Ayika Labs
← All posts
GUIDE 4 min read

Building an Audit Trail for Climate Reporting

An audit trail is what separates a sustainability report that looks right from one that can be independently verified. Here's what it requires and how to build it.

WH

Walid Hajj

Co-founder, Ayika Labs

Organised documents and files in a clean office setting
Photo by Maksym Kaharlytskyi on Unsplash
Audit Trail Assurance Climate Reporting Traceability AASB S2 Australia

When an external assurance provider reviews your sustainability report, they are not taking your word for the numbers. They will trace each reported figure back to its origin: the source document, the calculation methodology, the emission factor used, and the approval process that signed it off.

That traceability chain — from the reported number all the way back to a physical invoice or meter reading — is what we mean by an audit trail in the context of climate reporting.

Why the audit trail matters

AASB S2 mandatory reports are subject to external assurance from the first year of reporting. Even limited assurance (the starting requirement) requires an assurance provider to:

  • Review your calculation methodology
  • Test a sample of underlying data against source documents
  • Verify that the figures disclosed can be supported by evidence

If the audit trail is incomplete or inconsistent, the assurance provider will issue a qualified or adverse conclusion, or require the figures to be restated. This is a reputational issue, a cost issue, and potentially a legal issue under the Corporations Act.

The five components of a strong audit trail

1. Source documents

Every data point in your emissions calculations should be supported by a source document: an electricity invoice, a fuel card statement, a meter reading photograph, a utility export file, a supplier certificate.

Source documents need to be stored in a way that links them to the specific data point they support. A filing cabinet or unstructured shared drive is not sufficient — you need to be able to say “this Scope 2 figure for Site A in Q3 is supported by these three invoices.”

2. Data extraction records

When data is extracted from a source document into a calculation, there should be a record of what was extracted, when, and by whom. This matters particularly when invoices are processed manually: if an accounts payable team member reads a figure from an invoice and enters it into a system, there should be a clear link between the entered value and the invoice.

3. Emission factor references

For every calculation, the specific emission factor applied must be recorded: the source document (e.g., “NGA Factors FY2025”), the table and row reference, and the factor value. This allows any calculation to be independently reproduced.

4. Calculation methodology

The methodology used to convert activity data to CO₂e should be documented — not just the formula, but the decisions behind it: which GHG Protocol categories are included, how site boundaries are defined, how partial periods are handled, how metered vs estimated data is treated.

A documented methodology makes your calculations reproducible and defensible when questioned.

5. Review and approval records

Who reviewed the data before it was included in the report, and when? What checks were performed? If a figure was queried and revised, what was the reason?

These records demonstrate that the report reflects a quality-controlled process, not an unreviewed spreadsheet output.

Common audit trail failures

Data collected but not linked to source documents. Numbers entered into a spreadsheet without a reference back to the invoice or meter reading that produced them. When the assurance provider asks for evidence, there’s nothing to show.

Emission factors hard-coded without version references. A calculation spreadsheet with a conversion factor entered as a number, with no reference to where it came from or when it was last updated. If the assurance provider asks how you verified the factor was current for the reporting period, there’s no answer.

Approval recorded only in email. A sign-off email saying “these figures look right” from a senior manager. This is not an audit trail — it’s a message that may be difficult to locate, doesn’t record what was actually checked, and is not formatted for external review.

Revision history absent. If a figure was changed during the reporting process (because an invoice was reissued, a metering error was identified, or a methodology error was corrected), there should be a record of what changed, why, and when. A spreadsheet that just shows the final figure without any change history fails this test.

What good looks like in practice

A well-constructed audit trail for a single Scope 2 figure might look like this:

  1. Source document: Electricity invoice for Site A, June 2025, stored at [document reference], showing 87,450 kWh consumed
  2. Data extraction: Consumption figure entered on 15 July 2025 by [name], referencing invoice [number]
  3. Emission factor: NGA Factors FY2025, Table 3, Victoria grid, 0.94 kg CO₂e/kWh
  4. Calculation: 87,450 × 0.94 = 82,203 kg CO₂e = 82.2 tonnes CO₂e
  5. Review: Reviewed by [name] on 20 July 2025, no exceptions noted
  6. Approval: Included in Q4 FY2025 report, approved by [name] on 28 July 2025

That chain takes about two minutes to construct if the process is set up correctly. Without the process, reconstructing it retrospectively is extremely time-consuming and may not be possible.

Ayika is built to maintain this audit trail automatically — from invoice ingestion through to reported figures, with factor versioning and approval records stored alongside the data. See how it works.

From Ayika Labs

Ready to see how Ayika handles your reporting?

Built specifically for construction and infrastructure teams in Australia. Book 15 minutes to see it in action.

More articles