Auditability is a foundational requirement of credible ESG reporting. Whether you're disclosing to comply with the CSRD, preparing for an EcoVadis assessment, or targeting SBTi or ISO certifications, your ESG data must be traceable, justified, and verifiable.
This article provides general, cross-framework guidelines to help you meet audit expectations aligned with auditors and leading ESG standards (Ecovadis, CSRD, ISO, GRI, SBTi, etc.).
📌 What Does “Auditability” Mean?
Auditability refers to the ability of a third party (auditor, verifier, or rating agency) to:
Verify that the data you report is accurate and complete,
Trace it back to a reliable source,
Understand the methodology, assumptions, and scope,
Evaluate its alignment with applicable frameworks and definitions.
🧭 Why Auditability Matters
Required for regulatory frameworks like the CSRD (limited assurance required starting FY2025).
Essential to maintain credibility with investors, clients, and stakeholders.
Directly impacts scores in ratings like EcoVadis, which penalize unsubstantiated responses.
Mitigates risk during due diligence, fundraising, and third-party reviews.
🧱 Core Pillars of Audit-Ready ESG Data
Here are the key building blocks to ensure auditability across all ESG frameworks:
1. 📂 Supporting Evidence
Always attach documentation to substantiate your answers: Excel files, policies, meeting notes, utility bills, carbon assessments, screenshots, etc.
File types accepted include PDF, XLSX, DOCX, JPG, and more.
Evidence should be up-to-date, directly linked to the indicator, and stored securely.
💡 EcoVadis best practice: Attach at least one document per question to avoid minimum scores.
2. 🗣️ Justification & Context
Provide a narrative explanation where required: what methodology was used, what period the data covers, why some data may be partial, etc.
Use the comment fields to explain:
Estimations or proxies used
Reasons for missing data
Scope boundaries or exclusions
💡 CSRD and GRI both require contextual disclosures, especially for quantitative indicators.
3. 🧮 Defined Methodology
Use standardized methods for metrics like GHG emissions (GHG Protocol, Bilan Carbone, ISO 14064), diversity (EEOC definitions), or water usage (GRI 303).
Be clear about the data determination approach you chose: actual measurement, assumption, sectoral average...
Clearly document:
Calculation formulas
Emission factors or conversion assumptions
Sources of sectoral averages or proxies
Software tools used (e.g., SimaPro, Excel models, GHG accounting platforms)
💡 Auditors emphasize transparent methodologies and consistency over time.
4. 🏷️ Defined Scope & Coverage
Indicate whether the data covers:
All entities, business units, or only a subset
The entire reporting period or only a partial timeframe
Explain any geographic or organizational exclusions.
💡 SBTi and ISO certifications often require clarity on what % of operations or emissions are covered.
5. 🔁 Version Control & Data Traceability
Retain original raw data files and version history.
Use centralized platforms (like Greenly) to manage updates, avoid file loss, and maintain traceability.
Enable audit trails: who entered the data, when, and what changes were made.
💡 Auditors increasingly request logs of data history to validate reporting integrity.