FAQs: Review or audit of sustainability reports

1. If an entity is required to prepare a sustainability report, what are its obligations in relation to obtaining a review or audit?

An entity that is required to prepare a sustainability report under the Corporations Act for a financial year (reporting entity) must:

• have the sustainability report reviewed (limited assurance) or audited (reasonable assurance) in accordance with the Corporations Act, and
• obtain an auditors’ report on the sustainability report: see s301A, s1707E and s1707F of the Corporations Act.

For financial years commencing before 1 July 2030, the sustainability report will be required to be reviewed or audited to the extent required by the Auditing and Assurance Standards Board (AUASB): see s1707E(1)–(2) of the Corporations Act and FAQ 2. From 1 July 2030, the sustainability report will be required to be audited: see s301A, s1707E and s1707F of the Corporations Act.

The auditor’s report on the sustainability report is the fifth report required as part of a reporting entity’s annual reporting, alongside the annual financial report, directors’ report, auditor’s report on the annual financial report, and the sustainability report.

2. What auditing standards apply to a review or audit of the sustainability report?

The review or audit of the sustainability report must be conducted in accordance with the auditing standards made under s336(1) of the Corporations Act: see s307AB of the Corporations Act. These are:

• ASSA 5000 General Requirements for Sustainability Assurance Engagements (ASSA 5000). This standard applies to both audits and reviews, and
• ASSA 5010 Timeline for Audits and Reviews of Information in Sustainability Reports under the Corporations Act 2001 (ASSA 5010). This standard outlines the timetable for phasing in these review or audit requirements between 1 January 2025 and 30 June 2030.

3. Who can conduct the review or audit of the sustainability report?

The auditor of a sustainability report must either be an individual auditor, audit company or audit firm. Under the Corporations Act, the auditor of the sustainability report must either be:

• an individual auditor that is an individual who consents to be appointed, or is appointed, as auditor of a company, registered scheme, registrable superannuation entity (RSE) or retail CCIV
• an audit company that is a company that consents to be appointed, or is appointed, as auditor of a company, registered scheme, RSE or retail CCIV, or
• an audit firm that is a firm that consents to be appointed, or is appointed, as auditor of a company, registered scheme, RSE or retail CCIV: see s9 (for the definitions of individual auditor, audit company or audit firm), s324AA and s1232(1) of the Corporations Act.

Where the auditor of the sustainability report is an audit company or audit firm:

• the person primarily responsible for the conduct of the audit (lead auditor) must be a registered company auditor, and
• the person responsible for the review of the audit (if any) (review auditor) must be a registered company auditor: see s9 (for the definitions of lead auditor and review auditor), s324AF and s1232(1) of the Corporations Act.

Where the auditor of the sustainability report is an individual auditor:

• the individual auditor must be a registered company auditor: see s324BA of the Corporations Act, and
• the person responsible for the review of the audit (if any) (also a review auditor) must be a registered company auditor: see s324AF(2) of the Corporations Act.

4. Does the same auditor need to be appointed for the financial reporting audit and sustainability reporting audit?

An RSE may only have one auditor: see s324AA(2) of the Corporations Act. If the RSE is a reporting entity, that auditor must be the auditor of both the sustainability report and the annual financial report.

A company, registered scheme or retail CCIV may have more than one auditor: see s324AA(1) and s1232(1) of the Corporations Act. If the company, registered scheme or retail CCIV is a reporting entity, the auditor of the sustainability report (whether an individual auditor, audit company or audit firm) is not required under the Corporations Act to be the same as the auditor of the annual financial report (whether an individual auditor, audit company or audit firm).

In deciding whether to appoint the same auditor or different auditors for the sustainability report and annual financial report, reporting entities that are companies, registered schemes or retail CCIVs should consider the following:

• a reporting entity is required to disclose connected information between the sustainability report and the annual financial report: see paragraph 21(b)(ii) of Appendix D of AASB S2 Climate-related Disclosures (AASB S2) and paragraphs B39–B44 of AASB S2. For example, AASB S2 requires a reporting entity to disclose material information about current and anticipated effects of climate-related risks and opportunities, which would directly incorporate elements from the annual financial report: see paragraphs 13–21 of AASB S2
• the auditor of the sustainability report is required to consider whether there are any material inconsistencies between other information (including in an annual financial report) and the information in the sustainability report: see paragraphs 13, 172 and 175 of ASSA 5000
• the auditor of the annual financial report is required to consider whether there are any material inconsistencies between other information (including in the sustainability report) and the information in the annual financial report: see paragraphs 12(c), 14–15 and 17 of ASA 720 The Auditor’s Responsibilities Relating to Other Information (ASA 720), and
• if the evidence that the auditor of the sustainability report obtains from the auditor of the annual financial report is not adequate, and sufficient appropriate evidence cannot be obtained from alternative procedures, the opinion on the sustainability report may be subject to a limitation on scope: see paragraph 55 of ASSA 5000.

These matters are also relevant in deciding whether the lead auditor/review auditor for the annual financial report should be the same as, or different to, the lead auditor/review auditor for the sustainability report: see FAQ 5.

5. Where the auditor of the annual financial report and sustainability report is an audit company or audit firm, can different lead auditors and review auditors be appointed?

If a reporting entity appoints an audit company or audit firm as its auditor, the lead auditor for the sustainability report does not also have to be the lead auditor for the annual financial report. Likewise, there can be different review auditors for the sustainability report and the annual financial report.

6. What opinion must the auditor of the sustainability report form under the Corporations Act?

An auditor of the sustainability report for a financial year commencing before 1 July 2030, must form an opinion about:

• whether the sustainability report, to the extent required to be audited by the auditing standards, is in accordance with the Corporations Act, including s296A(2) or s296B(1) (contents of climate statements), s296C (compliance with AASB S2) and s296D (climate statement disclosures)
• whether the auditor has been given all information, explanation and assistance for the conduct of the audit, and
• whether the reporting entity has kept sustainability records sufficient to enable the sustainability report to be prepared and audited to the extent required by the auditing standards: see s307AA, s309A(1), and s1707E(5)–(6) of the Corporations Act. See also ASSA 5010 and paragraphs 49 to 53 of ASIC Regulatory Guide 280: Sustainability reporting (RG 280).

An auditor of the sustainability report for a financial year commencing on or after 1 July 2030 must form an opinion about:

• whether the sustainability report is in accordance with the Corporations Act, including s296A(2) or s296B(1), s296C and s296D
• whether the auditor has been given all information, explanation and assistance necessary for the conduct of the audit, and
• whether the reporting entity has kept sustainability records sufficient to enable the sustainability report to be prepared and audited: see s307AA and s309A(1) of the Corporations Act. See also paragraphs 49 to 53 of RG 280.

7. What must the auditor’s report on the sustainability report contain (other than the auditor’s opinion to the extent required under the Corporations Act)?

If the auditor’s report on the sustainability report for financial years commencing before 1 July 2030 is required to be reviewed, it must:

• describe any matter that the auditor becomes aware of in the course of the review of the sustainability report that makes the auditor believe that the sustainability report, to the extent it is required to be reviewed by the auditing standards, does not comply with Division 1 of Part 2M.3 of the Corporations Act
• explain why any such matter makes the auditor believe that the sustainability report, to the extent it is required to be reviewed by the auditing standards, does not comply with Division 1 of Part 2M.3 of the Corporations Act
• include any statements or disclosures required by the auditing standards for the purposes of s1707F of the Corporations Act, and
• specify the date on which the auditor’s report on the sustainability report is made: see s1707E(2) and s1707F of the Corporations Act. See also ASSA 5010.

The auditor’s report on the sustainability report for financial years commencing on or after 1 July 2030, and financial years commencing before 1 July 2030 if required to be audited, must:

• explain why, if the auditor is not of the opinion that the sustainability report is in accordance with the Corporations Act
• describe any defect or irregularity in the sustainability report
• describe any deficiency, failure or shortcoming in respect of whether the auditor has been given all information, explanation and assistance necessary for the conduct of the audit of the sustainability report
• include any statements or disclosures required by the auditing standards. For example, ASSA 5000 includes additional content requirements for the sustainability report: see paragraphs 191 to 196 of ASSA 5000
• include a statement of the auditor’s opinion on whether the inclusion of any additional information under s296A(3)(c) of the Corporations Act in the notes to the climate statements, was necessary to make the disclosures required by s296D of the Corporations Act: see s309A(4) of the Corporations Act. However, ASIC does not expect that reporting entities will need to include notes to the climate statements in a sustainability report. For further information, see paragraphs 96 to 97 of RG 280, and
• specify the date on which the auditor’s report on the sustainability report is made: see s309A of the Corporations Act. See also ASSA 5010.

8. Do modified liability settings apply to statements in an auditor’s report on the sustainability report?

Temporary modified liability settings apply in specific circumstances to certain types of statements (protected statements), including in an auditor’s report on the sustainability report. For further information, please see paragraphs 61 to 69 of RG 280.

The modified liability settings do not extend to statements made in an auditor’s report on the sustainability report that are not for the purposes of complying with the Corporations Act or the auditing standards.

If the auditor’s report on the sustainability report includes a review or audit earlier than what is required under ASSA 5010, statements included in that review or audit would not be covered by the modified liability settings. This is because they are not technically made for the purposes of complying with the Corporations Act or ASSA 5010.

Modified liability settings also do not extend to statements in a document prepared by an auditor in relation to any voluntary climate-related financial disclosures by a reporting entity. This is because they are not technically made for the purposes of complying with the Corporations Act or ASSA 5010.

9. Do the approval, removal and resignation requirements apply independently where there is more than one auditor?

The approval, removal and resignation requirements under Divisions 6, 7 and 8 of Part 2M.4 of the Corporations Act generally apply (as appropriate) to each auditor: see also s1232R(2) of the Corporations Act.

For example, if a company, registered scheme or retail CCIV is a reporting entity, and uses a different auditor for the sustainability report than for the annual financial report, the approval, removal and resignation requirements would apply independently to each of these auditors. This is because the appointment, removal and resignation requirements generally refer to ‘an auditor’ (see for example, s327A of the Corporations Act).

However, specific company auditor appointment requirements apply differently to auditors of annual financial reports where the reporting entity is a company limited by guarantee or proprietary company: see s327A(1A)(a), s327B(1A)(b), s325(2)(b) and s324BD(1)(c) of the Corporations Act.

For further information, see ASIC Regulatory Guide 26: Resignation, removal and replacement of auditors (RG 26).

10. How do the auditor independence requirements apply where there is more than one auditor or lead auditor?

Auditor independence requirements apply to individuals that play a significant role in an audit under Ch 2M: see s307C, Divisions 3, 4 and 5 of Part 2M.4, s1232(1), s1232N and s1232P–s1232Q of the Corporations Act.

These include individual auditors, lead auditors and review auditors.

Auditor independence requirements also apply under APES 110 Code of Ethics for Professional Accountants (including Independence Standards).

If a company, registered scheme or retail CCIV is a reporting entity, and the lead auditor for its sustainability report is not the same as the lead auditor for its annual financial report, each lead auditor must:

• be aware of, and implement appropriate responses in relation to, conflict of interest situations: see s324CA–s324CH, s1232(1), s1232P–s1232Q of the Corporations Act
• comply with their auditor rotation obligations in Division 5 of Part 2M.4 of the Corporations Act and s1232(1) of the Corporations Act (auditor rotation requirements). For further information, see ASIC Regulatory Guide 187: Auditor rotation (RG 187), and
• give a written declaration to the directors of the reporting entity that to the best of the lead auditor’s knowledge and belief, there have been no contraventions of the auditor independence requirements under the Corporations Act or applicable code of professional conduct in relation to the review or audit (written independence declaration): see s307C and s1232(1) of the Corporations Act.

Individual auditors have obligations in relation to conflict of interest situations, auditor rotation and providing a written independence declaration. They apply to the auditor of the sustainability report (i.e. an individual auditor) whether or not they are the same as the auditor of the annual financial report.

Review auditors must comply with their auditor rotation obligations. They apply to the review auditor for the sustainability report whether or not they are the same as the review auditor for the annual financial report.

11. How does the obligation to report to ASIC apply where there is more than one auditor or lead auditor?

The reporting obligations under s311 of the Corporations Act apply (as appropriate) to each individual auditor, audit company or member of an audit firm: see also s1232(1) of the Corporations Act. For further information see Regulatory Guide 34: Auditor’s obligations: Reporting to ASIC (RG 34).

For example, if a company, registered scheme or retail CCIV is a reporting entity, and the lead auditor for its sustainability report is not the same as the lead auditor for its annual financial report, the reporting obligations under s311 of the Corporations Act would apply independently to each lead auditor.

12. Do annual transparency reporting obligations apply where sustainability reporting audits/reviews are conducted?

Auditors are required to publish annual transparency reports if they conduct an audit under Division 3 of Part 2M.3 of the Corporations Act of 10 or more bodies of the kinds described in s332A(1) of the Corporations Act.

For the purposes of determining whether this threshold has been met, sustainability reporting audits/reviews of the kinds of bodies described in s332A(1) of the Corporations Act are counted. This is because:

• sustainability reporting audits are audits under Division 3 of Part 2M.3 of the Corporations Act, and
• while the sustainability reporting requirements are being phased in, references to an audit of the sustainability report generally include a reference to a review of a sustainability report: see s1707E(4) of the Corporations Act.

If an auditor conducts an audit of an annual financial report and a sustainability report for the same body, this is counted as one body for the purposes of applying s332A(1) of the Corporations Act.

13. What is ASIC’s approach to supervision and enforcement?

ASIC will take a pragmatic and proportionate approach to supervision and enforcement as the review and audit requirements for sustainability reports under the Corporations Act are being phased in.

We are more likely to commence an enforcement investigation where we see misconduct of a serious or reckless nature.

14. Where can I find more information?

For more information about some of the practical considerations in conducting the review or audit on the sustainability report, particularly where different auditors or lead auditors are used, please see the AUASB’s Sustainability Assurance FAQs.

Further information about the review or audit of sustainability reports is available on the AUASB’s website.