Marks and Spencer publish 2007 CSR Report but how useful is the independent assurance given?   17th July 2007 Over the last 20 years corporate accountability has become a fundamental part of business strategy for many companies. This has been driven by growth in public expectations that commercial organisations address issues relating to business ethics, corporate governance and human rights, as well as environmental and financial performance. Not only must companies make commitments to CSR issues, they need to develop systems to manage their implementation, and assess and report on progress against their commitments. The publication in June of the 2007 Marks and Spencer corporate social responsibility, (CSR) report, “How We Do Business” provided the first chance to analyse the company's initial progress against the ambitious social, environmental and ethical targets, set out at the beginning of 2007 under its “Plan A” strategy. Plan A includes M&S's commitment to become a carbon neutral company by 2012, and to drastically reduce the amount of waste it generates and increase sourcing of sustainable raw materials. “How We Do Business” sets out the policies, indicators, targets and processes to manage a range of CSR commitments by M&S in five key areas; climate change, waste, sustainable raw materials, fair trade and customer health. The report outlines the management systems in place to ensure compliance with the law, the systems for measuring economic, social and environmental impacts, direction on setting of targets and guidance for gathering information and reporting on progress. Aspects of M&S's CSR reports are auditable because they contain quantitative and verifiable data as well as qualitative statements about risk management and performance. The 2007 report includes an Assurance Statement provided by internal management on the content of the data included, as well as the internal audit functions and systems of controls in place. In addition, M&S have adopted the Global Reporting Initiative G3 checklist and entry level “C” of the GRI's 6 possible levels of compliance. This compliance level includes guidance on internal and external assurance statements. The key requirements for external assurance of reports using the GRI reporting guidelines are that the assurance is undertaken by an organisation or individual external to the company, who is demonstrably competent in both the assurance practices and subject matter, has assessed whether the report contains a reasonable and balanced presentation of performance, has taken into consideration the veracity of the data reported, and that the audit has been implemented in a manner that is systematic, documented, evidence based and characterised by defined procedures. External assurance statements can include a financial style audit of the figures provided by the company in the report, as well as certification of the systems used by the company. Apart from opinion and recommendations, an external assurance statement should include information on the purpose of the assurance, the scope of the review performed, references to assurance criteria or frameworks used (such as the GRI), methods and procedures used in the engagement, the level of assurance provided, a statement of assuror independence and competency. The 2007 M&S report includes an independent assurance statement by Ernst and Young. This outlines the scope of work reviewed by Ernst and Young, and provides a limited level of assurance in accordance with the International federation of Accountants' International Standard for Assurance Engagements Other Than Audits or Reviews of Historical Financial Information, (ISAE 3000 provides principles and essential procedures to guide practioners in the performance of engagements on subject matters other than the audit of historical financial information). As such, ISAE provides a highly cautious and limited approach to assurance of CSR information. As a result, the external assurance statement for the M&S 2007 report includes an audit as to whether targets from the 2006 report have been transferred into the 2007, and whether selective product related claims denoted by ** “ are consistent with the explanation and evidence provided by relevant managers at company level”, (my emphasis). The limitations of the assurance provided by Ernst and Young are stated as, “we do not make conclusions on the accuracy and completeness of data presented in tables…..we are not aware of any 2006/07 targets presented in the CSR report 2006 which are not included in the Report,……..we are not aware of any misstatements in the claims denoted by **”. This would imply that the external assurance statement sought by M&S is of limited value, both to the internal managers responsible for the aspects covered in review of performance section of the report, and to external stakeholders. These external stakeholders may have higher expectations of the external assurance statement, for example, to provide information on the materiality of the aspects included by the company, and the veracity and accuracy of the performance data and future targets reported. Marks and Spencer could have adopted the more rigorous assurance guidelines of the Fédération des Experts Comptables Européens, (FEE) or the AccountAbility AA1000 standard on assurance practice. The AA 1000 standard requires that the assurance statement include comment and recommendations on the overall quality of the report, as well as the underlying organisational processes, systems and competencies reflected in the content. The FEE guidelines mirror the IFAC's ISAE 3000 standard. Both adopt a greater attitude of caution towards sustainability assurance than the AA 1000, with an overriding desire to avoid creating an expectation gap, “ whereby a user mistakenly assumes that there is more assurance than is actually present ”, (FEE 2002). Both the FEE and Accountability acknowledge that stakeholder dialogue is likely to be a significant issue in the reporting process itself, and may therefore be referred to in the assurance statement. This is not included in the M&S assurance statement. Table 1 below outlines the recommended minimum contents of assurance statements for AA 1000, FEE and GRI standards. Table 1 Recommended Minimum Contents of Assurance Statements for AA 1000, FEE and GRI   CONTENT OF REPORT AA1000 FEE GRI Addressee v (1) v v (2) Scope & objectives of engagement v v v Responsibility of reporter & assuror   v v Criteria used to assess evidence & reach conclusions v v v Extent of stakeholder participation     v Conclusion / opinion on the following v v v Materiality v     Completeness v     Performance v     Reporting on reservations / qualifications   v v (3) Progress in reporting & assurance since last report (4) v v v Suggestions for improvements & processes (4) v v v   Adapted from “ Assurance Statement Practice in Environmental, Social and Sustainability Reporting ”, O'Dwyer B, Owen D, The British Accounting Review 37 (2005) 205-229   Note 1 implicit in minimum recommended contents 2 addressees should be the board of directors or governing body, or if agreed stakeholders 3 expressions of reservations should be constructive 4 could be included in the assurance statement The M&S 2007 “How we do Business” report is excellent in terms of its robust content, which reports on past achievements and sets out detailed plans, targets and commitments for future attainment under the auspices of the “Plan A” eco-commitment. The 2007 report sets out the scope of operations that M&S wishes to be judged accountable for, and includes in its future targets the performance of its business partners, including suppliers and other actors from its value chain. The report also describes a comprehensive set of mechanisms by which the company will demonstrate accountability, and the aspects chosen are those social and environmental impacts material to its stakeholders. The report also illustrates the extent to which M&S is responsive to, and engaged with its stakeholders on the issues outlined. The external assurance statement reflects the limited responsibility that Ernst and Young have, in terms of its scope and audience. (Its remit is to provide assurance to corporate management only). This contrasts significantly with the more comprehensive governance structures underpinning a financial audit process. The M&S external assurance statement is primarily designed to provide value to management, as opposed to stakeholders in general. This assurance statement does not appear to encompass a consideration of materiality as defined in stakeholder terms, and does not appear to provide an opinion as to the accuracy of the data included in the report. Rather, Ernst and Young seem to focus their assurance on the issue of consistency of the reporting with “explanations given by relevant managers at company level”. The limited scope of the assurance statement in general reflects the absence of widely accepted and adopted assurance standards, despite the efforts of the FEE, the GRI and AccountAbility. The M&S 2007 “How we do Business” report reflects a considerable achievement in the company's past performance with regard to corporate social responsibility. It also sets out ambitious and detailed targets for future action, demonstrating strong management commitment towards tackling those social and environmental issues material to stakeholders. It is indicative of a high degree of engagement on material issues with key stakeholders. It shows how the company is integrating accountability for CSR performance into its operational procedures and business practices, ranging from long term planning to everyday decision making. The external assurance statement makes only a very modest contribution towards enlightening or informing the reader, and facilitates no substantive change upon management. It does not show how assurance can be equated with improved accountability and credibility. There are considerable opportunities for accountants and auditors to both measure social and environmental information provided in CSR reports, as well as to improve the quality of the data provided. They also have a role in ensuring that CSR is incorporated into the business decision making process, particularly in areas such as investment appraisal, budgeting and strategic planning. In future articles, I'll be examining how organisations such as Novo Nordisk, Aviva and HSBC have used CSR auditing in order to increase their internal accountability, and to enhance the credibility to stakeholders of the data disclosed.
About Us Privacy Policy Contact Us Copyright © 2007 FSN Publishing Limited. All Rights Reserved. Use of this website signifies your agreement to the Terms of Use.