Combined Assurance Reports Are Coming: How to Read a Report with Two Levels of Assurance

Sustainability assurance is moving from a niche technical exercise into mainstream corporate reporting. But the market is not moving in a single step from “no assurance” to “full reasonable assurance over everything.” Instead, ISSA 5000 illustrative reporting guidance signals a more realistic pathway: combined assurance reports, where one part of the sustainability information receives reasonable assurance and another part receives limited assurance—within the same independent assurance report.

This is a critical development for boards, investors, regulators, and corporate reporting teams because combined assurance is both:

• a practical solution to uneven data maturity and stakeholder priorities, and

• a communication risk if users misunderstand which disclosures carry which level of confidence.

This article explains why combined assurance is emerging, what it looks like in practice, how stakeholders should read it, and how organisations can design combined assurance engagements that strengthen (not confuse) credibility.

1) Why combined assurance is emerging now

Combined assurance is fundamentally a response to two realities.

Reality A: Not all sustainability disclosures are equally decision-critical

Stakeholders often rely more heavily on certain disclosures—especially climate-related disclosures—because they link directly to:

• financial risk (transition risk, physical risk)

• regulatory exposure

• capital access and lending conditions

• strategic resilience and long-term value

As a result, organisations may prioritise stronger assurance (reasonable assurance) over high-impact disclosures, while maintaining limited assurance over the remainder during the early maturity phase.

Reality B: Sustainability reporting maturity is uneven

Even in well-governed organisations, sustainability data often has different levels of maturity across domains:

• Scope 1 and 2 emissions may be more traceable than Scope 3 emissions.

• Governance disclosures may be easier to evidence than complex value-chain social metrics.

• Transition plans may involve forward-looking assumptions that do not support the same confidence as historical metrics.

Combined assurance accommodates this reality by allowing the highest confidence level where the organisation can support it—without forcing an “all-or-nothing” decision.

The ISSA 5000 illustrative guidance explicitly anticipates combined reporting: reasonable assurance for climate-related disclosures and limited assurance for the remaining sustainability information, with the report designed to clearly distinguish between the two.

2) What a combined assurance report actually is

A combined assurance report is an independent practitioner’s report that expresses two separate conclusions, each tied to a defined scope of information and a defined level of assurance.

In practical terms, it answers two questions:

1. What do we conclude about the disclosures covered by reasonable assurance?

2. What do we conclude about the disclosures covered by limited assurance?

The most important technical and communication principle is separation: the report must be structured so the reader can easily understand which disclosures are subject to which assurance level. The illustrative guidance stresses distinguishable conclusions in combined engagements.

3) Why combined assurance is often misunderstood by users

Combined assurance is relatively new to most sustainability report users. Many stakeholders assume:

• if there is “an independent assurance report,” everything in the sustainability report is equally assured; or

• if a part is reasonably assured, the whole report must be of “reasonable assurance quality.”

Both assumptions can be wrong.

This misunderstanding is not trivial. It can lead to:

• mispriced risk by investors and lenders

• regulatory confusion about compliance reliability

• reputational exposure if public messaging implies broader reasonable assurance than actually obtained

• greenwashing allegations if unassured or limited-assured narratives are marketed as “verified”

This is why combined assurance must be designed as much for clarity to users as for technical compliance.

4) The core interpretive skill: reading scope before reading conclusions

To read a combined assurance report properly, stakeholders should follow a disciplined order:

Step 1: Identify the subject matter information (what is covered)

Combined reports typically identify:

• the climate-related disclosures (or other priority disclosures) subject to reasonable assurance, and

• the remaining sustainability information subject to limited assurance.

The reader should look for explicit listing or clear cross-references.

Step 2: Identify the criteria (the rulebook)

Assurance is expressed against criteria. Stakeholders should understand what criteria were applied, especially where reporting frameworks or legal requirements are involved.

Step 3: Locate the reasonable assurance conclusion and interpret it as higher confidence

Reasonable assurance is higher confidence and typically expressed in positive-form language.

Step 4: Locate the limited assurance conclusion and interpret it as lower confidence

Limited assurance is lower confidence, typically expressed in negative-form language, meaning nothing has come to the practitioner’s attention to indicate a material misstatement.

Step 5: Read “other information” and inherent limitations language

When sustainability information is part of a broader report (e.g., annual report), the practitioner may address “other information” and clarify that it is not subject to assurance.

For forward-looking content such as transition plans, the report may warn that the information may be based on hypothetical assumptions and not appropriate for purposes beyond those stated.

This interpretive discipline is essential because combined reports can otherwise create false comfort.

5) What combined assurance means for boards

Boards should treat combined assurance as a strategic governance choice, not simply an assurance provider’s technical proposal.

A. Boards must approve the assurance architecture

Combined assurance is effectively a statement about priorities:

• “These disclosures are decision-critical and robust enough for reasonable assurance.”

• “These disclosures are important but not yet mature enough for reasonable assurance; limited assurance is appropriate for now.”

A board should ensure the scope and prioritisation align to stakeholder needs and risk exposure.

B. Boards must control assurance messaging across the organisation

The greatest governance risk of combined assurance is not technical—it is communication drift.

When management, investor relations, marketing, or corporate communications refer to the sustainability report as “assured,” they may inadvertently imply that:

• everything is reasonably assured, or

• everything is assured at the same level.

This is amplified when the assured sustainability information sits next to unassured narrative (“other information”). The practitioner may read other information for consistency, but it remains not assured.

Boards should require controlled language and a consistent communications policy that accurately reflects the scope and assurance levels.

C. Boards should use combined assurance as a maturity roadmap tool

Combined assurance should not be a permanent “split personality” unless justified. Boards should use it as a phased pathway:

• Start with reasonable assurance for priority disclosures (often climate).

• Expand reasonable assurance as controls strengthen.

• Reduce reliance on limited assurance over time for decision-critical disclosures.

6) What combined assurance means for investors and lenders

Combined assurance provides more information, not less—if investors read it correctly.

A. It signals what management considers decision-critical

If climate disclosures are reasonably assured while other disclosures are limited-assured, investors can infer where the organisation has invested governance, controls, and evidence discipline.

B. It helps investors calibrate confidence

Investors should align their reliance to the assurance level:

• Higher reliance may be placed on reasonably assured disclosures.

• More caution should be applied to limited-assured disclosures, especially where they influence valuation or credit risk materially.

C. It highlights potential data maturity gaps

If certain high-profile disclosures remain limited-assured year after year, investors may interpret that as a sign that:

• systems and controls are not maturing, or

• management is not prioritising reliability.

Combined assurance therefore becomes a market signal of disclosure maturity.

7) What combined assurance means for regulators

For regulators, combined assurance introduces both opportunity and complexity.

Opportunity

Combined assurance can improve overall reporting integrity by allowing higher assurance levels where the public interest is greatest (such as climate risk disclosures).

Complexity

Regulators must ensure that users are not misled. Combined assurance can create interpretive confusion, and regulators may need to encourage standardised presentation or clearer boundary language.

Where legal compliance is involved, modified conclusions may also become relevant. The illustrative reporting set includes modified outcomes (including adverse and disclaimer scenarios) that demonstrate what happens when information does not comply with criteria or sufficient evidence cannot be obtained.

8) Common pitfalls in combined assurance engagements

Pitfall 1: Poorly defined boundaries between the two assurance scopes

If the report does not clearly identify what disclosures are in the reasonable assurance scope versus limited assurance scope, users may assume the higher level applies broadly.

The illustrative guidance anticipates this and emphasises distinguishable conclusions.

Pitfall 2: Communications “upgrade” the assurance level

Internal messaging often collapses nuance into marketing simplicity:

• “Our sustainability report is verified.”

• “We obtained independent assurance.”

Without specifying the split in assurance levels, this can mislead users.

Pitfall 3: Forward-looking claims treated as if they are “assured facts”

Transition plans and forward-looking statements carry inherent limitations. The illustrative report language explicitly acknowledges forward-looking information may be based on hypothetical assumptions and may not be appropriate beyond its purpose.

If public messaging ignores this nuance, credibility risk rises.

Pitfall 4: “Other information” undermines assured disclosures

Where sustainability reporting is embedded in annual reports, unassured narrative can contradict assured metrics. The practitioner may address other information responsibilities while clarifying that the other information is not subject to assurance.

Boards must manage this consistency risk explicitly.

Pitfall 5: Overuse of boilerplate procedure summaries

The guidance warns that summaries of work performed should not be ambiguous, overstated, or misleading.

In combined reports, it is especially important that summaries do not blur the distinction between the two assurance levels.

9) Designing a combined assurance engagement that builds trust

A high-quality combined assurance engagement is designed around clarity, credibility, and progress.

A. Clarity: make it effortless to understand the split

Best practice elements include:

• a clear scope section with explicit listing or cross-reference of disclosures in each scope

• separate headings for each conclusion (reasonable and limited)

• language in management discussions and summaries that repeats the same boundaries

B. Credibility: ensure the reasonable assurance scope is truly “reasonable assurance ready”

Reasonable assurance requires stronger evidence discipline. Organisations should ensure:

• stable methodologies

• traceable source data and audit trails

• clear boundaries and consolidation approach

• controls over key calculations and assumptions

If the organisation is not ready, it increases the risk of scope limitations and modified outcomes.

C. Progress: publish and execute a maturity roadmap

Organisations should be prepared to explain:

• why the assurance split exists now

• what improvements are underway

• what disclosures will transition to reasonable assurance next, and when

This roadmap mindset turns combined assurance from a “compromise” into a strategy.

10) A practical combined assurance readiness checklist

If your organisation expects to move into combined assurance, consider the following readiness checklist:

1. Stakeholder reliance mapping

   • Which disclosures do investors, lenders, customers, and regulators rely on most?

2. Disclosure inventory and maturity scoring

   • Score each disclosure for evidence maturity: systems, documentation, audit trail, ownership.

3. Scope selection

   • Choose a reasonable assurance scope that is both high-impact and mature enough to support the higher level.

4. Methodology discipline

   • Lock down definitions, boundaries, and calculation methods to reduce year-to-year variability.

5. Disclosure controls

   • Implement sign-offs, reviews, reconciliations, and retention policies for assured disclosures.

6. Communications governance

   • Establish a controlled vocabulary for external messaging that accurately reflects the two assurance levels.

7. Other information consistency review

   • Ensure CEO letters, strategy narratives, and case studies do not contradict assured metrics.

     IAASB-ISSA-5000-Sustainability-…

8. Forward-looking statement controls

   • Ensure transition plans and targets include assumptions and limitations consistent with the report.

Combined assurance will become a normal form of early maturity credibility

Combined assurance reports represent the market’s practical response to uneven sustainability reporting maturity and rising stakeholder expectations. They can strengthen trust—especially when they provide reasonable assurance over decision-critical disclosures—while still allowing organisations to bring broader sustainability information into a credible assurance perimeter via limited assurance.

But combined assurance also raises the bar for governance. Clarity of scope, consistency of messaging, and disciplined controls over narrative and forward-looking claims are not optional. They are the difference between assurance that builds confidence and assurance that creates confusion.

Next Step!!

If your organisation expects stakeholders to demand stronger assurance over climate or other decision-critical sustainability disclosures, Dawgen Global can help you design a combined assurance strategy, assess reasonable-assurance readiness, strengthen disclosure controls, and implement a roadmap from limited assurance to higher-confidence assurance over time. Email us at [email protected].

About Dawgen Global