Practice of Non-Financial Reports Assurance Services in the Polish Audit Market—The Range, Limits and Prospects for the Future

: In recent years, many companies have been issuing non-financial information which is used by a wide range of stakeholders in their decision-making processes. Considering the fact that such reports play an important role in financial markets, the information they provide should be submitted to verification by an external, independent body. Our study, carried out in 2020, showed that only 2.3% of audit firms in Poland offer auditing non-financial report services. This was the starting point for our further investigations, the results of which will be presented in this article. The aim of the article is to identify the factors that limit or stimulate the performance of auditing in Poland with respect to non-financial data, and to determine the scope of operations carried out by audit firms which provide this service. The article comprises literature perusal and results of empirical studies among audit firms in Poland. Several important findings have emerged, including the fact that there are few companies in the Polish auditing market rendering the service of auditing non-financial reports, which are leaders in this field. The factor that most significantly limits the performance of non-financial report auditing is the low demand for such a service, which arises from the fact that verification and assurance of non-financial data are not obligatory for all reporting undertakings. Given that the number of CRS reports is increasing every year, it seems necessary to make full audits in order to confirm the reliability of non-financial information provided by reporting companies. Otherwise, stakeholders interested in these reports might be exposed to a risk of making inadequate decisions. of their The indicate in reports. results prove that most respondents their non-financial


Introduction
The concept of sustainable development, which has become widespread in the past years, as well as the changing environment and business model have popularised the trend among socially responsible companies to disclose non-financial information, for example environmental and social actions they pursue. The information in this regard is addressed to a wide audience, who will use it to make business decisions. As Venter and van Eck (2021) observe, extended external reports are often issued voluntarily, are unregulated, consist of diverse underlying subject matters, are presented in diverse forms, commonly include narrative and forward-looking information, but they are at risk of lacking credibility (Venter and van Eck 2021).For individuals to rely on non-financial information disclosures and to make-with a high level of confidence-the types of decisions (e.g., investing) that these disclosures are meant to inform about, it is important that these data are credible. An important way of improving the credibility of non-financial information Q1: Has the implementation of the provisions of the European Parliament and Council's Directive 2014/95/EU raised the demand for verification of non-financial reports? Q2: Who verifies non-financial reports on behalf of audit firms? Q3: Which factors stimulate and which ones limit the performance of auditing engagements regarding non-financial reports? Q4: What undertakings have expressed the need for audits of their non-financial reports? Q5: How many non-financial reports (CSR ones) are verified by audit firms in Poland on average each year? Q6: What standards are applied to the verification of non-financial information?
In order to answer the above questions, we carried out empirical studies. The theoretical background consisted of a perusal of the subject literature. The paper consists of seven sections. Section 1 is an introduction to the article, describing its purpose and research questions. Section 2 describes the applicable legal regulations in Poland and the standardization of non-financial reporting, as well as audits in this range. Section 3 is a review of the literature on audits of non-financial reports. Section 4 describes the methodology and data (survey description, research steps). Empirical results are presented in Section 5. In Section 6, the authors discuss the research results and related them to the studies of other authors. At the end of the article (Section 7) authors present conceptual conclusions, research limits, and an indication of future research directions. The research is set in the context of the Polish auditing practice in the field of verification of non-financial reports, although we encountered a serious limitation in our discussion of the results when comparisons were made with observations of other scholars in this regard. The topics raised by other researchers focus on the content of non-financial reports and practices employed when preparing such reports by socially responsible entities. What seems to be lacking are analyses of the audit market or the level of services offered by audit firms, which implicates a gap in the research. Our study makes a contribution to science by indicating the scope of auditing services and practice in the area of non-financial reports in Poland. Having identified certain conditions in this field, we believe that our observations can apply to the problem of verification of non-financial reports in other countries as well.

Law Regulations in Poland and Standardization on Non-Financial Reporting Range vs. Audit Context
Until 2018, the disclosure of non-financial information had been voluntary for all Polish companies and decisions in this regard had been made internally, within each company. Changes were brought about by the transposition of the Directive of the European Parliament and of the Council 2014/95/EU of 22 October 2014 to Polish law, whereby the largest undertakings in Poland have been obligated to disclose non-financial data since 2018. The amended Polish Accounting Act allows three forms of non-financial information disclosure. One is a statement as regards non-financial data, presented as a discrete part in an undertaking's report. Another option (envisaged in Directive 2014/95/EC) is a separate statement concerning non-financial information, prepared together with a management report. The third form allows for the freedom in terms of reporting nonfinancial information, providing for the possibility that an undertaking will take into account own, national, EU or international guidelines on condition that it indicates the above in its statement.
Pursuant to Directive 2014/95/EU, non-financial information is not subject to full and mandatory auditing. As for undertakings subject to the provisions of the directive, an audit firm must only check whether a non-financial statement has been published. This provision means that the submission of non-financial information to full auditing is a company's choice rather than an obligation and depends on a decision made by the head of an undertaking.
In accordance with the binding Act of 11 May 2017 on statutory auditors, audit firms and public supervision (2017), assurance engagements are intended to confirm to a high or moderate degree the reviewed issues, mainly comprising financial and non-financial information, systems and processes as well as behaviour and attitudes of undertakings, based on the evidence obtained in the course of implementing specific procedures, which are fundamental to the assessment being made of the subject submitted to these services and subsequently included in the report on its performance (Act of 11 May 2017 on statutory auditors, audit firms, and public supervision (Journal of Laws of 2017, item 1089) 2017).
Verification and assurance of non-financial data can follow a freely chosen standard. Hence, the level and form of the assurance of data may vary. Researchers claim that the following are the most frequently applied standards for verification of non-financial data: -ISAE 3000 (International Standard on Assurance Engagements 3000), issued by the IAASB in 2003. In Poland, this standard corresponds to the National Standard of Assurance Services MSUA 3000 "Assurance engagements other than studies and reviews of historical financial information", -AccountAbility Assurance Standards (AA1000 AS), issued by AccountAbility in the same year, i.e., 2003, ISAE 3000 consists of guidelines for verification of the correctness of presented social responsibility information and non-financial data in annual reports of public companies, which enables one to check compliance with the standard and correctness of the process of drawing up the report and to verify the compliance of reported indicators with the selected reporting process (see Ćwik 2013). Basically, the assurance process can be divided into 3 phases: planning, verification and reporting. The whole process should be preceded by concluding an agreement between the report's owner and the party performing the assurance of the report (Bartoszewicz 2018). The final product of this process is a report of credibility with an assurance opinion addressed to a wide range of internal recipients (the management) and external audience (stakeholders). The scope and the basic elements to be included in the report are mentioned in the ISAE framework. The most important ones are a description of all pertinent information, identification of criteria based on which an assessment of the credibility of the information was made, description of significant limitations concerning the assessment relative to the criteria, a report that the assurance service has been performed in compliance with ISAE 3000, and a summary. The final conclusion presented by the auditor, drawn from the assessment made and regarding the verified information, can be expressed as 'limited assurance' or 'reasonable (sufficient) assurance'. During the webinar UNCTAD ISAR WBCSD-Assurance on Sustainability Reports: Current Practices and Challenges, which explored views and practices on assurance of extended external reporting (EER) and identified challenges and potential ways forward, Dugelay drew attention to the fact that it is a challenge to audit EER with a reasonable degree of assurance especially because of restrictions on the reporting side. If the reporting entity is not sufficiently competent in preparing the NFI, a qualified assurance report may need to be issued because the auditor of the EER is not able to conclude that the report is not materially misstated in accordance with the reporting criteria. The auditor evaluates the risks underlying given indicators, or assertions, or action plans. Based on the level of risk, the auditor performs a certain level of fieldwork either at the site level or consolidated level. Nevertheless, it is believed that the capability of providing reasonable assurance is improving, primarily owing to the improved performance of external controls achieved in recent years ). On the other hand, Sonnerfeldt et al. (2020) observe in their studies that '…the conceptual underpinnings of assurance have been derived from the financial audit model, which is ill-fitted to apply to the nonfinancial domain. Unlike financial auditing where the subject matter is largely quantifiable, the boundaries of a firm, the criteria of reporting and internal controls of companies are established, the determinants of assurance on non-historical, non-financial information are less clear (…) The standard lacks precision in its prescriptions to address technical challenges such as risk and materiality assessment and the work to be performed when determining the levels of assurance for non-financial disclosures' (Sonnerfeldt et al. 2020).
The AccountAbility Assurance Standards (AA1000 AS) is a standard applied to verification of non-financial data. This standard enables making connections between nonfinancial aspects of sustainable development with reporting and financial revision. It offers a comprehensive approach to the accountability of organisations in terms of management, performance and reporting sustainable development issues by making an assessment of the compliance of the organisation's activities with the AA1000 Accountability Principles standard and through an assessment of the quality of disclosed data in the field of sustainable development. The process of assurance evaluation based on this standard is carried out in three stages: planning of verification activities, conducting verification activities and reporting by the assurance organisation. Planning aims to create a transparent strategy for collecting the evidence and its evaluation in the scope agreed on. During the verification activities, the assurance provider should evaluate and present findings and conclusions about the character and degree of compliance of the organisation's activities with AA100APS. The final stage is reporting, which consists of presenting to the public the report by the assurance provider which contains the findings, conclusions and recommendations. The assurance of the credibility of data can be achieved at a moderate or high level depending on the evidence obtained. All limitations of the scope of disclosed data and some verification activities should be contained in the report by the assurance organisation (AccountAbility 2008).
The aim of the International Standard on Assurance Engagements MSUA 3000 is to identify the basic principles and key procedures as well as guidelines applied when performing assurance engagements other than audits or reviews of historical financial information covered in the scope of International Standards on Auditing (ISAs) or International Standards on Review Engagements (ISREs). The planning of a service is preceded by an agreement with the client on the terms of the service. Planning includes developing an overall strategy regarding the scope of the issues to be paid special attention, time allocated to performing the assurance engagement, and a plan for the performance of the engagement, including details of the type, timing and scope of the procedures for collecting the evidence together with the justification of their choice. During the engagement, the practitioner is obliged to obtain appropriate and sufficient evidence to draw final conclusions. The engagement can yield 'reasonable assurance' or 'limited assurance'. The former lowers the assurance engagement risk to an acceptably low level. It is the basis for the practitioner's conclusion to be made in a positive form. In turn, an assurance engagement providing limited assurance lowers the engagement risk to an acceptable level (but higher than a reasonable assurance engagement). This is the basis for expressing the practitioner's conclusion in a negative form, by negation (Attachment no 3 to communication no 44/2014 of the Polish National Chamber of Statutory Auditors, of 18 November 2014). Recapitulating, this standard indicates the auditor's obligations concerning other information than financial information, and this will be the type of information comprised in non-financial reports. The role of an auditor in this area is to become acquainted with such information regarding its correctness, and to take appropriate steps.
It is worth emphasising that the procedure for verification of non-financial information that an auditor implements under the engagement consists in checking the compliance of the information with legal regulations. The outcome of the engagement does not provide the stakeholders in any way with the knowledge about the quality of information disclosed by an undertaking (see Federation of European Accountants 2015). For this purpose, the data must be assured (attested). This measure will improve stakeholders' trust in audited firms and will support their decision-making process.

Notion of a Non-Financial Report Audit and a Review of the Literature Dedicated to This Concept
The relevant literature proposes several terms applied to describe the same process of verification of non-financial information, e.g., external assurance of sustainability reporting, a review of non-financial reports, CSR audit, sustainability assurance, and according to GRI: assurance, external assurance, verification and certification, used interchangeably (see Kutera and Zyznarska-Dworczak 2018). Noteworthy, audits of non-financial reports include both verification and assurance of the information, and while many authors use the two terms interchangeably, it is possible to distinguish between them. Verification of non-financial data should be understood as an act of checking their completeness and the way they are contained in a report. The above service has been defined, for example, in AA1000AS, where it is explained that these are activities under the framework of which an assurance provider evaluates the information and draws conclusions regarding the information disclosed by the reporting organisation about its performance, underlying systems, data and processes relative to appropriate criteria and norms, in order to improve the credibility of disclosed information in the eyes of persons and organisations to which this information is addressed (Standard AA100AS after Krasodomska and Zieniuk 2021). In turn, assurance of non-financial data is considered in the context of confirming their truthfulness. According to the definition of assurance services enclosed in International Standard on Assurance Engagements MSUA 3000, assurance services comprise both assurance engagements where a party other than a statutory auditor accomplishes the measurement or evaluation of an issue which is the subject of the engagement, and direct services where a statutory auditor makes measurements or an evaluation of the issue which is the subject of the engagement according to the criteria (PIBR 2019). This is a service performed by an independent assurance body, which ensures that the reliability and credibility of the information presented in the analysed report can be confirmed. Conclusions are drawn and an opinion is made, which helps to improve stakeholders' trust in a given undertaking (Bartoszewicz 2018). Recapitulating, it appears that verification and assurance are closely interconnected because it is impossible to perform assurance of data without their previous verification. Both these activities are a component of the process of auditing non-financial reports. Furthermore, Sonnerfeldt et al. (2020) indicate that since 1990s 'an audit of non-financial information' has been increasingly often referred to as 'assurance services' in the standard setting arena and practice sites. In the European Commission's guidelines on non-financial disclosures, independent external assurance has been regarded as an example of how information can be made 'fairer and more accurate'. Implied in this report, assurance is purported as a third party, technical and neutral activity that provides verification that information has been presented in an unbiased and reliable way (Sonnerfeldt et al. 2020).
The auditing of non-financial statements can also be viewed in the context of market informational efficiency. The efficient market hypothesis, developed by Fama (1970), maintains that current prices of assets in financial markets are a reflection of the available information. The informational efficiency of markets rests on the assumption that current prices of stocks manifest all significant information with regard to the shaping of stock prices in the past. In practice, there are deviations from the efficient market hypothesis, called anomalies (Rutkowska-Ziarko et al. 2016). Financial statements of all listed companies are subject to verification by law. As for non-financial reports, their verification is voluntary, and it is only some undertakings obligated by Directive 2014/95/EU that a statutory auditor or an audit firm must check whether their non-financial reports (statements) have been published. However, there is no obligation to have full verification and assurance of the data contained in non-financial reports. Disclosures made in non-financial reports have an effect on how prices of assets are shaped on stock exchanges. Their reliability matters. It can therefore be assumed that verification of non-financial reports on a broader scale should results in investors being better informed, and this in turn would improve the informational efficiency of financial markets. Moreover, Xing and Yan (2019) demonstrated that good quality accounting data limits the systematic risk in capital markets. Presumably, the same pertains to all disclosures concerning the activity of a company. Hence, the assurance of non-financial reports should result in a lower risk borne by stock exchange investors.
Our review of the subject literature substantiates the claim that despite the important role that verification and assurance of non-financial data plays an important role in the context of sustainable development, this problem has been raised by few scholars thus far. There are numerous papers dealing with the issues of the content of non-financial reports and showing this problem from the perspective of reporting companies. What seems to be lacking are comprehensive studies discussing the same question from the point of view of audit firms. Some recent publications across the world that raise the subject of auditing non-financial reports are by Krasodomska  For instance, Krasodomska et al. summarised a webinar dedicated to practices and challenges of Assurance on Sustainability Reports (UNCTAD ISAR WBCSD Webinar-Assurance on Sustainability Reports: Current Practices and Challenges), underlining that disclosures in reports need to be reliable and perceived as credible by stakeholders. This allows the building of trust. They claimed that 'it is important that assurance, and other credibility enhancing techniques, is developed alongside EER frameworks and takes account of regulatory initiatives'. Furthermore, they pointed at 'providing a historical overview of European regulatory developments, providing a historical overview of the IAASB's development of ISAE 3000 and forthcoming guidance on addressing major challenges aimed at supporting EER' . In turn, the article authored by Venter and van Eck (2021) contains a detailed analysis of 121 articles 'on extended external reporting (EER) assurance published between 2009 and 2020. The authors offer ideas for future research directly linked to the proposed Guidance of the IAASB on EER assurance'. Petryk et al. (2018) review European and international experiences with respect to regulations governing the drawing up and issuing non-financial reports. They also present proposed regulations and solutions for non-financial reporting in Ukraine. In addition, they define the recommended groups of indicators, and to ground the main directions and tasks of their audit.
Auditing non-financial information as a service is difficult to perform. There are several reasons, for example it is impossible to measure data completely and there are no legal regulations in this regard. There is a lack of uniform methodology and metrics which would facilitate the evaluation of data contained in non-financial reports. This problem is highlighted by Kaspina and Samoilova (2020), who refer to the problem of verifying nonfinancial information in their considerations. In their opinion, one of the aspects which can make it impossible to perform assurance engagements concerning non-financial information is the absence of established criteria for non-financial accountancy. Reports dealing with sustainable development are most often drawn up in line with the principles of sustainable development reporting by Global Reporting Initiative (GRI). If this is the case, a statutory auditor will act in compliance with the standard procedures applicable to assurance services. The situation looks different in the case of reports prepared by foreign entities, which adhere to the principles obligatory in given countries and to the criteria set there for the performance of assurance services. In this case, it is difficult to select tools for analysis. Another challenge is to determine the significance of the study. Yet another problem is how to identify a suitable approach to sampling. A selective approach is chosen because the auditor's resources are limited and completing a full audit is hardly possible, hence it is necessary to select a sample for the study and to evaluate the credibility of information based on that sample, which when dealing with non-financial information might be an uneasy task (Kaspina and Samoilova 2020). Also, Lam and Khare (2010) suggest that the wide range of subject matters presented in non-financial reports, which stems from the essence of business's social responsibility and its multifaceted nature, makes it difficult to assure non-financial data (Lam and Khare 2010). The importance of non-financial report auditing is also emphasised by Cohen and Simnett (2015), who point to huge opportunities for research in this area. In their opinion, it is 'a crucial area where auditors and auditing research can help develop a tipping point where it may be to a company's advantage to engage in appropriate CSR behaviour and to document this behaviour in a report that will receive the rigorous scrutiny of quality assurance providers' (Cohen and Simnett 2015).
In Poland, the subject of verification and assurance of non-financial information has been raised in recent years by Krasodomska and Zieniuk (2021); Kutera and Zyznarska-Dworczak (2018); Bartoszewicz (2018); Bartoszewicz and Rutkowska-Ziarko (2021); Grabowska-Kaczmarczyk (2020); Staszel and Zieniuk (2017); Wiśniewska and Chojnacka (2016); Wójcik-Jurkiewicz (2020); Zyznarska-Dworczak and Fijałkowska (2018). It is worth noticing that in some of these articles the problem was considered from the theoretical angle, while in others the empirical aspect was discussed from the viewpoint of reporting companies rather than assurance providers. An example of an empirical approach is the study conducted by Wiśniewska and Chojnacka (2016), who analysed 27 companies in terms of submitting their reports to verification. The cited authors indicate that assurance of non-financial reports is a contributor to building stakeholders' confidence in social reports. The results of that research prove that most respondents submit their non-financial data to verification by an independent, external organisation. Based on the results of their study, the authors state that audit firms and GRI are most often chosen for the assurance of CSR data. Another study that inscribes itself in our discussion is the one completed by Krasodomska and Zieniuk (2021). It consisted of an analysis of data from non-financial reports of 935 companies, developed in accordance with the GRI principles. The two authors found that nearly half of the surveyed companies, including 34 companies from Eastern Europe (30%) and 426 ones from Western Europe (52%), submitted their non-financial information to an independent, external assurance service. Assurance services were mainly provided by the Big Four accounting networks, mostly Deloitte and E&Y, using the ISAE 3000 standard. The study also showed that the most common approach to the assurance of data was limited assurance.
As noted by Zysnarska-Dworczak, although entities focus on ensuring the highest quality of reports, the legal regulations do not obligate them to implement specific solutions, such as external verification of issued data in particular (Zyznarska-Dworczak 2016). Thus, entities make own decisions whether to submit non-financial information to external verification. A large amount of freedom in developing a non-financial report as well as the decision of most reporting companies to submit non-financial data to verification may give rise to a certain measure of doubt about the reliability of disclosed data. A study carried out by Szczepankiewicz (2021) shows that the 'soft' solutions set out in the regulations give companies considerable freedom in disclosing risk information, which is sometimes counterproductive. Therefore, it is of key importance to develop a single integrated standard for risk disclosures (Szczepankiewicz 2021).
An article that heralded the study presented in this paper was the one titled 'Barriers limiting audit of non-financial reports on Polish auditing services market', which we presented at the IBIMA Conference 2021. The aim was to identify the barriers to conducting non-financial report audits in Poland as well as to determine the percentage of audit firms being under audit supervision, which are performing this kind of services in Poland. It was found that only 2.3% of audit firms performed assurance engagements regarding non-financial information. Barriers include the low demand in this regard as well as insufficient staff resources in audit firms (Bartoszewicz and Rutkowska-Ziarko 2021). This was the starting point for a more in-depth analysis of the operations of the firms that offer non-financial information assurance on the Polish market.

Research Methodology and Data
The study presented herein constitutes pioneering exploration of the audit market in the area of reviewing non-financial reports (CSR ones) by audit firms and is also an introduction to further research in this field. The study was carried out between October and November 2020. The time scope of the research covered the period of auditing non-financial statements from the year 2017 to the year 2020. The studies took into account three full years, as well as the incomplete year 2020 due to the fact that the financial and nonfinancial reports are audited in the first half of the year. The conducted research covered a population of 1410 audit firms, which are supervised by the Polish Audit Oversight Agency (the Polish acronym: PANA). The choice of the above group of companies was motivated by the fact that they are under oversight of the PANA, which is an independent institution dedicated to the building of trust in financial information. The PANA provides independent supervision over statutory auditors, audit firms and professional accountancy organisations. It also ensures that statutory auditors audit financial statements and perform assurance services properly. These measures contribute to the improved investor safety and economic trading. The PANA responds to the Minister of Finances, who appoints and dismisses the PANA organs, gives its statute and approves the financial plan and financial reports of the agency. The list of 1410 companies is available on the PANA website (PANA 2020, as of 15 October 2020).
As a preliminary step in the research, the contact details of the companies listed on the PANA website were verified. Repeated or incomplete records were deleted. 1293 companies were qualified for the further stage of the study.
The study was supported by the Computer Assisted Telephone Interview (CATI) technique, where the survey respondents were the contact persons on the PANA website list of companies or else persons they indicated as competent to answer the subject questions. The measuring tool was an interview questionnaire composed of 12 questions and metrics (audit firm profile). The scope of the survey included descriptive characteristics of the analysed companies, selected aspects of performing audits in the field of non-financial reports, and factors which stimulate or hinder the rendering of such services (Appendix A). Finally, respondents from 774 audit firms were contacted by telephone, which enabled us to determine how many of the entities submitted to our study actually provide the service of verifying non-financial reports. Eighteen out of the 774 audit firms mentioned above declared having completed such a service over the past four years, while 756 stated that they did not perform audits of non-financial reports. In the light of the adopted research objective and due to the very small number of audit firms rendering verification and assurance of non-financial reports, the research results were presented with the aid of basic descriptive statistics tools. The chosen course of the investigations enabled us to uncover the factors that prevent the performance of non-financial information assurance services (Bartoszewicz and Rutkowska-Ziarko 2021).

Empirical Results
As the conducted survey demonstrated, a mere 18 out of 774 audit firms in Poland perform verification of non-financial reports, which stands for 2.3% of these entities. Of the 18 firms which audit non-financial reports, 12 (66.7%) agreed to participate in the entire study.
They are the companies with considerable experience in the auditing of financial reports. The average number of years performing financial audits is about 20. However, the experience gained in the assurance of non-financial information spanned half that time on average, i.e., 10 years. In addition, there was much discrepancy in how long the firms participating in our study have been providing the auditing services. Detailed information is given in Table 1. The research shows that in eight audit companies, the persons conducting the examination of non-financial reports (CSR ones) were always statutory auditors. In seven entities these persons specialize in the study of non-financial statements.
The analysis of the companies' profiles shows that due to the value of annual turnover, most of the surveyed companies are small and micro-enterprises (nine entities), only one of the companies can be classified as medium-sized. In two cases, this question was not answered. Moreover, eight of the audited audit firms employ no more than six auditors. four companies refused to answer this question.
The starting point for our analysis of the performance of non-financial report audits was the diagnosis of changes in providing non-financial assurance services that took place over the years 2017-2020 compared to previous years. As mentioned before, the number of non-financial information audits should have increased following the implementation of the provisions of the EU Directive, which obligated a group of nearly 300 Public Interest Entities in Poland to disclose non-financial information. Answers of our respondents to the question 'How has the number of entities using your non-financial report assurance service changed in 2017-2020 compared to previous years?' are presented in Table 2. The results show that over half of the firms surveyed did not notice a change in the number of audits of non-financial reports they performed in the analysed period of time compared to earlier years. Only a quarter of the firms pointed to an increase in the number of such audits. Noteworthy, nearly 17% observed a decrease in the number of such engagements. These answers suggest that it would be unwise to draw the conclusion that the implementation of the mentioned legal regulations translated into a rise in the CRS report assurance engagements. However, it should be added that the respondents were not able to precisely answer the question of what percentage of their clients carry out the verification of non-financial statements (CSR) due to the legal obligation.
According to the respondents, such a low percentage of audit firms (2.3%) which provide the service of verification and assurance of non-financial reports in Poland is caused by specific factors. They indicated some among the ones proposed in the questionnaire, such as: -'Low demand for such services' (factor 1); -'Lack of practical knowledge by auditors regarding the methodology for conducting an analysis of non-financial reports' (factor 2); -'Variety of approved standards for reviewing non-financial reports' (factor 3); -'Difficulties in making an assessment of the credibility of non-financial data' (factor 4); -'Much freedom in drawing up non-financial reports by companies' (factor 5).
Furthermore, the respondents who chose the answer 'others' could identify other barriers which in their opinion had a significant influence on the low number of performed audits of non-financial reports and are an obstacle to rendering this service. The answers supplied are summarised in Table 3. Table 3. Number of indications of each factor seen as an impediment to the provision of non-financial information verification and assurance services.

Factor
Number of Indications 1 'Low demand for such services' 7 2 'Lack of practical knowledge by auditors regarding the methodology for conducting an analysis of non-financial reports' 1 3 'Variety of approved standards for reviewing non-financial reports' 3 4 'Difficulties in making an assessment of the credibility of non-financial data' 3 5 'Much freedom in drawing up non-financial reports by companies' 4 6 'Others, such as?' 3 Source: own research.
The survey results demonstrate that the most significant barrier (seven indications) to auditing non-financial reports is the low demand for such services. Another important factor is the large diversity in drawing up non-financial reports by reporting companies (4 indications). The respondents also mentioned other circumstances which limit the performance of such services. These include: cutting down prices for such services by audit firms, resulting in a low hourly rate of pay at a high input of labour; standards of assurance engagements which are created for large audit firms, and consequently small firms find it difficult to satisfy all documentation and control requirements; lack of knowledge by management as regards ESG factors and quality of published information, which entails the lack of willingness to be subject to external verification by reporting companies.
The latter answer is clearly connected with the previous factor, such as the low demand for assurance services. The fact that reporting companies are often unwilling to submit the disclosed non-financial information to verification means that the demand for verification and assurance services is low.
The small percentage of audit firms that provide non-financial report assurance services (2.3%) implicated the need to determine the causes of this situation. In consequence, the same question about the factors which impede the performance of non-financial report auditing was asked to the group of respondents who do not provide this service but agreed to participate in the study (226 entities). It is worth noticing that over half of the firms in this group-125 answers (see Bartoszewicz and Rutkowska-Ziarko 2021) pointed to the same limiting factor, i.e., an excessively 'low demand for such services". According to these respondents, another serious limitation was the lack of practical knowledge among auditors as regards the methodology for reviewing non-financial reports. This answer was given by 64 respondents, that is nearly one in three entities.
Other factors (given by those who chose the answer 'others') that are an obstacle to performing audits of non-financial data given by 103 firms (46%) of the group of audit firms which do not offer the service of verifying non-financial reports were as follows: 'No such requests' (factor 6) 'No time for performing an additional service' (factor7) 'High cost of performing the service and lack of experience in this area' (factor 8) 'Not enough workforce' (factor 9).
According to the survey results, an additional impediment most often given in the questionnaire as 'others' was 'no such requests'. It was suggested by nearly 40% of the respondents (41 answers). The group of entities that mentioned this factor could be composed of audit firms which are prepared to verify and assure non-financial data in terms of their staff and competences but fail to provide this service in practice because they are not requested to do so. The most likely reason is the fact that most companies in Poland are not legally obligated to produce non-financial reports, which most definitely is manifested in the subsequent stage of drawing up a non-financial report when the data it contains are not verified externally. Even when non-financial reporting by some CSR companies is voluntary, corporate boards or managers are not interested in having their reports audited. The factor 'no time for performing an additional services' was indicated as important by the firms which are not interested in widening the scope of services they offer and include assurance of non-financial information because they already receive many requests to carry out audits of financial reports. For some respondents (group suggesting factor 8), the execution of non-financial report auditing is an expensive service, which requires both specialist knowledge and experience in verifying non-financial data. These circumstances entail a high risk and therefore the service is not offered by the audit firms in this group. Some respondents suggested that the limitation lies in the small size of their company and workforce, which implies the need to narrow the offer and specialise in a specific field. This group is composed of micro-firms, whose business profile focuses on auditing financial statements (see Bartoszewicz and Rutkowska-Ziarko 2021).
In order to identify the factors that might increase the number of performed nonfinancial report auditing, the respondents were asked to evaluate some possible stimulants. The respondents assessed the given factors on a Likert's five-degree scale. The results are collated in Table 4. Table 4. Potential factors supporting the development of non-financial report verification and assurance.

Statement
Number of Indications (N) 1 2 3 4 5 Mandatory obligation for most companies to have non-financial reports reviewed would support the development of non-financial information auditing services 0 1 5 2 4 Detailed indication by a reporting company of the area which need to be examined during the verification of non-financial reports would support the development of non-financial report auditing services 1 0 2 7 2 Introduction by the legislator of methods for quantitative assessment of subject areas indicated in non-financial reports would support the development of non-financial report auditing services 0 3 3 4 2 Better accessibility to training sessions on the subject of conducting audits of non-financial reports would support the development of non-financial report auditing services 1 1 2 5 3 1-I strongly disagree, 2-I quite disagree, 3-I do not disagree or agree, 4-I quite agree, 5-I strongly agree. Source: own research.
The results of the completed questionnaire show that the respondents agree with most of the statements. The vast majority believed that the number of non-financial report audits would increase if the legislator stated specifically which areas should be submitted to verification during such an audit. More than half agreed that the development of nonfinancial information auditing services would be stimulated by a better offer of training sessions in this field, as this would enable audit firms to gain competences in this area. Half the respondents decided that the mandatory obligation to have non-financial reports verified would support the development of non-financial information auditing services, while the other half were unable to take a position on this matter. Moreover, the respondents pointed to the following three issues which could stimulate the development of nonfinancial data auditing services: raising awareness among clients of audit firms (reporting companies) of the importance of the information contained in non-financial reports; expectations of investors in terms of reliable and verified non-financial information being clearly signalled; education of the market and the board members of reporting companies on the importance of verifying non-financial reports and assuring the data they contain.
It needs to be emphasised that the level of demand for auditing of non-financial reports, in the opinion of respondents, has not changed despite the implementation of the provisions of the EU directive concerning the obligation to report non-financial data by chosen companies. seven audit firms declared that the performance of non-financial report auditing has remained on a similar level since 2017, three observed a certain increase while two admitted that it decreased. The most likely reason for the lack of an overall increase in the demand for verification of non-financial reports is the limited obligation to have such data verified and assured. It only covers entities which are obligated by the provisions of the said EU directive to report non-financial data, and the assurance by an independent third party consists in issuing a statement that such data are reported by a given entity. Entities are free to make a decision whether they will have their non-financial information fully verified. There is no mandatory obligation in this matter. This kind of service incurs a cost, hence very few companies commission audit firms to perform verification services. Probably only those entities that are legally required to verify the nonfinancial disclosure statement. Our study shows that audit firms verify up to four reports annually (eight indications), which proves that such services are an additional business activity carried out by audit firms, which are mostly occupied by auditing financial statements (Table 5). Thus, the percentage of revenues earned from auditing non-financial reports in the total revenues of audit firms is a mere 4%, as indicated by seven companies (Table 6).  The research results suggest that in most of the firms involved in our survey the persons who verify non-financial reports are statutory auditors (eight out of 12 indications) or specialise in such engagements (seven out of 12 answers). It can therefore be assumed that due to some similarity in the methodologies of verification of non-financial and financial reports, the former are most often carried out by statutory auditors, who are best prepared to this task. However, because of the specific character of examining non-financial information, audit firms most probably train selected members of their staff who then audit non-financial reports when the need arises.
The answers given by the respondents reveal that the audit firms most often chose the ISAE 3000 standard, as it was used for performing non-financial information verification and assurance in 10 out of 12 firms, which makes up 80% of these survey objects (Table 7). Taking account of the fact that verification of non-financial reports is most often performed by large audit firms, it can be assumed that they possess the methodology, developed and constantly updated with the help of experts, for verification of financial and non-financial data, which relies on international standards applicable to assurance services, such as ISAE 3000. They are capable of providing comprehensive services of auditing financial reports and verifying non-financial reports, which gains importance in the light of integrated reporting and reporting obligations imposed by Directive 2014/95/EU (see Hummel and Michalak 2016). It is also consistent with the recommendations ( Wiśniewska and Chojnacka 2016), where the most popular standards applied to the verification of non-financial data are said to be Standard AA1000AS,SA8000,ISAE 3000 'Assurance engagements other than studies and reviews of historical financial information'. Our results are also convergent with the recommendations arising from the research of Krasodomska and Zieniuk (2021).
This study was also an effort to find answers to some queries about the clients who request to have their non-financial reports audited. The number of submitted orders was verified. The answers to the survey questions are contained in Table 8, including a division into all audit firms engaged in the study and the legal form of organisation of the companies which submit requests for non-financial information review. Noteworthy is a considerable divergence between the surveyed audit firms in the number of undertakings requesting a non-financial audit. Listed companies most often request such a service, making up 50% of all clients who had their non-financial information assured by audit firms. Nearly a quarter of all undertakings submitting a request for non-financial information assurance were limited liability companies. The survey research also acquired the information about the type of capital (national, foreign or mixed) which prevailed in the companies requesting non-financial report audits. In 8 (67%) audit firms, their clients were mostly companies with Polish capital. Four other audit firms (33%) had mostly clients which used mixed capital to finance their operations.
On average, one audit firm over the past four years performed non-financial data assurance services for 17 undertakings (Table 9). Half of audit firms had no more than eight clients requesting such auditing services. The number of entities submitting their request for verification of non-financial reports is characterised by a strong right-handed skewness, which means that for most of the audit firms involved in the study the number of requests for assurance of non-financial information was lower than the average (17 companies). On the other hand, few other audit firms provided services to a relatively large number of companies. For instance, the biggest audit firm provided assurance to 60 undertakings (29%), while the smallest one verified non-financial information for two (1%) companies.

Discussion
The research presented here is a pioneering and pilot study, hence a considerable limitation to discussing it lies in making versatile references to studies by other researchers in the same area. The review of the literature enabled us to find few articles dealing with the problem we raise, that is the verification and assurance of non-financial data.
The results achieved from our survey are in many cases surprising. For instance, before launching the survey, we supposed that many audit firms conduct audits of nonfinancial reports in Poland. This assumption was based on the dynamically developing non-financial reporting among business undertakings in Poland. However, the survey yielded the result of 2.3%. This is coherent with results of the KPMG research made in 2013, which showed that less than a half of the respondents (reporting companies) decided to have their non-financial data verified by an external body, and they were only the largest companies, whereas 1/5 of the analysed companies had an internal control organ (see results of a study comprising listed companies), Kostrzewa (2014). When referring this very small percentage of audit firms which verify and assure non-financial reports with research results obtained by Wiśniewska and Chojnacka (2016), where most respondents (reporting companies) declared that they submitted their non-financial data to auditing by independent, external entities, it should be concluded that audits of non-financial reports are carried out by the same audit firms. This seems to suggest that there are few entities in the Polish auditing market which perform the service of auditing non-financial reports, which are also leaders in this field. This conclusion is consistent with the results reported by Krasodomska and Zieniuk (2021), who demonstrated in their study that verification and assurance services were mainly provided by audit firms identified as the socalled Big 4, mostly Deloitte and E&Y. And although the study of Birkey et al. (2016) covering American companies justifies the claim that 'outside assurance enhances a firm's environmental reputation regardless of the assurer type', the findings reported by Martínez-Ferrero and García-Sánchez (2018) prove, 'that the probability of detecting material errors and omissions in a sustainability report is higher if it is verified by a Big 4 accounting firm and by an industry expert as an assurance practitioner' (Quick and Inwinkl 2020).
The small percentage of audit firms conducting audits of non-financial reports is influenced, among others, by the specificity of this service, which requires certain qualifications to perform it. Petryk et al. (2018) suggest that due to, 'the fundamentally new direction of the work of auditors, there is a need for highly skilled professionals who are able to provide a qualitative audit of non-financial reporting. Therefore, the training of specialists in the field of audit of social responsibility or audit of non-financial reporting is relevant'. A possible solution, implicated by these authors in their article dealing with the assurance of non-financial information by auditors in Ukraine, is to launch a plan of trainings for auditors by the Audit Chamber of Ukraine under the umbrella of a continual professional skills improvement programme for auditors with courses in specific fields, followed by certification of professionals in this area (Petryk et al. 2018). In our opinion, the same solution could be implemented in Poland as well, and specialist trainings and certification of auditors in the field of non-financial information verification and assurance might be conducted by the Polish Chamber of Statutory Auditors. This could facilitate the inclusion of a new service offered by audit firms, and its commissioning to employees who specialise in this field.
In addition to the barriers that in practice hinder the implementation of audits of nonfinancial reports, such as specialist qualifications (knowledge) to perform it, there are also stimulating factors. These include legal regulations. Mandatory obligation for most companies to have non-financial reports reviewed would certainly support the development of non-financial information auditing services. Krasodomska and Zieniuk (2021) observe that while there is no obligation to have a company's non-financial report audited, it is recommended to make such a decision voluntarily in view of the benefits to be had from this process by both reporting companies and users of disclosed information. These authors quote the guidelines of Global Reporting Initiative (GRI), which recommends independent assurance of non-financial disclosures, which can ensure the accuracy, completeness and reliability of released data. Owing to this, trust of both information users and management regarding the quality of non-financial information will increase, which in turn will mean that these data will be used more widely in decision-making processes (GRI, 2013 after Krasodomska andZieniuk 2021). It needs to be underlined that according to our research, in Poland listed companies are mainly making a request for verification and assurance of non-financial information, they make up 50% of all undertakings for which the non-financial information was assured, while a quarter of these entities was composed of limited liability companies. These findings are consistent with results reported by some other scholars, for example Sierra et al. (2013, who point to the fact that larger companies more often request an assurance service, and both listed and limited liability companies should be classified as such. Our results show that verification of reports is most often commissioned by companies with Polish capital. Wiśniewska and Chojnacka (2016) add a conclusion from their research, maintaining that the highest percentage of CSR data submitted to external verification occurred in the sectors of banking, finances and insurance.
It is worth underlining that one of the targets of auditing non-financial reports is to ensure stakeholders that the disclosed information is reliable. The level of this assurance may vary depending on the adopted standards used by the assurance provider. Krasodomska and Zieniuk (2021) reported that the audit firms they investigated used the ISAE 3000 standard for non-financial information verification, which is confirmed by our study results, where this standard was most often indicated by the respondents as the one their audit firms used to verify and assure non-financial reports. Noteworthy, this standard offers two levels of assurance 'reasonable (sufficient) assurance' and 'limited assurance'. As noted by Quick and Inwinkl (2020), both reasonable and limited assurance ensure an acceptable degree of trust as regards the accuracy of disclosed data. However 'reasonable assurance' is superior because it is expressed as an unmodified conclusion worded in the positive form. 'Limited assurance' offers an acceptable level of certainty but is a conclusion given in a negative form and therefore it is not as strong as 'reasonable assurance' (see Quick and Inwinkl 2020). Furthermore,  are of the opinion that 'although significant development is under way in the reporting of extended external reporting (EER) and the associated standard-setting approach, for the assurance side the challenges are different'. As observed by Grabowski during the previously mentioned UNCTAD ISAR WBCSD Webinar, 'the IAASB is poised to issue guidance for assurance practitioners to enable more consistent and appropriate application of ISAE 3000 (Revised) to EER assurance engagements and greater trust in the resulting assurance reports by users of EER. This guidance addresses 10 key challenges identified by the IAASB in providing assurance on EER, including assurance of narrative and forwardlooking information, both of which are commonly contained in EER frameworks' .

Conclusions, Research Limit and Direction for Future Research
The significance of the problem raised in this article stems from the obligation to verify and assure non-financial statements increasingly often released by businesses around the globe. Our choice of audit firms as the researched population for investigating the execution of non-financial audits is justified by conclusions presented by such scholars as Asif et al. (2013), Sierra et al. (2013), Wiśniewska and Chojnacka (2016). They studied the same issue from a slightly different approach and concluded that verification of non-financial reports is mostly conducted by audit firms. However, it should be emphasized that the selection of audit companies for research narrows the group of entities that can provide the service of non-financial reports audits. This limits our research, because despite indications of other authors that audit firms are the entities that most frequently performing audits of non-financial reports, in practice this service may be performed by other entities, such as consulting companies. There is no legal indication of entities that provide this type of service.
Our study fills the research gap in the analysed area, indicating factors limiting and stimulating the performance auditing of non-financial reports in Poland. We also define the scope of operation of the companies that provide this service. Below, we answer to our research questions.
The research results prove that in most of the surveyed firms the persons engaged to verify non-financial reports are statutory auditors and specialise in the provision of such a service (research question 2). This suggests that they are best prepared to make nonfinancial information audits owing to some similarity between the methodology used in this case and the one applied to financial report auditing, which is what auditors typically do. Audit firms train selected staff members, who can perform an audit of a non-financial report on behalf of their audit firm when a request is submitted. The standard which is the most often applied by auditors to the verification of non-financial information was the ISAE 3000 standard (research question 6).
The low percentage of audit firms which provide the service of auditing non-financial reports (2.3%) can be attributed to several factors, which we were able to identify in this study (research question 3). The one most often quoted by the respondents is 'the low demand for this type of service'. Another frequent explanation was the lack of requests for this service. This situation suggests that even the audit firms which are prepared in terms of possessing competent staff and know-how to perform audits of non-financial data may not be given an opportunity to do it. The reason is, as implicated earlier, that only some audit firms are commissioned such work, on top of which some reporting companies decide not to have their non-financial reports audited. A decision to request the auditing of a company's non-financial report lies in the hands of the company's management, and there is little interest among managers in doing so (as indicated by the respondents).
Some firms present in the Polish audit market are not interested in broadening their offer by adding the service of non-financial information audit. As pointed out by our respondents, their business activities focus on financial reports, and the inclusion of a new service would incur additional costs and force them to employ a greater number of auditors to actually perform this service. Furthermore, the specific nature of non-financial information auditing makes it a challenging task, which means that some employees would need to enrol in specialist courses, and this would entail further expenses.
The small percentage of firms which specialise in the auditing of non-financial information is consistent with the average number of non-financial (CSR ones) reports that were verified by audit firms in Poland each year (research question 5). Our study revealed that each audit firm on average verified and assured non-financial reports for 17 reporting companies in the past 3 years. We also found out that the number of companies requesting the verification of CSR reports is characterised by a strong right-handed skewness. The biggest audit firm performed assurance engagements for 60 entities (29%), and the smallest one verified non-financial reports for two (1%) companies. This attests to the fact that reporting companies place orders for verification of non-financial statements with selected audit firms, which offer the execution of this service.
An obvious factor that can stimulate a rise in the number of audits, affecting the reporting companies, consists of legal regulations. The respondents agreed with the claim that 'a mandatory obligation to have non-financial reports audited imposed on most companies would support the development of non-financial information auditing services'. Under the current legal circumstances, Poland has implemented as binding the provisions of Directive 2014/95/EU. In our opinion, their entry into force as of 2018 should have increased the demand for verification of non-financial reports (research question 1). However, this presumption was not confirmed by the study. The results show that over half of the surveyed firms did not notice a change in the time period analysed relative to previous years. This situation is affected by the regulations that govern non-financial reporting. Although some undertakings have been obligated to report non-financial data, they are not legally bound to submit issued reports to complete verification by a statutory auditor. At the moment, having a non-financial report audited is a voluntary service, although a statutory auditor or an audit firm must verify if a report on non-financial data has been released by a company if it is legally bound to do so by the mentioned EU directive. Our research shows that the most often listed companies request for an audit of non-financial reports, making up 50% of all clients who had their non-financial information assured by audit firms. In audit firms, their clients were mostly companies with Polish capital (research question 4).
Recapitulating, the results of our study justify the following conclusions: (1) The Polish auditing market comprises only few firms which perform audits of nonfinancial reports. These are big audit firms, which focus on audits of financial reports, while verification and assurance of non-financial information is an additional service, provided to reporting companies that request it.
(2) The factor that most strongly limits the performance of non-financial report audits is the low demand for this service, which stems from the fact that the obligation to verify and assure non-financial data is not mandatory for all reporting companies. Some entities which are covered by the EU directive decide to have their data verified, but place orders for this service with the biggest audit firms. (3) Some audit firms present in the Polish market are prepared in terms of knowledge and resources to provide the said service but are unable to compete with large firms. Smaller firms, in turn, do not decide to widen the scope of services offered including the auditing of non-financial reports because of costs of training their staff and hiring new staff, or because they lack experience in this field. Support in this area could consist of uniform standardisation, based on which non-financial auditing would be conducted, as well as the development of metrics to measure non-financial data, which would contribute to the methodology of completing non-financial information audits. (4) The number of audit firms performing non-financial information auditing depends on the demand of reporting companies for such type of services. Thus, an increase in the number of firms providing the service of verification of non-financial reports may be stimulated by greater awareness of market players and corporate management of the importance of non-financial reports and the assurance of the data they contain. (5) The factor that would most significantly stimulate the development of the auditing market in the area of non-financial report audits could be the clarification of legal regulations, which would impose the obligation to verify and assure disclosed nonfinancial data with full audits for all reporting companies. Reporting 2021) that contains proposes the obligation of the assurance of reported non-financial information. Introducing this kind of legal regulation would ensure the reliability of the reported data. (6) Non-financial information should be submitted to full auditing, and the context of considerations in regard to the reliability or correctness of their audit should be connected with the data comprised in the relevant financial report. In other words, nonfinancial data should not be reviewed as if disconnected from the financial report. It is therefore necessary to develop suitable metrics that would enable the user to make links and to check the coherence between financial and non-financial data.
The current state of research about the practice of non-financial reports audit suggests necessitates further research that should be conducted on the point of view of companies reporting non-financial information. Such research might lead to the determination of barriers and stimulants which result in companies' reports being audited or not. Moreover, in the absence of any indication in legal regulations about what entities ought to provide the service of auditing non-financial reports, the population investigated in further studies should be expanded to include consultancy and certification firms. This research approach would give a complete picture of performed services consisting of the verification and assurance of the credibility of non-financial data in Poland. Additionally, it would enable one to compare different types of firms in terms of performed auditing services in this field.
Because of a high degree of freedom companies have had to date in drawing up nonfinancial reports and choosing one of many standards that constitute the guidelines as regards the scope and form of presented information, it seems necessary that such information be verified. Noteworthy is the fact that the number of released non-financial reports (including CSR reports) containing non-financial data is growing year after year, which necessitates the assurance of disclosures released by reporting companies. The lack of audits of non-financial reports creates the exposure to the risk of making an inadequate decision on the basis of erroneous information by stakeholders of these reports. Performing reliable verification of the data contained in reports released by companies reduces the risk in business. Any activity carried out to measure, model and reduce risk contributes to improved safety and better efficiency of economic activity (Włodarczyk 2018). This also applies to audits of non-financial reports. If the level of assurance of non-financial data is low, there is a risk of untrue disclosures in this area. In order to decrease the occurrence of risk and to constrain its negative consequences, it is necessary to implement the solutions indicated above, which can help to develop the market of auditing services in Poland and to increase the number of firms providing the service of auditing non-financial reports.  (a) less than 4 auditors (b) 4-6 auditors (c) 7-9 auditors (d) 10-12 auditors (e) 13-15 auditors (f) more than 15 auditors IV. Taking into account the achieved annual turnover, is your company: (a) micro-enterprise (up to EUR 2 million) (b) small enterprise (over 2 below EUR 10 million) (c) medium-sized enterprise (above 10 below EUR 50 million) (d) large enterprise (over EUR 50 million)