AICPA proposes new sustainability attestation standards, signaling shift for KPMG teams

KPMG’s ESG, audit and risk teams are facing a clear signal: sustainability reporting is moving from a side practice into the attestation core. The AICPA’s latest proposal would create two new subject-matter-specific AT-C sections, one for examinations of sustainability information and one for reviews, and the comment clock is already running toward a June 30 deadline.

The AICPA Auditing Standards Board announced on Feb. 5 that it would seek public comment on proposed attestation changes partly to address sustainability information, then released the exposure draft on Feb. 26 with a comment period of at least 120 days. The draft lays out AT-C Section 325 for examinations of sustainability information and AT-C Section 330 for reviews of sustainability information. That is a significant shift for firms that have spent the past few years building climate, ESG and nonfinancial reporting capabilities without a fully settled standards framework.

For KPMG, the practical effect is not just more work. It is a different kind of work. Once sustainability information sits inside named attestation sections, teams will need tighter definitions of scope, clearer criteria, stronger evidence trails and more consistent reporting language. That will matter in client conversations about emissions data, transition plans, governance disclosures and other metrics that do not live neatly in the general ledger. It also raises the bar for documentation and for the people doing the work, especially practitioners who have to bridge audit rigor with ESG subject matter knowledge.

The proposal also points to where demand is likely to land first. Advisory teams may see more calls for readiness assessments, internal control design and data quality remediation before clients are ready for assurance. Audit teams will need to keep expanding their fluency in greenhouse-gas data, sustainability metrics and related controls, while risk professionals will have to think about how these engagements fit into quality management, independence and methodology. In a firm like KPMG, where busy season already compresses bandwidth, that means staffing and training decisions cannot wait until client demand hardens.

The AICPA has framed the project as part of a wider modernization effort that also touches digital assets, cybersecurity, governance and related controls. That matters because it suggests sustainability assurance is not being treated as a one-off specialty. It is being folded into the same attestation architecture that governs other emerging services, which should reward firms that already know how to build repeatable processes. For KPMG, the early warning is straightforward: the teams that prepare now will be the ones best positioned when sustainability assurance stops being experimental and starts looking like a standard client expectation.