ISSA 5000: The New Global ESG Sustainability Assurance Standard — What CA Firms Need to Know [2026]

Sustainability assurance is no longer a niche advisory service. It is becoming a regulated engagement with formal standards, ethics requirements, and quality management obligations — exactly like financial statement audits.

In November 2024, the International Auditing and Assurance Standards Board (IAASB) issued ISSA 5000 — International Standard on Sustainability Assurance (General Requirements for Sustainability Assurance Engagements). This is the first standard in a new suite of sustainability assurance standards. It creates the global framework for practitioners who provide assurance on sustainability information — whether that information relates to environmental metrics, social disclosures, governance reporting, or any combination.

For Indian CA firms, ISSA 5000 matters directly. SEBI already mandates BRSR (Business Responsibility and Sustainability Report) filings for the top 1,000 listed companies by market capitalisation. Reasonable assurance on BRSR data is coming. When it does, ISSA 5000 will be the reference framework — and firms that have not prepared will find themselves unable to accept these engagements.

This guide covers what ISSA 5000 requires, when it takes effect, how it connects to existing quality management standards, and what Indian CA firms must do now.

---

What Is ISSA 5000?

ISSA 5000 is the IAASB's overarching standard for sustainability assurance engagements. It establishes the requirements and guidance for practitioners performing assurance on sustainability information reported by entities across all industries and sectors.

Key Characteristics

Framework-neutral. ISSA 5000 is not tied to any single sustainability reporting framework. It applies whether the entity reports under GRI, ISSB (IFRS S1/S2), ESRS, BRSR, TCFD, CDP, or any other framework. The standard governs how the practitioner performs the assurance engagement — not what the entity reports against.

Covers both limited and reasonable assurance. Unlike some earlier guidance that focused primarily on limited assurance, ISSA 5000 addresses both levels of assurance within a single standard. This is significant because regulators globally (including SEBI in India) are moving toward requiring reasonable assurance on sustainability disclosures over time.

Addresses single and double materiality. The standard recognises that sustainability information may be prepared using:

• Single materiality — focusing on sustainability matters that affect the entity's financial position (investor perspective)
• Double materiality — additionally considering the entity's impact on the environment, society, and economy (multi-stakeholder perspective)

The practitioner must understand which materiality concept applies to the engagement based on the applicable reporting framework and the entity's chosen approach.

Profession-agnostic but quality-bound. ISSA 5000 is designed to be used by both professional accountants and non-accountant practitioners. However, all practitioners must meet equivalent quality management, ethics, and competency requirements. For professional accountants, this means alignment with ISQM 1 (or India's SQM 1) and the IESBA Code of Ethics.

---

Timeline and Effective Date

ISSA 5000 is effective for sustainability assurance engagements on sustainability information reported for periods beginning on or after December 15, 2026.

Early adoption is permitted. Firms that want to start applying the standard before the mandatory effective date can do so.

What this means in practice:

Milestone	Date
IAASB issues ISSA 5000	November 2024
IESBA issues complementary ethics standards	January 2025
Early adoption window opens	Immediately upon issuance
Mandatory effective date	Periods beginning on or after December 15, 2026
First mandatory reporting periods covered	Calendar year 2027 (for December year-ends)

For Indian firms, the timeline aligns closely with the SQM 1 implementation deadline of July 1, 2026 set by ICAI. Firms will need to build both quality management systems and sustainability assurance capabilities in the same window.

---

Key Requirements of ISSA 5000

ISSA 5000 follows a structure familiar to practitioners experienced with ISA-based financial statement audits, but with specific adaptations for sustainability information. The core requirements include:

1. Preconditions for the Engagement

Before accepting a sustainability assurance engagement, the practitioner must determine that:

• The entity's sustainability information is prepared against an identifiable reporting framework (criteria)
• The criteria are suitable and available to intended users
• The practitioner has access to sufficient appropriate evidence
• The scope and terms of the engagement are clear and agreed upon

2. Risk Assessment and Planning

The practitioner must obtain an understanding of:

• The entity and its environment, including its value chain where relevant to sustainability matters
• The entity's internal control over sustainability reporting
• The applicable criteria (reporting framework) and how the entity applies them
• Risks of material misstatement in the sustainability information

This is conceptually similar to risk assessment under ISA 315, but applied to sustainability data — which often involves estimates, forward-looking statements, qualitative disclosures, and information sourced from outside the entity's direct control (such as Scope 3 emissions from supply chain partners).

3. Evidence Gathering

The standard requires the practitioner to design and perform procedures to obtain sufficient appropriate evidence. The nature and extent of procedures differ between limited assurance (primarily inquiry and analytical procedures) and reasonable assurance (which requires more extensive testing, including detailed testing of data and controls).

Key considerations include:

• Non-financial data characteristics: Sustainability data often involves measurement uncertainty, use of estimates and proxies, and reliance on third-party data sources
• Forward-looking information: Climate targets, transition plans, and scenario analyses require specific audit approaches
• Qualitative disclosures: Governance descriptions, strategy narratives, and stakeholder engagement summaries require assessment against the applicable criteria

4. Materiality

The practitioner must determine materiality for the sustainability assurance engagement. This is more complex than financial statement materiality because:

• Sustainability information spans multiple topics (environmental, social, governance) with different measurement units
• Materiality may need to be determined at the topic level or disclosure level rather than at the overall information level
• Qualitative factors often dominate materiality judgments for sustainability information

5. Using the Work of Others

Sustainability assurance often involves reliance on the work of:

• Management's experts — environmental consultants, emissions calculators, social impact assessors
• Practitioner's experts — specialists engaged by the practitioner for specific sustainability topics
• Other practitioners — where sustainability information covers multiple locations or subsidiaries

ISSA 5000 establishes requirements for evaluating the competence, objectivity, and work of these parties — analogous to ISA 620 (Using the Work of an Auditor's Expert) but adapted for sustainability contexts.

6. Forming the Conclusion and Reporting

The practitioner must evaluate the evidence obtained and form a conclusion. The assurance report must clearly state:

• Whether the engagement is limited or reasonable assurance
• The applicable criteria (reporting framework)
• The practitioner's conclusion — unmodified or modified
• Any emphasis of matter or other matter paragraphs
• The practitioner's independence and quality management basis

---

ISSA 5000 and India: BRSR, SEBI, and What It Means for CA Firms

India is not waiting for global timelines. The regulatory push for sustainability reporting and assurance is already well underway.

BRSR Requirements

SEBI mandated the Business Responsibility and Sustainability Report (BRSR) for the top 1,000 listed companies by market capitalisation. BRSR covers nine principles aligned with the National Guidelines on Responsible Business Conduct (NGRBC), spanning:

• Environmental metrics (energy consumption, emissions, waste, water usage)
• Social indicators (employee well-being, community impact, human rights)
• Governance disclosures (ethics, transparency, accountability)

BRSR Core — a subset of BRSR focusing on key ESG metrics — requires reasonable assurance. SEBI has been progressively expanding the scope of companies required to obtain assurance on BRSR Core disclosures.

What This Means for Indian CA Firms

1. Sustainability assurance is a statutory-adjacent engagement. For listed company audit clients, BRSR assurance will increasingly be expected alongside the statutory audit. Firms that cannot offer sustainability assurance will lose relevance with their largest clients.

2. ISSA 5000 will become the reference standard. When ICAI adopts or converges with ISSA 5000 (as it has done historically with ISA-based standards), Indian firms will need to demonstrate compliance with its requirements for sustainability assurance engagements.

3. Competency requirements are different from financial audits. Sustainability assurance requires understanding of environmental science basics, emissions calculation methodologies, social impact measurement, and governance frameworks — areas where most CA firms currently lack trained personnel.

4. Data challenges are significant. Indian companies — particularly those new to BRSR — often have immature sustainability data collection processes. The practitioner must assess data quality, completeness, and reliability in ways that go beyond traditional financial data verification.

For a detailed look at automation capabilities for listed company engagements, see our listed companies audit automation guide.

---

Quality Management Connection: ISQM 1 and SQM 1

ISSA 5000 does not exist in isolation. It explicitly references ISQM 1 (International Standard on Quality Management 1) for quality management requirements applicable to sustainability assurance engagements.

This means:

• Firms performing sustainability assurance must have a functioning quality management system that covers these engagements
• The quality management system must address sustainability-specific risks — including competency of personnel, access to sustainability expertise, and adequacy of methodology for non-financial data
• EQCM (Engagement Quality Control Review) requirements apply to sustainability assurance engagements that meet the criteria for review

For Indian firms, ICAI's SQM 1 standard (effective July 1, 2026) is the local equivalent. Firms must build their quality management systems to accommodate sustainability assurance from the outset — not as an afterthought.

This creates a dual implementation challenge: firms need to implement SQM 1 for their existing audit practice AND extend it to cover sustainability assurance capabilities, all within a compressed timeline.

For a complete guide on SQM 1 implementation, read our SQM1 & EQCM Complete Guide. For a comparison of India's SQM 1 with the global ISQM 1, see our India SQM1 vs Global ISQM1 comparison.

---

IESBA Ethics Standards for Sustainability Assurance

In January 2025, the International Ethics Standards Board for Accountants (IESBA) issued International Ethics Standards for Sustainability Assurance. These complement ISSA 5000 by establishing the ethics and independence requirements for practitioners performing sustainability assurance.

Key aspects of the IESBA sustainability ethics standards include:

Independence requirements. Practitioners must be independent of the entity for which they are providing sustainability assurance — analogous to independence requirements for financial statement audits, but with specific considerations for sustainability contexts (such as advisory services related to sustainability reporting).

Competence and due care. The ethics standards require practitioners to have or obtain sufficient competence in sustainability subject matter before accepting engagements. This is not merely a recommendation — it is an ethical obligation.

Conflicts of interest. Firms that provide both sustainability consulting (helping entities prepare their sustainability reports) and sustainability assurance (providing assurance on those same reports) face the same self-review threat that applies in financial audits. The IESBA standards address these threats explicitly.

Applicability to non-accountant practitioners. While the IESBA Code traditionally applies to professional accountants, the sustainability ethics standards are designed to establish equivalent requirements for non-accountant practitioners performing sustainability assurance — ensuring a level playing field.

---

Practical Implications for CA Firms

ISSA 5000 is not a standard you can comply with by simply reading it and adding a new template to your methodology. It requires genuine capability building across several dimensions:

Skills and Training

• Environmental and social literacy: Partners and staff need foundational knowledge of climate science, emissions accounting (Scope 1, 2, 3), biodiversity metrics, labour rights frameworks, and governance standards
• Data analytics for non-financial data: Sustainability data is inherently messier than financial data — inconsistent units, estimation models, third-party sourced — and requires different analytical approaches
• Reporting framework expertise: Familiarity with GRI, ISSB, BRSR, ESRS, and sector-specific standards

Methodology Development

• Sustainability-specific audit programmes: Standard financial audit programmes do not cover sustainability information. Firms need engagement programmes that address environmental metrics verification, social data testing, and governance disclosure assessment
• Materiality determination guidance: Internal guidance on how to determine materiality for sustainability topics — including qualitative materiality thresholds
• Expert utilisation protocols: Procedures for engaging, directing, and evaluating the work of sustainability subject matter experts

Team Structure

• Dedicated sustainability assurance teams or leads: At minimum, firms need designated individuals who are responsible for building and maintaining sustainability assurance capability
• Multi-disciplinary engagement teams: Sustainability assurance engagements may require environmental engineers, social scientists, or data analysts alongside chartered accountants

Client Readiness Assessment

• Evaluate client sustainability data maturity: Before accepting a sustainability assurance engagement, assess whether the client has adequate data collection, internal controls, and governance over sustainability reporting
• Engage early with management: Help clients understand what sustainability assurance requires from their side — documentation, data trails, internal controls, board-level oversight

---

How Technology Supports ESG Assurance

ESG assurance involves processing large volumes of non-financial data — energy consumption records, emissions calculations, supply chain surveys, employee welfare metrics, waste disposal logs, water usage measurements. Manual verification of this data is impractical at scale.

Technology plays a critical role in enabling effective sustainability assurance:

Automated data collection and validation. Pulling sustainability data from multiple source systems (ERP, HRMS, environmental monitoring systems, utility records) and validating completeness and accuracy against expected parameters.

Cross-referencing and consistency checks. Sustainability disclosures must be internally consistent (e.g., energy consumption figures should reconcile with emissions calculations) and consistent with financial statement data (e.g., reported capital expenditure on sustainability projects).

Variance analysis and trend identification. Comparing current period sustainability metrics against prior periods, industry benchmarks, and stated targets to identify anomalies that warrant investigation.

Documentation and audit trail. Maintaining a complete, tamper-evident record of all sustainability data tested, procedures performed, and evidence obtained — essential for quality review and regulatory inspection.

CORAA's audit automation platform supports ESG data verification workflows, including automated cross-referencing of sustainability metrics with financial data, flagging of inconsistencies in reported environmental data, and structured documentation of sustainability assurance procedures. For firms moving into BRSR assurance, this reduces the manual effort required to meet ISSA 5000's evidence requirements.

---

Frequently Asked Questions

Who does ISSA 5000 apply to?

ISSA 5000 applies to any practitioner — whether a professional accountant or other assurance practitioner — who performs an assurance engagement on sustainability information. In India, CA firms that provide assurance on BRSR disclosures or any other sustainability reporting will need to comply with the standard once adopted by ICAI or referenced by SEBI.

What is the difference between limited and reasonable assurance under ISSA 5000?

Limited assurance involves primarily inquiry and analytical procedures, resulting in a conclusion expressed in a negative form ("nothing has come to our attention..."). Reasonable assurance involves more extensive evidence-gathering procedures (including detailed testing), resulting in a conclusion expressed in a positive form ("in our opinion, the sustainability information is prepared, in all material respects..."). ISSA 5000 covers both within a single standard, with differential requirements for each level.

Do firms need to implement ISQM 1/SQM 1 before performing sustainability assurance?

Yes. ISSA 5000 requires that the practitioner's firm has a quality management system in accordance with ISQM 1 (or the national equivalent, which is SQM 1 in India). Firms cannot perform sustainability assurance engagements under ISSA 5000 without having a functioning quality management system. This is why the SQM 1 deadline (July 1, 2026 in India) and the ISSA 5000 effective date (December 15, 2026) are practically linked.

How should Indian CA firms prepare for ISSA 5000 right now?

Start with three priorities. First, ensure your SQM 1 implementation is on track — without a quality management system, sustainability assurance is not an option. Second, invest in training — at minimum, partners and senior staff responsible for listed company engagements should understand BRSR requirements, emissions accounting basics, and the ISSA 5000 framework. Third, assess your listed company clients' BRSR data maturity and begin conversations about what assurance readiness looks like on their end.

---

The Bottom Line

ISSA 5000 marks the professionalisation of sustainability assurance. It moves ESG verification from an unregulated advisory service to a standardised, quality-controlled assurance engagement — with the same rigour expected of financial statement audits.

For Indian CA firms, the convergence of SQM 1 implementation, BRSR assurance requirements, and ISSA 5000 adoption creates both urgency and opportunity. Firms that build sustainability assurance capability now will be positioned to serve the top 1,000 listed companies that already require BRSR disclosures — and the expanding universe of companies that will follow.

The standard is issued. The effective date is set. The question is not whether sustainability assurance will become mandatory — it is whether your firm will be ready when it does.