External assurance
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to say whether its sustainability reporting has been checked by an independent external assurer, and if so, to identify what was assured and by whom. The point is to make clear whether the reported information has had any outside review, rather than leaving readers to assume the report has been independently verified.
In practice, the focus is on the scope and coverage of the assurance, not just the fact that assurance exists. An organisation should be clear about whether the assurance covered the whole report or only selected information, and whether it applied across the organisation’s operations or only to particular sites, entities or topics.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| Assurance policy and practice | A plain summary of the organisation’s approach to getting outside assurance on sustainability reporting, plus whether the board and senior management are part of that approach. | Assurance policy, reporting governance papers, board or executive committee minutes, internal approval notes. | Sustainability reporting / Governance |
| Governance involvement in assurance | A description of how the board and senior management take part in deciding, reviewing, or overseeing external assurance for sustainability reporting. | Board and executive committee packs, assurance planning papers, sign-off records, governance calendar. | Sustainability reporting / Governance |
| Assurance report link | The web link or document reference for each external assurance report or assurance statement covering the sustainability report, where assurance has been obtained. | Published report archive, investor relations site, assurance provider deliverables, document register. | Sustainability reporting / Investor relations |
| Assured content and basis | What parts of the sustainability reporting were checked externally, and the basis used for that check, including the assurance standards applied. | Assurance statement, scope letter, engagement terms, provider report, reporting controls file. | Sustainability reporting / External assurance |
| Assurance level obtained | The level of assurance the external reviewer gave for the sustainability reporting, stated clearly and consistently with the assurance statement. | Assurance statement, provider opinion letter, final report issued by the assurance firm. | Sustainability reporting / External assurance |
| Assurance limits | Any stated constraints, exclusions, or caveats in the external assurance process that affect what was checked or how far the work went. | Assurance statement, management representation letter, engagement scope, issue log from the assurance process. | Sustainability reporting / External assurance |
| Assurer relationship | A short description of the organisation’s relationship with the assurance provider, including anything relevant to independence, prior work, or other ties. | Assurance engagement letter, procurement records, independence declarations, conflict checks, provider profile. | Procurement / Legal / External assurance |
Show GRI 2-5 sub-elements (LRA working checklist)
- Set out the organisation’s approach to external assurance, and explain how directors and senior management are involved.
- Set out the organisation’s approach to external assurance, and say whether directors and senior management are involved.
- If the sustainability report has been independently assured, explain the organisation’s relationship with the assurance provider.
- If the sustainability report has been independently assured, explain what was covered and the basis used, including any limits in the assurance process.
- If the sustainability report has been independently assured, explain what was covered and the basis used, including the assurance framework applied.
- If the sustainability report has been independently assured, explain what was covered and the basis used, including the level of assurance obtained.
- If the sustainability report has been independently assured, give a link to, or reference for, the assurance report or statement.
LRA working checklist - paraphrased; see official source
- Decide whether your report has been checked by an outside assurer, and note the organisation’s approach to using that kind of review. Capture the role played by the board-level group and by senior management, so you can explain their involvement clearly.
- Set out exactly what parts of the sustainability report were covered by the external review, and on what basis that review was carried out. Keep the scope precise so the reader can see what was included and what was not.
- Record the assurance framework or method used by the reviewer, together with the assurance outcome reached. If the review had any practical constraints or caveats, note those as part of the evidence pack.
- Gather the source documents that prove the assurance took place, including the assurance report or statement and any link or reference needed to locate it. Make sure the evidence matches the reporting period and the version of the report being disclosed.
- Describe the working relationship between your organisation and the assurance provider, using plain language that shows how the arrangement operated in practice. Keep this separate from the technical findings so the disclosure is easy to follow.
- Before publishing, compare your draft against the official source to confirm you have covered every required point and have not added anything extra. Check that the wording, scope and references are consistent across the report and supporting files.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own terms first (for example, report review, independent check, third-party review, audit support, or assurance pack), then map them to the disclosure wording before sign-off. Keep the request in the language your reporting, finance, legal, and governance teams already use.
Can you send the external assurance info for the sustainability report?
Please send the assurance pack for [reporting period]: the reviewer’s statement, what parts of the sustainability report were checked, the review basis and level, any limits or exclusions, how the board / committee and senior leaders were involved, and a short note on our relationship with the reviewer. If there was no external review, please confirm that and share the decision note. Use your own team’s wording first, then we will map it to the disclosure.
Formal email template
Subject: Request for sustainability reporting assurance details for [reporting period] Hello [name/team], We are preparing the disclosure pack for [reporting period] and need the supporting evidence for any external review of our sustainability reporting. Please send, or point us to, the following for [reporting period]: - the report or section that was reviewed - the independent reviewer’s statement or report - a short summary of what was checked and the basis used - the level of review reached - any limits, exclusions, or caveats noted by the reviewer - how the board / committee and senior leaders were involved in the process - a short note on our relationship with the reviewer If no external review was arranged, please confirm that and share any internal note or decision record that explains this. Please use your own team’s wording in the response, then we will map it to the disclosure wording. A possible LRA training template is attached; please adapt this to your organisation and check the official source before sign-off. Many thanks, [preparer name] [team] [contact details]
Short Teams / Slack version
Hi [name] — for [reporting period], could you share the assurance pack for our sustainability report? We need the reviewer’s statement/report, what was checked, the review basis, any limits, the board/committee and senior leader involvement, and a short note on our relationship with the reviewer. If there wasn’t an external review, please confirm that and share the decision note. Please use your team’s own wording first, then we’ll map it. Thanks.
Manufacturing
Context. The sustainability report includes site-level environmental metrics and a small number of social indicators reviewed by an external provider.
Adapted request. Please share the review pack for [reporting period]: the independent reviewer’s statement, which site metrics and narrative sections were checked, the review method used, any exclusions by plant or data stream, how the board and executive team were involved, and a short note on our relationship with the reviewer. If there was no external review, please confirm that and share the decision note.
Example response. Attached are the signed review statement, scope note covering energy, water, waste, and workforce safety metrics, the limited review summary, exclusions for two acquired sites, the audit committee paper, and a short note that the provider has supported the group for three years.
Financial services
Context. The organisation publishes an annual ESG section within the annual report and uses a third party to review selected metrics and narrative claims.
Adapted request. Please send the assurance pack for [reporting period] covering the ESG section of the annual report: the reviewer’s statement, the sections and metrics checked, the basis used, the level of review, any caveats, how the board committee and senior leaders were involved, and a short note on the provider relationship. If no external review was arranged, please confirm that and share the decision record.
Example response. The pack includes the reviewer statement, a scope schedule for climate and conduct metrics, the agreed procedures summary, a note that the review did not cover forward-looking statements, the board risk committee paper, and a summary of the provider’s advisory relationship with the group.
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
Explain which sustainability information was sent for external review, what basis was used for that review, which assurance standard was applied, what level of confidence was reached, and how the board and senior executives were involved in the process.
Set out what the assurance result means for readers by clarifying the parts of the report that were independently checked, the extent of that check, and how the organisation’s governance and relationship with the assurer support the credibility of the disclosure.
If the assurance approach, coverage, level of confidence, or limitations changed from the prior period, explain what changed, why the scope or basis differed, and whether the board or senior leaders had a different role in the latest cycle.
GRI 2-5 External assurance — [location / page] / [notes]
Professional preparation tools and forms for GRI 2-5. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| The information reported for this disclosure reconciles to the underlying source records. | What is reported cannot be traced back to the systems or documents it was drawn from, or does not tie out to them. | calculation_workbook reconciling the reported value to source_system_export |
| The information reported for this disclosure is current as at the reporting date. | The disclosure reflects a different period, a cut-off before the reporting date, or stale data carried over from a prior period. | approval_record showing the data cut-off date and the period covered |
| The scope behind the information reported for this disclosure is applied consistently. | Parts of the organisation are silently in or out of scope, or the scope differs from the prior period without that change being explained. | methodology defining the scope and a site_register of what it covers |
| Everything in scope is included in the information reported for this disclosure — nothing material is left out. | Parts of the population that should be reported are omitted, understating or overstating the disclosure. | site_register of the full population vs the calculation_workbook of what was actually included |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- The information is presented without a date or as-at point.
- The scope or boundary of the statement is left undefined.
- Key terms are used inconsistently across the report.
- Material changes since the previous period are not disclosed.
- Assertions are made without supporting detail or a source record.
- Boilerplate is used that does not actually answer what is asked.
- Wrong owner
The request goes to the sustainability team alone, so the board office, finance lead, or assurance contact never confirms who actually handled the review.
- Framework language only
People ask for the answer in GRI-style terms instead of the organisation’s own wording, and the source owner cannot map it back to how the business talks about assurance.
- Scope left vague
The team does not pin down which report, period, or entity is in scope, so the evidence set ends up covering the wrong part of the business.
- Timing basis mixed up
One person pulls documents from a different reporting cycle or cut-off date, which means the assurance record no longer matches the reporting period being described.
- Counting basis mixed
Assurance details from separate methods or levels are merged into one file, so the final pack no longer shows what was checked on which basis.
- Source labels lost
Original file names, version tags, or document references are stripped out during collation, making it impossible to trace each claim back to the first record.
- Populations merged
Assured and unassured material are bundled together in one working sheet, so the team cannot separate what was covered from what was not.
- Evidence trail incomplete
The pack is missing the supporting note, link, or sign-off history, so no one can show who approved the information or where the assurance statement came from.
- Set the reporting cut-off for newly bought or sold businesses
Explain which reporting period and group structure you used after acquisitions or disposals, and note any parts of the business that moved in or out of scope during the year.
- Choose one rule where local definitions differ
If the same topic is defined differently across countries or business units, state the rule you applied, why it was chosen, and whether any local figures were adjusted to match it.
- Decide how to treat activities near the boundary
Say how you handled sites, teams, joint arrangements, contractors or other cases that sit close to the reporting boundary, and whether they were included, excluded or partly counted.
- Fix the basis for the assurance description
Be clear whether you are describing the whole sustainability report or only selected parts, and identify exactly what the external reviewer looked at.
- State the timing basis used for the assurance work
If the assurance covered a different date range, version or reporting pack from the published report, explain the timing basis and how the two were linked.
- Separate measured figures from estimates
Show where the assurance relied on direct records and where it depended on estimates, models or sampling, and explain any material assumptions behind those estimates.
- Round figures consistently and explain the method
If numbers were rounded, use one consistent approach, make sure subtotals still add up sensibly, and disclose any cases where rounding changes the visible total.
- Handle privacy limits by grouping data
Where personal or commercially sensitive detail cannot be shown, aggregate the information enough to protect confidentiality while still making clear what was covered and what was left out.
Synthetic, written by LRA — not from a company report, not text from any standard.
We have a standing process for deciding whether our sustainability reporting should be checked by an outside assurer, and the board and its committees are briefed on that choice while senior management prepares the scope and timing. This is an illustrative disclosure only: our 2025 sustainability report was externally checked, and the assurance statement is available in our report library; it covers selected reported indicators and narrative claims, was carried out against ISAE 3000 (Revised) and AA1000AS v3, and the assurer concluded a limited level of confidence. The work was restricted to the agreed sample and time period, so the statement also notes that site visits were not performed at every location and that some forward-looking statements were outside scope; the assurer was appointed through our normal procurement process and remains independent of our reporting team.
We decide each year whether to seek outside review of our sustainability reporting, and the audit committee and the full board are updated before approval while senior executives oversee the data collection and respond to findings. This is an illustrative disclosure only: our 2025 sustainability report was externally checked, the assurance statement is linked from the governance section of the report, and the review covered our greenhouse gas figures, water data and selected workforce metrics using ISAE 3000 (Revised) at a limited level of confidence. The assurer’s work was limited to the agreed reporting boundary and a sample of records, with no testing of every site or every metric; the provider was engaged under a standard service contract, had no role in preparing the report, and reported directly to the board after completion.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- Assurance coverage by topic — table: Which parts of the sustainability report were independently checked, and the basis used for each check, including the assurance standard, the level reached, and any stated scope limits.
- Governance involvement in assurance decisions — stacked bar: How responsibility for external assurance is shared between the board, senior management, and other internal roles across the reporting process.
- Assurance provider relationship overview — table: The nature of the organisation’s working relationship with the external assurer, including any relevant independence or engagement details described in the disclosure.
- Published assurance evidence — table: Where readers can find the external assurance report or statement, using links or references to the published document(s).
- Assurance scope and limitations — bar: A side-by-side view of what was covered by assurance versus any areas, data, or statements that were not fully covered or were subject to limits.
What separates a figure from a disclosure.
We had our sustainability report independently checked this year.
We had our sustainability report independently checked this year, and I can point to the assurance statement covering the report, the standards used, the level reached, and the provider’s link to us.
We had our 2025 sustainability report independently checked under a limited-assurance approach, with the board and senior leaders involved in the decision and oversight, and I can point to the assurance statement because the review covered the full report but had some scope limits due to sample-based testing.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 2-5 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zydus Lifesciences Limited | Pharmaceuticals / Biotech / Life Sciences · India | 2025 | Partial | p. 13 →p. 143 →p. 142 → | ESG Report FY24-25 → | — | |||||||||||||||||||||||||
Evidence in Zydus Lifesciences Limited’s reportWhat the report shows Zydus Lifesciences Limited’s ESG Report FY24-25 includes a statement of assurance on page 3 and discusses alignment with global ESG frameworks on page 147. The report also addresses materiality issues related to external stakeholders on page 148. However, there is no clear or quotable evidence found regarding specific methodology or narrative details for some disclosure items, and several narrative items are not found in the report.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||
| Interconexión Eléctrica S.A. E.S.P. | Electric Utilities / IPP / Energy Traders · Colombia | 2024 | Topic-family | p. 150 →p. 131 →p. 41 → | ISA Integrated Management Report 2024 → | ey | |||||||||||||||||||||||||
Evidence in Interconexión Eléctrica S.A. E.S.P.’s reportWhat the report shows Interconexión Eléctrica S.A. E.S.P.'s 2024 Integrated Management Report provides partial information on the policy and practice of requesting external verification, mentioning this topic on page 131 but without presenting a clear headline value. The report also references the processes and frequency with which senior executives and other employees report to the highest governance body on page 135. However, there is no quotable evidence found regarding specific narrative items or detailed disclosures related to this topic elsewhere in the report.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||
| Chang Hwa Commercial Bank, Ltd. | Banks / Diverse Financials / Insurance · Taiwan | 2024 | Partial | p. 198 →p. 62 →p. 205 → | 2024 ESG Report → | PwC | |||||||||||||||||||||||||
Evidence in Chang Hwa Commercial Bank, Ltd.’s reportWhat the report shows Chang Hwa Commercial Bank, Ltd.'s 2024 ESG Report provides some information on governance structures, noting the chair of the highest governance body on page 198 and describing the Board of Directors as the highest governing body with four functional committees on page 44. The report also mentions the President as the head of the ESG Task Force on page 8 and references external assurance on page 189. However, detailed narrative items related to specific governance disclosures are largely missing or unclear, with no quotable evidence found for several expected narrative points.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||
A group has had its sustainability report checked by an outside assurance provider for the first time this year. The board approved the approach, while the chief executive and finance director helped choose the provider and reviewed the final statement.How should the team explain its approach to outside assurance and the roles played by the board and senior leaders?
A sustainability report was externally checked, but the assurance statement sits on the provider’s website and the report only mentions that an external review happened. The reporting team is unsure whether that is enough.What should be included so readers can find the assurance evidence and understand what was covered?
The assurance provider gave a limited conclusion on selected sustainability metrics, and the engagement note says some site visits were not possible because of travel restrictions. The preparer is drafting the disclosure and wonders how much detail to include.How should the team describe the outcome and any constraints without overstating the assurance work?
An assurance provider is a long-standing audit firm that also advises the company on reporting controls. The sustainability team has to decide whether to mention that relationship in the report.What should the team do about the connection between the organisation and the assurance provider?
See how companies actually report GRI 2-5 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
For GRI 2-5 General Disclosures, what data do I need to gather before I start drafting the assurance disclosure?
Use the page’s datapoint list as your starting checklist: assurance policy and practice, governance involvement, assurance report link, assured content and basis, assurance level obtained, assurance limits, and assurer relationship. The page also gives a step-by-step preparation flow, so you can turn that list into a practical data request and draft plan. ↑ section
How do I use the step-by-step ‘how to prepare’ section for GRI 2-5 in practice?
Treat it as a working sequence for collecting the right inputs, checking what needs to be evidenced, and then shaping the disclosure draft. It is designed to help you move from raw information to a report-ready narrative rather than leaving you with a theory-only summary. ↑ section
What should I ask the assurance owner or audit contact for when preparing GRI 2-5?
Ask for the assurance policy and practice, the assurance report link, the level obtained, what content was covered, any limits, and the relationship with the assurer. The page’s assurance-focused datapoints are meant to help you identify the minimum practical information needed for a draft and evidence pack. ↑ section
How do I decide who owns the GRI 2-5 assurance disclosure data in my organisation?
The page points you to governance involvement in assurance and the assurer relationship, so ownership should sit with the people who can confirm those facts and provide evidence. In practice, that usually means coordinating between sustainability, governance, HR or other data owners, and the assurance contact. ↑ section
What evidence pack do I need to make a GRI 2-5 assurance disclosure assurance-ready?
The page includes a five-item evidence pack specifically for assurance readiness, so use that as the core file set for review. It is intended to support the datapoints, the assurance claims to verify, and the final draft without relying on unsupported statements. ↑ section
How do the four assurance claims to verify help me check my GRI 2-5 draft?
They give you a claim/risk/evidence structure to test whether each statement in the draft is supported and complete. Use them to spot gaps early, especially where the disclosure refers to policy, scope, limits, or the assurer’s role. ↑ section
What are the common reporting gaps or mistakes to avoid in a GRI 2-5 assurance disclosure?
The page lists common gaps and mistakes so you can check for missing evidence, unclear scope, or weak links between the narrative and the assurance information. It is useful as a final quality-control pass before the disclosure goes into the report. ↑ section
How can I turn the GRI 2-5 page into a first draft for the annual report?
Use the draft-output section to move from data collection to writing: it offers visualisation ideas, narrative starters, and a GRI content-index line. That makes it easier to produce a clean draft that is consistent with the information you have gathered. ↑ section
What should I include in the GRI 2-5 narrative if I want it to be assurance-ready?
Focus on the page’s assurance datapoints and make sure the narrative clearly states what was assured, the basis, the level obtained, any limits, and the assurer relationship. The evidence pack and claim checks are there to help you keep the wording aligned with the underlying support. ↑ section
How do I use the Prep & Assurance workbook for GRI 2-5?
The Download Centre includes a Prep & Assurance workbook in .xlsx format, which is intended to support preparation and assurance readiness. Use it alongside the page’s step-by-step guidance, evidence pack, and common mistakes list to organise inputs and track what still needs to be confirmed. ↑ section
What is the printable Library Card for GRI 2-5 and when should I use it?
The Download Centre also provides a printable Library Card in .pdf format. It is a practical companion for keeping the disclosure’s key datapoints, evidence needs, and draft prompts in one place while you work through preparation. ↑ section
- GRI 2-5 General Disclosures: what are the key datapoints to collect for an assurance disclosure draft?
- GRI 2-5: how do I build an evidence pack for assurance readiness?
- GRI 2-5 assurance disclosure: what should I ask governance, HR, or the assurer for?
- GRI 2-5: how do I use the claim/risk/evidence checks before sign-off?
- GRI 2-5 General Disclosures: what are the common mistakes in the assurance section?
- GRI 2-5: how do I turn the page’s narrative starters into a report draft?
- GRI 2-5: what should go into the assurance report link and basis of assurance field?
- GRI 2-5: how do I use the downloadable workbook to track missing evidence?
- GRI 2-5 General Disclosures: what does the synthetic example show me about drafting the disclosure?
- GRI 2-5: how do I check whether my disclosure covers assurance limits clearly?
- GRI 2-5: how do I use the content-index line in the draft-output section?
- GRI 2-5 General Disclosures: where can I find real published report examples on the page?
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.