Can you defend every number in your carbon report?

Three questions. Which emission factor did you use for that category? When was it last updated? Who validated the methodology? Most sustainability managers can answer one of those. Few can answer all three. That gap is what carbon audit preparation is actually about.

What “defending your numbers” actually means

There is a difference between having a carbon number and having a carbon number you can defend.

A spreadsheet can produce a figure. So can a consultancy deck. So can almost any tool on the market. What distinguishes audit-ready carbon data is not the number itself but the trail behind it. That trail goes back to the emission factor, back to the data source, back to the methodology decision, back to the date that data was last refreshed.

A carbon number is defensible when you can trace it to a specific emission factor, a dated data source, and a documented methodology decision. Not when you can produce a spreadsheet that arrives at a figure.

That distinction matters because the moment of truth is no longer hypothetical. CSRD limited assurance is now a contractual reality for in-scope companies. Customers are asking for verified scope 3 data inside procurement questionnaires. SBTi validation requires methodology documentation that holds up under independent review. The question is not whether someone will ask you to verify your numbers. It is when.

One Normative customer in the motorsport industry described the moment their first audited inventory was completed: “We’ve never been in a position before to include it in an annual report.” Not because they hadn’t been calculating emissions. Because for the first time, the calculation was traceable end-to-end.

What actually gets questioned in a carbon audit

External auditors and assurance providers are not trying to catch you out. They are trying to verify that the figure on the page is derived from a method they can independently review. Carbon audit preparation comes down to four areas that auditors check:

1. Emission factor source and vintage. Every scope 1, 2, and 3 calculation rests on emission factors. An auditor will want to know which database those factors came from (DEFRA, Ecoinvent, EXIOBASE, GHG Protocol guidance), when they were last updated, and whether the version you used was current at the time of calculation. Outdated emission factors are one of the most common reasons inventory data fails verification.

2. Scope 3 methodology. Spend-based, activity-based, supplier-specific. Each method has different data quality scores under the GHG Protocol Scope 3 standard. Auditors will check that your method is appropriate for the category, documented, and consistently applied year-over-year.

3. Scope boundary decisions. Which legal entities are in scope? Which scope 3 categories are material and included? Which were excluded and why? These decisions need to be documented before the inventory is built, not justified after the fact.

4. Data quality flags. Where did you use estimates? Where did you use primary data? An auditor expects to see this transparency in the inventory itself, not buried in a methodology appendix.

Why most companies aren’t ready

The structural problem with audit preparation is not effort. Most sustainability teams work hard. The problem is infrastructure.

A spreadsheet-based inventory cannot answer the four questions above without manual reconstruction. Emission factors are rarely labelled. Methodology decisions live in someone’s notes. Year-over-year comparability depends on whoever maintained version control. When the auditor asks for the calculation trail, the calculation trail has to be rebuilt, often by the same person who is also expected to be running this year’s reporting cycle.

One sustainability manager described the starting point bluntly: “I opened the purchase ledger and said, this is useless. There’s no description of what any of these line items are.” That is not a failing of their team. It is the inevitable result of trying to do audit-grade carbon accounting on top of a finance system that was never designed to support it.

The pattern shows up repeatedly in our conversations with new clients: “We don’t know which emission factors were chosen or why. We can’t defend it.” The defendability problem is the conversion trigger. Not regulation. Not cost. The realization that the existing numbers will not survive scrutiny.

What audit-ready carbon data looks like in practice

Three things distinguish a purpose-built carbon accounting platform from a spreadsheet, when an auditor turns up:

• Sourced, dated emission factors. Normative draws from over 350,000 emission factors across 21 databases, refreshed every six months. Each factor in your inventory is labelled with its source and version. When an auditor asks where a factor came from, the answer is one click away.
• A calculation trail accessible to auditors directly. You can grant your external auditor a dedicated workspace inside the platform. They see the full inventory, the per-category breakdown, the data inputs, and the calculations. No PDFs, no rebuilt spreadsheets, no waiting on a methodologist who left the consultancy.
• Methodology documentation locked to the inventory. Every category records its allocation method, GHG Protocol classification, and data source as part of the inventory itself. Documentation is not a deliverable produced after the fact, it travels with the data.

This is what makes the carbon audit trail navigable rather than reconstructed. The methodology was decided before the calculation. The calculation produced the inventory. The inventory carries its own documentation.

Carbon audit preparation is not a last-minute task

By the time an auditor asks for your calculation trail, it either exists or it does not. There is no version of audit preparation that begins three weeks before the assurance review. The data quality, methodology decisions, and emission factor traceability either accumulated as the inventory was built or they did not.

This is the single most important reason to take audit-readiness seriously in year one of your carbon accounting work, not year three. The CSRD assurance timeline does not bend for companies that started late. Neither does an SBTi validation review. Neither does a customer procurement audit.

If your existing carbon data was produced in a way that cannot be independently traced, the question is not whether to switch, it is when the cost of switching falls below the cost of being unable to defend the numbers you already have.