Key Takeaways
- 98% of S&P 500 companies reported ESG information in 2022, remaining steady in relation to the 99% that did so in 2021.
- 70% of S&P 500 companies that reported ESG information in 2022 obtained assurance over certain of that information (up from 65% in 2021).
- The scope of information being subject to assurance continued to increase with most companies now assuring their greenhouse gas (GHG) emissions and at least 1 – 3 other ESG metrics (as opposed to only their GHG emissions).
- 21% of companies that obtained assurance, obtained assurance from public company auditors (up from 18% in 2021).
- 95% of companies that obtained assurance from a public company auditor in 2022, used the same firm that performed their financial statement audit (up from 90% in 2021).
- There is inconsistency in how other assurance/verification providers describe their compliance with IAASB assurance standards, raising questions about the consistency of their compliance.
The CAQ looked at ESG reports, company websites, completed CDP Climate Change Questionnaires, and third-party assurance or verification reports for 2022 period end data from S&P 500 companies to understand what they disclosed about ESG reporting standards and frameworks, GHG emissions, assurance or verification over the ESG information, and net zero or carbon neutral commitments. We compared these findings with our findings for the 2021 and 2020 reporting periods. This analysis does not contemplate information disclosed by companies in SEC filings.
Some notes about what we found:
- Most companies have a dedicated ESG page on their corporate investor relations website where the company often discloses ESG information in a standalone PDF report. However, some companies issue ESG information in multiple separate smaller reports such as SASB, GRI, or TCFD indexes and/or reports. Some other companies designed an ESG interface web portal to disclose their ESG information.
- Most S&P 500 companies (98%) disclosed some level of ESG related information for periods ending in 2022. That is roughly consistent with the 99% of S&P 500 companies that did so in 2021.
The CAQ examined how many S&P 500 companies referenced four commonly used ESG reporting standards and frameworks – Sustainability Accounting Standards Board (SASB) Standards, Global Reporting Initiative (GRI) Standards, Task Force on Climate-Related Financial Disclosures (TCFD) Recommendations and the Integrated Reporting Framework.
S&P 500 companies continued to use these frameworks and standards to varying degrees. Some companies fully adopted a framework or standard, some partially adopted, and others used the framework or standard as a reference when determining what information to include in their ESG reporting.
In 2022 there was an increase in the use of three of the four standards and frameworks (SASB, TCFD, and GRI) with a slight decline in references to the Integrated Reporting Framework. SASB, GRI and TCFD remained the most frequently mentioned reporting frameworks or standards.
With the formation of the International Sustainability Standards Board (ISSB) in late 2021, we were interested to see whether any companies mentioned the ISSB in their 2022 reporting even though the inaugural ISSB standards were yet to be issued at that time. We found that 17 companies mentioned the ISSB in their ESG reporting, many of which noted that the ISSB had assumed oversight of the SASB Standards which the companies had used to perform their reporting.
98%
of S&P 500 companies reported ESG-related information
Most S&P 500 companies referenced at least one of the four commonly used ESG reporting standards or frameworks. In 2022, the majority of companies (304 of them) continued to reference at least three of the four standards and frameworks to help construct their reporting. A few companies did not reference any of these standards or frameworks.
The CAQ observed that 340 S&P 500 companies disclosed receiving some form of assurance or verification over certain of their ESG metrics in 2022, representing a 6% increase from the 320 companies that did so in 2021. Seventy percent of the companies that reported ESG information in 2022 obtained assurance over certain of that information.
70%
of reporting companies obtained assurance over some ESG information
Overall, we observed an upward trend in the number of companies that obtained assurance or verification. Of the companies that obtained assurance in 2022, 74 obtained assurance from public company auditors and 277 obtained assurance from other providers. The percentage of companies that obtained assurance and engaged public company auditors to perform their assurance engagements continued to increase, shifting from 18% in 2021 to 21% in 2022. In some instances, companies used both a public company auditor and other providers.
We also observed that of the companies that obtained assurance from a public company auditor in 2022, 95% of them used the same firm that performed their financial statement audit. That was up from 90% in 2021.
95%
of companies that obtained assurance from a public company auditor, used the same firm that performed their financial statement audit
Scope of Assurance: The specific disclosures that S&P 500 companies sought assurance over, from public company auditors, varied. Some companies obtained assurance over select metrics related to GHG emissions and others sought assurance over a wider range of ESG metrics. We used the following categories to describe the scope of assurance:
- GHG refers to metrics solely related to GHG emissions
- GHG+ refers to GHG metrics plus 1-3 additional ESG metrics
- Multiple/other refers to a broader range of ESG topics or non-GHG related metrics
In 2022, companies continued to increase the scope of information subject to assurance, with most companies obtaining assurance over GHG+, meaning GHG emissions and 1-3 other ESG metrics (e.g., water, energy, waste metrics).
Consistent with companies increasing the scope of information subject to assurance, we continued to see an increase in companies subjecting multiple ESG topics to assurance and a decrease in companies subjecting only GHG emissions metrics to assurance.
Assurance Standards: We reviewed the attestation reports from US public company auditors who performed assurance engagements over certain S&P 500 companies’ ESG metrics. We observed that US public company auditors used the American Institute of Certified Public Accountants (AICPA) Attestation Standards (including AT-C section 105 Concepts Common to All Attestation Engagements, AT-C section 205 Assertion-Based Examination Engagements and AT-C section 210 Review Engagements) to perform their assurance engagements. Non-US based public company auditors, used either the International Auditing and Assurance Standards Board (IAASB) Standards (i.e., the International Standard on Assurance Engagements ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information or ISAE 3410, Assurance Engagements on Greenhouse Gas Statements) or the national assurance standard applicable in the respective country. In one instance, a US public company auditor used both the AICPA attestation standards and the IAASB assurance standards to perform their assurance engagement.
A closer look at the use of the IAASB assurance standards (i.e., ISAE 3000 (Revised) and ISAE 3410):
While US public company auditors are required to perform their assurance engagements in accordance with the AICPA attestation standards (all did so, as noted in the chart above), non-US based public company auditors often perform their assurance engagements in accordance with the IAASB assurance standards. (In certain cases, a US public company auditor may perform their assurance engagement in accordance with both the required AICPA attestation standards as well as another assurance standard like the IAASB standard).
- Since both public company auditors and other assurance/verification providers make use of the IAASB’s assurance standards. We explored how assurance/verification providers described how they applied and adhered to the IAASB’s requirements.
Among other things, ISAE 3000 (Revised) paragraph 69 indicates that the assurance provider’s assurance report must include:
- A statement that the engagement was performed in accordance with ISAE 3000 (Revised) or, where there is a subject-matter specific ISAE, that ISAE. (Par 69 (h))
- A statement that the firm of which the practitioner is a member applies International Standards on Quality Control (ISQC 1) (now the International Standard on Quality Management (ISQM 1)), or other professional requirements, or requirements in law or regulation, that are at least as demanding as ISQC 1/ISQM 1. If the practitioner is not a professional accountant, the statement shall identify the professional requirements, or requirements in law or regulation, applied that are at least as demanding as ISQC 1/ISQM 1.[1] (Par 69 (i))
- A statement that the practitioner complies with the independence and other ethical requirements of the International Ethics Standards Board for Accountants (IESBA) Code, or other professional requirements, or requirements imposed by law or regulation, that are at least as demanding as Parts A and B of the IESBA Code related to assurance engagements. If the practitioner is not a professional accountant, the statement shall identify the professional requirements, or requirements imposed by law or regulation, applied that are at least as demanding as Parts A and B of the IESBA Code related to assurance engagements. (Par 69 (j))
We looked at the extent to which these requirements were described in the assurance reports as being adhered to by public company auditors:
- A statement that the engagement was performed in accordance with the assurance standard.
- All public company auditors that applied the IAASB assurance standards indicated that they had performed their assurance engagements in accordance with those standards.
- A statement that the quality standards ISQC 1 or ISQM 1 (or other requirements that are at least as demanding) were applied.
- All public company auditors that applied the IAASB assurance standards indicated that they had applied the quality standard, ISQC 1 or ISQM 1.
- A statement that the assurance provider complies with the independence and other ethical requirements of the IESBA Code (or other requirements that are at least as demanding as the IESBA Code).
- All public company auditors that applied the IAASB assurance standards indicated that they had complied with the IESBA Code or other professional requirements that are at least as demanding.
Level of Assurance: In 2022, we observed that companies that obtained assurance from public company auditors continued to mostly opt for limited assurance engagements. We also noted an increase in reasonable assurance engagements performed by public company auditors, up from 5 in 2021 to 11 in 2022.
Scope of Assurance: In 2022, we continued to see an increase in the scope of information that was subject to assurance or verification by other providers, with more companies subjecting the GHG+ and Multiple categories to assurance/verification and fewer subjecting only their GHG emissions to assurance/verification. We continued to see a similar but more pronounced trend in the increased scope of information subject to assurance by public company auditors.
Assurance Standards: The CAQ examined how many times S&P 500 companies referenced the following assurance/verification standards commonly used by other providers:
- International Standardization Organization (ISO) Standards (either ISO 14064-3: Greenhouse gases — Part 3: Specification with guidance for the verification and validation of greenhouse gas statements or ISO 14065: General principles and requirements for bodies validating and verifying environmental information),
- International Auditing and Assurance Standards Board (IAASB) Standards (either International Standard on Assurance Engagements ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information or ISAE 3410, Assurance Engagements on Greenhouse Gas Statements) or
- AccountAbility’s AA1000 Assurance Standard
In 2022, we noted increases in references to the ISO standards and the IAASB assurance standards and a decrease in references to the AA1000 standard. The most common assurance standard referenced by other providers continued to be ISO 14064-3: Greenhouse gases — Part 3: Specification with guidance for the verification and validation of greenhouse gas statements. Similar to the prior year, we noted the greatest increase in references to IAASB assurance standards with 75 more references to those standards — a 64 % increase from the prior year. We also noted references to a variety of other verification standards or protocols beyond those listed above (or in the chart below).
A closer look at the use of the IAASB assurance standards (i.e., ISAE 3000 (Revised) and ISAE 3410):
As we had done with public company auditors (above), we explored how other providers described how they applied and adhered to the IAASB’s requirements.
We looked at the extent to which the following requirements were described in the assurance reports as being adhered to by other providers:
- A statement that the engagement was performed in accordance with the assurance standard.
- Roughly 80% of the other providers indicated that they had performed their engagement “in accordance” with the IAASB assurance standards while,
-
Roughly 20% either did not specify or indicated that their engagement was
“based on”, “consistent with” or “in alignment with” the IAASB assurance
standards.
While the descriptions of use of the IAASB assurance standards by other providers suggest they are still not fully applying the standards, the results reflected an improvement from the prior year where roughly 60% had indicated that they had performed their engagement “in accordance” with the IAASB assurance standards.
An engagement performed using a proprietary methodology that is “based on”, “consistent with” or “in alignment with” but not “in accordance” with assurance standards suggests that the standards were not followed as written. Such engagements may not be performed with the same amount of rigor or with the same consistency as an engagement that was performed “in accordance” with the standards.
- A statement that the quality standards ISQC 1 or ISQM 1 or other requirements that are at least as demanding were applied including identification of such other requirements applied.
- 57% of other providers indicated that they had applied quality standards that are equivalent to ISQC 1/ISQM 1. The standards most often referenced included one or more of the following:
- ISO/IEC 17021-1:2015, Conformity assessment — Requirements for bodies providing audit and certification of management systems
- ISO 14065:2020, General principles and requirements for bodies validating and verifying environmental information
- ISO 9001:2015, Quality management systems — Requirements
- 43% of other providers didn’t mention use of any quality standards.
- A statement that the assurance provider complies with the independence and other ethical requirements of the IESBA Code or other requirements that are at least as demanding as the IESBA Code including identification of such other requirements applied.
- 22% of other providers indicated that they had applied the IESBA Code.
- 64% of other providers indicated that they used independence and ethical requirements equivalent to the IESBA Code of Ethics, with the majority indicating that they had used their own code of conduct. A few mentioned that they had used a code of ethics which meets the requirements of the International Federation of Inspections Agencies (IFIA).
- 14% of other providers did not mention compliance with any independence or other ethical requirements.
In contrast with the above findings regarding the description of use of the IAASB assurance standards by other providers, all public company auditors that used the IAASB assurance standards indicated that they had complied with the IAASB requirements (as noted in the Assurance by Public Company Auditors section above). Compliance with the IAASB assurance standards results in more consistent application of the standards and more comparable outcomes for report users like investors and other stakeholders.
Assurance Terminology: The CAQ observed that the other providers who were not public company auditors also used terminology such as reasonable and limited assurance in their verification reports. Additionally, other providers used the terms moderate and high assurance. In 2022, companies continued to primarily opt for limited assurance engagements. We also observed that the number of reasonable assurance engagements increased by nearly 100% compared to the prior year, increasing from 26 engagements in 2021 to 51 engagements in 2022.
Scope of GHG Emissions Assurance/Verification: The CAQ observed that almost all companies that obtained assurance in 2022, obtained assurance over their GHG emissions (i.e., 337 of 340 companies did so). In 2022, 19 more S&P 500 companies subjected their GHG emissions to assurance or verification than in 2021.
Of those companies that assured their GHG emissions in 2022:
- 272 companies obtained assurance over some of their scope 1, 2 and 3 GHG emissions
- 63 companies obtained assurance over some of their scope 1 and 2 GHG emissions
Extent of Reporting of GHG Scope 3 Emissions Categories: Like the prior year, we observed increases in the reporting of all 15 categories of Scope 3 emissions. In 2022, the three most reported Scope 3 emissions categories were:
- Business Travel
- Fuel and energy related activities (not included in scope 1 or 2) and
- Purchased goods and services
The top three reported categories remained the same as those noted in 2021.
The table below reflects the extent to which companies reported the fifteen different Scope 3 emissions categories indicated in the GHG Protocol. The information in the table is presented in the order of the most reported category to the least reported category based on 2022 data.
Extent of Assurance of GHG Scope 3 Emissions Categories: Like the prior year, we observed increases in assurance of all 15 categories of Scope 3 emissions. In 2022, the three most assured Scope 3 emissions categories were:
- Business Travel
- Fuel and energy related activities (not included in scope 1 or 2) and
- Purchased Goods and Services
Compared with 2021, Purchased Good and Services entered the top three, replacing Employee Commuting which dropped to the fourth most assured category.
The table below reflects the extent to which companies assured the fifteen different Scope 3 emissions categories indicated in the GHG Protocol. The information in the table is presented in the order of the most assured category to the least assured category based on 2022 data.
Extent of Assurance of GHG Scope 3 Emissions Categories
The CAQ observed that companies obtained assurance over a variety of other ESG topics including water, energy, waste, employee health and safety, human capital disclosures and others. In 2022, we observed increases in the number of companies seeking assurance over most of these different topics. That was consistent with what we noted above with companies increasing the scope of information being subject to assurance.
The CAQ looked at whether companies disclosed carbon neutral or net-zero commitments and observed that:
- In 2022, 293 companies disclosed a net-zero and/or carbon neutral commitment — a 9% increase over the 268 companies that disclosed a net-zero and/or carbon neutral commitment in 2021.
- Of those companies that disclosed a net-zero commitment, there were a variety of commitment dates with the most common commitment date observed being 2050. This is the same as what we had observed in the prior year.
- Of those companies that disclosed a carbon neutral commitment, various commitment dates were observed with 2050 being observed the most, only just ahead of 2030 which was the second most common date mentioned. In the prior year, we had observed various commitment dates with 2030 being observed the most.
In the CAQ’s analysis of 2022 S&P 500 10-K filings we observed that 133 companies disclosed net-zero or carbon neutral commitments within the 10-K filing.
The CAQ looked at whether companies mentioned carbon credits or carbon offsets and observed that 337 companies did so in 2022 compared to 120 companies in 2021. Part of this increase is due to a change in our methodology in which we are now capturing the planned use of carbon credits and offsets rather than just the actual use captured in prior analyses.
Some of this analysis was powered by CDP Data.
Endnotes
[1] ISQM 1 replaces ISQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Services Engagements. Firms were required to have systems of quality management designed and implemented in accordance with ISQM 1 by December 15, 2022. Given that our analysis covers reporting periods ended during 2022, either ISQC 1 or ISQM 1 may have been applicable.
Related Resources
The latest news and
resources from the CAQ.