information to be verified and examining material adjustments made during the course of reporting or disclosure of the declared sustainability information.

The verifier shall design evidence-gathering activities that relate to the qualitative information considering:

a) bias in the identification of qualitative information included in the declared sustainability information;

b) the degree of subjectivity in the weighting of indicators;

c) any significant estimates and the qualitative information on which they are based;

d) misrepresentations of the factual situation related to the qualitative information used in the declared sustainability information; and

e) qualitative information statements and the supporting information that needs evaluating, the types and details of evidence gathering, and the output expected from such evaluation.

NOTE 1 See Annex E for more information on the verification approach for qualitative information.

NOTE 2 Qualitative information can include narrative reports, quotes, comparison summaries etc.

6.5.6.1 Verifiers shall use one or more of the following evidence-gathering activities and techniques in the verification.

NOTE 1 Evidence gathering is about selecting what to; how much, what type; what cross checks and what is deemed as positive outcome whether it is quantitative or qualitative information.

NOTE 2 There are some evidence-gathering techniques that apply only to quantitative information and some only apply to qualitative information.

Table 1 — Evidence gathering

NOTE 3 Verifiers may use digital and remote technology to execute the activities and techniques described above.

NOTE 4 Annex A provides informative guidance on sampling.

6.5.6.2 Selection of the techniques shall be appropriate to the:

a) sustainability matter;

b) intended deliverable;

c) level of assurance;

d) declared sustainability information and its quantitative and qualitative information including if relevant the responsible party’s relevance determination process.

6.5.6.3 Verifiers who use generative artificial intelligence as part of evidence gathering shall record the source of the information and the date of its access in their working papers.

The verifier shall ensure that review of evidence-gathering activities occurs at various stages, including:

a) planning, including the detail of the evidence-gathering activities;

b) execution of the evidence-gathering plan and the verification plan;

c) revising the evidence-gathering plan and the verification plan, when the discovery of new circumstances warrant revising them;

d) at the end of the execution, to determine whether evidence-gathering activities have produced sufficient appropriate evidence to support conclusions on the responsible party’s declared sustainability information to be plausible (validation) or truthful (verification).

The verifier shall establish an evidence-gathering plan based on the results of the verifier’s strategic analysis and the risk assessment and ensure that the evidence-gathering plan:

a) is designed to lower the verification risk to an acceptable level;

b) specifies the type and extent of evidence-gathering activities; and

c) is not communicated to the responsible party or client.

6.5.9.1 The verifier shall develop a verification plan that describes verification activities and schedules. The verification plan shall be revised as necessary during the verification.

NOTE The verification plan is based on the output from the strategic analysis, risk assessment, assessment of materiality, and the evidence-gathering plan.

6.5.9.2 The verification plan shall include the following:

a) the scope of verification and objectives;

b) identification of the verification team and their roles on the team;

c) contact information for the client and the responsible party;

d) the schedule, location, and nature of verification activities;

e) the level of assurance;

f) the identification of the verification programme (see ISO 14019-1, Clause 7) and specified requirements and criteria as set out in the engagement agreement;

g) the materiality for quantitative declared sustainability information;

h) the schedule for interactions (e.g. site visits).

6.5.9.3 The verifier shall communicate the verification plan to the client and ensure that the responsible party or relevant client’s personnel are notified prior to the beginning of any interaction.

6.5.10.1 The verification team leader shall review and approve the evidence-gathering plan and the verification plan.

6.5.10.2 The verification team leader shall review and approve amendments to the evidence-gathering plan and the verification plan in the following circumstances:

a) change in scope or timing of verification activities;

b) change in evidence-gathering activities;

c) change in locations and sources of information for evidence gathering;

d) at the identification, during the verification process, of new risks or concerns that could lead to material misstatements or nonconformities.

6.6.1.1 The verification body shall define scope limitations due to situations that can have an impact on the verification.

NOTE 1 Situations that can result in scope limitations include:

a) need to change the evidence-gathering plan to gather additional or different evidence, or even necessitate starting a new and different verification;

b) inability to access appropriate evidence (e.g. documentation considered necessary for evidence-gathering plan may have been accidentally destroyed);

c) nature or timing of the verifier’s work, (e.g., a physical process that the evidence-gathering plan considers necessary to observe, may have occurred before the engagement agreement);

d) restrictions imposed by the client or responsible party on the verifier which may prevent the verifier from performing the evidence-gathering step, that the evidence-gathering plan considers to be necessary;

e) lack of sufficient evidence to conclude that there are no material misstatements.

NOTE 2 An inability to perform an evidence-gathering step does not constitute a scope limitation if the verifier is able to obtain sufficient appropriate evidence by performing alternative evidence-gathering steps.

6.6.1.2 The consequences of scope limitations shall be clearly communicated in the assurance opinion.

6.6.1.3 The verifier shall evaluate the consequences of scope limitations encountered during the verification and their impact on the evidence-gathering plan, the verification plan, and the assessment of materiality.

6.6.1.4 If the verifier is unable to obtain sufficient appropriate evidence for an element of declared sustainability information, a scope limitation exists. In such case the verifier shall:

a) express a qualified conclusion; or

b) disclaim a conclusion; or

c) withdraw from the engagement agreement, where withdrawal is possible under applicable law or regulation.

7.1.1 The verifier shall conduct the verification according to the verification plan and conduct the evidence-gathering activities according to the evidence-gathering plan.

7.1.2 Whenever the responsible party makes changes to the declared sustainability information because of requests for clarification, misstatements or nonconformities, the verifier shall assess these changes and review its evidence-gathering plan and verification plan.

7.1.3 Verifiers shall review and, as needed, update the following during execution:

a) strategic analysis;

b) risk assessment;

c) assessment of the relevance determination process;

d) assessment of materiality;

e) determination of evidence-gathering activities.

7.2.1 The verifier, as soon as practicable, shall communicate to the client:

a) requests for clarification;

b) material misstatements;

c) nonconformities; and

d) the changes in the verification plan.

7.2.2 If there is a material adjustment to be made to the declared sustainability information, the verifier shall communicate the need for the adjustment to the responsible party or client.

7.2.3 If, in the verifier’s judgement, the responsible party does not respond appropriately within a reasonable period or if information is not available, the verifier shall issue either:

a) a modified assurance opinion; or

b) an adverse assurance opinion; or

c) the disclaiming the issuance of an assurance opinion.

7.2.4 The verifier should communicate non-material misstatements to the client or responsible party.

7.3.1 If the verifier determines that there is insufficient information to support the declared sustainability information, the verifier shall request additional information.

7.3.2 The verifier shall not proceed with the verification and shall not issue an assurance opinion under the following circumstances:

a) sufficient information cannot be obtained; or

b) information necessary for the verifier to form a conclusion is missing, and there is no other way of verifying the missing information.

If a matter comes to the verifier’s attention that causes the verifier to believe in the existence of intentional misstatement or noncompliance with laws and regulations, by the client or responsible party, the verifier shall communicate the matter to the appropriate parties as soon as practicable.

7.5.1 The verifier shall determine any changes in risks, evidence-gathering activities and materiality that may have occurred during the course of the verification. The verifier shall determine whether any high-level evidence-gathering activities applied remain representative and appropriate.

7.5.2 The verifier shall determine and document material misstatements.

7.5.3 The verifier shall determine any nonconformity with the specified requirements and criteria as agreed in the engagement agreement.

7.5.4 Where the verifier identifies a misstatement or nonconformity during evidence gathering, it should request the responsible party to investigate and explain the causes of that misstatement or nonconformity. Based on the outcome, the verifier should determine whether additional verification activities are needed, and whether evidence gathering needs to be increased.

7.5.5 The verifier shall determine, if applicable, whether any changes from prior periods that make the periods incomparable have been disclosed appropriately by the client. If so, the verifier shall include a statement to that effect in the assurance opinion.

8.1 An independent reviewer shall review whether the evidence collected is sufficient and appropriate to reach a conclusion about the fair statement of the declared sustainability information and its conformity to the specified requirements and criteria.

8.2 If the independent reviewer determines that there is insufficient or inappropriate evidence, the independent reviewer shall require the verifier to:

a) develop additional evidence-gathering activities; or

b) in the case where sufficient appropriate evidence cannot be gathered, to:

i. issue an adverse opinion in cases on material misstatement; or

ii. issue a disclaimer of opinion in case of limitation.

9.1 For an engagement agreement to provide assurance, the verification body shall reach a decision based on the evidence gathered and the results of the independent review whether to issue an assurance opinion.

9.2 If the client does not correct any material misstatement or nonconformity in an agreed period of time, the verifier shall take this into consideration when reaching its decision.

NOTE For non-assurance deliverables (e.g. reports of factual findings), there is no decision to be made on demonstrated fulfilment of specified requirements and criteria.

The assurance statement includes:

a) assurance information; and

b) assurance opinion reached after the execution of the verification.

The assurance information shall include as a minimum the following:

a) name, address and other relevant contact information for the responsible party and/or the client;

b) confirmation that the assurance was performed according to ISO 14019-2 and any other applicable requirements;

NOTE Other applicable requirements can include ISO 14019-4.

c) a paragraph containing:

i. identification of the responsible party's declared sustainability information and its date against which the assurance was conducted; and

ii. identification of the roles and responsibilities of the responsible party and of the verifier;

d) scope paragraph containing:

i. specified requirements and criteria applicable to the declared sustainability information as agreed with the client;

ii. verification programme rules and procedures against which the assurance was conducted;

iii. assurance scope and objectives

iv. level of assurance provided by the assurance, consistent with the agreed assurance scope, objectives and rules and procedures of the verification programme;

v. description of the work the verification team performed, including the techniques and processes used to test the declared sustainability information; and

vi. responsibility of the verification team to exercise professional judgment and maintain professional scepticism throughout the execution.

e) statement that the verification team is independent of the responsible party and the client as required by rules and methodology applicable to the assurance. This identifies the jurisdiction of the relevant rules and methodologies;

f) opinion on the declared sustainability information (see 10.2 – 10.10 and ISO 14019-1, Annex E);

g) date of the assurance opinion;

h) verification body contact details;

i) authorized signature of the verification body.

NOTE In case of a mixed engagement, the verification body can issue more than one assurance opinion.

10.1.3.1 The assurance opinion [10.1.2 f)] shall include opinions on all of the following:

a) any limitation (see ISO 14019-1, 3.3.17 and ISO 14019-2, 4.12 and 6.6);

b) any nonconformity with specified requirements and criteria of the agreed verification programme;

c) presence of any individual or aggregated material misstatements (see ISO 14019-1, 3.3.12) in the declared sustainability information (see ISO 14019-1, 3.1.4).

10.1.3.2 Limitations on the verification process shall only be accepted when such limitations do not impact the verification body's ability to reach an overall opinion. Such limitations are noted under key matters (see ISO 14019-1, Annex E.4.5 b)). In some cases, such limitations necessitate that the body withdrawing from the engagement when allowed for in the engagement agreement or issue a disclaimer of opinion.

NOTE 1 Declared sustainability information can be thought of as the aggregation of sustainability information.

NOTE 2 There can be an individual or more material misstatements in the sustainability information which can or cannot impact the professional judgement of the verifier as to whether the declared sustainability information is free from individual material misstatements. See ISO 14019-1, Annex E for more information and examples.

NOTE 3 Misstatements can be pervasive (i.e. spreading or spread throughout). The level of spreading, the type of misstatement and whether the misstatement is common for more than one sustainability information element will impact the professional judgement as to whether this indicates a material misstatement in the sustainability information and / or in the declared sustainability information – see ISO 14019-1, Annex E.

NOTE 4 Overstatements and understatements in the sustainability information do not cancel each other out (assuming random, not systemic, misstatements) because as a verifier it is not possible to know what may have been found in the other 50 or 80 % of the sustainability information that was not tested.

NOTE 5 A number for the material misstatement in an information set (also known as a materiality threshold/level) is only possible to determine if the testing has been 100 % of the information see also note 4 in this clause.

NOTE 6 Whether limitations are significant or not and/or individual misstatements are material, is a professional judgment based on declared sustainability information and intended users and their purpose.

10.2.1 Opinion shall be based on the declared sustainability information, the agreed assurance scope, objective, specified requirements and criteria of the agreed verification programme; and intended users and their purpose; and the outcome of evidence gathering and the professional judgement of the verifier.

NOTE There can be limitations in underlying sustainability information that may or may not affect the professional judgment related to the declared sustainability information

10.2.2 Opinions shall be labelled as:

a) unmodified opinion – in cases of no individual material misstatements and no limitations in relation to the declared sustainability information; or

b) modified opinion – in cases of individual material misstatements and/or limitations in relation to the declared sustainability information.

10.2.3 Types of modified opinions for verification shall be:

a) adverse opinion if there are individual material misstatements in the declared sustainability information; and

b) disclaimer of opinion if there are any limitations that has affected the outcome of the verification.

NOTE The language is intended to provide clarity for intended users and interested parties about what the opinion relates to (i.e. individual material misstatement and/or limitations). See ISO 14019-1, Annex E.4 for examples.

To issue an unmodified opinion, the verifier shall ensure that:

a) there is sufficient and appropriate evidence to support the declared sustainability information;

b) the declared sustainability information meets the specified requirements and criteria of the agreed verification programme;

c) the effectiveness of internal controls has been determined when the verifier intends to rely on those internal controls;

d) the declared sustainability information meets either the conditions for reasonable assurance in 10.4 a) or limited assurance in 10.4 b); and

e) there are no limitations that have impacted the verification body's ability to reach an overall opinion.

An unmodified opinion shall be issued:

a) for reasonable assurance engagement, when the declared sustainability information, in all material respects, has been prepared in accordance with the specified requirements and criteria of the verification programme and there are no individual material misstatements in the declared sustainability information; or

b) for limited assurance engagement, when based on the activities and techniques performed and evidence obtained, no matter(s) has come to the attention of the verification team that causes the verification team to believe that the declared sustainability information in all material respects is not prepared in accordance with the specified requirements and criteria and that there is nothing has indicated the presence of material misstatements in the declared sustainability information.

10.5.1 A modified opinion shall be issued based on the verifiers’ professional judgement. In such cases the following two opinions shall be used:

c) adverse opinion, if the declared sustainability information is materially misstated (including individual material misstatement), or there are non-conformities with specified requirements and criteria related to the declared sustainability information;

d) disclaimer of opinion, if limitation exists and the effect on the sustainability information or the declared sustainability information could be material.

10.5.2 The verifier shall include in the modified opinion a clear description of the limitation and/or the sustainability information or the declared sustainability information with material misstatement. See 10.1.3

10.6.1 To issue an adverse opinion, the verifier shall conclude that:

a) there is evidence of individual material misstatement in the declared sustainability information;

b) the specified requirements and criteria in the agreed verification programme have not met in relation to the declared sustainability information; or

c) the effectiveness of internal controls has not been determined when the verifier intends to rely on those internal controls.

10.6.2 If the responsible party does not correct any individual material misstatement or nonconformity within an agreed period of time, the verifier shall take this into consideration when reaching its opinion.

10.7.1 To issue a disclaimer of opinion the verifier shall have been unable to obtain sufficient appropriate evidence (limitation) and therefore cannot reach an opinion regarding any potential material misstatement in the declared sustainability information.

10.7.2 If the responsible party does not correct any limitations within an agreed period of time, the verifier shall take this into consideration when reaching its opinion.

10.8.1 When applicable, the opinion shall draw intended users’ attention to:

a) emphasis of matters - where, in the verifiers’ professional judgment, elements of the declared sustainability information are of such importance that it is fundamental to intended users’ understanding of the declared sustainability information;

NOTE There are no individual material misstatements in the declared sustainability information associated with emphasis of matters.

b) key matters - where, in the verifiers’ professional judgment, elements that are not included in the declared sustainability information are of such importance that it is fundamental to intended users’ understanding of the declared sustainability information.

NOTE 1 Key matters include the lack of representation from interested parties.

NOTE 2 There are no individual material misstatements in the declared sustainability associated with key matters.

c) findings – where lack of information results in potential material misstatement in the declared sustainability information or potential for the intended user’s decision to be influenced by the lack in the declared sustainability information.

NOTE Findings are linked to adverse opinions.

10.8.2 The opinion shall state the limitations and omissions of any sustainability information that were identified in setting the objectives of the verification (see 4.7).

In cases where the responsible party adds a statement to the declared sustainability information to identify and properly describe that the declared sustainability information is materially misstated, the verifier shall express an adverse opinion phrased in terms of the underlying sustainability information and the specified requirements and criteria.

The term misstatements as defined (see ISO 14019-1, 3.3.11) includes both quantitative and qualitative information. ISO 14019-1, 6.4.1 and Annexes B and C deal with the process for evaluating misstatements and material misstatements for quantitative and qualitative information both of which require professional judgement.

11.1 If new facts or information that could materially affect the assurance opinion are discovered after the issue date, the verifier shall:

a) communicate the matter as soon as practicable to the client and, if required, the programme owner;

b) take appropriate action, including the following:

i. discuss the matter with the client;

ii. consider if the assurance opinion requires revision or withdrawal.

11.2 If the assurance opinion requires revision, the verifier shall implement processes to issue a new assurance opinion including specification of the reasons for the revision. These can include repeating relevant steps of the verification process.

11.3 The verification body may also communicate to intended users and other interested parties the fact that reliance of the original assurance opinion can now be compromised given the new facts or information.

The verification body shall maintain at least the following records:

a) engagement agreement and terms;

b) strategic analysis;

c) risk assessment;

d) assessment of materiality;

e) evidence-gathering activities;

f) verification plan;

g) evidence-gathering plan;

h) who performed the evidence-gathering activities and when they were performed;

i) output from the evidence-gathering activities and the collected evidence;

j) requests for clarification, material misstatements and nonconformities arising from the verification and the decision reached;

k) communication with the responsible party on material misstatements;

l) the decisions reached and the assurance opinion issued by the verification body;

m) the name of the independent reviewer, the date of review, and the comments of the independent reviewer;

n) records related to facts discovered after issue of the assurance opinion are to be retained as documented information.

NOTE The records can include communication regarding status of the assurance opinion, additional facts, analysis of impact on assurance opinion, updated opinion, and any records from repeated verification process steps.

1. 
   (informative)
   
   Sampling
   1. General

A.1.1 Evidence gathering is the application of techniques where less than 100 % of quantitative or qualitative information checked and verified compared to all information and/or all internal control activities/all client/ responsible party processes that is subject to verification.

A.1.2 Depending on the verifier’s analysis of the level of inherent and control risks, the verifier determines what evidence-gathering techniques are suitable and where they will be applied and at what depth, breadth, and details including the size of the population of information to be checked and what the criteria for selection of the population to be checked will be used or other checks should be undertaken on each piece of information.

A.1.3 Evidence-gathering planning is selecting what to; how much, what type; what cross checks and what is deemed as positive outcome is whether it is quantitative or qualitative information.

A.1.4 There are some sampling methods that apply only to quantitative information and some only apply to qualitative information.

A.1.5 The verifier ensures that the evidence gathering allows for sufficient confidence that the results are representative enabling conclusions to be drawn.

A.1.6 The verifier uses its professional judgment to assess factors such as the characteristics of the information, the internal control processes, and the risks in relation to these characteristics to determine the appropriate evidence-gathering techniques and its depth breath, detail, size of population and criteria for selection of the population to be checked.

• 1. Types of sampling

A.2.1 The verifier has the option to choose between statistical and non-statistical sampling using its professional judgment. Professional judgment will also be used in the planning, performing, and evaluating of sampling, and the sample evidence obtained in relation to other verification evidence.

A.2.2 The verifier uses its professional judgment to assess factors such as the characteristics of the data, the control activities or the processes for control activities, and the risks in relation to these characteristics to determine the appropriate sample size.

• 1. Non-statistical sampling

A.3.1 Any sampling procedure that does not permit the numerical measurement of the sampling risk is a non-statistical sampling procedure. Even if the verifier rigorously selects a random sample, judgment is used to select the samples.

A.3.2 For most verifications, the non-statistical approach will be appropriate, since for internal control checks, addressing questions such as “Are the proper internal controls operationalised, implemented and maintained?”, are important. This also applies to the verifier's analysis of the nature and cause of errors as well as the verifier’s conclusion on the mere absence or presence of errors. The verifier can in this case choose a fixed sample size of items to be tested as well as increase the sample size if errors are identified. Professional judgment remains critical in determining the relevant factors to consider.

A.3.3 If a non-statistical approach is used, the results of the sampling do not allow extrapolation to the entire population.

• 1. Statistical sampling

A.4.1 With statistical sampling, sample items are selected in a way that each sampling unit has a known probability of being selected. The verifier will use probability sampling and selection methods, i.e. random, systematic or stratified sampling, to select the items to be reviewed during verification.

A.4.2 Probability sampling provides an objective method of determining the sample size and selecting the items to be examined. A number of sampling techniques are used that assists the verifier to conclude on the number of misstatements in the sample and on the misstatements in the entire population of data.

• 1. Sample selection

Apart from the distinction between statistical and non-statistical sampling, the verifier can also choose among the following sampling approaches:

a) random selection;

b) systematic selection;

c) value-weighted selection;

d) haphazard selection;

e) block selection.

1. 
   (informative)
   
   Level of assurance

B.1 The level of assurance provided by the assurance opinion is a function of the objectives and scope of the verification activities, and the assurance criteria, the resources available and the process followed. It can be influenced by the time spent and the sampling regime that was used by the verification body. Increasing levels of assurance allow intended users of declared sustainability information to place increased reliance on their contents. Reporting frameworks and standards define the levels of assurance. Two commonly used levels are “limited assurance” and “reasonable assurance”.

B.2 A specific level of assurance should be determined to provide confidence to the intended user as to the degree of reliance that can be placed on the declared sustainability information. In selecting an appropriate level of assurance, the intended user and verification body should consider the requirements of the intended users, the complexity of the verification, and the extent of the responsible party’s information systems and controls. Examples of factors that can influence the appropriate level of assurance include the reporting criteria, the intended use of the declared sustainability information (e.g., legal, fiduciary or sustainability performance improvement), the organizational context and associated sustainability impacts.

B.3 Verification activities should proceed only when the verification body determines that sufficient and appropriate information is available to support the level of assurance selected. If sufficient and appropriate information is not available for the verification body to reach the level of assurance, the verification body may need to modify the engagement agreement in order to fulfil the objectives for providing assurance.

B.4 The level of assurance may be expressed in quantitative or qualitative terms and based on the concept of risk such as those developed by the accountancy profession, where the terms “limited assurance” or “reasonable assurance” are used. Other risk-based approaches used in providing assurance include:

a) applying increasingly rigorous methods where higher levels of assurance are to be achieved (e.g., more complex or sector specific checklists, more intensive sampling regimes);

b) adopting an approach where components of the declared sustainability information are assessed at different assurance levels.

B.5 The required level of assurance will influence the nature, timing, and extent of the verification activities. With higher assurance levels, the amount of resources required to decide on the assurance level increases.

B.6 Declared sustainability information intended to be used for regulatory purposes can require a higher level of assurance than those used for internal performance management. Different levels of assurance can be applied to different elements within a specific instance of declared sustainability information.

1. 
   (informative)
   
   Inherent risk

C.1 Risk assessment focusing on inherent risks aims at determining where a misstatement or a gap in the responsible party’s declared sustainability information will influence intended users and their purpose for a decision.

C.2 The risk assessment for inherent risks is built by several steps:

a) likelihood and consistency:

i. study of the activity and level of intrinsic risk (e.g. a nuclear company or a chemical company have a level of environmental risk higher than an audit company);

ii. study of the client`s or responsible party’s reputation (The degree of risk is linked with the actual ethics of the client or responsible party and their reputation. One of the ways to study it is to review publicly available information including but not limited to product web pages, past sustainability reports, board member information, public information such as environmental status and permits, etc.);

iii. study of risk provisions in the client’s or responsible party’s financial reporting (environmental provisions, social provisions, and provisions for declared sustainability information of clients or responsible party); and

iv. when reading the draft of declared sustainability information of the client or responsible party, what is written must be coherent and complete with respect to the responsible party’s activities.

b) risk assessment for inherent risks itself:

i. from the strategic analysis of the client and the analysis of the responsible party’s business model, a summary can be done covering the main social governance and environmental items, for example with questions for each item and a scoring for each answer. With such scoring the areas and the items where risks exist will appear. This synthesis should be shared with the client and eventually corrected;

ii. the summary assessment will provide the basis for the verifier’s selection of activities (the other items of the client’s declared sustainability information can be covered by analytical procedures designed to check for consistency); and

iii. summary analysis can be amended during the verification if a new risk emerges or inversely if an identified risk is found to be adequately controlled by the client.

1. 
   (informative)
   
   Uncertainty

D.1 Primary information collection has several advantages over secondary information collection. Primary information collection allows for more accurate and reliable results because it's closer to the source. Secondary information collection can be less accurate because it relies on third-party sources.

D.2 Uncertainty can have both a positive and a negative impact on a set of verification activities.

D.3 There are any number of sources of uncertainty in both information collection and in the decisions that are documented related to the declared sustainability information.

D.4 This document has addressed uncertainty relating to:

— the application of principles, existence uncertainty (completeness of data including completeness of interested parties);

— outcome uncertainty (of the impacts and dependencies); and

— measurement error including sampling error, coverage error and model error.

Understanding different types of uncertainty can inform information collection and analysis with the goal of increasing confidence in the fair statement of assessed information. The collection of primary information is balanced with the cost, time, availability, and measurement requirements the significance of the information to be collected. The competence of the verifier ensures that the effects of uncertainty are balanced when using both primary and secondary information to reach conclusions.

D.5 The use of remote methods has increased the verifier’s access to a wider variety of information (e.g., digital twins, real time information, generative artificial intelligence, etc). This broader access to information can help the verifier comprehend the context and trends associated with sustainability matters and anticipate the needs of intended users and interested parties with respect to declared sustainability information.

D.6 It is the responsibility of the responsible party to produce information where the level of certainty is consistent with the requirements of the intended user for the information to be used for the defined purpose. Where an intended user is acting in the interests of interested parties, the level of certainty should be consistent with the requirements of the interested parties.

D.7 It is the verifier’s responsibility to determine the mix of primary and secondary data collection, data quality, data bias, data time relevance, data smoothing, and other data management characteristics that is required to reduce the assurance risk to a level consistent with the required level of certainty.

1. 
   (Normative)
   
   Verification approach for qualitative information

E.1 Verification approaches include an assessment of qualitative information selection, determination, collection, editing, control processes as well as use of professional judgement to review the overall declared qualitative information to ensure it is fair and truthful and can be relied on by intended users.

E.2 Subject to the level of assurance, the following shall be considered in the approach to verification of qualitative declared sustainability information:

a) where declared sustainability information is based on quantitative information, the verifier shall perform tests to determine at least whether the declared sustainability information:

i. is fairly stated and its supporting data are subject to properly designed and effective internal controls;

ii. is communicated using language or illustrations that are consistent with supporting quantitative information (i.e. no exaggeration; no language to imply better performance; outcome consistent with the quantitative information);

iii. is supported by quantitative information;

iv. qualitative information in the declared sustainability information is likely to mislead intended users or interested parties;

b) where declared sustainability information is not fully supported by quantitative information, the verifier shall perform procedures to assess whether it is supported by other qualitative information (such as a stakeholder engagement process and the outcome from it, project plans, strategies process etc.);

i. if yes, then the verification approach shall include:

1) review of the responsible party’s processes for the development, selection, agreement and risk evaluation related to the choice of qualitative information;

2) review of the internal control for the determination and development of the qualitative information used;

3) review of the underlying organizational documents and records or other evidence that support the statements made in the qualitative information;

4) review of the sources for external quoted qualitative information and carry out research to assess the nature and extent of bias in qualitative information sources and the fair modification of information obtained from such sources;

5) use professional judgement to evaluate the overall qualitative information, language (i.e., including words, illustrations, statements, quotes etc.), to ensure that the declared sustainability information is truthful, fairly represents the reality, and can be relied on by intended users.

ii. if no (i.e. the qualitative information is not supported by other qualitative information or external sources included in the declared sustainability information), then such qualitative information shall be excluded from the verification process and be recorded as an exclusion in the assurance opinion.

c) qualitative declared sustainability information included within declared sustainability information shall be assessed holistically and conclusions reached concerning their fair representation.

Bibliography

Drafting NOTE For this DIS, the Bibliography of all parts is only included in ISO DIS 14019-1.