Integrated Reporting Framework for Auditors

What the Integrated Reporting Framework actually is (and is not)

The Integrated Reporting Framework is a principles-based guidance document. It is not a reporting standard with mandatory requirements. It was originally published by the International Integrated Reporting Council (IIRC) in 2013, revised in January 2021, and transferred to the IFRS Foundation in August 2022 when the Value Reporting Foundation merged with the Foundation. The IASB and ISSB are now jointly responsible for the framework and have committed to integrating its principles into their standard-setting work.

The framework does not prescribe specific disclosures. It provides a structure for how an organisation communicates value creation, preservation, and erosion to providers of financial capital. An integrated report prepared under the framework tells the story of how an entity’s strategy and business model interact with external factors to produce outcomes across all six capitals over time.

Approximately 75 countries have organisations using the framework to structure their annual reporting. In the EU, the CSRD (Directive 2022/2464) doesn’t mandate integrated reporting directly, but its requirements for disclosures on business model, strategy, and risk management overlap substantially with the framework’s content elements. Paragraph 1.20 of the Integrated Reporting Framework requires those charged with governance to acknowledge responsibility for the integrity of the integrated report. That governance accountability creates a direct line to ISA 260 (Revised) communications.

The important distinction for auditors: the framework itself creates no ISA-scope assurance obligation. Your audit opinion covers the financial statements. But when a client publishes an integrated report that contains or accompanies those financial statements, ISA 720.14 requires you to read and consider the “other information” for material inconsistencies with the financial statements or the auditor’s knowledge obtained in the audit.

The six capitals and eight content elements

The framework defines six capitals: financial, manufactured, intellectual, human, social and relationship, and natural. These are the resources the entity uses and depends on. The eight content elements structure the report: organisational overview and external environment, governance, business model, risks and opportunities, strategy and resource allocation, performance, outlook, and basis of preparation.

For a working auditor, the content elements matter more than the capital categories. Four of the eight content elements produce information you’re already assessing under ISA 315 (Revised 2019) during your risk assessment:

The business model element (paragraph 4.10 of the framework) describes how the entity converts inputs to outputs and outcomes. ISA 315 (Revised 2019) paragraph 19 requires you to understand the entity’s business model as part of understanding the entity and its environment. If your client’s integrated report describes a business model that differs from what you understood during planning, that’s a red flag, not an assurance matter, but a consistency matter under ISA 720.

The risks and opportunities element (paragraph 4.23) describes the specific risks and opportunities affecting the entity’s ability to create value. ISA 315 (Revised 2019) paragraph 25 requires you to identify and assess risks of material misstatement. If the integrated report identifies a risk that your risk assessment missed, you need to consider whether your ISA 315 risk assessment is complete.

Where the framework touches your ISA engagement

The Integrated Reporting Framework touches your audit engagement in four places, none of which require you to audit the integrated report itself.

ISA 720 (Revised), Other Information, is the primary touchpoint. When the integrated report accompanies the financial statements (or the financial statements are incorporated within the integrated report), you read the other information per ISA 720.14 and consider whether there’s a material inconsistency between the other information and the financial statements, or between the other information and the auditor’s knowledge obtained in the audit. An integrated report that claims revenue grew 12% due to investment in human capital, while the financial statements show a 3% decline, is a material inconsistency you can’t ignore.

ISA 315 (Revised 2019) is the second touchpoint. The integrated report often contains the most detailed public description of the entity’s business model and risk profile. You’re required to understand these under ISA 315.19 to ISA 315.25. Reading the integrated report during planning isn’t optional, it’s part of your risk assessment evidence base.

ISA 570 (Revised 2024) is the third touchpoint. The outlook element of the integrated report (paragraph 4.34 of the framework) describes management’s expectations about the entity’s future. If the outlook section projects stable operations while your going concern assessment identifies material uncertainty, that’s a potential inconsistency under ISA 720 and a potential indicator of unrealistic management assumptions under ISA 570.

ISA 240 (Revised) is the fourth touchpoint. The performance element (paragraph 4.31) often contains KPIs linked to management compensation. If those KPIs create incentives that conflict with faithful financial reporting (say, revenue targets tied to bonuses, where the entity applies percentage-of-completion accounting on long-term contracts), that information feeds your fraud risk assessment under ISA 240.8.

ISA 720 and the integrated report

ISA 720 (Revised) paragraph 14 requires the auditor to read the other information and consider whether there is a material inconsistency between the other information and the financial statements. The auditor must also consider whether there is a material inconsistency between the other information and the auditor’s knowledge obtained in the audit (ISA 720.15).

When the integrated report is the “other information” (or part of it), the scope of your reading obligation covers the full report, including the qualitative narrative about capitals and value creation. You don’t provide assurance on any of it. But you can’t claim you didn’t read it if an inconsistency later surfaces.

The practical difficulty is connectivity. Integrated reports link financial performance to non-financial factors. A statement like “our €4.2M investment in employee training (human capital) contributed to a 15% reduction in production errors, supporting the €1.8M decrease in warranty provisions” creates a chain of claims that crosses the boundary between financial statements and other information. The warranty provision is in the financial statements. The training investment and error reduction rate are not. ISA 720 requires you to read both parts and consider whether they’re consistent with each other and with your audit knowledge.

You don’t need to verify the error reduction percentage. But if you know from your ISA 520 analytical review that warranty provisions decreased for an entirely different reason (say, a change in warranty terms, not a quality improvement), the connectivity claim is materially inconsistent with your knowledge, and ISA 720 requires you to act.

The ISSA 5000 intersection

ISSA 5000, effective for periods beginning on or after 15 December 2026, introduces formal assurance requirements for sustainability information. The interaction with the Integrated Reporting Framework is significant because many entities report sustainability information within an integrated report rather than in a standalone sustainability report.

ISSA 5000 applies to assurance engagements on sustainability information regardless of where that information appears. If sustainability disclosures are embedded in an integrated report, and the entity engages you to provide assurance on those disclosures, you apply ISSA 5000 to the sustainability information within the report. You do not apply ISSA 5000 to the integrated report as a whole.

IFAC has argued that integrated reporting assurance should be led by the statutory auditor, since the auditor already holds an understanding of the entity’s business model, internal controls, and financial reporting. This argument has practical weight for mid-tier firms. If you’re already the statutory auditor, accepting a limited assurance engagement on the sustainability information within an integrated report is a smaller incremental step than it would be for a separate assurance provider starting from scratch. The CSRD assurance requirements are driving this convergence, since the directive requires the statutory auditor (or another approved assurance provider) to provide at least limited assurance on the sustainability report.

ISSA 5000 is a standalone standard. Unlike ISAE standards, you don’t apply ISAE 3000 (Revised) alongside it. The standard covers both limited and reasonable assurance and applies to sustainability information prepared under any framework, including the ESRS, IFRS S1, IFRS S2, and GRI. When ISSA 5000 becomes effective, ISAE 3410 (Assurance Engagements on Greenhouse Gas Statements) will be withdrawn.

Worked example: reading an integrated report on an ISA engagement

Client: Mulder Techniek B.V. — Revenue: €38M | Industry: industrial automation | Year-end: 31 December 2027 | Publishes an integrated report under the IR Framework

Step 1: Obtain the integrated report during planning

The engagement team obtains the draft integrated report alongside the draft financial statements. The report follows the eight content elements and maps the entity’s activities across four of the six capitals (financial, manufactured, intellectual, and human).

Step 2: Compare the business model description to the ISA 315 understanding

The integrated report describes Mulder’s business model as shifting from one-off equipment sales (72% of revenue in 2025) to recurring service contracts (projected at 45% of revenue by 2028). The ISA 315 risk assessment identifies revenue recognition on the new service contracts as a significant risk, since the entity is applying IFRS 15.35 over-time recognition to these contracts for the first time.

Step 3: Assess the outlook section against going concern indicators

The outlook element states that management expects positive cash flow throughout 2028 and 2029. The going concern working paper (prepared under ISA 570, Revised 2024, gross basis) identifies that the service contract transition requires €6.8M in upfront investment, funded by a revolving credit facility expiring in November 2028. On a gross basis, this is a going concern indicator. The integrated report’s outlook section doesn’t mention the facility expiry or the renewal status.

Step 4: Check performance KPIs against fraud risk factors

The performance element reports that senior management bonuses are tied to a “service revenue conversion ratio” (percentage of total revenue from recurring contracts). ISA 240 (Revised) requires the auditor to consider incentive structures as fraud risk factors. The engagement team notes this KPI and cross-references it to the ISA 240 fraud risk assessment, specifically the risk that management might reclassify one-off project revenue as service revenue to improve the conversion ratio.

Practical checklist

1. Add the integrated report to your planning document request list alongside the financial statements. If your client publishes an integrated report, ISA 720 requires you to read it. Request the draft at the same time as the draft financials so you can assess consistency during fieldwork, not after.
2. Map the integrated report’s business model and risk disclosures against your ISA 315 (Revised 2019) understanding of the entity. If the report describes risks or business model changes you didn’t identify, revisit your risk assessment before signing off on it.
3. Read the outlook section of the integrated report against your ISA 570 (Revised 2024) going concern working paper. Flag any claim about future viability that contradicts the events and conditions identified on a gross basis.
4. Check whether management compensation is tied to any KPI disclosed in the integrated report’s performance section. If so, document that KPI as a potential fraud risk factor under ISA 240 (Revised) and assess whether it creates an incentive for misstatement.
5. If your client asks you to provide assurance on sustainability information within the integrated report, assess whether ISSA 5000 applies (it will, for periods beginning on or after 15 December 2026). Scope the assurance engagement separately from the ISA audit, even though both draw on the same understanding of the entity.

Common mistakes to watch for

• Ignoring the integrated report during planning because “it’s not in scope.” ISA 720 doesn’t give you that option. If the integrated report accompanies the financial statements, you read it, and you consider material inconsistencies. The obligation exists whether or not the client asked you to do anything with the report.
• Confusing ISA 720 reading obligations with assurance. Reading the integrated report for inconsistencies under ISA 720 is not assurance on the report. You don’t verify KPIs, capital metrics, or connectivity claims. You assess consistency with the financial statements and with your audit knowledge. If you start verifying non-financial metrics, you’ve moved into ISSA 5000 or ISAE 3000 territory, and you need an engagement letter for that.
• Missing the fraud risk signal in performance KPIs. Integrated reports often disclose management compensation structures that ISA 240 (Revised) requires you to consider as fraud risk factors. If you only read the remuneration note in the financial statements, you may miss the operational KPI linkage that the integrated report makes explicit.

Related content

Frequently asked questions

Further reading and source references

• Integrated Reporting Framework (January 2021 revision): maintained by the IFRS Foundation under joint IASB and ISSB responsibility since August 2022.
• ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information: paragraphs 14–15 on reading and considering other information for material inconsistencies.
• ISA 315 (Revised 2019), Identifying and Assessing the Risks of Material Misstatement: paragraphs 19–25 on understanding the entity’s business model and risk profile.
• ISA 570 (Revised 2024), Going Concern: gross basis identification requirement and interaction with outlook disclosures.
• ISA 240 (Revised), The Auditor’s Responsibilities Relating to Fraud: paragraph 8 on considering incentive structures as fraud risk factors.
• ISSA 5000, General Requirements for Sustainability Assurance Engagements: standalone standard for sustainability assurance effective December 2026.
• CSRD (Directive 2022/2464): EU Corporate Sustainability Reporting Directive driving assurance requirements on sustainability reports.