Short summary
An assurance provider reviewing CSRD climate disclosure will request a structured set of evidence for every material data point. This guide sets out what evidence is needed for Scope 1, 2, and 3 data, carbon credits, and governance — and how to have it ready before the audit engagement begins.
- What a climate audit pack must contain for CSRD limited and reasonable assurance
- Scope-by-scope evidence requirements with specific document types
- Carbon credit documentation: the complete set required for assurance
- Governance evidence: how to prove that the numbers have been reviewed, approved, and authorised
The audit pack is the compiled evidence that an assurance provider uses to verify that the numbers in your CSRD climate disclosure are "reliable, verifiable, and complete." It is not a single document — it is a structured collection of source documents, calculation records, approval trails, and governance documentation that, together, allow an independent reviewer to trace every material figure in your disclosure back to its source.
Most organisations assemble this collection reactively — when the assurance provider requests it. The organisations that are prepared have it ready before the engagement begins, because the evidence was generated as work happened, not assembled after the fact.
What Is a Climate Audit Pack?
A climate audit pack is a structured export from your climate ledger, covering a defined scope (reporting period, entity, and scope categories), that contains:
- The emissions inventory for the scope: totals, by category, with prior-year comparison
- The source records for material data points: energy invoices, supplier declarations, transport records
- The calculation records: what inputs were used, what emission factors were applied, with vintage and methodology reference
- The approval records: who reviewed and approved each material data point, with timestamp and role
- The carbon credit documentation: purchase, ownership, retirement, and project documentation
- The governance documentation: who has oversight of the climate process, how targets are set and monitored, how the disclosure was reviewed and signed off
The pack should be completable by the assurance provider without requiring additional document requests — everything they need to verify the disclosure is in the pack. When they need to request additional documents, the engagement timeline extends and assurance fees increase.
Scope 1 and 2: The Evidence Requirements
Scope 1 (direct emissions — fuel combustion, process emissions, company vehicles):
| Source category | Evidence required |
|---|---|
| Stationary combustion (boilers, generators) | Fuel invoices or meter readings, fuel type confirmation, emission factor with vintage |
| Mobile combustion (company fleet) | Fuel purchase records or fleet telemetry data, vehicle register, emission factor |
| Fugitive emissions (refrigerants) | Service records showing refrigerant type and quantity charged/recovered, GWP values |
| Process emissions (manufacturing) | Production records, process measurement data, methodology reference |
Scope 2 (indirect emissions from purchased energy):
| Method | Evidence required |
|---|---|
| Location-based | Energy invoices, grid emission factor for each location (government or utility source), factor vintage |
| Market-based | Energy invoices, supplier-specific emission factors or residual mix factor, Guarantee of Origin (GO) or Renewable Energy Certificate (REC) if applicable |
ESRS E1 requires both location-based and market-based Scope 2 disclosure. Many organisations have only one; provide both or disclose the absence of the other method with explanation.
Scope 3: Evidence by Category
ESRS E1 requires disclosure of Scope 3 emissions across all 15 GHG Protocol categories (where applicable) or an explanation of why a category is not relevant. For material categories, evidence requirements are:
Scope 3 Evidence Tiers
- Primary data (preferred): Supplier-provided actuals with methodology documentation. Must be collected through a structured workflow with review and approval records.
- Activity data + emission factor: Your own activity data (spend, distance, quantity) multiplied by an appropriate emission factor. Evidence = the activity data source + the factor with reference.
- Spend-based estimation: Expenditure multiplied by a spend-based emission factor. Evidence = financial records + the factor database used. Disclosed as secondary data; counts against primary data percentage.
Category 1 (purchased goods and services): Supplier declarations (with supporting methodology), or activity data plus emission factors. Review and approval records for each material supplier submission.
Category 4 (upstream transportation and distribution): Carrier emission data or GLEC calculations with bill of lading, route data, and factor references.
Category 6 (business travel): Travel booking system export, airline emission factors (DEFRA or equivalent), accommodation data if material.
Category 11 (use of sold products): Product emission factor methodology documentation, sales data, assumed use patterns. This is one of the most complex categories and typically requires specialist methodology review.
Carbon Credits: The Full Documentation Set
For each credit or batch of credits included in the disclosure, provide:
- Purchase documentation (contract or broker confirmation) with credit quantity, vintage year, project ID, and registry name
- Registry transfer record showing the credit in your account
- Retirement certificate with the specific serial numbers retired and the retirement date
- Project validation report (Verra, Gold Standard, or equivalent third-party validation)
- Confirmation of Corresponding Adjustment status (required for ESRS E1 and increasingly required for net-zero claims under SBTi)
- Internal approval record showing who authorised the purchase and against which emission category the credit is applied
Governance Evidence: The Trail Behind the Numbers
Assurance providers verify not just the numbers but the governance process that produced them. Governance evidence includes:
- The terms of reference or charter for the sustainability governance function (who is responsible for what)
- Evidence of board or senior management oversight: board minutes, committee reports, or formal sign-off on the disclosure
- The data collection methodology documentation: how each category was calculated, what standards were applied, what assumptions were made
- The approval matrix: which roles have authority to approve which types of climate data, at what materiality thresholds
- Evidence of the approval process: the approval records for material data points, showing reviewers, timestamps, and outcomes
- The disclosure sign-off record: evidence that the final disclosure was reviewed and approved by the authorised individuals before publication
Generating the Pack on Demand
The audit pack should be generatable in minutes from a single system — not assembled over days from multiple systems. This requires that the climate ledger contains: the source documents, the calculation records, the approval records, and the governance documentation — all in a structured, searchable format.
When an assurance provider requests the audit pack for Scope 3 Category 1 for the period January–December 2025, the response should be: export the ledger records for that category and period, with all attachments, as a structured PDF or ZIP file. The time to generate should be measured in minutes, not weeks.
Organisations that maintain the audit pack as a living document — continuously updated as records are added and approved throughout the year — find that the assurance engagement is a verification exercise rather than an evidence-gathering exercise. The difference in time, cost, and stress is substantial.
HubSecure's audit pack generator produces a structured export of any scope, any period, and any entity combination — with all source documents, calculation records, and approval trails — on demand. Assurance-ready evidence, generated the moment you need it.
Climate Execution Platform
HubSecure captures climate evidence at the point of work — every action, approval, and supplier declaration becomes part of a continuous, verifiable audit trail. No annual scramble. No evidence gaps.