S&P 500 Sustainability Reporting and Assurance Analysis
Updated June 2025
Key Takeaways
- 99% of S&P 500 companies reported sustainability information in 2023, remaining steady in relation to the 98% that did so in 2022.
- 73% of S&P 500 companies that reported sustainability information in 2023 obtained assurance over certain of that information (up from 70% in 2022).
- The scope of information being subject to assurance continued to increase with most companies assuring their greenhouse gas (GHG) emissions and at least 1 – 3 other sustainability metrics.
- 24% of companies that obtained assurance, obtained assurance from public company auditors (up from 21% in 2022).
- 94% of companies that obtained assurance from a public company auditor in 2023, used the same firm that performed their financial statement audit (fairly consistent with the 95% in 2022).
- There remains inconsistency in how other assurance/verification providers describe their compliance with the IAASB assurance standards, raising questions about the consistency of their compliance.
The CAQ, using data by ESGAUGE, looked at sustainability reports, company websites, completed CDP Climate Change Questionnaires, and third-party assurance or verification reports for 2023 period end data from S&P 500 companies to understand what they disclosed about sustainability reporting standards and frameworks, GHG emissions, assurance or verification over the sustainability information, and net zero or carbon neutral commitments. We compared these findings with our findings for the 2022, 2021, and 2020 reporting periods. This analysis does not include information disclosed by companies in SEC filings.
Some notes on our findings:
- Most companies have a dedicated sustainability page on their corporate investor relations website where they disclose sustainability information in a standalone PDF report. However, some companies issue sustainability information in multiple separate smaller reports such as SASB, GRI, or TCFD indexes and/or reports. Some other companies have designed a sustainability interface web portal to disclose their sustainability information.
- Most S&P 500 companies (99%) disclosed some level of sustainability related information for periods ending in 2023. That is roughly consistent with the 98% of S&P 500 companies that did so in 2022.
The CAQ examined how many S&P 500 companies referenced four commonly used sustainability reporting standards and frameworks – Sustainability Accounting Standards Board (SASB) Standards, Global Reporting Initiative (GRI) Standards, Task Force on Climate-Related Financial Disclosures (TCFD) Recommendations and the Integrated Reporting Framework.
S&P 500 companies continued to use these frameworks and standards to varying degrees. Some companies fully adopted a framework or standard, some partially adopted, and others used the framework or standard as a reference when determining what information to include in their sustainability reporting.
SASB, GRI and TCFD remained the most frequently mentioned reporting frameworks or standards. In 2023 there was a slight decrease in the references to three of the four standards and frameworks (SASB, GRI, and the Integrated Reporting Framework).
With the formation of the International Sustainability Standards Board (ISSB) in late 2021 and the release of the IFRS® Sustainability Disclosure Standards in June 2023, we were interested to see whether any companies mentioned the IFRS Sustainability Disclosure Standards in their 2023 reporting. We found that 93 companies mentioned the standards in their sustainability reporting in some way, an increase from the 17 companies that mentioned it in 2022. Many of the companies simply noted that the ISSB had assumed oversight of the SASB Standards and TCFD Framework which the companies had used to perform their reporting, and others suggested that they planned to use the standards in the future.
In addition to the IFRS Sustainability Disclosure Standards, we were also interested to see the extent to which companies mentioned other emerging regulations, standards, or frameworks in their reporting. We looked for companies’ mention of the European Sustainability Reporting Standards (ESRS) or the Corporate Sustainability Reporting Directive (CSRD), the California Climate Laws (SB 253, SB 261, and AB 1305), and the Task Force on Nature-related Financial Disclosures (TNFD). The California Climate Laws and the ESRS or CSRD were mentioned the most. We found that 106 companies mentioned the California Climate Laws, with most of these companies mentioning compliance with AB 1305 – Voluntary carbon market disclosures. There were also 100 mentions of either the CSRD or the ESRS, with most companies discussing their planned future compliance with the directive or standards. Fifty-six companies mentioned the TNFD framework, with the majority of those suggesting that they planned to use the framework in the future.
Reporting Standards and Frameworks
S&P 500 companies used these frameworks and standards to varying extents. The numbers in these charts include companies that disclosed that their reports were prepared in accordance with a particular reporting standard or framework as well as companies that mentioned they used or referenced the standard or frameworks to inform the content in the report.
99%
of S&P 500 companies reported sustainability-related information
Most S&P 500 companies referenced at least one of the four commonly used sustainability reporting standards or frameworks. In 2023, the majority of companies (303 of them) continued to reference three of the four standards and frameworks to help construct their reporting. A few companies did not reference any of these standards or frameworks. The number of companies that did not reference any of these standards or frameworks increased slightly this year. We observed that some companies that had previously used these standards or frameworks had stopped referencing them. Further, some companies that started to report sustainability information for the first time this year did not reference any of these standards or frameworks.
Number of Reporting Standards and Frameworks Used
The CAQ observed that 362 S&P 500 companies disclosed receiving some form of assurance or verification over certain sustainability metrics in 2023, representing a 6.5% increase from the 340 companies that did so in 2022. Seventy-three percent of the companies that reported sustainability information in 2023 obtained assurance over some of that information.
Disclosed Obtaining Assurance or Verification
73%
of reporting companies obtained assurance over some sustainability information
Overall, we observed an upward trend in the number of companies that obtained assurance or verification. Of the companies that obtained assurance in 2023, 87 obtained assurance from public company auditors and 283 obtained assurance from other providers. The percentage of companies that obtained assurance and engaged public company auditors to perform their assurance engagements continued to increase, shifting from 21% in 2022 to 24% in 2023. In some instances, companies used both a public company auditor and other providers.
We also observed that of the companies that obtained assurance from a public company auditor in 2023, 94% of them used the same firm that performed their financial statement audit, which remains consistent with the 95% we observed in 2022.
Assurance/Verification Providers
Data totals exceed the total number of companies that obtained assurance given that some companies received assurance from both public company auditors and other assurance/verification providers.
94%
of companies that obtained assurance from a public company auditor, used the same firm that performed their financial statement audit
Scope of Assurance: S&P 500 companies sought assurance from public company auditors over various disclosures. Some companies obtained assurance over select metrics related to GHG emissions, and others sought assurance over a wider range of sustainability metrics. We used the following categories to describe the scope of assurance:
- GHG refers to metrics solely related to GHG emissions
- GHG+ refers to GHG metrics plus 1-3 additional sustainability metrics
- Multiple/Other refers to a broader range of topics or non-GHG related metrics
In 2023, companies continued to increase the scope of information subject to assurance, with most companies obtaining assurance over GHG+, meaning GHG emissions and 1-3 other sustainability metrics (e.g., water, energy, or waste metrics).
Scope of Assurance - Public Company Auditors
Assurance Standards: We reviewed the attestation reports from US public company auditors who performed assurance engagements over certain S&P 500 companies’ sustainability metrics, and observed that US public company auditors used the American Institute of Certified Public Accountants (AICPA) Attestation Standards (including AT-C section 105 Concepts Common to All Attestation Engagements, AT-C section 205 Assertion-Based Examination Engagements and AT-C section 210 Review Engagements) to perform their assurance engagements. Non-US based public company auditors, used the International Auditing and Assurance Standards Board (IAASB) Standards (i.e., the International Standard on Assurance Engagements ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information or ISAE 3410, Assurance Engagements on Greenhouse Gas Statements). In two instances, a US public company auditor used both the AICPA attestation standards and the IAASB assurance standards to perform their assurance engagement.
Assurance Standards Used by Public Company Auditors
Other/Unknown - The assurance provider used the national assurance standard applicable in the country or the assurance standard could not be determined from the company’s documentation of assurance in its sustainability reporting.
Data totals exceed the total number of companies that obtained assurance given that some companies had more than one assurance report and in some cases the assurance report referenced both AICPA and IAASB standards.
A closer look at the use of the IAASB assurance standards (i.e., ISAE 3000 (Revised) and ISAE 3410):
While US public company auditors are required to perform their assurance engagements in accordance with the AICPA attestation standards (all did so, as noted in the chart above), non-US based public company auditors often perform their assurance engagements in accordance with the IAASB assurance standards. In certain cases, a US public company auditor may perform their assurance engagement in accordance with both the required AICPA attestation standards as well as another assurance standard like the IAASB standard.
- Since both public company auditors and other assurance/verification providers make use of the IAASB’s assurance standards, we explored how assurance/verification providers described how they applied and adhered to the IAASB’s requirements.
Among other things, ISAE 3000 (Revised) paragraph 69 indicates that the assurance provider’s assurance report must include:
- A statement that the engagement was performed in accordance with ISAE 3000 (Revised) or, where there is a subject-matter specific ISAE, that ISAE. (Par 69 (h))
- A statement that the firm of which the practitioner is a member applies International Standards on Quality Control (ISQC 1) (now the International Standard on Quality Management (ISQM 1)), or other professional requirements, or requirements in law or regulation, that are at least as demanding as ISQC 1/ISQM 1. If the practitioner is not a professional accountant, the statement shall identify the professional requirements, or requirements in law or regulation, applied that are at least as demanding as ISQC 1/ISQM 1. (Par 69 (i))
- A statement that the practitioner complies with the independence and other ethical requirements of the International Ethics Standards Board for Accountants (IESBA) Code, or other professional requirements, or requirements imposed by law or regulation, that are at least as demanding as Parts A and B of the IESBA Code related to assurance engagements. If the practitioner is not a professional accountant, the statement shall identify the professional requirements, or requirements imposed by law or regulation, applied that are at least as demanding as Parts A and B of the IESBA Code related to assurance engagements. (Par 69 (j))
We looked at the extent to which these requirements were described in the assurance reports as being adhered to by public company auditors:
- A statement that the engagement was performed in accordance with the assurance standard.
- All public company auditors that applied the IAASB assurance standards indicated that they had performed their assurance engagements in accordance with those standards.
- A statement that the quality standards ISQC 1 or ISQM 1 (or other requirements that are at least as demanding) were applied.
- All public company auditors that applied the IAASB assurance standards indicated that they had applied the quality standard, ISQC 1 or ISQM 1 or the national quality management standard applicable in the respective country.
- A statement that the assurance provider complies with the independence and other ethical requirements of the IESBA Code (or other requirements that are at least as demanding as the IESBA Code).
- All public company auditors that applied the IAASB assurance standards indicated that they had complied with the IESBA Code or other professional requirements that are at least as demanding.
Level of Assurance: In 2023, we observed that companies that obtained assurance from public company auditors continued to mostly opt for limited assurance engagements. Public company auditors performed 93 limited assurance engagements in 2023, up from 79 in 2022, and the number of companies opting for reasonable assurance engagements performed by public company auditors remained consistent at 11 for both 2022 and 2023.
Level of Assurance from Public Company Auditors
Unknown - Level of assurance could not be determined from the company’s documentation of assurance in its sustainability reporting.
Data totals exceed the total number of companies that obtained assurance from public company auditors because certain companies had multiple assurance engagements performed.
Scope of Assurance: In 2023, we continued to see an increase in the scope of information that was subject to assurance or verification by other providers, with more companies subjecting the Multiple category to assurance or verification. We also observed that the number of companies subjecting only their GHG emissions or GHG+ to assurance or verification remained fairly consistent.
Scope of Assurance - Other Providers
Assurance Standards: The CAQ examined how many times S&P 500 companies referenced the following assurance/verification standards commonly used by other providers:
- International Standardization Organization (ISO) Standards (either ISO 14064-3: Greenhouse gases — Part 3: Specification with guidance for the verification and validation of greenhouse gas statements or ISO 14065: General principles and requirements for bodies validating and verifying environmental information),
- International Auditing and Assurance Standards Board (IAASB) Standards (either International Standard on Assurance Engagements ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information or ISAE 3410, Assurance Engagements on Greenhouse Gas Statements) or
- AccountAbility’s AA1000 Assurance Standard
In 2023, we noted decreases in references to the ISO standards, the IAASB assurance standards, and the AA1000 standard. The decreases were primarily driven by the fact that other providers performed fewer assurance engagements in 2023. 1 The most common assurance standard referenced by other providers continued to be ISO 14064-3: Greenhouse gases — Part 3: Specification with guidance for the verification and validation of greenhouse gas statements. We also noted references to other verification standards or protocols beyond those listed above (or in the chart below).
Assurance/Verification Standards Used by Other Providers
Unknown - Assurance standard could not be determined from the company’s documentation of assurance in its sustainability reporting.
Data totals exceed the total number of companies that obtained assurance from other providers given that many of the assurance reports referenced more than one standard and many of the companies had more than one assurance report.
A closer look at the use of the IAASB assurance standards (i.e., ISAE 3000 (Revised) and ISAE 3410):
As we had done with public company auditors (above), we explored how other providers described how they applied and adhered to the following IAASB requirements in their assurance reports:
- A statement that the engagement was performed in accordance with the assurance standard.
- Around 80% of the other providers indicated that they had performed their engagement “in accordance” with the IAASB assurance standards while,
-
Around 20% either did not specify or indicated that their engagement was “based on”, “consistent with” or “in alignment with” the IAASB assurance standards.
The descriptions of use of the IAASB assurance standards by other providers suggest they are still not fully applying the standards, the results were consistent with the prior year where roughly 80% had indicated that they had performed their engagement “in accordance” with the IAASB assurance standards.
An engagement performed using a proprietary methodology that is “based on”, “consistent with” or “in alignment with” but not “in accordance” with assurance standards suggests that the standards were not followed as written. Such engagements may not be performed with the same amount of rigor or with the same consistency as an engagement that was performed “in accordance” with the standards.
- A statement that the quality standards ISQC 1 or ISQM 1 or other requirements that are at least as demanding were applied including identification of such other requirements applied.
- 59% of other providers indicated that they had applied quality standards that are equivalent to ISQC 1/ISQM 1. The standards most often referenced included one or more of the following:
- ISO/IEC 17021-1:2015, Conformity assessment — Requirements for bodies providing audit and certification of management systems
- ISO 14065:2020, General principles and requirements for bodies validating and verifying environmental information
- ISO 9001:2015, Quality management systems — Requirements
- ISO/IEC 17029:2019, Conformity assessment — General principles and requirements for validation and verification bodies
- 41% of other providers didn’t mention use of any quality standards.
Use of Quality Standards (ISQC 1/ISQM 1) by Other Providers
- A statement that the assurance provider complies with the independence and other ethical requirements of the IESBA Code or other requirements that are at least as demanding as the IESBA Code including identification of such other requirements applied.
- 21% of other providers indicated that they had applied the IESBA Code.
- 60% of other providers indicated that they used independence and ethical requirements equivalent to the IESBA Code of Ethics, with the majority indicating that they had used their own code of conduct. A few mentioned that they had used a code of ethics which meets the requirements of the International Federation of Inspections Agencies (IFIA).
- 19% of other providers did not mention compliance with any independence or other ethical requirements.
Use of IESBA Code by Other Providers
In contrast with the above findings regarding the description of use of the IAASB assurance standards by other providers, all public company auditors that used the IAASB assurance standards indicated that they had complied with the IAASB requirements (as noted in the Assurance by Public Company Auditors section above). Compliance with the IAASB assurance standards results in more consistent application of the standards and more comparable outcomes for report users like investors and other stakeholders.
Assurance Terminology: The CAQ observed that the other providers who were not public company auditors also used terminology such as “reasonable” and “limited” assurance in their verification reports. Additionally, other providers used the terms “moderate” and “high” assurance. In 2023, companies continued to primarily opt for limited assurance engagements. The slight decreases in the different levels of assurance noted in the chart below were primarily driven by the fact that other providers performed fewer assurance engagements in 2023. 2
Terminology Used to Describe Assurance/Verification from Other Providers
Unknown - Level of assurance could not be determined from the company’s documentation of assurance in its sustainability reporting.
Data totals exceed the total number of other providers given that some companies obtained multiple levels of assurance over more than one sustainability related item.
Scope of GHG Emissions Assurance/Verification: The CAQ observed that almost all companies that obtained assurance in 2023, obtained assurance over their GHG emissions (i.e., 360 of 362 companies did so). In 2023, 23 more S&P 500 companies subjected their GHG emissions to assurance or verification than in 2022.
Of those companies that assured their GHG emissions in 2023:
- 288 companies obtained assurance over some of their scope 1, 2 and 3 GHG emissions
- 69 companies obtained assurance over some of their scope 1 and 2 GHG emissions
Scope of GHG Emissions Assurance/Verification
Unknown - The GHG emissions that were subject to assurance could not be determined from the company’s documentation of assurance in its sustainability reporting.
These amounts include companies that subjected all their GHG emissions metrics to assurance/verification as well as companies that subjected only certain GHG metrics to assurance/verification.
Data totals are less than the total number of companies that obtained assurance given that some companies did not obtain assurance over their GHG emissions.
Extent of Reporting of GHG Scope 3 Emissions Categories: We observed increases in the reporting of 14 of the 15 categories of Scope 3 emissions. The only category to decrease slightly was ‘Category 14, Franchises’. In 2023, the three most reported Scope 3 emissions categories were:
- Business Travel
- Purchased goods and services
- Fuel and energy related activities (not included in scope 1 or 2)
While the order changed, the top three reported categories remained the same as those noted in 2022.
The table below reflects the extent to which companies reported the 15 different Scope 3 emissions categories indicated in the GHG Protocol. The information in the table is presented in the order of the most reported category to the least reported category based on 2023 data.
Decrease:
Extent of Assurance of GHG Scope 3 Emissions Categories: We observed increases in assurance of 14 of the 15 categories of Scope 3 emissions. The only category that did not increase was ‘Category 14, Franchises’, which remained unchanged from the prior year. In 2023, the three most assured Scope 3 emissions categories were:
- Business Travel
- Fuel and energy related activities (not included in scope 1 or 2) and
- Purchased Goods and Services
The top three reported categories remained the same as those noted in 2022.
The table below reflects the extent to which companies assured the 15 different Scope 3 emissions categories indicated in the GHG Protocol. The information in the table is presented in the order of the most assured category to the least assured category based on 2023 data.
Extent of Assurance of GHG Scope 3 Emissions Categories
No. of companies obtaining assurance over the corresponding Scope 3 categories
No change:
The CAQ observed that companies obtained assurance over a variety of other topics including water, energy, waste, employee health and safety, human capital disclosures and others. In 2023, we observed increases in the number of companies seeking assurance over many of these different topics. That was consistent with what we noted above with companies increasing the scope of information being subject to assurance.
Other Topics Subject to Assurance/Verification
The CAQ looked at whether companies disclosed carbon neutral or net-zero commitments and observed that:
- In 2023, 297 companies disclosed a net-zero and/or carbon neutral commitment — relatively consistent with the 293 companies that disclosed a net-zero or carbon neutral commitment in 2022.
- Of those companies that disclosed a net-zero commitment, there were a variety of commitment dates with the most common commitment date observed being 2050. This is the same as what was observed in the prior year.
- Of those companies that disclosed a carbon neutral commitment, various commitment dates were observed with 2050 being observed the most, followed by 2030 as a close second. This remains consistent with our observations from the prior year.
Disclosed a Net-Zero or Carbon Neutral Commitment
In the CAQ’s analysis of 2023 S&P 500 10-K filings we observed that 142 companies disclosed net-zero or carbon neutral commitments within the 10-K filing.
Some of this analysis was powered by CDP Data.
Endnotes
- While more companies sought assurance from other providers, the number of companies obtaining multiple assurance engagements decreased, resulting in a decrease in the total number of assurance engagements performed by other assurance providers. The decrease in the total number of assurance engagements performed by other assurance providers contributed to the slight decreases noted in the chart. Unlike in prior years, this year we did not have access to all referenced assurance reports, only the assurance-related CDP responses and were thus unable to determine or confirm whether multiple assurance engagements had been performed, which possibly contributed to the decreases noted.
- Ibid
Related Resources
The latest news and
resources from the CAQ.