Chuckles courtesy of Scotiabank and CBSR

Paging through Scotiabank’s C-Level Sustainability report, two somewhat misleading lines in the CEO Letter (!) about assurance by CBSR caught my attention and made be chuckle - TGIF!

The lines read as follows: “For the first time, assurance for this report’s Global Reporting Initiative (GRI) table has been provided by Canadian Business for Social Responsibility. CBSR reviewed the information included here to ensure that it meets GRI reporting requirements.” 

I had to chuckle wondering if CBSR is now competing in the non-financial reporting assurance business or is Scotiabank hoping that uninitiated readers will assume that a very high level of external scrutiny was applied to this sustainability report?

Reminding myself that this is a simple blog (and NOT investigative journalism), I will now assume that CBSR did not conduct (or promise) anything that deserves the reserved termed ‘assurance’ when conducting what seems to be a very simple (and usually pretty cheap) 3rd Party Check of the GRI Index. [As shown on one of GRI's web ages, GRI charges EUR 1,300 = CAD 1,750 to conduct a GRI Check.]  The CSR/reporting nerds amongst you will know that a 3rd Party Checks (and GRI Checks for that matter) DO NOT CONSTITUTE ANY OPINION ABOUT THE QUALITY, ACCURACY OR COMPLETENESS OF THE REPORT.

Now curious about other hidden treasures in this report, I quickly searched for information on Scotiabank’s performance in terms of adherence to laws, standards, and voluntary codes related to marketing/communications. Helpfully, Scotiabank’s CBSR ‘assured’ GRI Index pointed me quickly to report sections containing the relevant information. With regard to GRI Performance Indicator PR6, I found that Scotiabank was committed to the usual voluntary codes of communication and marketing related to financial institutions – no surprises here.

However, when searching for GRI Performance Indicator PR7 which would detail “Total number of incidents of non-compliance with regulations and voluntary codes concerning marketing communications, including advertising, promotion, and sponsorship by type of outcomes” I came up empty both in the CBSR 'assured' Index and in Scotiabank’s report. Go figure….  but don't despair. After all: TGIF!

24 Comments to Chuckles courtesy of Scotiabank and CBSR

  1. Wesley says:


    I’m not certain where you have found any questionable text, that gives an impression that mainstream assurance was provided by CBSR, but the text from the website that you referenced above states the following:

    “While in the past, Scotiabank has not sought external assurance for the CSR Report, in 2009, Canadian Business for Social Responsibility (CBSR) was asked by the Bank to perform an assurance on its GRI chart”

    Similar specific claims were made in the CEO message.

    I don’t believe there are issues with CBSR conducting GRI chart/level assurance, as they have been recognised by GRI, Jantzi Sustainalytics and other credible organizations for their work in this specific area.

    I can’t find anywhere where Scotiabank’s report implies that ‘mainstream’ assurance services were provided by CBSR, and for people reaqding into this degree of detail, they are not likely to have a misled impression.

    So you may wish to consider asking the company about your concerns and proposed solutions before jumping to make questionable claims. Especially as a GRI training provider!

  2. Many thanks for your note, Wesley.

    Yes, you are right. I am a GRI trainer who has been trained by GRI directly. I have also developed a couple of GRI certified training programs (including that being used by Jantzi) and delivered lots of GRI-certified training. I have also completed a few GRI reports and Third Party Checks (and reviewed dozens and dozens more). So it is with that that kind of background that I was reading Scotiabank’s CEO letter and wondering if that could perhaps be considered as somewhat misleading.

    My question is this: what did Scotiabank ask CBSR to do? Was it a so called ‘Third Party Check,’ which – as you will probably know – is a reserved term within the GRI framework and should not be confused (or allow others to be confused) with anything deserving the term ‘assurance’? I would have expected a more careful use of the term ‘assurance’ especially by a financial institution with lots of accountants who should know a thing or two about connotation of assurance.

    I guess the proverbial straw that broke the back of the camel for me was this: I noted the use of the term assurance in the CEO letter (!) but had to search for the hidden, small print line indicating that this was a C-level report. As I recall, the small print was even in a grey color so it could blend into the background even more!

    So it did not feel – at least to me – an accurate approach to communicating what – it seems to me – is a very limited level of scrutiny applied to the report by CBSR: checking the GRI Index.

    Allow me to close by asking you this: is it really my job to ask lots of questions about Scotiabank’s report or do report users like me (and perhaps others with much less GRI knowledge) deserve clear, accurate, balanced and credible reporting? Thanks again for your comments! Best wishes, Mehrdad

  3. Wesley says:

    I agree that using the term assurance can be misleading, but if used in the context of GRI reporting level and table I don’t see this being an issue, and is not an issue I have encountered when speaking with mainstream report assurance providers.

    To me this is not misleading. It would be like saying an annual CSR report is misleading, as it could be misconstrued as an annual report. The large majority of people reading this level of report information (and familiar with the GRI) would not be confused.

    If you wish to learn more about what CBSR did I would recommend that you speak with either CBSR or Scotiabank, but generally speaking it was GRI reporting level assurance only, as communicated in the Scotiabank report.

    I agree that clear, accurate and credible reporting should be expected, and in reference to the language used in the GRI assurance of Scotiabank’s CSR report this was achieved – but with any annual or CSR report I’ve ever read, they can and will improve over time.

  4. Thanks for not shooting at the messenger any longer 😉 – and continuing the discussions. Unsure if you are with CBSR or not, but I like and did not mean to discount how CBSR helps its member companies (and others) push the boundaries in the CSR field. However, on the occasion of the ‘Third Party Check’, I would encourage CBSR not to push the boundaries of the GRI framework and commonly accepted terminology. Perhaps time to consider dropping the term ‘assurance’ when used solely in the context of a Third Party Check to avoid any ambiguity. Best wishes, Mehrdad

  5. Peter Colley says:

    The term “assurance” could do with not being used any more loosely than it already is. In my view it is already in danger of having little meaning. The “limited assurance” provided by the major accounting firms for some GRI reports is so limited it provide no assurance to users at all. Some even specifically state they are not be be relied on by any user.

  6. Thanks for your comments, Peter. Yes, there are some concerns particularly relating to some limited assurance serving as a proverbial fig leave. I recall seeing one of these fig leaves a few years ago for a Canadian reporter. Given that the organization was investing in all sorts of high risk projects and high risk countries with all sorts of interesting environmental, social and governance challenges, I was surprised to read a ‘Big 4’ limited assurance not picking up on problem that limited assurance being provided was true to disclosed scope limitations but really had nothing to do with the organization’s business/CSR risks profile (let alone stakeholder expectations). And it was funny that that reporter placed the assurance statement up front in the report, hoping for some ‘Big 4 co-branding magic’ to do the trick. Good news is that the reporter has moved on to – what I think – is much more meaningful approach to sustainability reporting.

  7. Henrik Weinestedt says:


    Thanks for another insightful blog post. I am 100% with you on this one, and I do not agree with Wesley’s claim that the use of the word assurance was justified – it is clearly defined and has a specific contextual meaning. My main question after reading this and looking at the so called ‘assurance’ is whether this abuse of terminology was decided on by Scotiabank and CBSR together, or if one of the parties somehow convinced the other that it would be possible to sneak in an assurance claim when it’s really only a 3rd party check. As Peter said, with the reporting system being as ‘loose’ as it is with disclosure quality, assurance and 3rd party checks being (ab)used, it is far too easy to ‘fool’ beginner or not-so-scrupulous readers.

    I am happy though that Scotiabank decided to release a C level report and not go for the jugular with an A level report; at least materiality issues were handled properly and the 79 indicator bandwagon was not jumped this time!

  8. Jouko Kuisma says:

    Thanks to all of you safeguarding the meaning of assurance. Do you still remember the time before GRI, when we had environmental reports, and some of theme were “verified”?

    In 2002, I involved PwC into our GRI reporting process and learned very soon from them that their thorough year-round work with us was assurance, no more verification.

    English is not my native language, but my ears say third party checking on the claim “In accordance with GRI” is much closer to verification than to assurance. Most of those companies who have self-declared their in accordance with GRI, have interpreted accordance in a very liberal way. Let us not encourage third parties to be as liberal in speaking of assurance.

    By the way, after having experienced six very thorough and competent assurance processes by PwC (Finland), twice complemented by csrnetwork (UK), I always start reading GRI reports from the back. If I do not find the assurance statement, I take a totally different, sceptical stand on the report. And even if there is a statement, I read it carefully, because the assurance may have been very limited, taking into account only the easy parts and leaving all risks and incertainties out.

  9. Frea Haandrikman, Student Assistent BSM department at RSM Erasmus University, Rotterdam Area, Netherlands, left this comment on LinkedIn:

    I my opinion assurance is such a non-word in this context. What does it actually mean? They just put a word there that sounds positive, and gives a safe, trustworthy feelig. Manipulation, in my opinion. I agree with the comment made by Jouko Kuisma, who said that often the word “assured” is used when they mean “verified”.
    I wouldn’t read this blog as a blog about the word assurance, or Scotiabank. I would read it has a heads-up to the kind of language that is used in many reports. For a recent research on gender diversity I had to go through a LOT of CSR reports, and the texts were pretty much the same. All companies are “fully committed” to gender diversity. But in reality, beig “fully committed” is a wide spectrum that goes from hiring a single woman in top-management, to having an exstensive program that actively works on the gender perceptions in a company and the gender diversity throughout its workforce. In the end, this lead to the term “fully committed” meaning absolutely nothing, just like the word “assurance”.

  10. Thanks for your comments, Frea. Interesting point about increase of ‘template sections’ in reports. While I am not sure if that will disappear anytime soon, showing representative samples of activities could help add some meaning and segmentation to the term ‘committed’ in the case of gender diversity or any other area.

  11. Jonathan A, VP Aboriginal Affairs & Sustainability at De Beers Canada Inc, left this note on LinkedIn:

    “I can’t speak for BNS, but we also used CBSR to look at our report. In our case, the term “assurance” was used to indicate that the report had been looked at by CBSR and that they confirmed that we had included information that applied to the various GRI indicators required to achieve the Application Level that we were aiming for, i.e. we had reported on the required indicators to justify our assertion that we were at that particular Application Level. From what I understand, the term “verified” is reserved for the activity of physically confirming that what has been put in a report is confirmed by the data that the reporting entity has available to the party carrying out the verification assessment. In otherwords, the verification is closer to a traditional ‘audit’.”

  12. And this was my response: Thanks for posting your question for open discussion, Jonathan. I think it would be most useful to have a response from GRI directly at this time. – But here my 2 cents: I took a quick look at the De Beers Canada’s 2009 Report to Society sustainability report (found in the Media section) and its Accuracy and Completeness section. DBC has clearly opted for a multi-pronged approach to meet a variety of needs and gain related benefits – and did not take short cuts. I also note efforts underway to implement the Canadian Mining Association’s Towards Sustainable Mining (TSM) protocols and undergo related verification (the term used by TSM) in teh future.

    To me, the kind of work described under Third Party Assurance heading in the report and carried out by SGS is probably more deserving of the term assurance (probably of the moderate/limited kind). but I note that no assurance opinion is included in the report (and I did not search the web) which would normally be associated with an assurance process resulting in an opinon containing scope, limitions etc published with the report. The work described by CBSR seems to be a combination of a Third Party Check (the reserved GRI term for such work) and, probably much more valuable, an external review or perhaps benchmarking of DBC’s draft report. Not sure if I should complicate the discussion by referring to AA1000 Assurance Standards and its tiered definition of assurance, but I don’t think that CBSR is certified/licensed under AA1000.

  13. Heather says:

    Hi Mehrdad,

    Thanks for your comments. I recently took over the reporting folder at CBSR and as discussed with you, we have been in the process of reviewing our reporting offering internally as well as with GRI and should have an outcome in the next two weeks. We will report back our findings but certainly hear all of your concerns.

    In addition to that we see a need to clarify the definitions of all of these terms – verification, validation, third party check, assurance, and many others, as over the past couple of years they have become nearly interchangeable. It is time to clear up the confusion!

    Henrik – I can’t comment on the Scotiabank project specifically because I wasn’t involved, but I can say that as a non-profit whose mandate it is to advance CSR in Canada, it would certainly not be CBSR’s or its member or client’s intent on misleading or deceiving stakeholders. That goes completely against what the organization stands for.

    If any of you would like to continue the discussion further and have any feedback, I certainly welcome it – you can email me at

  14. Many thanks for your comments, Heather. I note that you (CBSR) are in a process of reviewing terminology and reporting services. I am sure the entire CSR practioner and report user community would benefit from further clarity and – dare I say it – convergence towards generally accepted jargon (and underlying practices) ranging from Third Party Check of GRI Application Level to moderate or reasonable level of assurance. I look forward to hearing about the outcome of your review efforts in due course.

  15. Daniel Roberts, Director at RAAS Consulting, posted this note on LinkedIn:

    “For a detailed discussion of CSR Assurance issues, please read this:


    “It has been a foundational premise of this document that CSR/Sustainability reports, to have relevance, need to be written with the needs of the audience in mind. Where this document differs from current assumptions is in the nature of the audience, and therefore the future authors of such reports. We believe that the future primary audiences for CSR/Sustainability reporting will be regulators and investors. As such, the information provided to these audiences, through a single report will evolve rapidly. Certainly overtly marketing focused reports of a CSR/Sustainability nature will continue to be produced, but these will become secondary.”

  16. Dear all,

    With great interest, I have been following your discussions on this blog post and I’d like to contribute by clarifying GRI’s current position on these issues. I hope this will also shed some light on the different modes of verification/report assesments/assurance that are currently out there:

    The Global Reporting Initiative (GRI) is a network-based organization that has pioneered the development of the world’s most widely used sustainability reporting framework.

    Application levels indicate to which extent the GRI Guidelines have been applied in the reporting in terms of which set and what number of disclosures have been reported upon.
    There are three different levels (A, B and C), and these can be self-declared by a reporting organization, checked by a third party or checked by GRI.

    The GRI Application Level Check aims to confirm that the required set and number of disclosures for that Application Level have been addressed in the reporting and that the GRI Content Index can be seen as a correct representation of that particular Application Level. Application Levels reflect the degree of transparency by the reporting organization. They do however, do not give an opinion on the sustainability performance of the reporter, the quality of the report, or on the extent of any formal compliance with the GRI Guidelines.

    A third party Application Level Check means that a GRI report has been checked by a third party selected by the reporting organization itself. These third parties are not affiliated to the Global Reporting Initiative.

    Beyond the GRI Application Level Check, GRI highly recommends external assurance, a “+” can be added to the application level, when a report has been externally assured.

    Marjella Alma, Report Services Manager, GRI

  17. Leon Olsen, Director at Deloitte Australia, posted this comment on LinkedIn:

    “This is an interesting discussion, especially for a ‘CR assurance’ nerd like myself – I’ve worked with such assurance professionally for over 10 years, and been part of innovative assurance solutions to clients in Denmark, UK and Australia – including some of the most challenging global assurance projects within this subject matter.

    Let me start by clarifying that ‘Yes’ there is a lot of confusion. Many clients and stakeholders don’t know what assurance actually means or is. There are different frameworks used, e.g. ISAE 3000 and AA1000 Assurance Standard – however, one thing is clear, if you want to discuss professional assurance:

    – There is a subject matter reported upon by a reporter to an audience.
    – A third party performs a scope of work on the subject matter to somehow validate that the subject matter is reported in accordance with specified criteria.
    – The third party issues an assurance report clarifying the subject matter, the criteria used to evaluate the subject matter, any limitations in the scope of work and a conclusion.

    All of this is abstract, as you will notice. And the fact is, CR or sustainability report assurance is far from a standardised commodity – therefore it is very unlike e.g. financial audit. For every engagement you need to clarify what the subject matter is, what the criteria to benchmark it is, the suitable scope of work to get to a professional judgement, and the level of assurance to achieve (e.g. limited or reasonable), and I’ve not worked on many such assurance engagements where this was close at being the same.

    As such, most assurance conclusions on sustainabilty reports only provide assurance over a subset of the full report. E.g. the environmental performance indicators, and nothing more. And then obviously companies use different criteria for seemingly similar indicators, so you also have to consider the criteria (in this case the indicator methodology). And then you have to consider the level of assurance and obviously all companies have different contexts. So firstly, to understand any assurance, it is important to read the assurance statement and understand:

    – The subject matter
    – Its criteria (which must be transparent to the report user, or the assurance is basically meaningless, as the report user will not to what benchmark the subject matter has been evaluated).
    – The level of assurance (which especially for limited includes understanding the exact scope of work as detailed in the assurance statement).

    Understanding this, you will also appreciate that it is very difficult to create criteria that evaluate the actual sustainability performance of a company. This would require criteria that can determine whether performance is ‘sustainable’ or not, and such criteria rarely exist. So, proper assurance will be consider more the transparency of the reporter, e.g. that its reporting on performance is transparent and following adequate and transparent criteria. This should then (in theory) allow a report user a chance to make up her own mind as to the acceptability of the performance of the organisation.

    Also – the word assurance is obviously also having a much broader meaning in English, and I think this is where some of the confusion comes from. Professional, standards-based assurance loads a lot of meaning into what it does and doesn’t mean. However, outside of that realm, I’m not sure if we can control everybody to only use it in that context….

    Finally – I don’t know the context of the work of CBSR or the Scotiabank report – but I would say that if the work of CBSR was only to check that the report had the information required by GRI to a specific level, then this could potentially be assurance according to the above – but only over a very limited subject matter, and the question is whether it is actually meaningful as assurance? It depends a lot on the substance of the work performed, I’d say.

    Enough said – I hope this was helpful.”

  18. Heather says:

    Hi all,

    Great conversation here! We just wanted to close the loop and let you know the outcomes of some discussions we had internally, with stakeholders, and with GRI (thanks Marjella!). To summarize:

    – GRI does not take a position on who can provide assurance – CBSR can provide external assurance for a reporting organization’s GRI Content Index as long as the reporting organization believes CBSR has met GRI’s key qualities for assurance (refer to pg. 38 of the GRI G3 RG Sustainability Reporting Guidelines)

    – As the requirements for external assurance become clearer, and based on stakeholder discussions, we agree that CBSR’s approach to those key qualities no longer meets the industry expectations (agreed with Leon’s point about broad interpretations!)

    – CBSR will continue to provide “Third Party Application Level Checks” for reporting organizations and subsequent to those checks, the GRI Application Level icon that indicates a successful “Third Party Check” can be included in the report

    – As an enhanced service to the “Third Party Application Level Check”, we can also provide analysis that goes beyond the requirements for a standard check and includes CBSR’s opinion of the quality and completeness of the reporting organization’s responses to the Standard Disclosures referenced in the GRI Content Index

    I hope that clears things up for you. Thanks everyone for your comments, and feel free to let me know if you have any questions –

    Heather Mak, CSR Advisor, CBSR

  19. […] use of the term “assurance “in Scotiabank’s recent sustainability report (see my blog post: Chuckles courtesy of Scotiabank and CBSR), I decided to take a closer look at the assurance aspect of Millipore’s report, which I would […]

  20. […] This post was mentioned on Twitter by Bill Baue, A Dobkowski-Joy. A Dobkowski-Joy said: Fascinating debate on what counts as #assurance for a #GRI report Check out the comments #csr #sustainability […]

  21. Aleksandra Dobkowski-Joy posted this note on LinkedIn:

    “Excellent discussion, thanks Mehrdad for kicking it off!

    Beyond the debate around what constitutes assurance, I am fascinated by the outcome of this conversation. Because of Mehrdad’s post, CBSR:

    1. Received outside opinions about their terminology and process (via commentors to his blog),
    2. spoke with the GRI, and
    3. subsequently revised their definition of “assurance” and how they will use the term in the future (see the final comment to the original blog).

    It is very heartening to see that real-time stakeholder engagement can actually make a difference. Hopefully, this and similar discussions will carry us towards a more rigorous and standardized understanding of how best to report on (and verify) sustainability performance.”

  22. This blog entry made it to my Top 10 for 2010. Full list posted here

  23. […] Chuckles courtesy of Scotiabank and CBSR […]

Leave a Reply

Your email address will not be published. Required fields are marked as *