Risk Advisory · ESG & Sustainability Assurance
Sustainability Assurance Services
Sustainability Assurance is the independent opinion that tells your Board, your investors, and your regulator that the ESG numbers and claims in your sustainability disclosures are not just well-intentioned narrative — they are supported by evidence, measured consistently, and free from material misstatement.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
Sustainability Assurance is the independent opinion that tells your Board, your investors, and your regulator that the ESG numbers and claims in your sustainability disclosures are not just well-intentioned narrative — they are supported by evidence, measured consistently, and free from material misstatement. At PNPC Global, we provide independent assurance over Business Responsibility and Sustainability Reports (BRSR) for the top 1,000 listed companies mandated by SEBI, BRSR Core reasonable assurance for the applicable top listed entities and their value chain, and voluntary ESG assurance for companies preparing for green financing, export compliance such as the EU Carbon Border Adjustment Mechanism, or investor and buyer due diligence. We do not outsource this to a generalist sustainability consultancy — our assurance teams are led by practising Chartered Accountants applying the same rigour, scepticism, and evidentiary standard we apply to statutory financial audit.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
Sustainability Assurance is an independent examination of an organisation's sustainability or Environmental, Social and Governance (ESG) disclosures, performed by a party independent of the organisation, that results in a written assurance opinion on whether those disclosures are prepared, in all material respects, in accordance with the stated reporting framework and are free from material misstatement. In India, the primary driver for listed companies is SEBI's Business Responsibility and Sustainability Reporting (BRSR) framework, mandated under Regulation 34(2)(f) of the SEBI (Listing Obligations and Disclosure Requirements) Regulations for the top 1,000 listed entities by market capitalisation. SEBI has progressively tightened this requirement: BRSR Core — a defined subset of key performance indicators across nine ESG attributes — now requires reasonable assurance (a higher level of assurance than limited assurance) on a phased glide path that has widened year on year from an initial smaller group of the largest listed entities towards eventually covering the full top-1,000 population. Value chain BRSR Core disclosure (covering an entity's top value chain partners by trading volume) is a distinct and materially smaller-population requirement — SEBI applied it first to a narrower group of the largest listed entities, initially on a 'comply or explain' basis, before any move towards assurance or independent assessment — so a company's own BRSR Core assurance obligation and its value chain obligation should never be assumed to fall due in the same year or apply to the same population.
Assurance engagements are performed under recognised assurance standards — most commonly the ICAI's Standard on Sustainability Assurance Engagements (SSAE) 3000, which is based on and converged with the International Standard on Assurance Engagements (ISAE) 3000 (Revised), 'Assurance Engagements Other Than Audits or Reviews of Historical Financial Information,' issued by the International Auditing and Assurance Standards Board (IAASB). For engagements specifically covering greenhouse gas (GHG) statements — such as Scope 1, Scope 2, and Scope 3 emissions disclosures — the more specific ISAE 3410, 'Assurance Engagements on Greenhouse Gas Statements,' or equivalent ICAI guidance is typically applied. Two distinct levels of assurance exist under these standards: limited assurance, where the practitioner performs a narrower set of procedures (primarily inquiry and analytical review) and expresses a conclusion in a 'negative' form — that nothing has come to the practitioner's attention to indicate the information is materially misstated; and reasonable assurance, a significantly more rigorous engagement involving detailed testing of underlying data, systems, and controls, resulting in a 'positive' opinion comparable in rigour to a financial statement audit opinion.
Beyond the BRSR mandate, Sustainability Assurance has become commercially relevant for a widening set of Indian businesses. Exporters to the European Union increasingly need credible, assured emissions data to navigate the EU's Carbon Border Adjustment Mechanism (CBAM) and Corporate Sustainability Reporting Directive (CSRD) value-chain disclosure expectations flowing down from EU parent companies and buyers. Companies seeking green bonds, sustainability-linked loans, or ECB funding routed through frameworks aligned with ICMA Green Bond Principles or RBI's framework for green deposits often need independent assurance over the use-of-proceeds and impact metrics reported to lenders. Companies voluntarily reporting under international frameworks — the Global Reporting Initiative (GRI) Standards, the IFRS Sustainability Disclosure Standards issued by the International Sustainability Standards Board (ISSB — IFRS S1 and S2), or Task Force on Climate-related Financial Disclosures (TCFD)-aligned reporting — often commission assurance to lend credibility to disclosures that would otherwise be entirely self-reported and unverified.
Assurance is fundamentally different from consulting or report-writing. An assurance provider does not draft your sustainability report, design your ESG strategy, or set your emission-reduction targets — doing so would compromise the independence that makes the assurance opinion meaningful. PNPC's Sustainability Assurance practice is structured to maintain that independence: we test what management has prepared and reported, we do not prepare it ourselves. Where a company additionally needs help building ESG data systems, materiality assessments, or a BRSR-readiness roadmap, we scope that as a clearly separated advisory engagement — often performed the year before assurance begins — so the assurance opinion the following year remains genuinely independent and defensible to the Board, investors, and SEBI.
When Sustainability Assurance is required or strongly advisable
You are among the top 1,000 listed companies by market capitalisation and SEBI's BRSR Core reasonable assurance requirement applies to you under the prescribed phase-in schedule
Your BRSR Core value chain disclosure obligations have triggered a requirement for assurance or independent assessment of your top value chain partners' ESG data
You are applying for or servicing a green bond, sustainability-linked loan, or green deposit and the lender or bond framework requires independent assurance over use-of-proceeds or impact-metric reporting
You export to the EU and need credible, defensible Scope 1/2/3 emissions data to respond to CBAM reporting obligations or CSRD-driven value-chain data requests from an EU parent or customer
Institutional investors, private equity, or a strategic acquirer are conducting ESG due diligence ahead of a fundraise, listing, or transaction and expect assured or at least independently reviewed sustainability data
You report voluntarily under GRI Standards, IFRS S1/S2 (ISSB), or TCFD and want an independent assurance opinion to lend credibility to disclosures that would otherwise be entirely self-reported
Your Board or Audit Committee wants independent assurance before it takes ownership of a public sustainability claim — reducing greenwashing risk and reputational exposure
You are a large unlisted company or an MNC subsidiary whose global parent's sustainability reporting mandate (CSRD, or a similar regime) flows down a data-assurance requirement to the Indian entity
When a different or lighter-touch engagement fits better
You are not among SEBI's top 1,000 listed companies and have no lender, buyer, or investor requirement for assured ESG data — BRSR reporting itself is often still relevant on a voluntary or 'comply or explain' basis, but formal third-party assurance may not yet be proportionate
You need help actually building your sustainability data collection systems, materiality assessment, or a first-time BRSR report from scratch — that is a sustainability reporting advisory or readiness engagement, which PNPC scopes and delivers as a distinct engagement from assurance to preserve independence
You need a specific, narrow verification — for example, only your Scope 1 and Scope 2 GHG inventory for a single facility for a carbon-credit or CBAM filing — a scoped GHG verification engagement under ISAE 3410 may be more targeted and cost-effective than full-report assurance
Your immediate need is a statutory financial statement audit opinion — that is a Statutory Audit under the Companies Act, a distinct engagement governed by the Standards on Auditing, not Sustainability Assurance
You are an early-stage or small unlisted company with no near-term listing, green-financing, or export-driven ESG data requirement — the cost of formal third-party assurance is disproportionate at this stage; a lighter internal ESG data-readiness review is more appropriate
You need broad governance, risk and internal-control assurance across the whole organisation rather than assurance specifically over sustainability disclosures — a GRC Assurance engagement addresses that wider scope
Sustainability Assurance vs adjacent assurance and reporting engagements
| Feature | Sustainability Assurance (BRSR/ESG) | Statutory Audit | GRC Assurance | Sustainability Reporting Advisory | GHG Verification (Standalone) |
|---|---|---|---|---|---|
| Primary objective | Independent opinion on whether ESG/BRSR disclosures are free from material misstatement | Opinion on true and fair view of financial statements | Assess governance, risk framework, and control environment as a system | Help design and prepare the sustainability report/data systems | Verify a specific GHG emissions inventory or claim |
| Governing standard | SSAE 3000 (ICAI) / ISAE 3000 (Revised); ISAE 3410 for GHG-specific work | Standards on Auditing (SAs) under Companies Act 2013 | COSO ERM 2017, COSO Internal Control 2013, ISO 31000 (reference) | No assurance standard — advisory scope agreed with client | ISAE 3410 or equivalent GHG-specific protocol (e.g. GHG Protocol-aligned) |
| Statutory mandate | Mandatory for BRSR Core (top listed entities) under SEBI LODR Reg 34(2)(f); voluntary otherwise | Mandatory for every company under Section 139 | Not separately mandated by statute; driven by SEBI LODR/Board practice | Not mandated — voluntary advisory engagement | Not mandated in India generally; may be required by a specific scheme, buyer, or export regime |
| Independence from preparer required | Yes — assurance provider must be independent of report preparation | Yes — statutory, under Section 141 | Should be independent of function assessed | No — advisor works directly with management to prepare content | Yes — verifier independent of the entity being measured |
| Reports to | Board / Audit Committee, disclosed publicly as part of BRSR filing | Shareholders (via AGM) | Board / Audit Committee / Risk Management Committee | Internal management / sustainability team | Whoever commissions it — buyer, lender, scheme administrator, or internal management |
| Assurance level | Limited or Reasonable assurance (positive/negative opinion per SSAE 3000/ISAE 3000) | Reasonable assurance (audit opinion) | No formal assurance-standard opinion — rated findings report | No assurance opinion issued | Typically limited or reasonable assurance on the specific GHG statement |
| Typical frequency | Annual, alongside the BRSR filing cycle | Annual — mandatory every FY | Annual or defined multi-year cycle | One-off or ahead of each reporting-framework adoption/update | Per financing cycle, export shipment cycle, or scheme requirement |
| Output | Independent Assurance Statement/Report appended to or referenced in the BRSR | Audit opinion (unqualified/qualified/adverse/disclaimer) | Governance & risk maturity rating, control gap register, remediation roadmap | Draft BRSR/sustainability report, data framework, materiality matrix | GHG verification statement for the specific inventory/claim |
| Best suited to | Companies within SEBI's BRSR/BRSR Core mandate, or seeking credible voluntary ESG assurance | Every registered company, without exception | Boards needing systemic governance and risk assurance | Companies building or upgrading ESG reporting capability for the first time | Exporters, green-finance applicants, or scheme participants needing a narrow, specific GHG figure verified |
These engagements are frequently sequenced together rather than treated as substitutes: a Sustainability Reporting Advisory engagement in the readiness year, followed by independent Sustainability Assurance once the report is prepared by management, run alongside the Statutory Audit and (where relevant) a broader GRC Assurance programme. PNPC keeps the advisory and assurance roles organisationally and, where independence rules require it, contractually separated.
| # | Stage & What PNPC Does | What Generic Providers Skip | Timeline |
|---|---|---|---|
| 1 | Applicability & Scoping Consultation — Which BRSR/ESG obligation actually applies to you | We start by establishing your precise regulatory position: are you within SEBI's top 1,000 by market cap, does BRSR Core reasonable assurance apply to you this year under the phased glide path, does your value chain disclosure trigger apply, or is this a voluntary/lender-driven engagement? Generic providers often propose a one-size-fits-all assurance scope without first confirming which threshold actually applies to your company this reporting year. | Week 1 |
| 2 | Independence & Engagement Terms Confirmation | We confirm PNPC's independence from any prior involvement in preparing the sustainability report or ESG data systems for the year under assurance, and formally document the assurance engagement terms — scope, assurance level (limited or reasonable), reporting framework, and materiality thresholds — in an engagement letter before any fieldwork begins, consistent with SSAE 3000/ISAE 3000 requirements. | Week 1 |
| 3 | Understanding the Reporting Entity & Materiality Assessment Review | We review management's materiality assessment — the process by which they identified which ESG topics are significant enough to report on — and assess whether it reasonably reflects the business, sector, and stakeholder inputs, rather than accepting a generic industry template used unchanged from a prior filer. | Week 2 |
| 4 | Data System & Control Walkthroughs — How ESG numbers are actually generated | We walk through how each key metric — energy consumption, water withdrawal, GHG emissions, employee diversity, wages, safety incidents, waste generated — is captured, calculated, consolidated, and reviewed internally before it reaches the sustainability report. Many first-time reporters have never had this data flow independently examined; spreadsheet-based, manually-consolidated ESG data is common and carries meaningfully higher assurance risk than data drawn from integrated systems. | Week 2–4 |
| 5 | Sample-Based Testing of Underlying Evidence | For each material disclosure, we test a sample of underlying source documents — utility bills for energy and water data, HR records for workforce metrics, safety incident registers, procurement records for supply-chain claims, and emission-factor sources for GHG calculations — tracing reported figures back to verifiable evidence, not simply reviewing the summary spreadsheet management presents. | Week 3–5 |
| 6 | GHG Inventory Review — Scope 1, 2 and (where in scope) Scope 3 | Where GHG emissions are part of the assurance scope, we assess the completeness of the organisational and operational boundary, the appropriateness of emission factors used (including alignment with recognised sources such as India's CEA grid emission factor database for Scope 2), the calculation methodology, and — for Scope 3 — the reasonableness of the categories included and estimation methods used, since Scope 3 data is inherently more estimation-dependent than Scope 1/2. | Week 4–5 |
| 7 | Site Visits or Virtual Verification — Selected locations | Depending on scope and risk assessment, we conduct site visits (or structured virtual verification calls with documentary evidence) at a sample of manufacturing, operational, or high-materiality locations — not relying solely on head-office-consolidated data without any operational-level corroboration. | Week 4–6 |
| 8 | Qualitative Disclosure Review — Policies, governance, and narrative claims | Beyond quantitative metrics, we review qualitative BRSR disclosures — policy statements, Board oversight of ESG, human rights due diligence claims, and value chain statements — for consistency with the evidence available and for language that overstates what the underlying process actually supports (a common source of greenwashing risk in narrative disclosures). | Week 5–6 |
| 9 | Value Chain Data Assessment (where applicable) | Where BRSR Core value chain reporting applies, we assess management's process for collecting data from top value chain partners by trading volume — testing whether the process is genuinely operating (data requested, received, reviewed) or is a nominal exercise with limited actual partner engagement. | Week 5–7 |
| 10 | Draft Findings & Management Discussion | We share draft findings, any identified misstatements, and any scope limitations with management before finalising the assurance conclusion — giving management the opportunity to correct, provide further evidence, or explain, consistent with standard assurance practice under SSAE 3000/ISAE 3000. | Week 6–7 |
| 11 | Assurance Statement Finalisation | We issue the final Independent Assurance Statement stating the level of assurance provided (limited or reasonable), the framework and criteria applied, the scope and any scope limitations, and the conclusion — worded precisely per the applicable standard, avoiding vague or non-standard assurance language that SEBI or investors may not accept as compliant. | Week 7–8 |
| 12 | Board / Audit Committee Presentation | PNPC's engagement partner presents the assurance conclusion, any significant findings, and recommendations for strengthening ESG data systems directly to the Audit Committee or Board — not a report emailed without discussion, particularly important given the Board's own accountability for BRSR disclosure accuracy. | Week 8 |
| 13 | BRSR Filing Coordination & Next-Cycle Recommendations | We coordinate the assurance statement's inclusion in or alongside the BRSR filing on the stock exchange platforms within the prescribed timeline, and provide management with a prioritised list of data-system improvements to strengthen the following year's reporting and reduce assurance friction in future cycles. | Week 8–9, aligned to Annual Report filing timeline |
A first-time BRSR assurance engagement for a mid-sized listed company typically takes 7–9 weeks from scoping to the final assurance statement, run in parallel with the Annual Report preparation cycle so the statement is ready before the BRSR is filed with the stock exchanges. Subsequent annual cycles are typically faster once data systems, sample populations, and prior-year working papers exist as a baseline. Actual duration depends on number of locations, value chain scope, and whether reasonable (versus limited) assurance is required.
Draft or final Business Responsibility and Sustainability Report (BRSR) or sustainability report for the period under assurance
Materiality assessment documentation — the process, stakeholders consulted, and material topics identified
Board or Committee (CSR/ESG/Sustainability Committee, if constituted) minutes discussing sustainability strategy, targets, and disclosure oversight for the period
Sustainability or ESG policy documents referenced in the report — environment policy, human rights policy, code of conduct, supplier code of conduct
Prior year's BRSR or sustainability report and, if applicable, the prior year's assurance statement
Energy consumption records — electricity bills, fuel purchase records, renewable energy certificates or power purchase agreements where claimed
Water withdrawal, consumption, discharge, and recycling records by source and facility
Waste generation, disposal, and recycling records, including hazardous waste manifests where applicable
GHG emissions calculation workbook — activity data, emission factors used and their source, and the organisational/operational boundary applied
Consent to Operate / Consent to Establish and Pollution Control Board filings, where relevant to environmental claims made in the report
Employee and worker headcount data by category — gender, employment type, differently-abled status — as reported in the BRSR principle indicators
Wage and remuneration data supporting equal-pay and minimum-wage disclosures, including any gender pay-gap calculation workings
Health and safety incident register — lost-time injury frequency rate, fatalities, and near-miss data for the period
Training hours and skill development programme records supporting workforce development disclosures
POSH (Prevention of Sexual Harassment) committee constitution, complaints register, and resolution status for the period
Board composition, independence, and diversity data as reported in governance-related BRSR principles
Anti-corruption and whistleblower policy, and complaint/case data for the period
CSR spend data and its reconciliation to the amount required under Section 135 of the Companies Act, where applicable
Related party transaction disclosures and any conflict-of-interest policy referenced in governance disclosures
Regulatory notices, penalties, or litigation disclosed (or that should be disclosed) under the applicable principle
List of top value chain partners by trading volume, and the basis for identifying them
Data collection templates or questionnaires sent to value chain partners, and the responses received
Supplier code of conduct or ESG requirements imposed on suppliers, and evidence of monitoring or audit where claimed
Any third-party certifications relied upon for value-chain sustainability claims (e.g. certified sustainable sourcing)
Description of the IT systems, spreadsheets, or software used to capture and consolidate ESG data, and the internal review/sign-off process before data reaches the report
Organisation chart identifying data owners for each ESG metric and the internal reviewer/approver hierarchy
Any internal audit or internal review of ESG data conducted prior to external assurance
External certifications relevant to the scope — ISO 14001, ISO 45001, ISO 50001, or similar — and their current validity
Green bond framework, sustainability-linked loan KPI schedule, or lender assurance requirements, where the assurance is financing-driven rather than (or in addition to) BRSR-driven
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| Applicability Determination | Approaching BRSR Core threshold, green-finance application, or first ESG assurance need | Confirm precisely which obligation applies — market-cap ranking for BRSR Core, phase-in year for reasonable assurance, value chain scope, or a voluntary/lender-driven trigger — before scoping any engagement. | Assuming an obligation does not apply, or applies later than it does, leads to a rushed first-time assurance engagement under filing-deadline pressure, with materially less time to remediate data gaps. |
| Readiness & Data Baseline (Pre-Assurance Year) | Decision to prepare for assurance | A readiness review — often as a separate advisory engagement kept independent from the eventual assurance team — identifies data gaps, weak controls, and unsupported narrative claims while there is still time to fix them before external assurance begins. | Companies that go straight to assurance without a readiness step frequently receive a qualified conclusion or significant scope limitation in year one, which becomes public via the assurance statement filed with the BRSR. |
| First Assurance Cycle | Engagement kickoff | Scoping, independence confirmation, materiality review, data-system walkthroughs, and sample testing performed to the assurance level actually required (limited or reasonable) — not a lighter-touch review mislabelled as assurance. | An assurance statement that overstates the work performed, or that uses non-standard language, exposes both the company and the assurance provider to credibility and, in egregious cases, regulatory scrutiny for the disclosure being potentially misleading. |
| Finding Remediation & Data System Strengthening | Assurance findings issued | PNPC provides a prioritised list of data-system and control improvements — moving manual spreadsheet processes to more controlled systems, clarifying data ownership, tightening emission-factor sourcing — so the following cycle is faster and less finding-heavy. | Ignoring assurance findings means the same weaknesses recur every year, and any deterioration (rather than improvement) in ESG data maturity becomes visible year-on-year to the Board, investors, and eventually the market. |
| Annual BRSR / Sustainability Filing Cycle | Financial year-end and Annual Report preparation | Assurance work is timed to complete alongside Annual Report preparation so the assurance statement is ready for filing with the stock exchanges within the prescribed timeline, without delaying the overall Annual Report process. | Late or rushed assurance work compressed into the final weeks before filing increases the risk of scope limitations, incomplete testing, and a weaker assurance conclusion than the underlying data may actually support. |
| Scope Expansion (Reasonable Assurance / Value Chain) | SEBI's phased glide path brings your company into reasonable assurance or value chain assurance scope | Proactive planning for the step-up from limited to reasonable assurance, or the addition of value chain data assurance — both of which require meaningfully more evidence, testing, and lead time than the prior year's engagement. | Being caught by a scope expansion without advance planning typically means inadequate value-chain data collection processes are exposed for the first time under assurance, generating scope limitations in the transition year. |
| Green Financing / Export-Driven Assurance | Green bond issuance, sustainability-linked loan, or CBAM/EU buyer requirement | Assurance scoped specifically to the financing instrument's KPI schedule or the export regime's data requirements — often narrower and more technical (e.g. facility-level Scope 1/2 GHG data) than the entity-wide BRSR assurance. | Providing unassured or inadequately assured ESG data to a lender or EU buyer risks loan covenant breach, higher CBAM certificate costs from unverified default emission factors, or loss of the commercial relationship. |
| Investor / Transaction ESG Due Diligence | Fundraise, listing, or M&A process | Assurance history and data quality are reviewed as part of transaction due diligence; PNPC supports management in presenting the assurance track record and addressing any historical qualifications transparently. | ESG data gaps or credibility concerns discovered for the first time during live due diligence create timeline risk and can affect valuation, similar to governance gaps discovered late in a transaction process. |
What exactly is Sustainability Assurance, in plain terms?
It is an independent check — performed by someone who did not write your sustainability report — on whether the numbers and claims in that report are accurate, complete, and supported by real evidence. It works much like a financial statement audit, but instead of your profit and loss and balance sheet, the assurance provider is testing your energy use, emissions, water consumption, workforce data, safety incidents, and governance disclosures. At the end, the assurance provider issues a written statement saying whether, and to what level of confidence, the disclosures are free from material misstatement.
Is Sustainability Assurance legally mandatory for my company?
It depends on your size and listing status. SEBI mandates BRSR Core reasonable assurance for the top listed entities by market capitalisation under Regulation 34(2)(f) of the SEBI LODR Regulations, on a phase-in schedule SEBI has prescribed, along with related value chain disclosure and assurance/assessment requirements. If you are not within that mandated population, assurance is currently voluntary — though increasingly expected by lenders, investors, and EU buyers even where not legally required. We confirm your precise obligation as the first step of any engagement rather than assuming either way.
What is the difference between BRSR reporting and BRSR assurance?
BRSR reporting is the disclosure itself — the report your company prepares and files describing its environmental, social, and governance performance against SEBI's prescribed format. BRSR assurance is a separate, independent examination of that report (or, for BRSR Core, the defined subset of key performance indicators) by an assurance provider who was not involved in preparing it, resulting in a formal assurance opinion. You can (and until recently, most companies did) file a BRSR without any assurance at all. The assurance requirement is specifically layered onto BRSR Core for the entities SEBI has brought into scope.
What is the difference between limited assurance and reasonable assurance?
Limited assurance involves a narrower set of procedures — primarily inquiry of management and analytical review — and results in a 'negative' form conclusion: that nothing has come to the assurance provider's attention causing them to believe the information is materially misstated. Reasonable assurance is a significantly more rigorous engagement — involving detailed testing of underlying evidence, systems, and controls — resulting in a 'positive' opinion, comparable in rigour and confidence level to a statutory financial audit opinion. Reasonable assurance requires substantially more evidence-gathering, sample testing, and time than limited assurance.
Which assurance standard does PNPC apply?
We apply the ICAI's Standard on Sustainability Assurance Engagements (SSAE) 3000, which is based on and converged with the IAASB's International Standard on Assurance Engagements (ISAE) 3000 (Revised). For engagements specifically covering greenhouse gas statements, we apply ISAE 3410 or equivalent GHG-specific guidance, given the more specialised evidence and calculation-methodology questions GHG data raises compared to other ESG metrics.
What are the top 1,000 listed companies threshold and BRSR Core — how do I know if I'm in scope?
SEBI's BRSR mandate under Regulation 34(2)(f) applies to the top 1,000 listed companies by market capitalisation, determined based on market capitalisation as of the end of the immediately preceding financial year. Within that population, BRSR Core — a defined, smaller set of key performance indicators across nine ESG attributes — carries the reasonable assurance requirement, phased in on a glide path that started with a smaller group of the very largest listed entities and has widened in successive years to cover progressively larger groups within the top 1,000. Value chain BRSR Core is phased in on its own, separately defined and generally narrower timeline and population, so being in scope for BRSR Core assurance does not automatically mean the value chain requirement applies to you in the same year. Your company secretary or compliance team should track your market-cap ranking annually, since a company can move into or out of scope as its market capitalisation changes relative to peers.
What is BRSR Core value chain reporting and does it apply to us?
BRSR Core value chain reporting extends the BRSR Core disclosure and assurance/assessment requirement to an entity's top value chain partners by trading volume — meaning your major suppliers and customers may also need to report (and in some cases have assured or independently assessed) a defined set of ESG indicators, which then flow into your own disclosure. Crucially, this obligation was rolled out to a distinctly smaller group of the largest listed entities than the population subject to BRSR Core reasonable assurance itself, initially on a 'comply or explain' basis before any move towards assurance or independent assessment for the applicable entities. Do not assume that because your company is within scope for BRSR Core reasonable assurance, you are automatically also within scope for value chain reporting in the same year — the two populations and timelines are set and phased separately, and we confirm both independently at the applicability stage. It is a meaningful undertaking because it requires you to collect credible ESG data from third parties you do not control.
We are not among the top 1,000 listed companies. Should we still get sustainability assurance?
It depends on your commercial drivers rather than statutory obligation. If you export to the EU and face CBAM reporting or CSRD-driven data requests from an EU customer or parent, if you are applying for green financing where the lender requires assured impact data, or if institutional investors are conducting ESG due diligence ahead of a transaction, independent assurance — even though not SEBI-mandated for you — can be commercially important and sometimes contractually required by the counterparty.
How does Scope 1, Scope 2, and Scope 3 GHG emissions assurance differ in rigour?
Scope 1 (direct emissions from owned or controlled sources) and Scope 2 (indirect emissions from purchased electricity, heat, or steam) are generally the most reliably measurable and evidenced — supported by fuel purchase records, meter readings, and, for Scope 2, grid emission factors such as those published in India's Central Electricity Authority (CEA) database. Scope 3 (all other indirect emissions across the value chain — purchased goods, transportation, employee commuting, and more) is inherently more estimation-dependent, often relying on spend-based or industry-average emission factors rather than primary data, which materially affects how much assurance confidence can realistically be provided over Scope 3 figures compared to Scope 1/2.
How long does a first-time Sustainability Assurance engagement take?
A first-time BRSR assurance engagement for a mid-sized listed company typically takes 7–9 weeks from scoping to the final assurance statement, timed to complete alongside Annual Report preparation. This assumes reasonably organised underlying data. Companies with fragmented, spreadsheet-based ESG data across multiple locations, or a first-time value chain data collection exercise, should expect the process to take meaningfully longer, particularly in year one.
What does Sustainability Assurance cost?
Fees depend on the assurance level (limited versus reasonable), the number of locations and business segments in scope, whether GHG Scope 3 and value chain data are included, and the underlying maturity of your ESG data systems — a company with well-controlled, system-based ESG data will generally cost less to assure than one with manual, spreadsheet-based consolidation across many sites. PNPC provides a written scope and fixed-fee proposal after an initial scoping conversation, rather than quoting before understanding the actual data landscape.
Can PNPC both prepare our BRSR report and provide the assurance over it?
No, not for the same reporting period. Providing assurance over a report we also prepared would compromise the independence the assurance opinion depends on, and would not meet the independence requirements under SSAE 3000/ISAE 3000. Where a client wants PNPC's help preparing or improving their sustainability report, we scope that as a separate advisory engagement — typically in the readiness year before assurance begins — and, where independence rules require it, ensure a different, appropriately separated engagement team performs the assurance in the following cycle.
What happens if the assurance provider finds a material misstatement in our ESG data?
We first discuss the finding with management, giving the opportunity to correct the disclosure, provide further evidence, or explain the basis for the original figure — consistent with standard assurance practice. If, after that process, a material misstatement remains uncorrected, the assurance conclusion is qualified or modified accordingly, and that qualification becomes part of the assurance statement that is filed publicly alongside the BRSR. We do not issue an unqualified assurance opinion over data we cannot support with sufficient evidence.
Does Sustainability Assurance cover our CSR spending under Section 135?
CSR spend and its reconciliation against the amount mandated under Section 135 of the Companies Act 2013 is one of the governance-linked disclosures typically reviewed as part of a BRSR assurance scope, since it appears within the BRSR's principle-based disclosures. However, the primary statutory reporting and reconciliation obligation for CSR itself sits with the Board's Report and the CSR Committee, not the sustainability assurance engagement specifically — we assure the BRSR's representation of CSR data as reported, rather than independently auditing the entire CSR programme unless that is separately scoped.
How does Sustainability Assurance interact with green bonds and sustainability-linked loans?
Green bonds issued under frameworks aligned with the ICMA Green Bond Principles, and sustainability-linked loans with predefined ESG-linked KPIs, typically require periodic independent assurance or verification of the use-of-proceeds allocation and the reported impact or KPI performance, as a condition of the financing framework or the lender's covenant terms. This is often a narrower, more specifically scoped engagement than an entity-wide BRSR assurance — focused precisely on the metrics defined in the bond framework or loan agreement.
How does the EU's CBAM affect Indian exporters and what role does assurance play?
The EU's Carbon Border Adjustment Mechanism requires importers of certain goods (covering sectors such as cement, iron and steel, aluminium, fertilisers, electricity, and hydrogen) into the EU to report the embedded emissions of those goods, and the regime has now moved from its initial reporting-only transitional phase into the definitive phase, where importers must also purchase CBAM certificates reflecting those embedded emissions. Indian exporters in covered sectors are increasingly asked by EU importers for verified, facility-specific emissions data rather than relying on the EU's higher default values, because using actual verified data is generally more favourable — and, under the definitive regime, more directly tied to the importer's certificate cost — than default emission factors. Independent assurance over an exporter's Scope 1/2 emissions data at the facility level strengthens the credibility of that data when submitted to EU importers.
What frameworks besides BRSR does PNPC provide assurance against?
Beyond SEBI's BRSR/BRSR Core, we provide assurance engagements referencing the Global Reporting Initiative (GRI) Standards, the IFRS Sustainability Disclosure Standards (IFRS S1 general requirements and IFRS S2 climate-related disclosures) issued by the ISSB, and Task Force on Climate-related Financial Disclosures (TCFD)-aligned reporting, where a company voluntarily reports under one or more of these frameworks. The underlying assurance standard applied (SSAE 3000/ISAE 3000, with ISAE 3410 for GHG-specific elements) remains consistent regardless of which reporting framework the disclosures themselves are prepared under.
Our sustainability data is mostly in spreadsheets across multiple factories. Is that a problem for assurance?
It is not disqualifying, but it materially affects both the assurance risk assessment and the effort required. Manually consolidated, spreadsheet-based ESG data across multiple sites carries a higher inherent risk of error, inconsistent methodology between locations, and weaker audit trail compared to data captured through an integrated system with built-in validation and a documented review process. We adjust our sample sizes and testing depth accordingly — which typically means more time and cost in year one, alongside recommendations to strengthen the underlying systems for future cycles.
Who at our company should be the coordinating point of contact for the assurance engagement?
We recommend a single internal coordinator — typically from the Company Secretary's office, the sustainability/ESG function if one exists, or the CFO's office — who can pull together data owners across environment, HR, safety, procurement, and finance functions, rather than the assurance team chasing multiple department heads independently. This significantly reduces both the internal burden and the timeline risk of the engagement.
Does the assurance provider visit our factories, or is this a desk-based review?
A properly conducted assurance engagement, particularly at the reasonable assurance level, includes site visits (or, where genuinely justified, structured virtual verification with strong documentary evidence) at a sample of operationally significant locations — not a purely desk-based review of head-office-consolidated summary data. The extent of site coverage depends on the number of locations, the materiality of each site's contribution to reported metrics, and the assurance level agreed.
What is greenwashing, and how does assurance reduce that risk?
Greenwashing refers to sustainability claims that overstate, mischaracterise, or lack adequate evidentiary support for the environmental or social benefit being claimed — whether intentionally or through weak internal review processes. Independent assurance directly addresses this risk by testing whether reported claims (both quantitative metrics and qualitative narrative statements) are supported by evidence, and by requiring correction or qualification where they are not, before the report reaches investors and the public.
What deliverables do we receive at the end of the engagement?
A formal Independent Assurance Statement stating the assurance level provided (limited or reasonable), the criteria and framework applied, the scope covered (and any scope limitations), and the assurance conclusion — worded per SSAE 3000/ISAE 3000 requirements for inclusion in or alongside your BRSR filing. This is supplemented by a management letter detailing findings, data or control gaps identified, and recommendations, and a live presentation of the results to the Audit Committee or Board.
Can a smaller or unlisted company get a lighter-touch version of this?
Yes. For a company outside SEBI's mandated population and without a specific lender or buyer requirement dictating scope, we can scope a proportionate, narrower assurance engagement — for example, limited assurance only over a defined set of key metrics (energy, emissions, water, and safety data) rather than full reasonable assurance over an entire BRSR-style report. This is often the right starting point for a company building ESG credibility for the first time.
How does PNPC's presence in the UAE help with sustainability assurance for group structures?
For Indian companies with a UAE subsidiary, branch, or Free Zone entity, we assess whether ESG data and reporting practices are being applied consistently across the group — including UAE Corporate Tax and broader UAE sustainability disclosure expectations that increasingly matter to Gulf-region buyers and financiers — under a single coordinated engagement from our Chennai, Bangalore, Hyderabad, and Dubai offices, rather than requiring separate, disconnected local reviews.
Does the assurance provider report our findings to SEBI or any regulator directly?
No. The assurance engagement results in a written assurance statement that becomes part of your public BRSR filing (as required for BRSR Core assurance) — the assurance provider does not separately or additionally report findings to SEBI outside of that filed statement. The public assurance statement itself, including any qualification, is the mechanism through which the market and regulator see the assurance outcome; there is no separate confidential regulatory channel.
How do we prepare for a step-up from limited assurance to reasonable assurance under SEBI's phase-in schedule?
We recommend starting preparation at least one full reporting cycle ahead of the year reasonable assurance becomes mandatory for your company. This typically means strengthening data capture at source (moving away from purely manual spreadsheet consolidation where feasible), documenting the internal review and sign-off process for each metric, and running a readiness assessment to identify where evidence currently available would not withstand the more rigorous testing reasonable assurance requires.
Why should we choose PNPC for Sustainability Assurance rather than a sustainability-only consultancy or a Big 4 firm?
A sustainability-only consultancy often has strong ESG subject-matter expertise but may lack the Chartered Accountancy grounding, assurance-standard discipline, and statutory-audit rigour that a defensible SSAE 3000/ISAE 3000 opinion requires — and many such firms also prepare sustainability reports commercially, creating an independence question if the same firm is asked to assure its own or a closely-related team's work. A Big 4 firm brings strong technical capability, typically at a premium fee, often with engagement teams that rotate across the assignment. PNPC combines close to four decades of practising CA rigour — the same evidentiary discipline we apply to statutory audit — with a dedicated, senior-partner-led sustainability assurance practice and coordinated India-UAE coverage for group structures.
What does the full PNPC Sustainability Assurance engagement include, end to end?
Applicability and scoping consultation; independence confirmation and engagement letter; materiality assessment review; data system and control walkthroughs across environmental, social, and governance metrics; sample-based testing of underlying evidence; GHG inventory review (Scope 1/2, and Scope 3 where in scope); site visits or structured virtual verification at a sample of locations; qualitative disclosure review for consistency with evidence; value chain data assessment where applicable; draft findings discussion with management; the final Independent Assurance Statement; a live presentation to the Audit Committee/Board; and filing-timeline coordination.
How much does the underlying quality of our ESG policies (not just data) matter to the assurance outcome?
Significantly. Where the BRSR or sustainability report makes claims about policies — a human rights policy, a supplier code of conduct, an anti-corruption policy — we test not only whether the policy document exists, but whether there is evidence it has actually been rolled out, communicated, and applied (training records, acknowledgement logs, monitoring evidence). A policy that exists only as a PDF with no evidence of implementation is a common source of qualified or caveated conclusions on the governance and social disclosure sections of the report.
Who can act as an independent sustainability assurance provider — does it have to be a Chartered Accountant firm?
SEBI's BRSR Core assurance requirement does not restrict the assurance provider to Chartered Accountant firms alone — assurance can be provided by a practising CA firm, a Company Secretary in practice, or other suitably qualified and independent professionals, depending on how SEBI's applicable circular defines eligible assurance providers for a given cycle. In practice, however, the underlying evidentiary and testing rigour required by SSAE 3000/ISAE 3000 draws heavily on the same skills used in financial statement assurance, which is why practising CA firms with an audit background are widely engaged for this work.
What is the Business Responsibility & Sustainability Report's relationship to the earlier Business Responsibility Report (BRR)?
BRSR replaced the earlier, narrower Business Responsibility Report (BRR) format that SEBI had mandated for the top listed companies since 2012. BRSR expanded the disclosure significantly — adding detailed, largely quantitative ESG performance indicators across nine principles derived from India's National Guidelines on Responsible Business Conduct (NGRBC), rather than the more qualitative, narrative-style disclosures the BRR required. Companies that filed a BRR in earlier years generally cannot simply extend that format; BRSR requires materially more granular data collection.
Does Sustainability Assurance look at supply chain labour practices and human rights, or only environmental data?
It covers the full BRSR scope, not environmental data alone — including social indicators such as wage and workforce data, health and safety performance, and the human rights principle, which addresses due diligence over your own operations and, per BRSR Core value chain requirements, your significant value chain partners as well. Where a company has manufacturing or sourcing relationships with higher labour-risk profiles, we pay particular attention to whether human rights due diligence claims are supported by evidence such as supplier audits, grievance mechanism records, or third-party certifications, rather than accepting a general policy statement at face value.
What is the role of the Audit Committee versus the Board in relation to BRSR and its assurance?
While BRSR disclosure and its underlying data preparation is typically a management and sustainability-function responsibility, SEBI LODR governance expectations mean the Board — often through the Audit Committee or a dedicated ESG/CSR/Sustainability Committee where constituted — is expected to have effective oversight of the sustainability reporting process, including the assurance outcome, before the report and its assurance statement are approved for filing. We present our assurance findings directly to whichever body has been assigned this oversight role, to support that governance responsibility being genuinely exercised rather than a formality.
Is a company required to disclose and get assurance on its Scope 3 emissions even if BRSR Core reasonable assurance applies to it?
The precise Scope 3 disclosure and assurance requirements have been phased in progressively under SEBI's BRSR Core framework, and the categories and extent of Scope 3 coverage required can differ from the fuller Scope 1/2 assurance expectation, given the inherent estimation difficulty of Scope 3 data across a value chain. We confirm the exact current-year requirement applicable to your company as part of the applicability and scoping stage, rather than assuming a uniform Scope 3 assurance obligation applies identically to every company within BRSR Core.
| Feature | Sustainability-Only Consultancy | Big 4 / Large Firm | PNPC Global |
|---|---|---|---|
| Assurance-standard discipline (SSAE 3000/ISAE 3000) | Variable — some issue non-standard 'certificates' rather than formal assurance statements | Strong technically, engagement often led day-to-day by junior staff | Formal SSAE 3000/ISAE 3000-aligned assurance, led by senior practising CAs |
| Independence from report preparation | Often blurred — many also offer report-writing services to the same clients | Generally well-managed, formal independence process | Strictly separated advisory and assurance teams and, where required, engagements, confirmed at scoping |
| CA and statutory audit grounding | Typically limited — sustainability expertise without core accounting/assurance training | Strong, but engagement continuity can vary with staff rotation | Same evidentiary rigour and scepticism applied to our statutory audit practice, carried into ESG assurance |
| Cost proportionality | Can be cost-effective but assurance rigour may be inconsistent | Premium fee structure, often disproportionate for mid-market companies | Right-sized scope and fee, with a lighter proportionate option for smaller/unlisted clients |
| India-UAE group coverage | Rarely available | Available via separate country teams, limited coordination | Single coordinated engagement across Chennai, Bangalore, Hyderabad, and Dubai |
| GHG methodology depth | Variable — depends on whether the firm has dedicated GHG expertise | Available, typically within a larger specialist ESG practice | Dedicated GHG assurance capability applying ISAE 3410 principles alongside CA-led testing |
| Board presentation | Sometimes delegated or provided only in writing | Often delegated to a senior manager rather than the partner | Engagement partner presents personally to the Audit Committee/Board |
| Ongoing relationship | Project-based, engagement by engagement | Engagement-by-engagement, re-scoped each cycle | Long-term advisory relationship spanning audit, tax, GRC, and ESG assurance since 1986 |
What the PNPC package includes
- 01
Applicability and scoping consultation — confirming whether BRSR Core, value chain, or a voluntary/lender-driven assurance obligation applies to you
- 02
Independence confirmation and formal SSAE 3000/ISAE 3000-aligned engagement letter before any fieldwork begins
- 03
Materiality assessment review against your actual sector, business model, and stakeholder inputs
- 04
Data system and control walkthroughs across environmental, social, and governance metrics
- 05
Sample-based testing of underlying evidence — not a summary-spreadsheet-only review
- 06
GHG inventory assurance across Scope 1, Scope 2, and Scope 3 where in scope, applying ISAE 3410 principles
- 07
Site visits or structured virtual verification at a risk-weighted sample of operational locations
- 08
Qualitative disclosure and narrative-claim review to reduce greenwashing risk
- 09
Value chain data assessment support for BRSR Core value chain obligations
- 10
Formal Independent Assurance Statement worded precisely to the assurance level and standard applied
- 11
Live presentation of findings to the Audit Committee/Board by the engagement partner
- 12
Filing-timeline coordination alongside your Annual Report and BRSR submission
- 13
India-UAE coordinated coverage for group structures with a Dubai or overseas subsidiary
- 14
Direct access to your engagement partner — by phone and WhatsApp — for questions between formal assurance cycles
Give your Board, your investors, and SEBI an ESG disclosure they can actually rely on. Speak with a PNPC engagement partner — a practising Chartered Accountant who will scope the assurance to your real regulatory position, test what the evidence actually supports, and stand behind the opinion in front of your Audit Committee.