My survey of FTSE100 companies showed that more than half do not have non-financial assurance.
But what of those that do?
What sort of assurance is it? What standard do they follow?
Doing the analysis I was forcibly reminded of the controversy about what question should be on the ballot paper when the Scots vote in Mr Salmond’s independence (or is it Devo Max?) referendum.
The forty seven assuring companies break down as follows:
19 use AA1000AS
17 use ISAE3000
11 use a different system from those above.
That’s clear then.
Open the whisky bottle and run up the Saltire flag.Independencehas won, or rather no it hasn’t.
Looked at another way the figures read:
25 use ISAE3000
11 use AA1000AS
11 use a different system from those above
The fact is that eight of the reporters within the context of their AA1000AS statements reference ISAE3000 as being used in the data verification part of the exercise. A bit of assurance hermaphroditism there then.
As a long-time, serial reader of CR reports (Saddo!), I think that this is a relatively recent trend.
I will address what it means in my concluding blog of the series.
In the next blog I will shine a light on the assurors who are not using either AA1000AS or ISAE3000. What’s the matter with them? Can’t they decide whose side they’re on?
This is one of a series of blogs on assurance. The other blogs can be found via reference to our blog library.