Seeking Legitimacy for New Assurance Forms: The Case of Assurance on

Sustainability Reporting

Brendan O’Dwyer *
Professor of Accounting
Amsterdam Business School
University of Amsterdam
Plantage Muidergracht 12, 1018 TV
Amsterdam
The Netherlands
Phone: +31 (0) 20 525 4260
Email: b.g.d.odwyer@uva.nl

David Owen
Emeritus Professor of Social and Environmental Accounting
Nottingham University Business School
University of Nottingham
Jubilee Campus
Nottingham, NG8 1BB
United Kingdom
Phone: +44 (0) 115 8466798
Email: david.owen@nottingham.ac.uk

Jeffrey Unerman
Professor of Accounting and Accountability
Manchester Business School - Manchester Accounting and Finance Group
The University of Manchester
Booth Street West (Crawford House)
Manchester M15 6PB
Email: jeffrey.unerman@mbs.ac.uk

Forthcoming in: Accounting, Organizations and Society

* Corresponding author

Acknowledgements:
We would like to thank Ans Kolk for her assistance in initiating contact with key individuals in
the research site. Jan Bebbington, Roel Boomsma, Yves Gendron, Georgios Georgakopolous,
Rob Gray, Chris Humphrey, Jeltje van der Meer-Kooistra, Markus Milne, Niamh O’Sullivan,
and Thomas Riise Johansen all provided very helpful comments on earlier drafts of the paper.
The suggestions of the two anonymous reviewers were also of tremendous assistance in
developing the paper. The comments of participants at research seminars held at the University
of Groningen, the University of Sydney, the University of Dundee, and Macquarie University,
Sydney are warmly acknowledged. The authors would also like to sincerely thank all of the
interviewees for their participation in this study.

Electronic
Electroniccopy
copyavailable
availableat:
at:https://ssrn.com/abstract=1742822
http://ssrn.com/abstract=1742822
 Seeking Legitimacy for New Assurance Forms: The Case of Assurance on
Sustainability Reporting

Abstract

Based on the development of a more refined conception of legitimacy than has been used in
prior audit/assurance and sustainability accounting research, this paper analyses how the
legitimation processes adopted by sustainability assurance practitioners in a large professional
services firm have co-evolved with and impacted upon their attempts to develop this form of
assurance practice - particularly the construction of assurance statements. The analysis reveals a
complex and interdependent interplay between attempts at securing pragmatic, moral and
cognitive legitimacy with three key constituencies - clients who commission the sustainability
assurance services; (socially constructed) non-client users of the assurance statements; and the
firm’s internal risk department that approves the wording of assurance statements. Securing
these types of legitimacy is shown to require the adoption and alignment of varying legitimation
strategies according to the constituency practitioners seek to influence. Developing pragmatic
legitimacy with clients depends on establishing moral legitimacy with non-client users of
assurance statements while securing moral legitimacy with non-client users is contingent on
acquiring pragmatic legitimacy with the firm’s internal risk department. The practitioners’
legitimation strategies are underpinned by a commitment to opening up dialogue within the
assurance process which is evident in their engagement with potential users of assurance and
their efforts to expand assurance statement content and encourage user influence over what is
assured. This provides a counterpoint to Power’s (1994, 1999) concerns about the tendency for
new assurance forms to restrict debate and dialogue and reveals a rare empirical domain where
Power’s (2003b) call for more customised and informative narratives in assurance reporting is
being heeded.

Keywords: audit, assurance, legitimacy, legitimacy theory, sustainability assurance,

sustainability reporting, assurance statements

Electronic
Electroniccopy
copyavailable
availableat:
at:https://ssrn.com/abstract=1742822
http://ssrn.com/abstract=1742822
INTRODUCTION
Recent years have witnessed an increase in third party assurance of information published in
corporate sustainability reports. KPMG’s (2008) International Survey of Corporate
Responsibility Reporting, for example, indicates that of the G250 companies1 publishing such a
report in 2008, 40 per cent included a formal assurance statement, compared with 30 per cent in
their 2005 survey. A further survey by CorporateRegister.com (2008) utilizing their
comprehensive reports directory, which profiles 90 to 95 per cent of all published non-financial
reports, notes an annual average rate of growth in formal assurance of 20 per cent between 1997
and 2007. Traditionally, the market for assurance provision has been divided between
certification bodies, specialist consultancies and the Big 4 professional service firms. The Big 4
are capturing a growing market share of major international company engagements, with
KPMG’s (2008) survey indicating that professional service firms produced 70 per cent of the
sustainability assurance2 statements for the G250 companies, up from 58 per cent in the 2005
survey. Given this development it is perhaps not surprising that this form of assurance has come
to figure highly on the agenda of several standard-setting bodies, including the International
Auditing and Assurance Standards Board (IAASB) which included the development of a
sustainability assurance standard within its strategic aims for 2009 to 2011 (IAASB, 2007).3

A number of academic studies have subjected sustainability assurance practice to critical

scrutiny, primarily via analysing the content of assurance statements in order to illuminate broad
characteristics of assurance practice (Cooper & Owen, 2007; Darnall, Seol, & Sarkis, 2009;
O’Dwyer & Owen 2005, 2007; Simnett, Vanstraelen & Chua, 2009). While such analysis of the
content of sustainability assurance statements enables researchers to make broad inferences
about aspects of the underlying assurance practices, it offers little to facilitate a deeper
understanding of the complexities underpinning actual practice. To date there has been little

1
The G250 sample comprises the top 250 of the Fortune 500 companies.
2
Within this paper the term sustainability assurance is used to refer to assurance provided on sustainability reports
or their equivalent. This assurance is normally presented in the form of assurance statements included within or
published alongside stand-alone sustainability reports.
3
Other professional accounting bodies such as the Fédération des Experts Comptables Européens (FEE, 2002,
2004, 2006) and the Dutch Royal NIVRA (Royal NIVRA, 2005, 2007) have already issued specific guidance and
standards for accountant assurors conducting sustainability assurance-type engagements. More broadly, the UK
not-for-profit organization AccountAbility (1999, 2003, 2008) has also developed an assurance standard (AA1000)
complementing aspects of the guidance emanating from the IAASB’s ISAE 3000 standard on assurance
engagements other than audits or reviews of historical financial information. Further support and suggestions for
assurance on sustainability reports has emerged from the Global Reporting Initiative (GRI, 2006, 2008) and
professional bodies in Germany, Sweden, Australia and Japan (FEE, 2006) while AccountAbility and the
International Register of Certificated Auditors (IRCA) have developed a professional qualification in sustainability
assurance practice (IRCA, 2004).

Electronic copy available at: https://ssrn.com/abstract=1742822

academic research seeking to venture beyond documentary analysis in order to examine “the
organizational reality of [sustainability assurance] work” (Power, 1995, p.334). As a result,
there has been a lack of in-depth research examining the processes by which sustainability
assurance statements are generated (Free, Salterio, & Shearer, 2009; but see Wallage, 2000;
Boele & Kemp, 2005; Edgley, Jones, & Solomon, 2010; and O’Dwyer, 2010)4.

The lack of this type of in-depth research in sustainability assurance partially reflects a wider
trend in academic auditing research in which direct engagements with practitioners (assurors)
seeking out their perspectives on their work and its evolution remain relatively rare (Humphrey,
2008; Gendron & Spira, 2009; Power, 2003a) especially with regard to new and/or emerging
private sector assurance forms (Free et al., 2009). Prior research into new and emerging audit
and assurance practices has empirically investigated and/or theorised the processes through
which these practices seek to gain the legitimacy necessary for them to prosper. Within this
research, the interrelationship between assurance practice and attempts to secure its legitimacy is
viewed as central to the development and widespread acceptance of related forms of assurance,
such as financial, quality and environmental assurance (Curtis & Turley, 2007; Power, 2003a,
1999).

In addressing the lack of in-depth research into sustainability assurance practices, in the context
of a recognition in the broader assurance literature that processes of legitimation are a key
element in the development and embedding of new forms of assurance, the main aim of this

4
Wallage’s (2000) study reflects on the practical challenges faced by KPMG when providing assurance on the
Shell [Sustainability] Report 2000. Boele and Kemp (2005) reflect on their experiences of working as ‘social
auditors’ in their Australian firm Banarra Sustainability and Social Assurance. Both papers represent reflections
written by individual practitioners as opposed to studies and interpretations of practitioners’ perspectives on their
work. Edgley et al. (2010) is a broadly-based interview study investigating the views of 20 individual assurance
practitioners working in different organizations (8 ‘accountants’ from across the Big 4 firms and 12 ‘consultants’)
about various aspects of sustainability assurance, including their perceived, and desired, levels of stakeholder
involvement in assurance and perceptions concerning the contribution of assurance towards organizational
accountability. O’Dwyer (2010) is a case study examining how practitioners in two Big 4 firms approached the
process of constructing sustainability assurance practices. In contrast to Edgley et al. (2010), this paper is a more
focused, contextually bound, in-depth study within one professional services firm context. It is also distinct from
both Edgley et al. (2010) and O’Dwyer (2010) in that it traces practitioner perceptions and experiences as part of
attempts to develop and expand assurance practice with a specific emphasis on the evolving nature of assurance
statement construction. Moreover, this paper is also distinct, both empirically and theoretically, from Edgley et al.
(2010) and O’Dwyer (2010) in that, as we outline in more detail in the next paragraph, it focuses in particular on
how practitioners have sought to develop assurance while simultaneously seeking to legitimise its practice. In doing
so, this paper specifically aims to contribute to developing our understanding of the processes involved in
legitimising sustainability assurance with key audiences.

Electronic copy available at: https://ssrn.com/abstract=1742822

paper is to develop a theoretical and empirical understanding of the processes through which
sustainability assurance practitioners can, and do, seek to legitimise this relatively new area of
practice with key audiences. More specifically, it aims to provide an understanding of how these
legitimation processes co-evolve with and impact upon practitioners’ attempts to develop
assurance practice itself – particularly the content of assurance statements.

This research aim is important for two reasons. Firstly, given the increasing societal and
political attention being afforded to corporate social and environmental activities and
consequences (Hopwood, 2009), corporate sustainability reports are coming under increased
critical scrutiny with claims circulating that they may actually reduce as opposed to increase the
visibility of corporate social and environmental impacts (Gray, 2010; Hopwood, 2009; Milne &
Gray, 2007). Developing an understanding of the nature of the assurance provided on the
content of these reports, especially how the ‘back-stage’ of assurance practice is constructed by
practitioners, can provide valuable insights into the reliability and credibility that a range of
report users may place upon reporting content. Secondly, while much has been written about the
role of audit in the production of legitimacy in organizations and society (Free et al., 2009),
“much less has been written about the process of acquiring and developing the legitimacy of
audit technologies themselves” (Robson et al., 2007, p. 421) especially with respect to new
technologies such as those embedded in sustainability assurance. Unveiling the nature of these
processes allows for a much deeper understanding of ongoing practitioner attempts to develop
the market for assurance by providing detailed insights into the circumstances and obstacles that
can operate to challenge attempts to expand professional work; especially attempts to construct
durable networks of support for new practices (Gendron & Barrett, 2004).

The paper’s aim is addressed through an in-depth case study investigating and analysing the
processes through which practitioners in the sustainability assurance division of a Big 4
professional services firm (code-named SAT), a leader in the sustainability assurance field,
sought to gain support for their services by developing perceptions of legitimacy among three
key audiences: executives/managers at client organizations that produced (or were considering
producing) sustainability reports; stakeholders of these clients who (potentially) use the reports;
and the internal SAT technical division that had to approve the wording of all assurance
statements issued by the firm. This case setting was chosen because, as noted earlier, the
growing market for assurance, especially among large European companies, is dominated by
professional service firms such as SAT (KPMG, 2008).

Electronic copy available at: https://ssrn.com/abstract=1742822

The paper responds directly to Power’s (2003a) call for more detailed empirical work examining
the extension of audit-type practices into new areas, and their effects and consequences, and to
continuing calls for more researchers to enter the field to examine practice in auditing (Free et
al., 2009; Gendron & Spira, 2009; Humphrey, 2008). In examining the relationship between the
development of audit practice and attempts to secure its legitimacy, Power (2003a) asserts that
developments in practice and legitimations of practice are not distinct, they co-evolve. This
paper reveals key elements within a co-evolution of this nature in the context of sustainability
assurance practice. In doing so, it aims to make three key contributions to the literature.

Firstly, the paper offers a theoretical contribution through its enrolment of a refined conception
of legitimacy to frame the examination of the relationship between the emergence of assurance
practice – particularly the formulation of sustainability assurance statements – and attempts to
secure its legitimacy. The concept of legitimacy has hitherto been viewed in a somewhat uni-
dimensional manner by research in the sustainability accounting field and in audit/assurance
work examining the emergence of new practices (Free et al., 2009; Unerman, 2008). However,
in undertaking our analysis, we unpick the concept of legitimacy unveiling both the different
forms legitimacy can take – pragmatic, moral and cognitive – and the different strategies
employed in seeking to secure legitimacy for sustainability assurance with key internal and
external audiences (see, Suchman, 1995). This theoretical refinement endows the concept with
greater explanatory power thereby facilitating a case analysis which reveals firstly, how the
different types of legitimacy sought and the related strategies used to attain them differ
according to the audiences assurors wish to influence, and secondly, the nature of the difficulties
involved in aligning the attainment of these different legitimacy types.

Secondly, at an empirical level this is to our knowledge the first study to engage in in-depth
case-based empirical work examining the emergence of sustainability assurance in a specific
professional service firm setting, thereby opening out as opposed to prematurely ‘black boxing’
emerging sustainability assurance practice. Specifically, the study provides detailed evidence of
the nature of the complexities inherent in expanding professional (assurance) work which relies
heavily on constructing stable and solid networks of support (Gendron & Barrett, 2004).
Practitioners are revealed to be continuously and proactively promoting the economic and social
value of assurance through “creating representations of problems and solutions that are
generally regarded as legitimate” (Power, 2003a, p.392) by key audiences. The study unveils
how practitioners must strive to simultaneously construct and enrol client and user audiences in

Electronic copy available at: https://ssrn.com/abstract=1742822

support of emerging practice and how this process itself influences the evolving nature of
assurance practice – particularly its outputs in the form of assurance statements. These
promotional efforts are, however, countered by struggles involved in enrolling a key internal
audience - a technical ‘risk department’ – in support of assurance given this audience’s
automatic association of a high legal and reputational risk status to sustainability assurance.

Thirdly, the findings nuance and challenge aspects of recent sustainability assurance statement
research which infers that accountability to stakeholders is of minimal concern to practitioners.
While the case unveils extensive evidence of a client-centred focus (often predicated on short-
term horizons among the SAT practitioners) in attempts to highlight the economic value of
assurance, a high level of assuror commitment in principle to accountability to users of
sustainability reports is also apparent. However, the domination of shorter term pragmatic
legitimation-building strategies, especially with clients and the internal SAT risk department,
limited the opportunities for critical engagement with broader public interest or moral issues.
Nevertheless, convincing committed clients of the economic value of assurance is shown to
depend on arousing user interest through appeals to moral legitimacy and convincing clients of
the public interest value of assurance by emphasising how it facilitates broader accountability to
users.

The remainder of the paper proceeds as follows. The next section illustrates how developments
of audit/assurance practices tend to co-evolve with attempts to secure their legitimacy with
internal and external audiences. It also unpacks the concept of legitimacy both in terms of the
type of legitimacy pursued and the strategies employed in seeking each type. The research
methods are then outlined and are followed by the case analysis. The final section discusses the
case findings in the context of the theoretical framework and suggests some future research
directions.

THEORETICAL PERSPECTIVES ON THE LEGITIMATION OF ASSURANCE

PRACTICE
To provide a theoretical framework for understanding and analysing the paper’s empirical
material from the perspective of the legitimation of sustainability assurance practices, this
section explores insights from the academic literature on processes of legitimation.

Electronic copy available at: https://ssrn.com/abstract=1742822

Expanding the jurisdiction of professional practice – legitimating professional (audit and
assurance) work
According to Abbott (1988), the process of legitimating professional work “connects
professional diagnosis, treatment, and inference to central values in the larger culture, thereby
establishing [its] cultural authority” (p.184). Legitimation processes aim to justify both the work
professions undertake (are the results produced culturally valued?) and how it is undertaken (are
the results produced in a culturally approved manner?). Different professions have enrolled
various abstract cultural values to legitimate their work, including: individual values like
happiness, health and self actualization; social values like justice and orderliness; political
values like democracy and freedom of information; and economic values like profit, economic
growth and security. Professional work is also often legitimised through promoting its reliance
on the scientization or rationalisation of techniques – highlighting its technical and scientific
expertise – and on the efficiency of service provided (Abbott, 1988).

Practising professionals can exert a significant influence on how and whether new professional
practices are legitimised because they are key actors in their own development (Gendron &
Barrett, 2004). On the assumption that practitioners act rationally in selecting legitimation
strategies that they believe will be most successful, their legitimation processes involve
identifying key audiences, and employing various strategies to garner audience support for
proposed practices, sometimes in the face of severe competition from other professions (Abbott,
1988). These strategies of legitimation are especially important for professions entering new
work domains, and have been central to accountants’ and auditors’ successful efforts to market
their expertise in areas such as environmental and efficiency auditing (Power, 2003a). However,
attempts to expand professional work often face inherent difficulties in creating perceptions and
values among key audiences as evidenced in the problems accountants have experienced while
attempting to construct stable and solid networks of support around claims to expertise in e-
commerce assurance and management consulting (Gendron & Barrett, 2004; Shafer & Gendron,
2005).

Accountants’ efforts to expand audit/assurance to new domains have also attracted significant
critique. Power (1994, 1999, 2003b), for example, has highlighted how the expansion of audit
into public sector arenas in the UK formed part of an ‘audit explosion’ fuelled by promises of
greater transparency, accountability, efficiency and quality. However, he argues that these audits
failed to live up to their pledges and actually inhibited rather than enhanced debate and dialogue

Electronic copy available at: https://ssrn.com/abstract=1742822

due partly to the incorporation of an almost ideological belief in the need to use audit as a means
of instilling discipline. Shore and Wright (2008, 2000) concur with Power’s view in their
critique of the expansion of ‘audit cultures’ into the UK public sector generally, and the UK
university system specifically. They claim that “tokenistic gestures of accountability - such as
rigid paper systems and demonstrable audit trails [have been invoked] to the detriment of real
effectiveness” (Shore & Wright, 2000, p. 81), with those being scrutinised rendered objects of
information and never subjects in communication. While Power (1994) argues for more
democratic, reflexive, face-to-face forms of peer group accountability to combat these trends,
Shore and Wright (2000) dismiss this suggestion as portraying audit in an overly benign manner
as a tool with errors that can be rectified as opposed to a central feature of a system of
governmentality that is itself coercive, deeply exploitative and anti-communitarian. Moreover,
they argue that the expansion of (financial) audit into new domains needs to be more robustly
contested by encouraging a posture of critical scepticism aimed at reappropriating key concepts
such as accountability and quality in order to ensure they come to mean something broader and
more empowering.

Power’s (1994, 2003b) articulation of an ‘audit explosion’ largely focused on the expansion of
‘audit’ into public sector arenas where audits were imposed with regulatory backing, leaving
auditees little choice but to succumb to their purportedly narrow disciplinary aims. The
sustainability assurance context is distinct, however, in that this form of assurance is a voluntary
undertaking for auditees and remains largely unregulated. Hence, its development and expansion
are mainly subject to market forces. Consequently, compared to public sector audit/assurance
arenas, practitioners seeking to construct and expand this practice rely more on enrolling the
support of auditee audiences as they must also create demand for their services. Moreover,
practitioners are not the only parties central to constructing and expanding this practice; the role
of standard setters like the UK not-for-profit organization AccountAbility and the International
Federation of Accountants (IFAC) is also important in establishing both the nature of practice
and its acceptance among key audiences.

The co-evolution of audit/assurance practice with attempts to secure its legitimacy with
clients, the ‘non-client external world’, and the ‘internal world’

Power (2003a) argues that attempts to develop professional practices such as audit/assurance
and attempts to secure their legitimacy cannot be considered separately as they necessarily co-

Electronic copy available at: https://ssrn.com/abstract=1742822

evolve. Three key audiences form the central focus of recent efforts to develop new
audit/assurance practices in conjunction with strategies to legitimise these practices. These
audiences comprise: audit/assurance clients (auditees); the ‘external world’, primarily
comprising non-client users/readers of audit reports/assurance statements; and internal audiences
within ‘auditing/assurance’ firms (the ‘internal world’).

Seeking Legitimacy with ‘Clients’

The emergence and development of financial audit practice has long been influenced by
attempts to secure its legitimacy with client audiences (Curtis & Turley, 2007). In the late 1990s
and early 2000s, new audit methodologies such as Business Risk Audit (BRA) gave auditors
access to a new discourse and market rationale for audit – that of assurance for the client
(Robson et al., 2007) – which explicitly attached these ‘new’ audit practices to the economic
value of profit (Abbott, 1988). Attempts to legitimise BRA with clients also enrolled educator
and regulator audiences to support scientization-based claims that BRA possessed a rational,
scientific foundation (Robson et al., 2007). The creation of auditable environments aimed at
enhancing clients’ preparedness for audit has also emerged as a central economic value-oriented
strategy within attempts to legitimate other forms of assurance with clients. This central
characteristic of ‘the audit explosion’ involves certain accounts (or reports) being negotiated by
auditors and auditees within the audit process with the result that accounts and audits are often
co-produced by both parties (Power, 1994, 1996, 2003b). It has enabled the establishment of
auditable environments which has helped to secure legitimacy with clients by demonstrating the
economic value evident in newly created, improved and ‘auditable’ internal information systems
(Swift, Humphrey, & Gore, 2000).

Seeking Legitimacy with the Non-Client ‘External World’

Audit reports and/or assurance statements are generally regarded as having a key role to play in
establishing legitimacy with external audiences both for the processes (or reports) that are the
subject of the assurance statements and for the assurance practices themselves – especially as
the nature of communication with core audiences is seen as a key factor in securing legitimacy
(Elsbach, 1994). Power (1996) argues, however, that these statements merely act as “a symbol
of legitimacy which do not so much communicate as “give off” information by virtue of a
rhetoric of neutrality, objectivity, dispassion and expertise” (p.54) aimed at providing comfort to
outside users. While this communication claims to attain certain social values to establish
legitimacy for audit/assurance practice with readers - such as the contribution of audit/assurance

Electronic copy available at: https://ssrn.com/abstract=1742822

to achieving accountability - Power (2003b) bemoans the anodyne, constrained opinions
contained in assurance statements which, he argues, rarely encompass genuine critique in the
name of accountability. Shore and Wright (2000) also claim that these statements fail to enhance
accountability although they blame the statements’ excessive length, lack of clarity and potential
to encourage diametrically opposing interpretations.

Legitimating new audit/assurance practices with potential users requires the careful creation and
management of user expectations by practitioners. Surveys of user expectations of financial
auditors’ work suggest a widespread misunderstanding of the financial audit function and
financial auditors’ responsibilities due to a combination of user confusion and ignorance (Porter,
Ó hÓgartaigh, & Baskerville, 2009). This draws attention to a widely perceived need to educate
users about the ‘true’ nature of financial audit. Such user education is likely to be especially
crucial for practitioners attempting to manage and create expectations aimed at promoting the
extension of audit/assurance into new private sector arenas particularly as prior research has
revealed gaps between the expectations and capabilities of ‘new’ forms of audit such as
environmental and quality audits (Power, 1999).

Seeking Legitimacy with the ‘Internal World’

While enrolling external audiences in support of the expansion of professional work has been
central to legitimating expansions in audit/assurance practice, attaining internal legitimacy for
such practices within professional services firms is also likely to be central to achieving this
aim. Although this latter aspect of legitimacy has been largely ignored in prior research
examining organizational legitimacy (Kumar & Das, 2007), in the context of the legitimation of
new or emerging audit/assurance practices it is highly relevant given that even financial audit
practitioners have sometimes struggled to secure legitimacy for aspects of practice within their
own professional service firms (Curtis & Turley, 2007).

Refining the concept of legitimacy

While issues of legitimacy and processes of legitimation are important in both developing and
understanding audit and assurance practices, the concept of legitimacy within the existing audit
and assurance literature is often rather broadly defined (Free et al., 2009) thereby offering
limited insights into the specific types of legitimacy being sought or the different legitimation
strategies being pursued. While Power (2003a) speaks of the co-evolution of audit/assurance
practice and legitimations of practice, he does not define in detail what he means by the terms

10

Electronic copy available at: https://ssrn.com/abstract=1742822

‘legitimacy’, ‘legitimate’ or ‘legitimation’. Rather, the meaning is often inferred through the use
of these terms in the narrative of his paper, aspects of which echo a common definition of
legitimacy espoused by Deephouse and Carter (2005) who explain that “a central element of
legitimacy [involves] meeting and adhering to the expectations of a social system’s norms,
values, rules and meanings” (p.331). This also chimes with Suchman’s (1995) definition of
legitimacy as “the generalized perception or assumption that the actions of an entity are
desirable, proper or appropriate” (p.573).

These conceptions require further refinement however as there is a danger, particularly evident in
prior research in the related area of sustainability reporting (Unerman, 2008), that their somewhat
broad nature makes it possible to claim in analysing data that a wide range of phenomena are
consistent with a legitimacy explanation, even though the legitimacy in each of the areas explored
and/or the legitimacy demanded by different audiences may be of an entirely different nature.

Types of legitimacy
Suchman (1995) distinguishes three types of legitimacy - pragmatic, moral and cognitive.
Pragmatic legitimacy involves support for a practice based on its perceived practical
consequences or instrumental value for its most immediate audiences (Kumar & Das, 2007). In
its simplest form it is a type of exchange legitimacy – where support for the practice is based on
that practice’s specific value to a set of constituents. A related variant is influence legitimacy
which is based on the perception that the practice is responsive to its constituents’ larger
interests as opposed to their specific individualised interests. This may result from an
organization’s willingness to allow constituents some influence over the development of a
practice through, for example, inviting them to participate in decision making regarding practice
development and/or adopting constituents’ standards of performance within key features of the
practice (Palazzo & Scherer, 2006). A third type of pragmatic legitimacy, dispositional
legitimacy, is secured by convincing constituents that a practice broadly has their best interests
at heart, and is inherently trustworthy.

Moral legitimacy is based on constituents’ assessments of whether a practice is deemed the right
thing to do. It reflects a positive normative evaluation of a practice and possesses a pro-social
logic revealing constituent beliefs about whether the practice effectively promotes societal
welfare as determined by the audience’s socially constructed value system. The moral
legitimacy of a practice may be based on evaluations of its outcomes and consequences;

11

Electronic copy available at: https://ssrn.com/abstract=1742822

techniques and procedures; leaders and representatives; and categories and structures. These
evaluations conform respectively to four moral legitimacy types: consequential legitimacy;
procedural legitimacy; personal legitimacy; and structural legitimacy. Consequential legitimacy
involves judging a practice by what it accomplishes. Does it achieve socially desired and
socially valued results? Procedural legitimacy involves practices garnering moral legitimacy by
embracing socially accepted techniques and procedures, with practices being assessed as to
whether they are doing things correctly (Brinkerhoff, 2005). Procedural legitimacy is most
important in the absence of clear outcome measures when sound procedures underpinning
practices can serve to demonstrate that the practices contribute to achieving “valued, albeit
invisible ends” (Suchman, 1995, p.580).5 Personal legitimacy derives from the personal status,
reputation and charisma of individual organizational leaders and staff while structural
legitimacy relates to the socially constructed legitimacy of an organization to perform certain
tasks or practices.

Cognitive legitimacy is produced when practices pursue objectives and activities that
constituents take for granted as being appropriate, proper and desirable. Constituents therefore
believe the practice is the most appropriate and the only acceptable or natural approach to effect
some kind of collective action. For example, in the context of sustainability assurance it would
imply that constituents generally take it for granted that this practice is both necessary and relevant
and is an essential ‘fact of life’ in the sustainability reporting arena, with this assessment being based
on cognition rather than on interest or evaluation (Golant & Sillince, 2007). As cognitive legitimacy
operates mainly at the subconscious level it is difficult for practitioners to directly influence
audience perceptions (Palazzo & Scherer, 2006) and it requires expanding audiences for new
practices outside of more immediate constituencies (who are crucial to securing pragmatic and
moral legitimacy) and mobilising the broader civil society (Cashore, 2002). Cognitive
legitimacy has two variants: comprehensibility (understandability) and taken-for-grantedness.
Comprehensibility depends upon popularising practices through establishing cultural accounts
that produce plausible explanations for the existence of practices and how they are enacted.

5
Power (1999) makes reference to a type of procedural legitimacy when discussing the rise of financial audit. The
procedural nature of financial audit is often intensified and emphasised in order to present a picture of audit as a
rational, precise, controllable practice which can realise broad, often ambiguous aims centred on control and
accountability. Hence, investing in and promoting procedures (or process) has potentially enabled audit to achieve
legitimacy with various audiences, especially with respect to its ability to be effective in supporting the discharge of
accountability. However, as Power (1999, p.36) points out, this proceduralisation clouds the craft-like nature of
audit practice where practitioner common sense and judgement often prevail, with central concepts such as
materiality defying precise codification.

12

Electronic copy available at: https://ssrn.com/abstract=1742822

Practices also derive legitimacy from being “taken-for-granted” but while this taken-for-
grantedness is the most subtle and most powerful source of legitimacy it is also the most rarely
attained.

The three types of legitimacy above co-exist in most real-world settings and, while analytic
distinction can be made among them, in practice they tend to merge with one another
(Brinkerhoff, 2005). Moreover, while all three types often mutually reinforce one another, they
can also come into conflict and in each unique empirical situation all audiences’ assessments of
legitimacy are not of equal importance (Ruef & Scott, 1998). They also exist on a form of
durability pendulum whereby pragmatic legitimacy is the easiest to obtain but the least durable
due to its emphasis on short term material incentives and its greater exposure to changes in the
perceptions of external audiences, while cognitive legitimacy is the hardest to attain but has a
longer term orientation and is, hence, easier to maintain (Cashore, 2002; Kumar & Das, 2007).
Attaining pragmatic legitimacy is the first step in ensuring the long term prosperity of a practice.
However, a failure to attain moral legitimacy can potentially undermine the preservation of any
secured pragmatic legitimacy. Cognitive legitimacy evolves quite slowly as it is often the
product of constituents’ cumulative experiences (Kumar & Das, 2007).

Strategies of legitimation for new practices

Suchman (1995) identifies three broad, somewhat overlapping strategies aimed at securing the
three types of legitimacy above. These strategies fall along a continuum ranging from relatively
passive conformity with existing audience perceptions to relatively active manipulation of
audience perceptions (see Table 1 for a broad summary of these strategies). All three
legitimation strategies, especially those aimed at attaining pragmatic legitimacy, effectively seek
to sell the ‘idea’ and practice of assurance to key audiences.

Insert Table 1 about here

The first strategy involves conforming to the dictates of pre-existing audiences within the
current environment of the organization promoting a practice – a conform strategy. To secure
pragmatic legitimacy this strategy illustrates how practices conform to the instrumental needs
and demands of key existing constituents or offers some access to decision making about the
nature and operation of the practice, or both. The latter task involves co-opting constituents
while ensuring that the key aims of the practice remain intact. Pragmatic legitimacy can also be

13

Electronic copy available at: https://ssrn.com/abstract=1742822

attained by trading on a strong prior organizational reputation in related practices. To attain
moral legitimacy the practices must be shown to produce concrete, socially desirable outcomes.
This can also involve co-opting certain constituents, not to incorporate their pragmatic concerns,
but to associate the practices with respected entities in the environment in which the practices
are being promoted. Cognitive legitimacy is pursued by demonstrating that the practices
conform to established models or standards. This can be partially achieved through mimicking
related prominent and well established practices.

The second strategy involves efforts to select among multiple environments in pursuit of an
audience that will support the proposed practices – a selection strategy. To establish pragmatic
legitimacy proponents of the practice must identify and attract constituents who value the types
of ‘exchanges’ the practice can provide. Moral legitimacy depends upon selecting and
promoting moral criteria suited to selected constituents. The goals of new practices can be
oriented to meet moral criteria such as efficiency, accountability, reliability, responsiveness and
so on according to selected constituent requirements. Cognitive legitimacy depends upon
selecting some explicit certification or standard that can then be applied to the practice.

Most practices will attain legitimacy through carefully conforming to and selecting their
environments. However, in some cases, especially when seeking legitimacy for radical new
practices, novel legitimacy claims are needed. This requires the creation of new audiences and
new legitimating beliefs with legitimacy claims becoming “less a matter of management than of
evangelism” (Suchman, 1995, p.591) – a manipulation strategy. Pragmatic legitimacy is seen as
the easiest form of legitimacy to manipulate and primarily involves a form of ‘product’
advertising aimed at persuading core constituents to value key aspects of practice. Developing
and promoting new grounds for moral legitimacy can be attempted through practices
establishing a record of technical success in conforming to certain ‘moral criteria’ such as
accountability or reliability to demonstrate consequential legitimacy on their own terms.
However, this moral legitimacy is more easily attained if organizations work together to call for
a ‘morality’ in which the practice’s outputs, procedures, structures and personnel occupy
positions of honour and respect. Finally, cognitive legitimacy may be attained through
enhancing comprehensibility by lobbying, advertising, litigation and scientific research aimed at
continually articulating stories about the practice in order to demonstrate its reality. Taken for
grantedness can be promoted by encouraging isomorphism through the standardisation of
practice.

14

Electronic copy available at: https://ssrn.com/abstract=1742822

Drawing upon the framework developed in this section (see Table 1), the paper proceeds to
examine and analyse the co-evolution of sustainability assurance practice, in particular the
development of assurance statements, with assuror attempts to secure its legitimacy with three
broad audiences: audit/assurance clients (auditees); the ‘external world’, primarily comprising
non-client users/readers of audit reports or assurance statements; and internal audiences within
‘auditing/assurance’ firms (the ‘internal world’). Prior to presenting the analysis, the following
section outlines the research methods used to conduct the investigation.

RESEARCH METHODS
Given that sustainability assurance has rarely been studied in depth, it remains a practice that is
not well understood. This makes the choice of a qualitative approach an appropriate one to help
develop our understanding of its practice, especially the complexities underlying it (Cooper &
Morgan, 2008; Edmondson & McManus, 2007). Consistent with this overall objective, we
deliberately focused our attention on gaining the perspectives of practitioners who had been
directly involved in shaping assurance practice. In the context of our theoretical framing, we
focus explicitly on their formulation of legitimation strategies. These practitioner interviewees
included some of the most influential and knowledgeable individuals involved in developing
sustainability assurance in the European context, so gaining access to their perspectives also
contributes significantly to the quality and relevance of the data gathered. Moreover, the SAT
office, part of a large professional services firm, was specifically selected for this study as it has
a long and well established Sustainability Assurance Division and is seen as a thought leader in
sustainability assurance worldwide. The division sits within a section in the SAT office called
the ‘Sustainability Section’ which employs a team of over 30 professionals offering advisory
and assurance services on sustainability-related issues to an international client base.

Data Collection
Contact with SAT was established through a senior partner who was known on a professional
basis to one of the authors. The researchers initially expressed an interest in studying the
emergence of sustainability assurance practice in SAT informally with this partner. This led to a
formal meeting between one of the researchers and two senior partners: the head of the
assurance quality review department and the head of the Sustainability Section. Key emerging
issues in the domain of sustainability assurance were discussed at this meeting and a rough
framework for the study was proposed by the researcher. A follow up meeting was then held to
discuss the proposal in more depth and this meeting included the other senior partner in the

15

Electronic copy available at: https://ssrn.com/abstract=1742822

Sustainability Section as well as the aforementioned two partners. Subsequently, the researcher
sent a more detailed formal proposal to the lead partner in the Sustainability Section and after
some further discussion with the researcher about the potential focus of the study via email this
partner agreed that key SAT staff should participate in the study. At no stage did any of the
partners express any concerns about the nature of the study. Much of their motivation for the
meetings appeared to derive from their desire to openly discuss and debate with the researcher
key issues they felt needed to be addressed in order to develop and expand the sustainability
assurance market.

The data analysed for the study was collected from several sources. These included the two
initial in-depth joint interviews with the senior partners and twelve separate in-depth interviews
held with all members of the Sustainability Section directly engaged in sustainability assurance6
(these twelve interviews included three additional individual interviews with the senior partners
initially interviewed). These interviewees comprised senior partners (three), managers (six), and
seniors/semi-seniors (three). Only two interviewees, both partners, had training in financial
auditing: the assurance quality review partner, and the head of the Sustainability Section7. The
remaining interviewees had prior backgrounds in areas such as environmental management,
environmental economics and cultural anthropology8. All SAT publications on sustainability
assurance were also analysed. These included copies of presentations to clients relaying the SAT
assurance process, publications commenting on extant sustainability assurance standards,
sustainability strategy overviews for clients9, contributions by interviewees to ‘regulated’
internet blogs on sustainability assurance10, and publications issued subsequent to the interviews
outlining SAT’s assurance approach. One of the authors also attended the launch of one
publication and a related event hosted by SAT where developments in sustainability assurance
practice were debated with other practitioners, company representatives, academics and NGOs.
6
This included one individual who had recently ceased undertaking assurance engagements.
7
The assurance quality review partner interviewed was also associated and heavily involved with the so-called Risk
Department in SAT. This is noted here as a feature of the case analysis is the perceived role of the Risk Department
in the development of assurance practice.
8
These interviews also formed part of the data analysed in O’Dwyer (2010). O’Dwyer (2010) conducted 36 in-
depth interviews in two Big 4 firms (one of which was SAT) in order to examine the way practitioners in both firms
approached the construction of assurance practices. As noted in footnote 4 above, this paper’s empirical and
theoretical focus is distinct from that of O’Dwyer (2010).
9
These are advisory documents which indicate how clients might incorporate sustainability issues into their overall
strategy. They often advise on the instigation of stakeholder engagement processes and how sustainability
considerations can be incorporated into issues such as supply chain management in order to ‘add value’ for clients.
10
These were internet blogs facilitated by the organization AccountAbility on its website
(www.accountability21.net). These blogs formed part of the development of a revision of AccountAbility’s
sustainability assurance standard, AA1000. Certain SAT Sustainability Section managers contributed their views on
sustainability assurance to these blogs.

16

Electronic copy available at: https://ssrn.com/abstract=1742822

Furthermore, a comprehensive analysis of all SAT assurance statements from 2002 to 2006 was
conducted using a detailed questionnaire instrument developed by O’Dwyer and Owen (2007,
2005). While access to SAT’s assurance working papers was requested in the initial meetings
with the two senior partners, this was denied given the perceived sensitivity of the client data
included therein.

All individual interviews lasted from 45 minutes to two hours and took place in the period from
December 2005 to June 2006. Of the fourteen interviews, twelve were conducted in SAT’s
office, while one interview was conducted in one of the author’s offices and the other was
undertaken by telephone. Apart from the first two joint interviews which were open-ended
discussions about sustainability assurance in SAT, all potential interviewees were emailed a
letter requesting their participation. The emails indicated that the broad aim of the study was to
gain an in-depth understanding of the complexities involved in undertaking sustainability
assurance engagements from the perspective of practitioners. All potential interviewees were
also informed that the interview would be conducted and reported on an anonymous basis. A list
of broad open-ended questions/themes for discussion designed to encourage individuals to
discuss their experiences of and views on sustainability assurance practice both generally and
specifically within SAT was also included in the email. These questions initially addressed two
key themes: the perceived purpose of sustainability assurance and assurors’ experiences of the
evolution and enactment of the sustainability assurance process within SAT. The latter theme
was addressed under a number of overlapping sub-themes designed to unveil perceptions on: the
nature of the evidence collection process; the evolution and nature of client-assuror relations;
practical complexities involved in conducting assessments of reporting completeness,
stakeholder responsiveness, and materiality; the key decision making processes during
assurance engagements; the nature of the assurance statement drafting process; and post
assurance interaction with clients and their stakeholders. A final theme addressed the key
dilemmas/difficulties encountered by interviewees while undertaking assurance engagements.
All requests for interviews elicited a positive response.

At the beginning of each interview, interviewees were asked if it was permissible to record the
interview. It was explained to each interviewee that the recorder was only being used to enhance
the accuracy of the interview record and to allow more scope for probing by the interviewer
during the interview and that if at any stage during the interview they wanted the recorder
switched off, the interviewer would do so. All interviewees responded positively and all

17

Electronic copy available at: https://ssrn.com/abstract=1742822

interviews, apart from the two initial joint interviews with partners, were recorded on an MP3
player and subsequently fully transcribed. The commitment to the confidentiality of interviewee
perspectives in the email request was reiterated and interviewees were also informed that the
interview would be transcribed and the transcript sent to them for review. They were further
informed that no other party within or outside SAT would have sight of their individual
transcript. Extensive time was also spent at the beginning of each interview establishing a
rapport with each interviewee. This involved discussing their background and how they came to
work at SAT, the interviewer’s background and interest in the topic of investigation, and a clear
outline of the nature of the study being conducted as well as confirmation that the study was
being undertaken independently and for academic research purposes only. Throughout the
interviewing process, the themes mentioned above were used in a loosely guided manner that
allowed the interviewer to remain open to pursuing emerging trends, themes, and patterns within
interviews which were of importance both to the interviewees and the focus of the study
(Gendron, 2009; Silverman, 2010). The sequence in which issues were addressed varied
throughout different interviews (Patton, 2002) but the same issue (the perceived purpose of
sustainability assurance) was addressed at the commencement of each interview. Detailed notes
were taken throughout all interviews and, after each interview finished, reflections and issues for
probing in future interviews were recorded on the MP3 player and/or written down in a separate
journal.

Formal Data Analysis

The transcribed interviews were analysed using three sub processes: data reduction; data
display; and conclusion drawing/verification (Huberman & Miles, 1994; O’Dwyer, 2004). A
detailed reading of all transcripts and accompanying notes and tape-recorded reflections on
interviews led to the identification of numerous key themes. A summary table was then prepared
for each transcript which named these themes, explained their nature, and their location within
each transcript. Subsequent readings of the transcripts added to these themes and further reading
was undertaken until some sense of saturation of the issues identified by interviewees was
reached. A coding scheme was developed intuitively for each theme (Miles & Huberman, 1994;
Ryan & Bernard, 2003) and express attention was paid to contradictions within interviews and
among interviewees (Patton, 2002). A detailed mind map was then constructed drawing on all
the themes identified among all interviewees. This attempted to draw links between the various
themes especially those appearing most frequently and elaborated upon in greatest depth
(Coffey & Atkinson, 1996). Core categories related to the concept of ‘legitimacy’ were

18

Electronic copy available at: https://ssrn.com/abstract=1742822

identified, partially influenced by prior and ongoing reading, and individual themes were
grouped under these categories. This mind map with key categories linking legitimacy to
developments in practice was used to frame an initial description of the key findings.
Subsequent to the completion of this initial interpretation, an analysis of newly published
documentation from SAT explaining its approach to sustainability assurance was undertaken in
conjunction with the aforementioned examination of all assurance statements issued by SAT
from 2002 to 2006 as these both had direct implications for key aspects of the initial
interpretation. This narrative then went through numerous separate iterations as transcripts were
revisited and key literature and supporting documentation were re-read where deemed
necessary. Drafts of this narrative were also sent to all interviewees for comment, and extensive,
largely positive feedback was received. Follow up meetings with certain interviewees (at their
request) were also undertaken to discuss and clarify aspects of the findings. The substance of the
interpretation of the findings was not altered in any way as a result of these discussions.

CASE CONTEXT
The professional services firm office studied (SAT) operates from a city base in Western
Europe, and has been a world leader in both the development of sustainability reporting and
associated assurance over the past twenty years. The office has a range of multinational
sustainability assurance clients and is widely recognised as a thought leader in the development
of sustainability assurance worldwide. It is also the market leader in assurance provision in its
national context. The office initially became involved in providing assurance on ‘environmental’
reports in the early 1990s and increased demand for this service was anticipated due to emerging
national legislative reporting requirements. SAT’s key assurance engagement undertaken with a
large multinational throughout much of the 1990s was primarily controlled by financial auditors
with some input from more specialised environmental experts. In the mid to late 1990s,
however, the assurance team was expanded when a number of sustainability assurance and
advisory practitioners joined the office. This practitioner group was led by a key player from the
European accountancy profession influential in the development of European sustainability
reporting and assurance (he had departed SAT a number of years before this study commenced).
This group helped develop the stand-alone Sustainability Section in SAT that now focuses on
providing a range of assurance and advisory services to organizations on sustainability-related
matters. Apart from assurance, these encompass specialised climate change services such as
advice on sustainable supply chains, carbon valuation, carbon footprint measurement, climate
change risk management, sustainability report development and sustainability strategy support.

19

Electronic copy available at: https://ssrn.com/abstract=1742822

The Sustainability Section forms part of the international firm’s global sustainability network
linking member firms worldwide and its organizational model has provided the template for the
organization of the global sustainability network. All key ‘thought leadership’ publications for
the global firm emanate from the Section studied and members of the Section are also involved
with key international organizations in the sustainability reporting and assurance field such as
the IAASB, AccountAbility, the Global Reporting Initiative (GRI), and the World Business
Council for Sustainable Development (WBCSD). While financial auditors work on many
assurance engagements, dedicated sustainability assurance practitioners tend to lead these
engagements.

CASE ANALYSIS
This section presents and analyses the case findings. The case narrative is structured into three
sub-sections analysing the attempts of sustainability assurance practitioners (assurors) to secure
different types of legitimacy for sustainability assurance with three key audiences: clients;
(potential) sustainability report users (the ‘non-client external world’); and the SAT internal
‘Risk Department’ (the ‘internal world’). The legitimating tactics and strategies are interpreted
drawing on Suchman’s (1995) typology of legitimation (see Table 1 above). A broad summary
of the case analysis unveiled in the narrative is presented in Table 2 below.

Insert Table 2 about here

Seeking Legitimacy with Clients

The type of legitimacy sought from clients largely corresponds to a pragmatic definition of
legitimacy. Pragmatic legitimacy is sought through a mixture of legitimation strategies which
aim to conform to the instrumental needs of existing and potential new client audiences while
also seeking to create new audiences through talking up the potential benefits of assurance more
widely in order to persuade new audiences to value assurance.

Creating a need and demand for assurance among new and existing clients by appealing to
instrumental reasoning
SAT assurors asserted that they had to constantly ‘sell’ to direct client contacts – normally
corporate social responsibility (CSR) directors/managers or their equivalent – the ‘added value’
of sustainability assurance for client companies using a number of interrelated strategies of
representation. These primarily encompassed specifying client problems that needed solving –

20

Electronic copy available at: https://ssrn.com/abstract=1742822

particularly related to poor information systems – and then suggesting assurance as a possible
solution. In articulating these practical consequences or value propositions, assurors sought to
demonstrate the specific value of assurance to direct client contacts (exchange legitimacy). For
example, they highlighted: the inadequacies of existing information systems and their potential
to increase the risk of reporting inaccurate information; how improved information systems
established through assurance processes could help embed ‘sustainability’ more deeply in client
organizations thereby increasing the internal influence of direct client contacts and allowing
them to further promote the importance of their ‘sustainability’ expertise; and how the assurance
process discipline could improve the actual and perceived quality of reporting content thereby
contributing to its enhanced external credibility.

Assurors also argued that improved information systems in conjunction with assuror
assessments of the completeness of reporting could help clients more easily identify their key
reputational risks. For one significant client this was the central reason they had continually
committed to adopting SAT’s assurance process:
[Name of SAT client] is a good example of the success of this [strategy]. They always say ‘the
biggest value of the assurance is not in the external part but in the internal part as [SAT] with
their eyes and ears all over the world looking at things are able to feed back to us what may be
11
happening out there that we have not picked up on’. (A3, manager)

You know five years ago, it [a social reputational issue relevant to a client company] wasn’t even
on their radar screen. We told them that our analysis suggested it was a problem for their sector
that they needed to address in their reporting especially as it could become a competitive issue
... They realise that we, through the assurance process, provided an early warning sign. (A2,
senior partner)

SAT’s public documentation also appealed to the exchange value that existing and potential
clients could derive from enhanced internal information systems by advancing this benefit as
“an entirely natural outcome of an assurance engagement”. The image/reputation benefits of
assurance on capital markets were also promoted by articulating the role of assurance in helping
to create market perceptions of lower risks thereby enabling the “exploit[ation of] new
opportunities for value creation”. The reputational value of inclusion on sustainability indices
such as the Dow Jones Sustainability Index and/or the FTSE4Good Index was also emphasised,
with assurance promoted as a central element in ensuring inclusion in these indices.

11
The interviewees are designated from A1 to A12 in the quotations used throughout the paper. A2, A6 and A11
are senior partner level interviewees. A1, A3, A4, A5, A7, and A8 are senior manager/manager level interviewees
and A9, A10 and A12 are senior/semi-senior level interviewees.

21

Electronic copy available at: https://ssrn.com/abstract=1742822

Nevertheless, a key obstacle to securing this exchange legitimacy presented itself in the form of
a lack of detailed prior client reflection on assurance itself. Questions such as, “you are the
auditors, tell us what we have to do and why?” (A6, senior partner) initially prevailed causing
assurors to have to spend substantial time “educating … [clients] … nine out of ten [of whom]
ha[d] no idea” (A3, manager) what sustainability assurance really entailed or how it could
benefit their organizations. Some interviewees expressed dismay at this lack of initial reflection
as it made legitimising the idea of assurance at a deeper and higher level within client
organizations much more challenging:
Sustainability departments are often not capable of creating the business case for their upper
management. There is a lot of buzz around sustainability but they find it very hard to link this to
the value drivers in their organization … to make clear why sustainability is important in the first
place and then after that, why assurance is important. (A3, manager)

These people [CSR managers/directors] have no idea what management and control means,
they don’t understand what reporting means, they don’t understand internal audits, they just
don’t know what it means. (A4, manager)

The assurors’ legitimation strategy to address this problem involved attempts to change or
develop certain perceptions of assurance among direct client contacts. To assist in this process,
they sought to co-opt more informed and committed contacts, in the sense of using them as
messengers to help develop the pragmatic legitimacy of assurance at a deeper level in their
organizations. For example, some assurors’ frustration with CSR managers at client companies
resulted in a positive orientation towards engaging with more informed and potentially
influential internal auditors. Clients’ internal audit departments were therefore enrolled where
possible as key contacts given their enhanced understanding of the business benefits of
improved information systems and their greater ability to understand and communicate the
business case internally:
Discussions are a lot easier when you have an internal auditor who better understands the
principles of auditing. We keep having to explain the case for assurance over and over again to
CSR people whereas with an internal auditor it takes you five minutes. (A3, manager)

The co-production of reporting and assurance – seeking exchange and influence legitimacy
In addition to the above pursuit of exchange legitimacy, assurors also engaged in pragmatic
legitimating strategies and tactics with clients that combined a quest for exchange and influence
legitimacy. This was not a one-way process whereby clients could help determine the shape of
the assurance practices themselves, but a more subtle and complex process involving the co-
production of sustainability reports and assurance by clients and assurors. In this process
assurors sought to educate clients about both sustainability reporting and assurance as part of

22

Electronic copy available at: https://ssrn.com/abstract=1742822

their attempts to legitimate practice, as well as allowing them apparent influence over the shape
of some aspects of assurance practice.

Many initial assuror-client conversations exposed the lack of an ‘assurable’ environment upon
which SAT’s assurance process could operate. This was partly due to many first time clients
overestimating the quality of their sustainability reports and supporting information systems and
underestimating the extent of assurance work required to provide even low assurance levels.
Assurors therefore sought to “creat[e] the material conditions of possibility for [assurance]”
(Power, 2006, p.2) by continually enticing clients to establish, in conjunction with assurors,
better systems, controls, processes and reports thereby allowing clients some indirect influence
over the nature of the ensuing assurance process which was tied to the establishment of
improved information systems. This primarily involved illustrating the poor quality of the data
that clients were gathering and puncturing any client complacency about the nature of the data
required to enable external assurance to proceed. The unreliability of data emanating from
subsidiaries or sites for collation at corporate level was consistently highlighted “given the
varying definitions and procedures in place” (A4, manager) in many companies. In addition, the
aforementioned reputational dangers of reporting on this flawed data were repeatedly reiterated
despite this being difficult for many clients to understand as “they often thought that they ha[d]
everything under control and assurance should not be a problem” (A4, manager):

We normally highlight at least one area in their systems which is not robust and they are often
[baffled] as they [might] have previously won some awards for [for example,] their energy saving
systems. Then we come in as [SAT] and tell them that their data management is not robust.
(A11, senior partner)

Consequently, a key assuror legitimation strategy revolved around “advising [on], but not
implementing” (A4, manager), new or improved systems and leading clients on a “journey”
(A5, manager) aimed at eventually enhancing their reporting, thereby expanding the need and
demand for more detailed assurance work:

In a way they need the assurance to [teach] them [about the importance of improving internal
information systems] and that’s also what we discuss with the clients. ‘Okay, this can be helpful
to really identify what you need to do next year’. The work I do is much more focused on ‘how
can you improve [your] data gathering systems, documentation systems, [how can you] involv[e]
other people [in] checking [and] double-checking the whole process around it, how can you
improve that? (A8, manager)

I think that if in the end they [clients] don’t see any improvement internally, then I think
after a while they will stop. We need to establish [internal improvements] in order to stay
in. (A5, manager)

23

Electronic copy available at: https://ssrn.com/abstract=1742822

This co-production of the sustainability report and the accompanying assurance further assisted
assurors in “creat[ing] … awareness of sustainability issues within organization[s] and …
helped management to develop or to embed sustainability in their processes” (A9, senior). The
ongoing education of direct client contacts was central to this focus as it enhanced the
aforementioned potential for these contacts to further sell the business case for assurance within
their own organizations, thereby enhancing their internal influence in conjunction with that of
SAT’s process through appeals to pragmatic legitimacy.

These careful attempts to establish pragmatic legitimacy with clients also, however, involved
cautious clients imposing restrictions on the scope of engagements especially in the early stages
of assurance development. Yet, most interviewees frowned upon this trend where assurance was
provided only on issues selected by companies as these forms of “technical assurance” (A5,
manager) or “very limited scope engagements” (A1, senior manager) were not what they felt
assurance should embrace. Moreover, several expressed concern about certain SAT
engagements remaining limited in scope as this had consequences for the firm’s reputation as an
assuror of high repute (thus potentially compromising SAT’s own legitimacy with other
audiences). However, experience had shown assurors that in the absence of supporting standards
and regulation, a central factor in securing cognitive legitimacy, convincing clients to expand
the scope of reporting and to embrace higher assurance levels required them to develop their
business case further by providing more evidence that the presumed report ‘readers’, the
stakeholders, actually coveted assurance.

‘Silent’ Stakeholders - The need to construct informed external audiences to help build
pragmatic legitimacy with clients

SAT publications outlining their assurance approach sought to supply some of this required
evidence of stakeholder demand by highlighting a need for companies to assure increasingly
sceptical and powerful external stakeholders. For example, they contend that the public are
becoming more assertive and that the number of NGOs critically assessing the corporate sector
is increasing significantly. They also assert that this has led to heightened expectations for
corporate transparency and an increased demand from powerful stakeholders for evidence
suggesting they can trust companies to account for their social and environmental
responsibilities.

24

Electronic copy available at: https://ssrn.com/abstract=1742822

However, in contrast to these public assertions, many of the interviewees expressed concern at
the lack of stakeholder reaction in practice to, or knowledge of, either sustainability reporting or
accompanying assurance. This complicated the task of securing pragmatic legitimacy with
clients, especially as some clients were clearly disappointed with the lack of stakeholder
reaction to their reporting and assurance:

When we were providing assurance on the [name of company] report, we never had any
discussion or reaction. You know, I’ve been doing the [name of company] report for five
years now and no reaction. (A7, manager)

We talked about it [stakeholder feedback] yesterday with one of our clients. And they were
quite disappointed. They were like ‘we put so much effort into the report [and assurance]
and nobody’s responding and we don’t get any questions. (A9, senior)

Moreover, where an initial level of hard won pragmatic legitimacy had been established with
clients, this lack of external stakeholder engagement threatened both its continuance and its
future development especially as it could encourage “more mature” (A8, manager), committed
clients to refrain from seeking improved, more expansive reporting embracing higher assurance
levels. This gave rise to a need for assurors to provide evidence of specific stakeholder concerns
and threats requiring a client response:

We say there are always two things to improve with the assurance. [First], it’s the internal
side, so better quality data, better management and things like that. Now, we can convince
some of the clients on that but other clients say ‘well we have that under control already’
and, this is the second thing, they need to be convinced by the outside world that they have
to have an even better assurance report. And we can say ‘well, we think you should move
from a limited to a reasonable level of assurance’, but who are we? ‘Why, why?’, the
company says ‘why should we do that? Who apart from you is requesting that?’ (A4,
manager)

In summary, pragmatic (exchange and influence) legitimacy for sustainability assurance is

sought from clients using a combination of strategies focused on conforming to the requirements
of existing audiences and attracting new audiences who better understand and value the
exchanges assurance is equipped to provide (see Table 1). The acceptance of limited scope
engagements, especially in the early years of assurance relationships, suggests a strategy aimed
at conforming to the limited requirements of pre-existing client audiences while the co-
production of sustainability reports and assurance by clients and assurors offers clients access to
decision making surrounding assurance thereby potentially co-opting existing clients behind the
assurance process – a conform strategy. The attempts to educate clients in order to influence
and/or change their perceptions of the practice and outcomes of assurance and thereby to
persuade core audiences to value key aspects of assurance practice represent a more proactive

25

Electronic copy available at: https://ssrn.com/abstract=1742822

strategy focused on attracting new audiences in support of assurance – a selection strategy. In
particular, the preference for courting internal auditors suggests that assurors seek to identify
and attract audiences who value the types of ‘exchanges’ assurance can provide and is an
example of the recruitment of co-optation targets who are credible to other key audiences (such
as higher level, more powerful managers in the client organization). Finally, SAT’s somewhat
‘evangelistic’ public promotion of the wider benefits of assurance, linked to improved capital
market perceptions and ‘value creation’, constitutes a form of ‘product advertising’ consistent
with a manipulation strategy aimed at persuading new audiences to value key aspects of
practice.

Seeking Legitimacy with the Non-Client External World

To ensure the longer term embeddedness and durability of sustainability assurance it was also
necessary for assurors to seek to develop moral legitimacy for practice. However, assuror efforts
to develop more durable moral legitimacy for assurance were not directed at the client audience.
Rather, they were focused on the ‘non-client external world’ given that building moral
legitimacy with this audience of supposed sustainability report readers was considered important
in embedding and making more durable, shorter-term pragmatic legitimacy with clients via
demonstrating its instrumental value to them.

Several interviewees asserted that too much assuror attention had concentrated on seeking
pragmatic legitimacy for assurance with clients and not enough on seeking out and explaining to
key non-client audiences what the assurance process entailed and how it might produce
outcomes that these stakeholders would regard as socially desirable, thereby addressing their
‘moral’ values. In an effort to attract and convince such audiences of the intrinsic socially
desirable benefits of assurance and attain some level of moral legitimacy for practice, SAT held
formal consultations with NGOs to solicit their views on, and seek to convince them about, the
nature and benefits of the assurance process:

The outside world doesn’t know enough about what assurance is and it’s part of our job to
tell the outside world more about our black box and tell them exactly what we do. We have
put a lot into improving assurance processes within organizations, we have done a lot to
explain to our clients, the companies who pay us, what the assurance process is about and
what the assurance road map is to come in future years. But we haven’t told the outside
world enough about what assurance is yet. (A4, manager)

Many assurors, however, regarded the outcomes of these consultations as disappointing because
the level of external audience knowledge of, and engagement with, assurance proved wanting:

26

Electronic copy available at: https://ssrn.com/abstract=1742822

 The fact is that, for instance, [name of NGO] doesn’t know the difference between the positive
wording of the [assurance] statement and the negative wording on the statement12. Well, this
[NGO] is one of the more intellectual parties in this field and they really have a lot of knowledge
about sustainability reporting. And if this NGO is not aware of it, then how in the world can we
convince our clients that a broader assurance is needed for their report? (A8, manager)

The wording of assurance statements as a barrier to moral legitimacy

A key part of the problem of demonstrating how assurance furthered the socially desired
outcomes of potential users lay with the perceived inadequate wording of assurance statements –
which mostly conveyed highly limited ‘double negative’ (‘limited assurance’) opinions drawn
from ISAE 3000, the International Federation of Accountant’s (IFAC) auditing standard for
assurance engagements other than audits or reviews of historical financial information.13 Several
interviewees believed that these opinions underplayed the extent of the assurance work SAT
assurors performed and the degree to which external stakeholder-related issues were actually
addressed, thereby revealing little of substance for potential users. ISAE 3000 in particular was
widely dismissed as being “too general” (A2, senior partner), “vague” (A7, manager) and
“limiting” (A4, manager) in its proposed opinions as it merely “cut and paste these kinds of
opinion from the financial world” (A6, senior partner) without recognising that “this form of
assurance is new” (A6, senior partner).

Assurors were also concerned that the structure and restricted wording of assurance statements
failed to demonstrate to report users how sustainability assurance could act as a means of
delivering greater social and environmental accountability. This threatened the development of
consequential (moral) legitimacy with these report users, and contributed to a desire among
many assurors to deliver more convincing and clearer statements so as to construct a clearer
12
A positive wording provides greater assurance as to the accuracy, credibility and completeness of reported
information. It clearly and positively states that these criteria have been met by reporters. A negative wording
indicates that nothing has come to the attention of assurors that would suggest any material concerns about reported
data and provides much less definitive assurance for readers.
13
Two examples of these types of ‘limited assurance’ opinions, drawn from ISAE 3000, are as follows: “Based on
our work described in this report, nothing has come to our attention that causes us to believe that internal control is
not effective, in all material respects, based on XYZ criteria” and “Based on our work described in this report,
nothing has come to our attention that causes us to believe that the responsible party’s assertion that internal control
is effective, in all material respects, based on XYZ criteria, is not fairly stated.” (ISAE 3000, p.1060, emphasis in
original). ISAE 3000 distinguishes between “reasonable assurance engagements” and “limited assurance
engagements”. It states that “[t]he objective of a reasonable assurance engagement is a reduction in assurance
engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form
of expression of the practitioner’s conclusion. The objective of a limited assurance engagement is a reduction in
assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk
is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the
practitioner’s conclusion.” (ISAE 3000, p.1045).

27

Electronic copy available at: https://ssrn.com/abstract=1742822

sense of ‘social’ accomplishment for assurance – especially the desire to offer higher assurance
levels.

Partly as a result of these concerns, SAT expanded and loosely standardised the structure and
some of the content of its assurance statements. Standardising statement structures reduced the
likelihood of “confusing readers” (A1, senior manager) or arousing user/reader suspicion about
clients’ influence on statement structure and content (A7, manager). Other key features of the
new ‘standard’ statements aimed at promoting both the consequential (moral) and procedural
(moral) legitimacy of assurance with potential readers included: providing increased details of
work undertaken on engagements; more positive wording in certain opinions; and a commentary
section explaining key recommendations made to companies. The latter was seen as crucial for
assurors in allowing them to publicly express their concerns to external users in order to
enhance their credibility as independent assurors, while the increased details of work undertaken
enabled them to display the rigour involved in even limited assurance engagements.

SAT publications also commenced responding to perceived ‘reader’ uncertainties about their
assurance work, using specific examples to illustrate how their work goes much further and
deeper than many report readers might expect. These publications have criticised the
aforementioned co-production of reports and assurance by assurors and clients that has pervaded
practice to date. For example, they have expressed concern at the trend whereby assurance
engagements are often currently agreed in dialogue between the assuror and the company based
on their joint assessments, which, they argue, needs to change. Stakeholders, they claim, should
in future have a direct say in what is verified, what level of assurance is provided and who is
appointed as an assuror. Public communication of these concerns and commitments apparently
represents an essential strategy aimed at establishing both consequential (moral) and procedural
(moral) legitimacy for assurance with the ‘outside world’. By outlining in detail the extent of
work completed on assurance engagements and promoting a greater stakeholder focus in
assurance practice, SAT seek to demonstrate to external stakeholders how assurance practices
produce, in a substantive manner, what these stakeholders are assumed to regard as socially
desirable outcomes.

Despite the positive perspectives of many interviewees about the expanded wording of
assurance statements, an analysis of recent SAT sustainability assurance statements reveals that

28

Electronic copy available at: https://ssrn.com/abstract=1742822

the nature of the opinions provided in terms of the assurance level inferred has not, in practice,
changed significantly. Except for one instance with a large client, where one can track an
increase in the level of assurance provided over a number of years, there remains a
predominance of defensive, limited opinions largely adhering to ISAE 3000 guidance.
Reasonable assurance eliciting a positive assurance opinion, when provided, is confined mainly
to the correct extraction of financial data from audited financial statements. Hence, in certain
respects, it is difficult to see how the opinions expressed in more recent SAT assurance
statements communicate improved ‘comfort’ and enhance the moral legitimacy of assurance for
readers.

Nevertheless, while assurors acknowledged this slow progress in opinion formulation, they
indicated that in the absence of graduated mechanisms for opinions in the new ‘standard’
statement which would provide options from several different opinions expressing numerous
different levels of assurance, they were able to use the aforementioned ‘commentary’ sections of
assurance statements to convey any concerns they had about companies’ systems and reporting.
This avoided the ‘drastic’ option of directly qualifying opinions and enabled assurors to assert
some authority and claim an element of independence by “getting their concerns [out] to
readers” (A1, senior manager). These commentaries “generally talk[ed] about stakeholder
engagement issues which [we]re missing and the boundaries of the [sustainability] report” (A1,
senior manager). For example, some commentaries suggested that companies should in future
cover “all relevant subjects” in their sustainability reporting, thus expanding the scope of their
reporting and giving more attention to neglected subject areas. Others have requested that
companies install specific internal assurance mechanisms, collect more data, improve data
validation procedures and improve input from dialogue with key stakeholders to help address
so-called “material sustainability issues”:
It’s getting our concerns [out] to readers [and] it highlights a few things to a company. We
sometimes even say ‘as you will see on page 3 these clients have recognised the fact that
they are still somewhere below [a standard]’. I mean it’s also going to help the client to get
value from the assurance process. If our statement is seen as not being very credible
because it’s too clean and too nice, that type of thing, then they [clients] lose value from the
assurance process. For those people who do read the assurance statements, by putting in a
few negative comments you increase credibility. (A1, senior manager)

As the permitted wording of the assurance ‘opinions’ has not yet developed as initially
envisaged, the expanded commentaries are taking on the role of securing consequential
legitimacy with external users by demonstrating the extent to which assurors are putting
assessments of ‘social values’ like stakeholder accountability to the fore in their work.

29

Electronic copy available at: https://ssrn.com/abstract=1742822

Procedural legitimacy can also be established through the expansion of the details of assurance
work completed within assurance statements, as the outcomes of assurance are often ambiguous
– especially given the limited wording and information in many assurance opinions. Greater
exposure of the procedures used to conduct assurance within assurance statements allows
assurors to demonstrate the extent of the procedures completed which are likely to be socially
accepted, and to indicate to users that SAT is “doing things right” (Brinkerhoff, 2005, p.3) such
that its assurance practices achieve “valued, albeit invisible ends” (Suchman, 1995, p.580).
Procedural legitimacy is evidently important for SAT assurors when seeking legitimacy with
potential users as this was one of the reasons SAT held meetings with NGOs – to indicate to
them the extent of the work SAT completed. When assurance statements are expanded, securing
procedural legitimacy through this route becomes easier.

Two interviewees highlighted the initial success of the assurance statement changes by revealing
how one recently published commentary section had invoked a response from a socially
responsible investment fund at a shareholder’s meeting where the chairman of the client
company was asked what actions the company was going to take in response to the comments in
SAT’s assurance statement:
For [name of company] we got a first rate response last year at the shareholders’ meeting,
where someone stood up and said ‘this is the first assurance statement we can read and
where we can draw some added value from it. So, Mr. Chairman, can you tell me what
you’re going to do about it?’ (A2, senior partner)

Exposing in greater detail the extent of assurance work actually undertaken was also perceived
to have added benefits for the moral legitimacy of assurance practice performed by SAT
specifically, as it helped to differentiate the firm from competitors in non-accounting
consultancies who some interviewees felt were not undertaking the extent of the work
performed by SAT. By seeking to enhance the legitimacy of their assurance practices in
comparison with those of other assurance providers, SAT was not only seeking to build
legitimacy, but also to enhance its reputation as a sustainability assurance provider (given that
reputation is generally considered to be the relative legitimacy of one practitioner or
organization compared to their competitors – see, Deephouse & Carter, 2005).

30

Electronic copy available at: https://ssrn.com/abstract=1742822

Tensions between developing moral and pragmatic legitimacy in relation to materiality
A related way in which SAT assurors have sought to develop moral legitimacy among report
users for sustainability assurance practices is through its public commitments to assessing the
completeness of reporting content. In order to realise this aim, SAT have publicly claimed that a
key part of their assurance process now involves searching for ‘material’ issues that companies
may not have included in their sustainability report. This has, however, provoked tensions
between establishing pragmatic legitimacy for assurance with clients while also ensuring the
attainment of moral legitimacy with key external audiences given that many clients have
remained keen to limit the scope of their sustainability reporting and accompanying assurance.

Despite the use of guidance such as AccountAbility’s 5-part materiality test and formal SAT
procedures like media and internet searches, identifying agreed material issues was a highly
subjective process with assurors and clients often engaged in “intense” (A3, manager)
negotiations over the scope of reporting:
It can be an argument between someone like myself who will say ‘[name of company]
cannot report on the environment without talking about the way they run their [name] project
in Northern [Russia]. You know it’s been all over the newspapers … But that’s my view, and
you know [name of company] can easily come back to me and say ‘sorry, but we don’t think
it’s material’ … It’s often dependent on the maturity of the issue in society and you have a lot
of very grey areas and therefore a lot of debate. (A1, senior manager)

A particular frustration for some interviewees involved situations where agreements reached on
the ‘material’ reporting issues with direct client contacts at operational level were later rebuffed
at client board level, thereby significantly reducing reporting and assurance scope and
potentially compromising the attainment of moral legitimacy with report users such as enrolled
NGOs. While such tensions potentially compromised the process of securing the short-term
pragmatic legitimacy of assurance practices with clients, the alternative risked compromising
the integrity of SAT and its assurance staff and the ability to attain moral legitimacy with
external stakeholders.

To summarise, establishing both procedural (moral) legitimacy and consequential (moral)

legitimacy with external users was seen as crucial to establishing and maintaining or developing
pragmatic legitimacy with clients. The moral legitimation strategies adopted largely reflect
strategies focused on selecting among constituents in pursuit of audiences who will value ‘moral
criteria’ such as ‘accountability’ and ‘reliability’, and those concentrated on creating new
audiences and new legitimating beliefs. For example, assurors needed to seek out external

31

Electronic copy available at: https://ssrn.com/abstract=1742822

audiences or construct new audiences in light of perceived external stakeholder apathy, thereby
potentially generating ‘user’ interest. In other words, assurors had to go in pursuit of an
audience that would support assurance practice – a selection strategy – especially when trying to
secure consequential legitimacy by seeking to demonstrate how accountability to stakeholders is
prioritised through the use of expanded commentaries and, in some instances, more informative
opinions. They also appear to be attempting to demonstrate ‘reliability’ to gain procedural
legitimacy through providing more detail on assurance procedures in the expanded assurance
statements. An element of a persuasion (manipulation) strategy is also evident whereby SAT
seeks to publicly communicate the possible extent of external stakeholder influence, in the
future, on assurance practice in order to persuade them of the value of such practice and through
their attempts to educate potential users about benefits of assurance they may have been
unaware of. There is little evidence of a legitimation strategy seeking to conform to the
requirements of pre-existing audiences – a conform strategy - as these audiences, despite SAT’s
public utterances, appear largely disengaged and, hence, rarely articulate their requirements.

Seeking Legitimacy with “The Inside World”

While issues of internal legitimacy tend to be largely ignored in studies of organizational

legitimacy, attempts to secure the pragmatic legitimacy of assurance within SAT have heavily
influenced the aforementioned developments in assurance statement practice, and thereby the
perceived success of strategies to secure pragmatic legitimacy with clients and moral legitimacy
with the non-client external world. This sub-section unveils SAT assurors’ efforts to establish
pragmatic legitimacy for sustainability assurance with the SAT ‘Risk Department’14,
particularly with respect to the preferred content of assurance statements. This department was
responsible for approving, based on a risk assessment, the design of all assurance practices and
assurance statements/reports within all practice areas of SAT.

Legitimacy Threats – The ‘Risk Department’ and Assurance Statement Content

A number of SAT assurors were highly conscious of their non-financial accounting/auditing
backgrounds and of the perceived unique nature of the work they undertook in a professional
services firm context. Within this context, they came into contact with, and sometimes depended
upon, internal firm constituencies who, in their view, failed to fully understand the ‘true’ nature
of sustainability assurance and questioned its pragmatic (exchange) legitimacy. A key

14
This is the term we use for the relevant department. It is not the actual name of the department in SAT.

32

Electronic copy available at: https://ssrn.com/abstract=1742822

constituency in this regard was the Risk Department. Given that the content of assurance
statements was viewed as a key factor in establishing and maintaining client and ‘outside world’
pragmatic and moral legitimacy (as discussed earlier), influencing this content in a preferred
manner was deemed crucial. In practice, this meant seeking to develop pragmatic legitimacy for
sustainability assurance practices among often sceptical Risk Department colleagues by
convincing them of the benefits this form of assurance brought SAT through a combination of
additional income at an acceptable level of risk. It was this latter area of the level of risk
attached to sustainability assurance statements where there was initially a significant divergence
of opinion between the SAT assurors and their Risk Department colleagues – who the assurors
felt did not fully understand the nature of sustainability assurance or the credentials that they as
specialists in the field brought to this work. This initially manifested itself in vehement
disagreements with the Risk Department over the nature and wording of sanctioned opinions:
All our assurance reports are reviewed by the [Risk Department]. It’s an awful process,
awful. We have lots of discussions with them about the wording of statements. (A4,
manager)

It’s not always that easy because sometimes we have a different language, we have
different concepts. And, there are certainly changes in the text [of assurance statements],
etc. (A6, senior partner)

The Risk Department was accused of automatically regarding sustainability assurance as high
risk, thereby restricting the level of assurance that practitioners could convey in the text of
assurance statements – whatever the extent of the work they had undertaken. In practice, this
meant that assurance statements mostly conveyed the aforementioned ‘double negative’
(‘limited assurance’) opinions from ISAE 3000. As noted above, many interviewees were
concerned that these opinions underplayed the extent of the assurance work they performed
thereby revealing little of substance for potential report readers and compromising the creation
of moral legitimacy with this audience. Many assurors blamed the Risk Department’s automatic
reliance on traditional financial audit-type risk assessments for these cautious and coded
opinions. The Risk Department’s apparent concern to protect SAT from possible litigation
clearly clashed with the assurors’ commitment to legitimating practice with more progressive
clients and potential users.
At a certain moment, all our projects were perceived immediately as high-risk projects. So
[my] first years in [SAT] were very frustrating and there was a crusade to change
perceptions [within the Risk Department]. (A3, manager)

Questions were consistently raised about the Risk Department’s ability to make “valid
assessments” (A3, manager) with respect to sustainability assurance. For many interviewees, the

33

Electronic copy available at: https://ssrn.com/abstract=1742822

nature of the information they, as assurors, “verified” (A5, manager) was very different from
that examined in financial audits, particularly its often more qualitative nature, and they
therefore also engaged in extensive efforts to try to convince the Risk Department of these
differences. Moreover, consistent with Power’s (2004) observations on recent risk management
trends, several assurors questioned whether the perceived legal and related reputational risks that
appeared to motivate the Risk Department’s resistance to expanding assurance statement content
had any substantive links with the direct possibility of legal action. The perceived lack of
appreciation by Risk Department employees of the different nature of sustainability assurance
suggested that they were mainly motivated by “the mere possibility of litigation which create[d]
a defensive orientation towards the need to justify [assuror] decisions in retrospect” (Power,
2004, p.47).

Well I wonder whether they [the Risk Department] are really able to undertake this analysis
correctly. And the reason why is, looking at it from a different perspective, non-financial
assurance work in this organization has long been qualified as high-risk by definition. So
that required all kinds of external procedures. Well, we’re used to that because we are seen
as strange people with strange backgrounds [in SAT]. But if it is deemed high-risk by
definition, I don’t think they have made a proper risk analysis because I think the risk of
liabilities from a financial point of view is very low in the non-financial field. There might be
some reputational issues but I think these are also very limited. It should be lower risk than
financial audit. If the [risk department] knew more about the situation, they would probably
come to the conclusion that it isn’t high-risk. (A3, manager)

The Risk Department was perceived as being particularly nervous about the nature of the
data being assured. Assurance of this data potentially involved much more use of
professional judgement than in financial audit given its greater non-financial nature and
the relative absence of agreed assurance standards and frameworks:

Well, the technical departments tend to look at [sustainability] assurance as a copy of

financial assurance. So they want you to use the same wording, to use the same ways of
working and then you make a statement that’s the same and then we’re done. Without
looking at what the stakeholder wants. [But] we can’t copy the financial audit methodology
… As soon as the financial auditor realises that we don’t do exactly the same as they do in
the financial audit, then they start to become nervous. And we’ve had to have quite some
discussions explaining our work and what we do. (A5, manager)

Efforts to Establish Internal Pragmatic Legitimacy – Seeking Internal Consensus on

Assurance Statement Structure and Content

In light of the difficulties engendered by the Risk Department, the Sustainability Section sought
to establish more direct, ongoing contact with them to try to resolve their concerns.
“Constructive discussions” (A3, manager) took place around the nature of assurance statement

34

Electronic copy available at: https://ssrn.com/abstract=1742822

structure and content and several interviewees expressed satisfaction that after much debate
some successes were eventually achieved in “convinc[ing] the inside world” (A4, manager)
about the so-called “true nature” (A3, manager) of sustainability assurance:

We now get a real discussion and we get strong pressure which we need desperately to
convince our [risk] department that we should do something completely different from what we’re
doing right now … I think it’s improving, especially within SAT in the last year. I’m quite happy
with what’s happening here now in contrast to my first years in SAT which were very frustrating
when dealing with the Risk Department. (A3, manager)

Part of the process of persuading the Risk Department of the reduced risks attached to assurance
involved assurors attempting to legitimate their own credentials, particularly in light of the
perceived lack of trust in their professional judgement. One factor central to this legitimation
effort and to improving relations and legitimising assurance with the Risk Department was the
role of a former financial auditor, now working within the Sustainability Section. He acted as a
bridge between the Section’s assurors and the Risk Department. For many assurors, this was
crucial as some felt that the Sustainability Section was still viewed “as a weird group of people”
(A3, manager) within SAT and by the Risk Department in particular. Someone comfortable with
accountants’ language was considered to be more likely to break down barriers and be
successful in demonstrating that the levels of risk attached to sustainability assurance were of an
acceptable level to SAT, and thereby likely to be more successful in securing the pragmatic
legitimacy of these practices with the Risk Department. The accountant attempted to persuade
by constantly highlighting the different nature of non-financial data and de-mystifying the
assurance process to enable the Risk Department to get a better sense of the nature and extent of
the work that was performed on engagements. By emphasising the extensive experience of
many of the assurors – some of whom had been involved in sustainability assurance for over
fifteen years - he argued that greater trust could be placed in their exercise of judgement on
assurance engagements.

A key consequence of these consultations and the resulting establishment of some small level of
pragmatic legitimacy internally was a compromise agreement to loosely standardise the
structure of all sustainability assurance statements, allowing for greater expansion in content and
more scope for positive opinions – aspects of which were discussed in the previous sub-section.
While this expansion was perceived as resulting in part from an increased level of pragmatic
legitimacy being afforded to assurance by the Risk Department, it was also seen as potentially
contributing to the establishment and maintenance of moral legitimacy among report users and
the scope to further embed pragmatic legitimacy with clients – both through the enhanced scope

35

Electronic copy available at: https://ssrn.com/abstract=1742822

for developing moral legitimacy with report users and through the scope to offer a deeper
service to those clients who wanted to attain higher levels of assurance for their sustainability
reports, as assurors needed to demonstrate how assurance could help these clients gain greater
external credibility for their sustainability reporting. However, as illustrated earlier, the
perceived potential for enhancing moral legitimacy with report users proved problematic to
realize in practice.

To summarise, the assurors’ quest to secure pragmatic (exchange) legitimacy for assurance with
the Risk Department relied on a legitimation strategy primarily focused on illustrating how
assurance conformed to the instrumental needs and demands of an existing audience – a
conform strategy. A key feature of this process involved attempts to illustrate to the Risk
Department that sustainability assurance posed few challenges to the established order in SAT
focused on carefully managing and minimising potentially risky activities. Central features of
this strategy involved attempts to co-opt the Risk Department behind assurance partly by trading
on the assurors’ strong prior experience and training in sustainability assurance and in particular
utilising the services of a former financial auditor now working within SAT who was able to
communicate in the language of the Risk Department.

DISCUSSION AND CONCLUSIONS

The aim of this paper has been to develop our empirical and theoretical understanding of the
processes through which sustainability assurance practitioners can, and do, seek to legitimise
this emerging area of practice with key audiences. It responds directly to Power’s (2003a)
requests for “more detailed empirical … studies on the extension of audit-type practices into
new areas and their effects and consequences” (p.387) and for auditing/assurance research to be
“more sensitive to the organizational realities of [assurance] work” (Power, 1996, p.334). The
analysis focused on the securing of legitimacy given that prior research has viewed the process
of securing legitimacy for audit/assurance practice as central to the development and widespread
acceptance of related forms of assurance, such as financial, quality and environmental assurance
(Curtis & Turley, 2007; Power, 1999). Furthermore, while an extensive realm of research has
considered the role of audit in general in the production of legitimacy in organizations and
society (Free et al., 2009; Power, 2003a), little empirical attention has been afforded to this
process of acquiring and developing the legitimacy of individual (new) audit technologies
(Robson et al., 2007). The paper offers a theoretical contribution through its usage of a more

36

Electronic copy available at: https://ssrn.com/abstract=1742822

refined conception of legitimacy than that used in prior research to inform the analysis of the
case material. This reveals, firstly, how and why the various types of legitimacy sought by
assurors, and the associated strategies employed to realise them, vary according to the audiences
assurors hope to influence and, secondly, the nature and extent of the difficulties involved in
aligning the attainment of these different legitimacy types.

SAT assurors have focused initially on a strategy of representation with the client audience
which seeks to establish pragmatic (primarily exchange) legitimacy for sustainability assurance
via persuading clients of the internal benefits accruing in terms of improvements in information
systems and thereby reporting practice, with associated external credibility gains. The first point
of contact is generally with CSR managers/directors who are effectively co-opted to spread the
message of the pragmatic legitimacy of assurance within their organizations. However, in
certain instances assurors shift the focus of their legitimation activities and seek out more
‘informed’, and potentially more influential audiences - notably internal auditors. Ultimately,
the intention is to persuade client senior management of the pragmatic legitimacy of assurance,
hence embedding the process more firmly within the organization. This often results in the co-
production of sustainability information systems, reports and (limited) assurance by assurors and
clients. Intriguingly here, there appears to be some sense of a ‘shifting’ preference regarding
strategic targets, with assurors continually seeking out prospects for more high level
endorsement of their work.

Whilst pragmatic legitimacy is the easiest form of legitimacy to attain, its durability is in
question due to its focus on short term material gain and exposure to changes in the perceptions
of external audiences (Kumar & Das, 2007). Once substantial information system (and
reporting) improvements have been achieved, pragmatic legitimacy for sustainability assurance
work becomes difficult to sustain in the absence of external stakeholder demand. It is therefore
in the context of moulding perceptions of external audiences that SAT has sought to maintain
pragmatic legitimacy for the assurance process with clients. However, here the strategy has been
one of seeking to counter a perceived substantial degree of stakeholder indifference by first of
all identifying and constructing this somewhat mythical audience and then persuading it to
confer moral legitimacy on assurance. Both consequential legitimacy, via the production of
clearer and more convincing assurance opinions together with the promotion of a greater
stakeholder focus in assurance practice, and procedural legitimacy, via expanding the level of
detail provided on assurance procedures carried out, have been sought by actively seeking out

37

Electronic copy available at: https://ssrn.com/abstract=1742822

influential stakeholder groups, notably prominent NGOs, and attempting to enlist their support
as a power resource capable of maintaining pressure on reporting organizations to not only
retain assurance but also commission higher levels of assurance work.

The legitimacy strategy pursued with the non-client external world would appear, on the
evidence of this case study, to have been so far largely ineffective. A major stumbling block
encountered has been strong resistance from SAT’s Risk Department to the expansion of
assurance statement content and, relatedly, moving towards providing higher levels of
assurance. Again, a legitimacy strategy has been embarked upon which seeks to establish, in this
case, pragmatic (exchange) legitimacy by seeking to conform to the requirements of an existing
audience. Essentially, pragmatic legitimacy has been sought by seeking to change perceptions of
the risks associated with sustainability assurance and to thereby demonstrate that moving
towards providing clearer and more convincing assurance statements conforms to the procedural
requirements of the Risk Department. Moreover, the resistance to innovation in assurance
statement content regardless of the work performed was perceived as threatening the
maintenance of more durable pragmatic legitimacy attained by assurors with committed clients.

One of the most influential dimensions of the audit explosion – the means by which
audit/assurance actively constructs the contexts in which it operates – pervades the case
analysis. In order to create the possibilities for assurance, assurors often assumed the active role
of change agents advising on the development of systems aimed at making organizations
auditable/assurable thereby rupturing the traditional jurisdictional boundaries of regulatory
auditing and verification. Moreover, while Power (2003b) and Shore and Wright (2000) have
warned against the prioritisation of a logic of blame centred on a pervasive need to impose
discipline within much of the audit explosion, our evidence unveils elements of an evolving
logic of learning focused on supporting the development and evolutionary improvement in
organizational management systems and reporting as central components of attempts to secure
pragmatic legitimacy with clients. In contrast, in many of the public sector contexts Power
(1994, 2003b) surveys in his audit explosion thesis, despite evidence of reports and assurance
being co-produced, auditees’ power in this process appears limited as audit is required by
regulation (as opposed to the voluntary nature of sustainability assurance), and a discussion of
its potential benefits is rarely prioritised. Auditees in these regulated contexts have little choice
but to submit to an audit process that is often designed to discipline them and apportion blame.

38

Electronic copy available at: https://ssrn.com/abstract=1742822

In the voluntary sustainability assurance context clients can decide not to engage in assurance
and must be persuaded of its benefits.

In tracing the audit explosion, Power (1994, 2003b) questioned the ability of new audit forms to
deliver on ideals of organizational transparency and accountability supported by enhanced
debate and dialogue, particularly as audits are often highly specialised and opaque to a wider
public. The case evidence nuances aspects of this perspective. For example, SAT’s active
engagement with potential users of assurance, their public declarations of support for
stakeholder influence over what gets verified, who conducts assurance, and what levels of
assurance are provided potentially opens up dialogue, thereby moving beyond the “tokenistic”
gestures of accountability embedded in rigid paper systems and demonstrable audit trails so
bemoaned by Shore and Wright (2000)15. The introduction of extended commentary sections in
assurance statements also provides greater transparency surrounding the quality of corporate
sustainability reporting. Moreover, SAT’s recent public commitment to assessing reporting
completeness suggests some commitment to more robustly assessing organizational stakeholder
accountability. In conjunction with assurors’ individual commitments, a key influence on this
enhanced attention to accountability is once more the unregulated nature of the sustainability
assurance environment in which assurors must strive to construct external users and create and
expand user demand by developing perceptions of increased attention to accountability within
assurance practice. Arguably here, establishing such accountability, and thereby overcoming
current perceived levels of stakeholder apathy, is necessary for sustainability assurance to
eventually achieve cognitive legitimacy, the most durable form of legitimacy attainable.

The interviewees’ concerns about the constrained nature of assurance statements originally
produced by SAT - where formal procedure was privileged over transparent communication –
chime with Power’s (2003b) contention that audit is valueless unless its results can be clearly
communicated to an appropriate audience. SAT assurance statements initially reflected the
anodyne and carefully constructed and constrained opinions that Power (2003b) claims are
rarely responsive to the wider public. However, the assurors’ partially successful internal
lobbying in the face of internal resistance from the SAT Risk Department has succeeded in
increasing the information content of assurance statements for users. These various expansions

15
Interestingly here, earlier work by Cotton, Fraser and Hill (2000) and Humphrey and Owen (2000) also
highlights the potential role of (in this case social) audit in encouraging a negotiation for change between the
organization and its stakeholders with the auditor playing a key facilitating role.

39

Electronic copy available at: https://ssrn.com/abstract=1742822

in content, which formed a central part of assuror attempts to attain moral (consequential and
procedural) legitimacy for assurance with external audiences, suggest a rare empirical domain
where Power’s (2003b) calls for more customised and informative narratives in audit/assurance
reporting are being heeded. Our analysis therefore highlights how the intrinsic commitments of
assurors can have a positive influence on the development of more expansive and potentially
informative assurance statements by encouraging reporting that may actually contribute to
enhanced user understanding of assurance processes.

Central to the assurors’ efforts to attain pragmatic and moral legitimacy with clients and the
non-client external world respectively was the creation of expectations regarding assurance.
Whereas extensive efforts at raising client expectations seem quite sophisticated and developed,
with the non-client world this has proved more problematic. However, assurors are not faced
with the challenge, as in the case of the financial audit expectations gap, of changing perceptions
by dampening expectations in order to alleviate perceived user misunderstanding of assurance,
but with that of creating expectations among a largely dormant audience that has not to date
been mobilised to demand or care about its practice. The emerging efforts to reach out to and
involve stakeholders in the assurance process indicate that this is where assurors perceive the
key barrier to developing legitimacy for assurance more widely. While the efforts to improve
assurance statement content may assist in this vein, to be effective users also have to be enticed
to read the statements and to care about or act on their content for some defined purpose. Prior
research in financial audit, however, suggests that even this enhanced disclosure may not be
enough to convince potential users or increase their understanding (Porter et al., 2009).

Notwithstanding the positive influence of assuror commitments mentioned above, the

interviewee perspectives were largely predicated on short-term horizons, and they rarely
critically considered broader, systemic issues. For instance, moral issues were not significantly
enrolled in debates with clients and firm colleagues aimed at establishing legitimacy – thereby
suggesting that the assurors struggled to find the space or the opportunity to articulate moral and
public interest issues. Moreover, interviewees' descriptions of the debates tended not to
explicitly recognize this potential marginalization of moral issues. This appears to have been
partially influenced by the organizational constraints they encountered as they needed to focus,
at least initially, on establishing the pragmatic legitimacy of assurance through a primary appeal
to its economic value.

40

Electronic copy available at: https://ssrn.com/abstract=1742822

The case analysis also unveils key characteristics within contemporary risk management
practices which can stifle assurors’ efforts to expand and legitimate assurance practice. The Risk
Department’s perceived initial reluctance to rely on the judgement of assurors and allow
expanded assurance statement content reflects features of the highly defensive internal
proceduralism that has pervaded the explosion of concern for reputation risk management in
many organizations whereby cultures of defensiveness disallow the creation of new forms of
vulnerability (Hutter & Power, 2005; Power, 2007, 2004). This is indicative of a wider climate
of organizational defensiveness pervading risk management practice generally whereby ‘risk
specialists’, in this case SAT’s Risk Department, seek to amplify danger and project worst case
scenarios as part of their governance of risk. Fears and anxieties about accountability and blame
drive this focus, with concerns about the production of defendable proof about the management
of risk predominating (Power, 2007, 2004). A side-effect of this trend, however, which is
evident in the initial attitudes of SAT’s Risk Department, is the possibility that heightened
awareness (and fear) of risk may inhibit innovation (Sheytt et al., 2006). In SAT’s case, the
initial risk-influenced resistance to innovation in assurance statement content, irrespective of the
work performed by assurors, threatened the more durable pragmatic legitimacy established by
assurors with committed clients seeking to progress to higher levels of assurance and the
potential to develop greater moral legitimacy with influential stakeholder groups.

Research into sustainability assurance practice is only in its infancy. As any academic paper
needs to focus on a relatively constrained area, this paper has only addressed one important
element of the development of sustainability assurance practice. Moreover, while a key
objective of this paper was to investigate the worldviews of assurors we recognise that this also
constitutes a limitation in our research given that we do not focus our analysis on the other
constituencies we refer to, namely, clients, the ‘non-client external world’ and the ‘inside
world’. We would therefore encourage future studies to examine the same legitimation issues
explored in this paper, but from the perspective of the parties with whom the sustainability
assurance practitioners are seeking to secure legitimacy. Indeed, an in-depth analysis of the
legitimation issues prevalent for and within each of the three constituencies focused upon in this
study could form the basis of separate studies, given the breadth of the potential issues we have
revealed above16. A particular issue that could be further developed is the role that Risk

16
Initial work by Jones and Solomon (2010) drawing upon a programme of interviews with senior CSR
representatives from 20 large UK listed companies intriguingly points to a significant degree of reservation over the
usefulness of sustainability assurance, with half the respondents reluctant to endorse its practice on grounds such as

41

Electronic copy available at: https://ssrn.com/abstract=1742822

Department equivalents in other Big 4 professional service firm environments play in the
ongoing emergence of sustainability assurance practice. The key focus of our data collection has
only allowed us to touch on the issue of how developments in risk management practice in these
firms are influencing emerging practice and, more importantly, whether they are likely to stifle
its future development in a more external user-oriented direction. More focused examinations of
this influence on sustainability assurance are likely to greatly add to our understanding of the
development of its practice.

cost in both managerial and economic resource terms together with a perception that the main benefits from the
exercise primarily accrue to the assurance providers themselves. However, it should be pointed out that the
fieldwork for the Jones and Solomon (2010) study was undertaken in 2004, since when, as noted earlier, there has
been a noticeable increase in sustainability assurance worldwide, an outcome somewhat at odds with the negative
stance towards it expressed by respondents. Certainly, we would argue there is scope for further, more in depth,
work investigating corporate perspectives on sustainability assurance together with that which canvasses the views
of stakeholders concerning its efficacy in promoting socially desirable outcomes.

42

Electronic copy available at: https://ssrn.com/abstract=1742822

REFERENCES

Abbott, A.D. (1988). The System of Professions: An Essay on the Division of Expert Labor. Chicago: The
University of Chicago Press.

AccountAbility. (1999). AA1000 Framework: Standard, Guidelines and Professional Qualification.

London: AccountAbility.

AccountAbility. (2003). AA1000 Assurance Standard. London: AccountAbility.

AccountAbility. (2008). AA1000 Assurance Standard.

URL:http://www.accountability21.net/uploadedFiles/Resources/Introduction%20to%20the%20revised%
20AA1000AS_APS%202008.pdf. Accessed 14 December 2010.

Boele, R., & Kemp, D. (2005). Social Auditors: Illegitimate Offspring of the Audit Family? Journal of
Corporate Citizenship, 17(1), 109-119.

Brinkerhoff, D.W. (2005). Organizational legitimacy, capacity and capacity development, Discussion
Paper No. 58A, Maastricht: The European Centre for Development Policy Management.

Carpenter, B., Dirsmith, M., & Gupta, P. (1994). Materiality judgements and audit firm culture: socio-
behavioural and political perspectives. Accounting, Organizations and Society, 19, 355–380.

Cashmore, B. (2002). Legitimacy and the privatization of environmental governance: How non-state
market-driven (NSND) governance systems gain rule making authority. Governance: An International
Journal of Policy, Administration and Institutions, 15(4), 503-529.

Coffey, A., & Atkinson, P. (1996). Making sense of qualitative data: Complimentary research strategies.
London, UK: Sage.

Cooper, D., & Morgan, W. (2008). Case study research in accounting. Accounting Horizons. 22(2), 159-
178.

Cooper, S.M., & Owen, D.L. (2007). Corporate social reporting and stakeholder accountability: the
missing link. Accounting, Organizations and Society. 32(7-8), 649-667.

CorporateRegister.com. (2008). Assure View: The CSR Assurance Statement Report. London:
CorporateRegister.com.

Cotton, P., Fraser I., & Hill W.Y. (2000). The social audit agenda: primary health care in a stakeholder
society, International Journal of Auditing 4(1), 3-28.

Curtis, E., & Turley, S. (2007). The business risk audit – a longitudinal case study of an audit
engagement. Accounting, Organizations and Society, 32(4-5), 439-461.

Darnall, N., Seol, I., & Sarkis, J. (2009). Perceived stakeholder influences and organizations’ use of
environmental audits. Accounting, Organizations and Society, 34(2), 170-187.
Deephouse, D.L., & Carter, S.M. (2005). An Examination of Differences Between Organizational
Legitimacy and Organizational Reputation. Journal of Management Studies, 42, 329-360.

Edmondson, A.C., & McManus, S.E. (2007). Methodological Fit in Management Field Research.
Academy of Management Review, 32(4), 1155-1179.
Edgley, C.R., Jones, M., & Solomon, J. (2010). Stakeholder inclusivity in sustainability report assurance.
Accounting, Auditing and Accountability Journal 23(4), 532-557.

43

Electronic copy available at: https://ssrn.com/abstract=1742822

Elsbach, K.D. (1994). Managing organizational legitimacy in the California cattle industry: The
construction and effectiveness of verbal accounts. Administrative Science Quarterly, 39, 57-88.
FEE (Fedération des Experts Comptables Européens). (2002). Providing Assurance on Sustainability
Reports. Brussels: Fedération des Experts Comptables Européens.

FEE (Fedération des Experts Comptables Européens). (2004) FEE Call for Action: Assurance for
Sustainability. Brussels: Fedération des Experts Comptables Européens.

FEE (Fedération des Experts Comptables Européens). (2006). Key issues in sustainability assurance: an
overview. Brussels: Fedération des Experts Comptables Européens.

Free, C., Salterio, S.E., & Shearer, T. (2009). The construction of auditability: MBA rankings and
assurance in practice. Accounting, Organizations and Society, 34, 119-140.

Gendron, Y. (2009). Discussion of “The Audit Committee Oversight Process”. Contemporary

Accounting Research, 26(1), 123-134.
Gendron, Y., & Barrett, M. (2004). Professionalization in action: Accountants’ attempt at building a
network of support for the WebTrust seal of assurance. Contemporary Accounting Research, 21(3), 563-
602.
Gendron, Y., Cooper, D., & Townley, B. (2007). The construction of auditing expertise in measuring
government performance. Accounting, Organizations and Society, 32, 101-129.

Gendron, Y., & Spira. L. (2009). What went wrong? The downfall of Arthur Andersen and the
construction of controllability boundaries surrounding financial auditing. Contemporary Accounting
Research. 26(4), 987-1027.

Global Reporting Initiative (GRI). (2006). Sustainability Reporting Guidelines. Amsterdam: Global
Reporting Initiative.

Golant, B.D., & Sillince, J.A.A. (2007). The constitution of organizational legitimacy: A narrative
perspective. Organization Studies, 28(8), 1149-1167.

Gray, R. (2010). Is accounting for sustainability actually accounting for sustainability … and how would
we know? An exploration of narratives of organizations and the planet. Accounting, Organizations and
Society. 35(1): 47-62.

Global Reporting Initiative (GRI). 2008. G3 Guidelines

http://www.globalreporting.org/ReportingFramework/G3Guidelines/. Accessed 23 November 2010.

Hannan, M.T., & Carroll, G.R. (1992). Dynamics of organizational populations: Density, legitimation
and competition. Oxford: Oxford University Press.

Hopwood, A. (1998). Exploring the modern audit firm: an introduction. Accounting, Organizations and
Society, 23(5/6), 515-516.

Hopwood, A. (2009). Accounting and the Environment. Accounting, Organizations and Society, 34(3-4),
433-439.

Huberman, A. M., & Miles, M. B. (1994). Data management and analysis methods. In N.K. Denzin, and
Y.S. Lincoln, Handbook of Qualitative Research. Thousand Oaks, California: Sage.

Humphrey, C. (2008). Auditing research: A review across the disciplinary divide. Accounting, Auditing
& Accountability Journal, 21(2), 170-203.

44

Electronic copy available at: https://ssrn.com/abstract=1742822

Humphrey, C., & Moizer, P. (1990). From techniques to ideologies: an alternative perspective on the
audit function. Critical Perspectives on Accounting, 1, 217–238.

Humphrey, C., & Owen, D. (2000). Debating the ‘power’ of audit. International Journal of Auditing, 4,
29-50.

Hutter, B., & Power, M. (2005). Organizational Encounters with Risk: An Introduction. In B. Hutter and
M. Power (Eds.) Organizational Encounters with Risk (pp. 1-32). Cambridge: Cambridge University
Press.

IAASB (International Auditing and Assurance Standards Board). (2007). Proposed Strategy for 2009-
2011. New York: International Federation of Accountants (IFAC).

IFAC (International Federation of Accountants). (2006). Assurance aspects of G3 – The Global

Reporting Initiative’s 2006 draft Sustainability Reporting guidelines, New York: IFAC.

IRCA (International Register of Certificated Auditors). (2004). Certification as a Sustainability

Assurance Practitioner. London: IRCA.

ISAE 3000 (International Standard on Assurance Engagements 3000). (2004). Assurance engagements
other than audits or reviews of historical financial information. New York: International Federation of
Accountants (IFAC).

Jones, M.J., & Solomon, J.F. (2010). Social and environmental report assurance: Some interview
evidence. Accounting Forum, 34(1), 20-31.

King, N. (1998). Template analysis. In G. Symon & C. Cassell (Eds.), Qualitative Methods and Analysis
in Organizational Research: A Practical Guide. London: Sage.

KPMG (2008). KPMG International Survey of Corporate Responsibility Reporting 2008. The
Netherlands: KPMG International Global Sustainability Services.

Kumar, R., & Das, T.K. (2007). Interpartner legitimacy in the alliance development process. Journal of
Management Studies. 44(8), 1425-1453.

Larson, M.S. (1977). The Rise of Professionalism. Berkeley CA: University of California Press.

McCracken, S., Salterio, S., & Gibbins, M. (2008). Auditor-client management relationships and roles in
negotiating financial reporting. Accounting, Organizations and Society, 33(4/5), 362-383.

Miles, M., & Huberman, A. (1994). Qualitative data analysis. London: Sage.

Milne, M., & Gray, R. (2007). Future prospects for sustainability reporting. In J. Unerman, J.
Bebbington, & B. O’Dwyer (Eds.), Sustainability Accounting and Accountability, (184-207). London:
Routledge.

O’Dwyer, B. (2004). Qualitative data analysis: exposing a process for transforming a ‘messy’ but
‘attractive’ ‘nuisance’. In C. Humphrey and B. Lee (Eds.), A Real Life Guide to Accounting Research: A
Behind the Scenes View of using Qualitative Research Methods, Amsterdam: Elsevier.

O’Dwyer, B., & Owen, D. (2005). Assurance Statement Practice in Environmental, Social and
Sustainability Reporting: A Critical Evaluation. British Accounting Review, 37(2), 205-229.

45

Electronic copy available at: https://ssrn.com/abstract=1742822

O’Dwyer, B., & Owen, D. (2007). Seeking Stakeholder-Centric Sustainability Assurance: An
Examination of Recent Sustainability Assurance Practice. The Journal of Corporate Citizenship, 25. 77-
94.

O’Dwyer, B. (2010). The Case of Sustainability Assurance: Constructing a New Assurance Practice.
Paper presented at the Contemporary Accounting Research conference, Kingston, Canada, November.

Oliver, C. (1991). Strategic response to institutional processes. Academy of Management Review, 16,
145-179.

Palazzo, G., & Scherer, A.G. (2006). Corporate legitimacy as deliberation: A communicative framework,
Journal of Business Ethics, 66, 71-88.

Patton, M.Q. (2002). Qualitative evaluation and research methods. Beverly Hills, California: Sage.

Pentland, B.T. (2000). Will auditors take over the world? Program, technique and the verification of
everything. Accounting, Organizations and Society, 25, 307–312.

Porter, B., Ó hÓgartaigh, C. & Baskerville, R. (2009). The Framing of Auditors’ Responsibilities when
Conducting a Financial Statement Audit and the Message Conveyed in an Unqualified Audit. Report to
the International Auditing and Assurance Standards Board, New York, NY, 2009, 275pp.

Power, M. (1995). Auditing, expertise and the sociology of technique. Critical Perspectives on
Accounting, 6(4), 317–339.

Power, M. (1996). Making things auditable. Accounting, Organizations and Society, 21(2/3), 289-315.

Power, M. (1997). Expertise and the construction of relevance: accountants and environmental audit.
Accounting, Organizations and Society, 22(2), 123–146.

Power, M. (1999). The Audit Society: Rituals of Verification. Oxford, UK: Oxford University Press.

Power, M. (2000). The Audit Society: Second Thoughts. International Journal of Auditing, 4(1), 111-
119.

Power, M. (2003a). Auditing and the production of legitimacy. Accounting, Organizations and Society,
28(4), 379-394.

Power, M. (2003b). Evaluating the Audit Explosion. Law & Policy, 25(3), 185-202.

Power, M. (2004). The Risk Management of Everything. London: Demos.

Power, M. (2006). Organizations and Auditability: A Theory. Paper prepared for presentation at the
Amsterdam Business School, University of Amsterdam, March 17th.

Power, M. (2007). Organized Uncertainty: Designing a World of Risk Management. Oxford: Oxford
University Press.

Power, M. (2009). The Risk Management of Nothing. Accounting, Organizations and Society, 34, 849-
855.

Robson, K., Humphrey, C., Khalifa, R., & Jones, J. (2007). Transforming audit technologies: business
risk audit methodologies and the audit field. Accounting, Organizations and Society, 32(4-5), 409-438.

46

Electronic copy available at: https://ssrn.com/abstract=1742822

Royal NIVRA (Royal Dutch Institute for Register Accountants). (2005). Standard for Assurance
Engagements 3410 – Exposure Draft: Assurance Engagements relating to Sustainability Reports.
Amsterdam: Royal NIVRA.

Royal NIVRA (Royal Dutch Institute for Register Accountants). (2007). Assurance engagements
relating to sustainability reports, 3410N. Amsterdam: Royal NIVRA.

Ruef, M., & Scott, W.R. (1998). A multidimensional model of organizational legitimacy: Hospital
survival in changing institutional environments. Administrative Science Quarterly, 43(4), 877-904.

Ryan, G. W., & Bernard, H.R. (2003). Data management and analysis methods. In N.K. Denzin, and
Y.S. Lincoln (Eds.), Collecting and Interpreting Qualitative Materials. Thousand Oaks, California: Sage.

Scheytt, T., Soin, K., Sahlin-Andersson, K., & Power, M. (2006). Special research symposium:
organizations and the management of risk. Journal of Management Studies, 43(6), 1331-1337.

Shafer, W.E., & Gendron, Y. (2005). Analysis of a failed jurisdictional claim: The rhetoric and politics
surrounding the AICPA global credential project. Accounting, Auditing & Accountability Journal, 18(4),
453-491.

Shore, C. (2008). Audit Culture and Illiberal Governance. Anthropological Theory, 8(3), 278-298.

Shore, C., & Wright, S. (2000). Coercive accountability: The rise of audit culture in higher education. In
M. Strathern (Ed.), Audit Cultures: Anthropological studies in accountability, ethics and the academy.
London and New York: Routledge.

Silverman, D. (2010). Doing qualitative research. London, UK: Sage.

Simnett, R., Vanstraelen, A., & Chua, WF. (2009). Assurance on Sustainability Reports: An International
Comparison. The Accounting Review. 84(3), 937-967.

Suchman, M. (1995). Managing Legitimacy: Strategic and Institutional Approaches. Academy of

Management Review, 20(3), 571-610

Swift, T., Humphrey, C., & Gore, V. (2000). Great expectations? The dubious financial legacy of
financial audits. British Journal of Management, 11(1), 31-45.

Unerman, J. (2008). Strategic reputation risk management and corporate social responsibility reporting.
Accounting, Auditing & Accountability Journal, 21(3), 362-364.

Wallage, P. (2000). Assurance on Sustainability Reporting: An Auditor's View. Auditing: A Journal of

Practice & Theory, 19, Supplement, 53-65.

Zimmerman, M.A., & Zeitz, G.J. (2002). Beyond survival: achieving new venture growth by building
legitimacy. Academy of Management Review, 27, 414-431.

Zucker, L.G. (1983). Organizations as institutions. In S.B. Bacharach (Ed.). Research in the Sociology of
Organizations (pp. 1-42), Greenwich, CT: JAI Press.

47

Electronic copy available at: https://ssrn.com/abstract=1742822

Table 1: Summary of Suchman’s (1995) typology of legitimation

Type of legitimacy: Pragmatic Moral Cognitive

Consequential; Comprehensibility;
Sub-types of Exchange; influence;
procedural; personal; taken-for-
legitimacy: dispositional
structural grantedness
Subconscious
Audiences’ specific or Audiences’ views on attitudes of what is
Values addressed:
broader self-interest welfare of society appropriate, proper
and desirable

Durability: Low High

Ease and speed of Easy Difficult

establishment: Fast Slow
Broad strategies of legitimation for new practices:

Show how new

practices meet
instrumental demands Show how new practices
Conform: Show that new
of key audiences; offer produce socially desirable
Conform to practices conform to
influence over shape of outcomes; associate new
requirements of established models
new practices; trade on practices with respected
existing audiences or standards.
organizations’ strong entities.
reputation in related
fields.

Selection: Identify and attract key Appropriate a set of

Identify new audiences
Pitch practices at new audiences whose standards already
whose moral values
audiences who will instrumental interests accepted in a related
accord with new
support proposed are addressed by the area and apply to
practices.
practices new practices. new practices.

Collective action by many

organizations to socially Encouraging
construct an honourable isomorphism
Strategic image for the outputs of through
Manipulation: communication to the new practices; standardisation of
Create new audiences persuade key audiences establishing a record of practice; action to
and new legitimating to value, and to believe technical success for new enhance
beliefs they can influence, the practices indicating how comprehensibility of
new practices. they embrace socially new practices
accepted techniques and (through lobbying,
procedures. research etc.).

48

Electronic copy available at: https://ssrn.com/abstract=1742822

 Table 2: Summary of Case Analysis – Seeking legitimacy from clients, the ‘non-client external world’ and the ‘inside world’
Audience / Clients ‘Non-client external world’ ‘Inside world’
Legitimation Process
Types (and sub-types) Pragmatic: exchange and influence Moral: consequential and procedural Pragmatic: exchange
of legitimacy sought:
Main legitimation Conform: Selection: Conform:
strategies adopted: Conform to requirements of existing client audiences. Pitch assurance practice at potential user audiences Conform to requirements of existing
Selection: who may support the proposed practice. audiences within SAT.
Pitch assurance practice at new, more informed client Manipulation:
Electronic copy available at: https://ssrn.com/abstract=1742822

audiences who will support the proposed practice. Create new user audiences for and new legitimating
Manipulation: beliefs about assurance practice.
Create new client audiences for and new legitimating
beliefs about assurance practice.

Examples of actions Conform: Selection: Conform:

taken to implement - Co-opt client contacts by co-producing sustainability - Select and engage directly with potentially influential - Seek to educate the SAT ‘Risk Department’
legitimation strategies: information systems, reports and assurance with them. users such as NGOs to discover their wants and needs. about the ‘true’ nature of assurance:
- Allow clients some influence over the scope of - Select and educate potentially influential users such - De-mystify the assurance process
assurance and the shaping of assurance practice. as NGOs about the benefits of assurance. - Articulate reduced legal and reputational
Selection: - Expand communication in the assurance statement risks of assurance to meet Risk
- Educate less informed direct client contacts about the to selected users: Department’s instrumental requirement for
benefits of assurance. - exhibit adherence to ‘moral criteria’ of lower risk
- Identify and attract more informed, influential ‘internal accountability and reliability - Highlight assuror expertise/experience in
audit’ client audiences who better understand and value - provide more positive assurance opinions reducing risk to SAT from developing
the ‘exchanges’ assurance provides. - expand commentaries on reporting quality assurance practice and reporting
- Enrol new stakeholders at client companies by - expand details of assurance work undertaken - Use ‘accountant’ intermediary enrolling
convincing a broader range of client contacts that Manipulation: the language of the Risk Department and
assurance practice meets their instrumental needs. - Publicly heighten ambitions for assurance to persuade make the case for assurance generally
Manipulation: potential new audiences of the value of assurance: and expanded assurance statement
- Publicly advertise broader, commercial benefits of - publicly advertise assuror commitment to content specifically
assurance such as: potential ‘value creation’; inclusion assessing the completeness of reporting
on sustainability indices; and lower capital market risk - publicly advertise the possible future extent of
perceptions together with the enhancing of legitimacy external stakeholder influence on assurance.
with hitherto ‘silent’ stakeholders.

Perceived impact of - Some limited level of pragmatic legitimacy achieved. - Initially struggling to secure user interest and activism - Some level of pragmatic (exchange)
legitimation strategies: - Durability and enhancement of pragmatic legitimacy and consequently minimal moral legitimacy is evident. legitimacy achieved given allowances in
contingent on developing moral legitimacy among - Establishment of moral legitimacy partially contingent assurance statement content.
potential users and pragmatic legitimacy with a key on securing pragmatic legitimacy with a key internal - Struggling to achieve permission to provide
internal SAT audience – the SAT Risk Department. SAT audience – the SAT Risk Department. higher assurance levels which are central to
securing greater pragmatic legitimacy with
more ‘mature’, ambitious clients and moral
legitimacy with the non-client external world.