Knowledge Centre

Independent assurance on non-financial information — from compliance reports to sustainability data.

ISAE 3000 Assurance Engagements 

1. What You Need to Know

ISAE 3000 is the international standard for assurance on information other than financial statements. 
It covers things like compliance with contracts, reporting to donors, sustainability metrics, or internal controls. Accountants use ISAE 3000 when clients need an independent professional to confirm that information is reliable. 

2. Why It Matters to You

ISAE 3000 builds trust in information that drives decisions. 
Gives donors, regulators, and stakeholders confidence in reports. 
Expands assurance beyond traditional financial statements. 
Helps NPOs and SMEs meet compliance or funding conditions. 
Demonstrates transparency and accountability. 

3. Frameworks, Standards, or References 

ISAE 3000 provides the backbone for non-financial assurance. 

  • Standards: ISAE 3000 (Revised) – International Standard on Assurance Engagements. 

  • Use cases: Compliance reporting, sustainability reporting, grant expenditure verification, internal controls reviews. 

  • References: CIBA practice support guides on assurance services. 

  • What your accountant will actually do: 

  • Design agreed procedures to test non-financial data. 

  • Collect and analyse evidence. 

  • Evaluate compliance with stated criteria (laws, contracts, donor requirements). 

  • Issue an assurance report for stakeholders.  

4. How to Apply

Steps to request an ISAE 3000 engagement: 

  1. Identify what non-financial information needs assurance. 

  2. Agree on the criteria to measure against (law, policy, contract, donor terms). 

  3. Provide your accountant with data and supporting records. 

  4. Accountant performs assurance procedures under ISAE 3000. 

  5. Receive a report you can share with donors, regulators, or boards. 

5. Common Mistakes to Avoid 

Avoid these pitfalls when seeking non-financial assurance: 

  • Thinking assurance only applies to financial statements → ISAE 3000 is broader. 

  • Not defining criteria → Always agree what “compliance” or “accuracy” means first. 

  • Poor documentation → Weak records limit what can be assured. 

  • Requesting assurance too late → Build it into project timelines.