Credibility through Assurance: The Role of Certification, Validation and Verification in Sustainability Reporting
Sustainability reporting has become a strategic top priority at the latest since CSRD/ESRS — initially for large companies that, as frontrunners, are building new data and governance structures as well as assurance processes (while having to deal with boundary conditions, transitional rules, and “moving targets”). At the same time, this development is cascading into value chains: even if many SMEs are not directly subject to reporting obligations, they are affected by changing customer expectations, requirements from financiers, supply-chain specifications, and tenders (“trickle-down”).
As an accredited conformity assessment body, DEKRA Certification GmbH provides neutral insight into standards, audit methodologies and regulatory frameworks. The following interview brings together two perspectives: the technical assurance view represented by Annette Dési and the practical perspective of internationally operating companies, represented by Stefan Richter.
Interviewer: Annette, many SMEs say: “CSRD doesn’t apply to us at all — so why should we deal with it anyway?”
Interviewer: Stefan, how are you experiencing the situation among SME customers right now?
Interviewer: Annette, why are ISO 14001, ISO 50001 & co. so relevant for reporting and climate topics?
Interviewer: In the CSRD, the terms “limited assurance” and, prospectively, “reasonable assurance” appear. What is the difference — and why is this so relevant for companies?
Interviewer: Stefan, what does that mean in practice — for frontrunners and then in the supply chain?
Interviewer: In practice, we increasingly hear “certification” and “verification” in the same breath. In addition, “validation” comes up. What is the difference — and why does it matter?
Interviewer: What does that mean concretely for you as an accredited validation and verification body — especially regarding depth of assurance?
Interviewer: Stefan, from the customer perspective — do companies need ISO certificates more, or rather verifications? Where do you see the place for sector- or product-chain-related systems like ISCC in the context of the Renewable Energy Directive?
Interviewer: And in very practical terms: how do companies avoid the typical risks in such production chains — such as mis-transfers, incorrect attribution, and double counting?
Interviewer: And what does this development mean from the customer’s perspective in terms of communication and greenwashing risks?
Interviewer: Annette, can you name a current example where harmonization, transparency, and assurance requirements are being “raised” in a visibly tangible way?
Interviewer: And from a communications perspective?
Interviewer: Thank you, Annette and Stefan, for your time and the clear insights. It’s evident that credible sustainability reporting increasingly depends on robust processes, transparent methodologies and evidence that can stand up to independent scrutiny.
Overview of depth of assurance (standards-based) — limited vs. reasonable & differentiation from ISO certification and V&V
Key takeaway:
- Assurance (limited/reasonable) describes the level of assurance of an engagement.
- ISO/IEC 17021-1 governs management system certification (audit, sampling-based).
- ISO/IEC 17029 governs validation/verification of claims, including the level of assurance (programme/scheme-dependent).
| Dimension | Limited assurance | Reasonable assurance |
| Level of assurance | lower level (more “plausibility checking”) | higher level (more evidence/assurance procedures) |
| Typical depth of assurance | primarily analytical procedures, interviews/inquiries, selective sampling | more detailed testing, often a stronger focus on evidence and controls |
| Practical effect | good entry point, but not full detection of irregularities where controls are weak | higher reliability, but significantly higher requirements for the data chain/internal control system (ICS) |