Carbon Assurance
Long-cycle programs where regulation, capital, and grid reliability define the pace.
Inside this journey
-
Pre-Discovery
Align decision-makers, timeline, and acceptance criteria before technical scoping.
-
Stakeholder Alignment
Confirm decision-makers, timeline constraints, reporting deadlines, and required acceptance criteria (investors, registries, auditors).
Alignment Questions
Who Really Holds the Pens?
- Which internal roles are actively involved in choosing an assurance provider for your GHG reporting and verification?
- Which single person or committee will sign the final engagement letter or approve fees?
- Tell us about the last time your organization approved a third-party assurance or verification—who was involved and how long did the sign-off take?
- Are there external stakeholders whose acceptance of the chosen assurance provider is required (e.g., investors, registries, lenders, insurers)?
- If external parties must accept the provider, which of those groups do you expect will be the hardest to satisfy?
What’s the Real Deadline That Keeps You Up?
- If this assurance isn’t completed before your next public filing or registry submission, what concrete consequences would you face?
- Which reporting or submission dates are absolute (cannot move) versus those with some flexibility?
- What is the latest date the assurance report can be issued and still meet your business needs? (MM/YYYY)
- Who inside your organization controls and can shift those deadlines if we surface requirements during scoping?
- How much timeline flexibility do you realistically have if fieldwork uncovers remediation needs?
If Investors Could Ask One Question…
- What single assurance-related question do you expect investors or analysts to ask after your next disclosure?
- Which investor audiences matter most for assurance credibility (e.g., ESG funds, index providers, fixed-income analysts, rating agencies)?
- Which level and type of assurance would likely satisfy your investor base?
- How concerned are you that any qualification or adverse finding would trigger investor disclosures or restatements?
- Have investors previously demanded follow-up actions after a verification (e.g., additional testing, remediation, public disclosure)? If yes, describe.
Registries, Auditors, and Other Gatekeepers: Where Are the Blockers?
- Which carbon registries do you intend to submit to or rely upon for this engagement?
- Do any registries, buyers, or regulators have prescribed verifier qualifications or accreditation we must meet to get credits or recognition?
- How closely will your financial auditors want to coordinate with our assurance work (e.g., scope overlap, timing, evidence sharing)?
- Have prior verifications or assurance reports ever been rejected or questioned by a registry, auditor, or regulator? If so, what were the main issues?
- Which external party would have the most leverage to delay or block issuance of credits or acceptance of the opinion?
What Acceptance Criteria Really Look Like
- If the final assurance opinion includes a qualification, what language or scope of qualification would still be acceptable to you and your stakeholders?
- Which assurance standards or frameworks must we use or prefer for this engagement?
- What minimum deliverables do you require from the engagement (select all that apply)?
- What materiality threshold or risk tolerance should guide testing and reporting (e.g., 5% of inventory, absolute tCO2e threshold, qualitative risk focus)?
- Who must explicitly accept the final report internally before we issue it (names/roles)?
Data, Controls, and the Things Nobody Wants to Talk About
- When someone requests raw evidence, where is your GHG data most likely to fall apart?
- Which systems and sources capture your emissions-related data today?
- Do you have documented internal controls and evidence trails for your GHG calculations (e.g., owner, versioned methodology, change logs)?
- How ready are your teams to provide source documents and access for sampling windows (e.g., invoices, meter reads, contracts) within a 2–6 week window?
- What known data gaps, estimation methods, or judgmental assumptions exist today that you expect we should test closely?
What Would Make This Easy Next Time?
- Imagine next year’s assurance is twice as smooth—what single change made it so?
- How open is your leadership to investing in process or tech changes to reduce future assurance costs and fieldwork time?
- Which improvements would you prioritize (select up to three)?
- Who would own remediation and process improvements post-engagement?
- What ballpark annual budget do you expect for assurance services (to help scope effort)?
Next Steps: Who, When, and What Do We Test First?
- If we were to start a scoping and readiness assessment, what would you want prioritized in the first 2–4 weeks?
- Who should be our primary point of contact for scheduling and evidence requests (name, role, email)?
- Do you require an NDA or custom confidentiality terms before sharing detailed inventory data?
- Are we permitted to speak with your financial auditors or registry contacts to clarify acceptance criteria and avoid rework?
- Which weeks or months are off-limits for fieldwork or site visits due to operations, audits, or reporting blackouts?
-
Current State Mapping
Document current GHG inventory methods, data sources, internal controls, and known gaps across Scope 1–3 and project documentation.
Current State
Quick opening — who are we talking to and when does the clock start?
- What is your primary role in the organization for GHG reporting and assurance (how do you own/rally this work)?
- Which internal team will be our day-to-day counterpart for an assurance engagement?
- What is the reporting or registry deadline that drives this engagement?
- In one sentence, what is the single most important outcome you need from assurance this year?
So — are your numbers something you’d confidently bring to investors today?
- Which scopes are included in your current corporate GHG inventory?
- How are your emissions calculated today (pick all that apply)?
- Where are the primary data sources stored and how accessible are they for a third-party reviewer?
- How frequently is your inventory refreshed and reconciled to financial records (if at all)?
- Tell us about a recent instance where a data source or calculation surprised you—what happened and how long did it take to resolve?
Where are the cracks that would first show up under scrutiny?
- Do you have documented internal controls specifically tied to GHG data collection and reporting?
- Who owns control execution and who is responsible for sign-off (names/roles ok)?
- When was the last time those controls were tested (internally or by auditors)?
- Which part of your inventory feels most uncertain or defensible under audit (pick up to two)?
- Describe one area where you suspect gaps exist but haven’t fully scoped the impact (what’s the gap, and why hasn’t it been closed)?
If your assurance opinion landed with a qualification, what would it mean for you?
- Which of these outcomes would be most damaging if an assurance engagement resulted in a qualified or adverse finding?
- How tolerant is leadership for ‘qualified’ language in an assurance report versus a short delay to remediate issues?
- Have you previously received qualifications, findings, or management letters on GHG matters? If yes, what were the top two lessons learned?
- How would a public qualification affect your upcoming earnings call / proxy messaging (describe likely messaging strategy)?
What would a credible, registry- and investor-ready opinion actually look like for you?
- Which assurance standard and level do you expect or prefer for this engagement?
- Which registries or investor groups must explicitly accept the opinion (select all that apply)?
- What concrete signals will you use to convince the board/investors that the assurance succeeded (examples: no qualifications; acceptance by registry; management letter with prioritized fixes)?
- What is your preferred timeline from kickoff to final opinion?
- If we had to prioritize, what matters more this cycle: speed to opinion, depth/rigor, or minimizing the chance of adverse findings?
Let’s talk about access — will we be able to get to the evidence we need?
- Which of these will we have direct access to during fieldwork?
- Are there legal, commercial or confidentiality constraints that typically limit third‑party reviewers (e.g., supplier NDAs, customer confidentiality)?
- Who would be the document owner(s) we should coordinate with to request evidence (name/role/email)?
- Do you have a preferred secure file transfer or portal for exchanging evidence?
- How quickly can your team typically turn around evidence requests during busy windows?
How much do you want us to be advisors versus auditors?
- Which tone do you prefer from your assurance provider during the engagement?
- How involved should we be with your cross-functional teams (finance, ops, procurement) during fieldwork?
- Would you like a pre-fieldwork readiness assessment (scoping + gap remediation plan) before we commit to fieldwork?
- If we identify control weaknesses, do you want us to draft suggested control language and remediation steps as part of the deliverable?
Money, procurement, and who signs — what’s the real constraint?
- What budget range have you allocated (or expect to request) for this assurance engagement?
- What procurement path will you use to engage an assurance firm?
- What commercial or legal terms are non-negotiable for you (e.g., indemnity caps, confidentiality, registry submission responsibilities)?
- Who in your organization must approve the SOW and fees (roles, not necessarily names)?
- How long is your typical contracting cycle from SOW to signature?
What parts of the engagement would you like to see spelled out up front to feel safe?
- Which deliverables do you expect as part of the final engagement package?
- Do you want us to present findings to the audit committee or investor relations directly?
- Would you prefer staged delivery (readiness → fieldwork → draft opinion → final) with checkpoint approvals, or a single continuous process?
- Are there specific formatting or data templates your finance or registry teams require for submissions?
What would make it simple to start — and who needs to be in the room?
- Which documents would you be comfortable sharing first to scope the engagement (pick top three)?
- Who are the three people we should invite to an initial scoping call (name and role)?
- When is the earliest you could schedule a 60–90 minute scoping session to review readiness and timelines?
- What would remove hesitation for you about engaging an assurance firm right now (examples: fixed-price scoping, rapid readiness snapshot, board pre-brief)?
- Finally, is there anything about your organization, culture, or recent events we should know that will affect how we work together?
-
-
Outcome Discovery
Define success signals, risk tolerances (qualifications/adverse findings), and the target standard/registry acceptance needed for the opinion.
Discovery Questions
Opening: What Outcome Will Make This Feel Worthwhile?
- When this engagement is done, what one specific result would make you feel we succeeded?
- Which stakeholders will judge whether this engagement was successful? Please list roles or groups (e.g., Audit Committee, Investors, Registry, CFO).
- What is your reporting deadline or the date by which you must have a registry-accepted opinion?
- What would you say is the biggest concern about running this assurance against your timeline and resources?
If This Goes Sideways, Who Pays the Price?
- Imagine the assurance opinion contains a qualification or adverse finding—how would that outcome affect your organization?
- How tolerant are your leadership and board for qualifications or disclosures that complicate earnings calls or proxy season?
- Who inside your organization would lead the narrative if an adverse finding required disclosure? (Name roles and preferred contacts)
- Have you experienced qualifications or material findings in prior assurance or audits? If so, briefly describe what happened and the downstream effects.
What’s Really Behind the Numbers — Let’s Be Honest
- You say your GHG inventory is ready—what parts of your Scope 1, 2, or 3 data do you secretly worry will not stand up to detailed testing?
- When you think about internal controls over emissions data, what feels weakest or most manual right now?
- How often do data owners or business units push back on data requests during past reviews? Give an example of a recent friction point.
- If we dug into your top three emission sources, which one would you rather not show to an external reviewer right now, and why?
What Would a Trusted, Investor-Grade Opinion Unlock for You?
- If we delivered an opinion investors and registries trusted, what immediate business or reporting benefits would you expect?
- Which audiences matter most for that credibility—investors, registries, regulators, lenders, customers, or internal leadership? Rank your top three.
- How would you measure the engagement’s success in 30, 90, and 365 days? Please give one concrete indicator for each timeframe.
- Are there any examples of peers or competitors whose assurance outcomes you admire? What specifically about those outcomes matters to you?
How Much Uncertainty Are You Willing to Accept?
- We often see two extremes—zero tolerance for qualifications or pragmatic acceptance of limited findings—where do you sit on this spectrum?
- If a material weakness or significant estimation error is found, what remediation options would you consider acceptable (e.g., restatement, enhanced disclosures, remediation plan)?
- How important is it that the final opinion explicitly maps to financial reporting controls (e.g., SOx integration)?
- Would you prefer we take a conservative approach that reduces risk of qualification but may extend fieldwork, or a faster, pragmatic approach that accepts modest residual risk?
Who Exactly Must Nod Before This Is ‘Done’?
- Which registries or standards must accept our opinion for the engagement to be successful?
- Do any of your target registries require an approved/ accredited verification body (VVB) or specific assurance standards that would eliminate some assurance approaches?
- Which investor groups or financial processes require explicit proof of assurance? (Select all that apply.)
- Are there any external parties we should proactively engage with (registries, major investors, or auditors) to confirm acceptance criteria before finalizing scope?
Standards, Level, and Boundaries — The Practical Decisions
- Which assurance standards and levels are you considering or required to use?
- Do you want the engagement to cover corporate inventory, specific crediting projects, or both?
- What geographic or site boundaries must be included (e.g., all subsidiaries, specific regions, single site)? Please list and indicate materiality thresholds if any.
- Are there preferred deliverables (opinion letter, management letter, registry submission package, technical appendices) you require at engagement close?
- What fee sensitivity or budgeting constraints should we consider when defining sampling intensity and fieldwork scope?
How Ready Are You Really for Fieldwork?
- If we started sampling tomorrow, which datasets or evidence streams are immediately available and which would require collection or remediation?
- Who will be our primary internal owner(s) for evidence collection and logistics during fieldwork?
- What site access, timing constraints, or seasonal factors could materially affect site visits or sampling windows?
- Have prior readiness assessments or audits produced a prioritized remediation plan we can reference? If yes, please summarize key outstanding actions.
Prices, Timelines, and Tradeoffs — What Are You Willing to Sacrifice?
- Would you prefer a fixed-fee engagement with defined scope, or a time-and-materials approach that flexes as issues emerge?
- Which is more important: minimizing cost, minimizing timeline, or minimizing risk of qualification? Rank your top two.
- Would you entertain a staged approach (readiness review → targeted fieldwork → full assurance) to reduce upfront cost and surface risks earlier?
- Are there internal sign-off gates (procurement, legal, board) that would affect when we can begin or finalize the engagement?
Commitments and Next Steps — How We Move from Talk to Done
- Who needs to be in the kick-off meeting and what are their decision authorities (names, roles, and approvals they control)?
- Assuming we agree on scope, what is the earliest realistic date we could start scoping and an earliest completion date for an unqualified/registry-accepted opinion?
- What would you like us to deliver next—a detailed proposal, a readiness assessment, or a short-list of required clarifications?
- Before we produce a proposal, what open questions would you like us to answer that would change how we price or scope the work?
-
Solution Experience
Demonstrate, using the customer’s context, how the assurance approach delivers a registry- and investor-acceptable opinion within their deadlines and constraints.
Experience Meetings
- Pre-Experience Intake — Current State & Consequence Alignment
- Solution Experience Workshop — Diagnosis, Proof, Validation
- Technical Evidence & Sampling Plan Review
- Registry & Investor Acceptance Mapping
- Final Validation & Commitment Review
- Agree clear responsibilities and timelines for registry submission and public disclosure.
- Recap Validated Risk Areas
- Finalize and document the sampling plan and evidence checklist ready for execution.
- Ensure customer understands and accepts the control tests and what evidence must be produced.
- Agree site visit logistics and owners to minimize scheduling friction during fieldwork.
- Seller: Issue finalized Sampling Plan and Evidence Checklist (attach templates) within 2 business days.
- Customer: Provide access contacts, site schedules, and secure any required permissions for visits.
- Customer: Extract and deliver the first tranche of source documents and system extracts per the checklist.
- Registry Requirements Mapping
- Prove that the planned assurance deliverables satisfy the technical and administrative requirements of the target registry.
- Ensure the opinion language and handling of qualifications meet investor and audit committee expectations.
- Introductions & Objective
- Seller: Provide a Registry Acceptance Memo that maps each deliverable to registry clauses and expected outcomes.
- Seller: Draft alternative opinion wording templates (unqualified/qualified) for legal and investor communications review.
- Customer: Confirm who will own registry submissions and sign-offs and provide required authorization letters.
- Validation Recap (Diagnosis -> Proof -> Validation)
- Obtain explicit customer confirmation that the Solution Experience proved the Future State and they want to proceed.
- Agree and document the final timeline, fee estimate, and deliverables tied to registry/investor deadlines.
- Establish clear communication and escalation protocols for fieldwork and reporting.
- Seller: Issue the Engagement Summary (scope, sampling plan, timeline, fees, opinion templates) and next-step checklist for signatures.
- Customer: Provide formal authorization to proceed (PO or signed scoping letter) and confirm initial payment milestone if applicable.
- Seller & Customer: Schedule the first fieldwork kick-off call and confirm sample delivery dates.
- Lock a single-sentence Current State that everyone can repeat.
- Document explicit Consequences in monetary/time/regulatory terms to create urgency.
- Agree a one-sentence measurable Future State that the Solution Experience will prove.
- Obtain commitment to deliver required pre-work artifacts within defined deadlines.
- Customer: Provide the editable GHG inventory, calculation files, control narratives, and target registry deadline within 3 business days.
- Seller: Draft a one-page Situational Summary (Current State, Consequence, Future State) and circulate for confirmation.
- Seller: Prepare a tailored Solution Experience agenda and dataset extracts based on submitted artifacts.
- Reconfirm One-sentence Framing
- Prove, with customer data, that our assurance approach can produce a registry- and investor-acceptable opinion within their deadline in the defined Future State.
- Surface any remaining blockers that would prevent an unqualified opinion and quantify remediation effort/time to resolve.
- Secure explicit customer validation at multiple checkpoints that the demonstrated approach meets their needs.
- Seller: Produce a short 'Proof Pack' showing applied procedures and results for the samples reviewed, including observed gaps and remediation recommendations.
- Customer: Confirm owners for each remediation item and commit to timelines for evidence delivery.
- Seller: Draft a sampling and fieldwork window proposal based on validated timelines.
- Outstanding Risks & Mitigations
- Investor & Auditor Acceptance Checklist
- Sampling Frame & Rationale
- Crystal Current State (Diagnosis)
- Walkthrough of Key Inventory Flows
- Surface Consequences
- Opinion Language Options
- Timeline, Fees & Deliverables
- Evidence & Control Test Checklist
- Show Proof: Control & Evidence Mapping
- Mutual Commit & Next Steps
- Define Future State
- Site Visit Scope & Logistics
- Risk-to-Opinion Scenarios
- Escalation & Remediation Pathways
- Validation Checkpoints
- Pre-work & Data Request
- Customer Sign-off Criteria
- Acceptance Criteria for Findings
- Communication Protocols
- Decision & Next Steps
-
Solution Scope
Define engagement boundary, assurance standard and level, modules (corporate inventory vs. project verification), site visits, deliverables, and estimated fees/timeline.
Scope Configuration
- Limited assurance of corporate GHG inventory (ISAE 3000)
- Reasonable assurance of corporate GHG inventory (ISAE 3000)
- Assure SEC and CSRD climate disclosures (ISAE 3000)
- Verify Verra VCS carbon project
- Verify Gold Standard carbon project
- Site visits and source-to-report testing
- Sample and test Scope 3 supplier data
- On-site metering and stack emissions testing
- Validate GHG calculation models and spreadsheets
- Control testing of GHG data collection systems
- Issue assurance opinion and formal assurance report
- Deliver management letter with remediation recommendations
- Annual surveillance and follow-up verification testing
- Independent review of science-based targets and net-zero claims
Scope Questions
Limited assurance of corporate GHG inventory (ISAE 3000)
- Do you require limited assurance for your corporate GHG inventory?
- Which organisational/reporting boundary should the limited assurance cover?
- Which scopes should be included for limited assurance?
- What is the reporting period / year for the assurance engagement?
- Are there specific stakeholders or filings that must accept the limited assurance opinion (e.g., investors, regulators, registries)?
- Do you have an existing GHG inventory with documented methodologies and calculations available for review?
Reasonable assurance of corporate GHG inventory (ISAE 3000)
- Do you require reasonable (high) assurance rather than limited assurance?
- Are there enterprise deadlines (earnings, statutory, board) that fix the opinion delivery date?
- What level of sample coverage / testing depth do you expect (e.g., exhaustive, high statistical sample, judgmental)?
- Do you have internal control documentation and prior internal/external audit findings available?
- Are there anticipated technical complexities (e.g., complex Scope 3 estimation methods, modelled emissions) that would affect reasonable assurance scope?
- If 'Yes', briefly describe the technical complexities or model types (free response).
Assure SEC and CSRD climate disclosures (ISAE 3000)
- Which regulatory disclosure frameworks do you need assurance for?
- Which disclosure components require assurance (e.g., metrics, narrative, GHG figures in MD&A)?
- What assurance level is expected for regulatory filings (limited or reasonable)?
- Is there a mandatory filing deadline (SEC filing date, CSRD timeline) we must meet?
- Are there legal or compliance reviewers who will require pre-issuance review of the assurance report?
- Please list any specific disclosure lines or metrics that are high priority for assurance (free response).
Verify Verra VCS carbon project
- Is the project already validated or is this the first verification cycle?
- Which Verra methodology or project type applies (e.g., AFOLU, REDD+, A/R, renewable energy)?
- Is a monitoring report and all supporting project documentation ready for review?
- Will site visits be required and, if so, how many sites and locations are involved?
- Are there registry-specific report or wording requirements we must adopt?
- Who will be responsible for registry submission and fees (client or assurance provider)?
Verify Gold Standard carbon project
- Is the project registered with Gold Standard or seeking registration post-verification?
- Which Gold Standard project type / methodology applies?
- Is the monitoring report and stakeholder consultation evidence available?
- Are there specific Gold Standard stakeholder or SDG alignment requirements we should test?
- Will independent field verification (community consultations, site inspections) be needed?
- Provide any deadlines tied to issuance of credits or registry submission (free response).
Site visits and source-to-report testing
- How many physical sites/locations need site visits for source-to-report testing?
- What types of emission sources will require on-site inspection (e.g., boilers, process units, fugitive sources)?
- Are there access, safety, or permit constraints at any sites we should be aware of?
- Approximate duration per site for fieldwork (hours/days)?
- Are local site contacts and records (maintenance logs, calibration records) available in advance?
- Do you require witness testing or joint sampling with third-party labs during visits?
Sample and test Scope 3 supplier data
- Which Scope 3 categories do you want sampled and tested?
- How many suppliers or facilities will be in the sampling frame?
- What percentage coverage of supplier emissions do you aim to achieve?
- Are supplier-level data and supporting documentation (invoices, delivery logs, emission factors) available?
- Will suppliers agree to data requests, site visits, or third-party confirmation (e.g., NDA/consent required)?
- Do you have preferred sampling methodology (statistical) or should we propose one?
On-site metering and stack emissions testing
- Are on-site meters / CEMS currently installed on major emission points?
- Do you require stack testing (third-party lab) or verification of existing meter data?
- How many emission points or stacks require testing or meter checks?
- Are calibration records, QA/QC logs, and permit conditions available for review?
- Do you have preferred third-party laboratories or should we recommend accredited labs?
- Are there regulatory or safety prerequisites for testing (e.g., permit notifications, confined space)?
Validate GHG calculation models and spreadsheets
- What tools are used for GHG calculations (e.g., Excel, in-house tool, third-party software)?
- Are calculation models version-controlled and documented (change logs, formulas explained)?
- Do you need model testing for accuracy, formula integrity, and replication of reported totals?
- Are there custom emission factors or conversion assumptions embedded in models that require validation?
- Please provide examples of the most complex calculations or spreadsheet tabs we should prioritize (free response).
- Do you require automation or templating recommendations after validation?
Control testing of GHG data collection systems
- Which systems feed your GHG inventory (ERP, maintenance systems, meter databases, procurement)?
- Are there documented control procedures for data collection, approvals, and reconciliations?
- Do you require testing of IT-dependent controls (access, change management) as part of assurance?
- Have previous internal/external audits identified control weaknesses we should re-test?
- Do you prefer control testing to be integrated with the substantive testing or performed separately?
- Please list the key owner(s) of the data systems and controls (roles/names) who will support testing (free response).
-
Mutual Commit
Finalize commercial and legal terms, acceptance criteria, confidentiality and registry submission responsibilities, and sign-off owners.
Agreement Modules
- Master Services Agreement (MSA) / Engagement Letter
- Statement of Work (SOW)
- Fees & Payment Schedule
- Data Access, Confidentiality & Data Processing Agreement (DPA)
- Registry Submission & Filing Responsibilities
- Acceptance Criteria & Sign-off Protocol
- Representations, Warranties & Client Covenants
- Indemnity, Liability Limits & Insurance
- Change Control & Scope Amendment Process
- Termination, Suspension & Exit Plan
- Communications, Public Disclosures & Reference Use
- Authorized Signatories & Execution Checklist
-
Deployment
Operationalize fieldwork, evidence collection, and opinion delivery with readiness checks and validation.
-
Pre-Deployment Readiness
Confirm data availability, sampling frames, control documentation, site access, and readiness for fieldwork and sampling windows.
Readiness Questions
Starting From Where You Are
- Which reporting cycle are we preparing for right now (e.g., fiscal year-end, quarterly, project issuance)?
- Who is the primary owner of GHG reporting and assurance on your side?
- Which internal stakeholders must sign off before we start assurance work? (select all that apply)
- Have you had third‑party assurance or verification before? If yes, please name the provider(s) and year(s). If no, say 'none'.
- Reflecting on your last assurance (or lack thereof), what one outcome felt most valuable — and one that disappointed you?
- How critical is public-facing acceptance (investors, registries, auditors) of the assurance opinion for your next reporting milestone?
If Your Audit Letter Could Speak, What Would It Complain About?
- When you imagine an assurance provider probing your inventory, what single area would you least want them to dig into — and why?
- Where do you feel your controls or data tend to break down most often (pick up to three)?
- Can you share a concrete example of a data gap, error, or control weakness that has reappeared more than once? What happened and how long has it persisted?
- Which Scope (1, 2, 3) do you judge to be the riskiest for dispute, and what specifically keeps you up at night about it?
- How often have external reviewers raised qualifications or material exceptions in past reports? Describe the nature and impact of one example.
- If an adverse or qualified opinion would materially affect stakeholder communications, what would be the immediate consequences for your team?
Who Holds the Keys — and What Happens If They Don't Show Up?
- If a data owner is unavailable during fieldwork, what backup or escalation path do you currently rely on?
- Which internal teams or external vendors currently control the primary data we’ll need (select all that apply)?
- Have you encountered resistance to site visits, document requests, or third‑party scrutiny in the past? If so, tell a short story about what blocked access and how it was resolved.
- Who on your side is empowered to grant registry submissions, approve confidential data sharing, and sign legal terms?
- How confident are your site teams at producing source evidence (meter reads, invoices, calibration logs) within a 2–4 week request window?
- If we needed expedited evidence from a third party (e.g., fuel supplier), how likely are they to respond within our timeline?
What Would Keep Investors or Registries Up at Night?
- Which registries, investor groups, or regulators must accept the assurance opinion for it to be useful to you?
- If an assurance report included a qualification, how would that change your external messaging or credit issuance timeline?
- What level of assurance are you targeting and why — limited, reasonable, or registry-specific verification?
- How much ambiguity around Scope 3 methods or estimates are you willing to accept in a public opinion?
- Have you defined acceptance criteria internally (e.g., acceptable error rates, materiality thresholds)? If yes, summarize them.
- Who would be the primary audiences for the assurance outcome and how would they use the report (select all that apply)?
Show Me the Data — and Tell Me the Trust Story
- What are your primary source systems for emissions data (select all that apply)?
- Describe the last time you traced a number from a public disclosure back to its source document — what worked well and what took the most time?
- Do you have documented data lineage and reconciliation procedures for material emission sources?
- How are emission factors, conversion factors, and calculation models stored and version-controlled?
- Approximately how many discrete sites or units would require evidence collection or site visits for a material assurance scope?
- Which data types do you anticipate will require sampling rather than full testing (select all that apply)?
- Are there known differences between reported figures and underlying financial records or tax filings that we should know about?
If We Had to Do Fieldwork Tomorrow, How Ready Are You?
- If we proposed a two‑week fieldwork window starting next month, how workable is that for you?
- What lead time do you realistically need to secure site access, permits, and key personnel for visits?
- Do any sites have seasonal operations or emissions peaks that would affect when sampling must occur? If yes, which and when?
- What on-site health, safety, or confidentiality requirements would our field team need to meet before a visit?
- Are there travel or geopolitical constraints that could limit fieldwork in certain countries or regions?
- Who on your team will coordinate logistics and provide daily contact during fieldwork?
What Will Success Feel Like — and What’s Your First Step?
- If this engagement goes perfectly, what three outcomes would you point to as proof of success for investors and for internal teams?
- What tradeoffs would you accept to meet a hard deadline (e.g., narrower scope, limited sampling, additional fees)?
- Do you have a budget range in mind for assurance services this cycle?
- What does your internal decision process look like for selecting an assurance provider — steps, stakeholders, and expected timing?
- Would you be open to a short readiness assessment (3–4 weeks) before committing to full fieldwork?
- What immediate next step would make your team feel like progress is being made (select one)?
-
Fieldwork Scheduling & Logistics
Schedule and coordinate site visits, data pulls, sampling execution, and evidence collection with clear owners and timelines.
-
Validation & Opinion Delivery
Perform final testing, management inquiry, issue resolution, issue the assurance opinion and management letter, and submit verification reports to registries as required.
Validation Questions
Starting Here: What's Top of Mind?
- What's the single most important outcome you want from this assurance engagement this cycle?
- Which reporting deadline or milestone drives this engagement?
- Who will be the primary internal owner or point of contact for the engagement (role)?
- Briefly describe any prior experience your team has had with third‑party assurance or registry verification and how you felt it went.
- What outcome would make your leadership say the engagement was a clear success?
Who Really Decides — and Who Gets Nervous?
- If you had to bet the engagement will pass investor scrutiny tomorrow, whose approval would you still lose sleep over?
- Which internal stakeholders must sign off before you can publish the opinion?
- How would you describe your internal stakeholders’ tolerance for qualifications or adverse findings?
- Are there internal calendar constraints (e.g., board meetings, earnings blackout) that limit when the opinion can be released?
- Who typically leads procurement and legal negotiation for assurance engagements in your organization (role or team)?
Where It Hurts: Evidence, Controls, and Data Gaps
- What part of your emissions data would you least like an assurance partner to dig into?
- Which emissions scopes are material or in-scope for this engagement?
- Which data sources or processes are most fragile today?
- How would you rate the maturity of your controls over data collection and calculations?
- Give a concrete example of a recurring data gap or control failure you've faced (what happened, how often, and the impact).
Challenging Your Methodology: Would It Withstand Tough Questioning?
- If an experienced assurance partner questioned one core assumption in your methodology, what would surprise you most about that pushback?
- Which protocol(s) or standards do you currently rely on for your inventory and project verification?
- What tools or systems do you use to calculate and store emissions (e.g., Excel, SaaS platform, ERP modules)?
- Have you changed your boundary, methodology, or emissions factors in the past 2 years? If so, what and why?
- Where do you rely on third-party data or estimates (suppliers, emission factors, models), and how much confidence do you have in those inputs?
What Would a Convincing Opinion Actually Say?
- Imagine investors ask about your emissions tomorrow — what must the assurance report make unmistakably clear?
- What level and type of assurance do you believe you need (select all that apply) and why?
- Do you need the assurance opinion to be accepted by a specific registry or investor group? Which ones?
- Which outputs do you expect from us besides the opinion (management letter, remediation plan, inventory recalculation)?
- What timing constraint must the opinion meet relative to your external communications (e.g., 2 weeks before earnings)?
What Could Break This Before It Starts?
- What's most likely to cause an assurance provider to qualify the opinion or delay delivery in your experience?
- Are there access constraints that could limit fieldwork (site closures, remote locations, supplier confidentiality)?
- How reliable is supplier cooperation for data requests (timely, complete, and auditable)?
- Do you foresee any legal or regulatory risks tied to disclosure of emission findings?
- Pick the top three risks you want us to mitigate during scoping (choose up to 3).
If This Made Your Team Better Next Year, What Would That Look Like?
- If this engagement improved your processes, what concrete capability would you gain that you don't have today?
- Which of the following long-term improvements would be most valuable to you?
- How would you measure success for control improvements 12 months after the opinion?
- Who in your organization would own implementing the management letter recommendations?
- How open are you to an agreed remediation plan with milestones being part of the final deliverables?
Getting Practical: Timeline, Budget, and Logistics
- If we could only guarantee one thing about this engagement, would you prefer certainty about timing, cost, or depth of testing?
- What is the budget range you have allocated or expect for assurance this cycle (ballpark)?
- When would you be ready for a three-to-four-month readiness assessment ahead of fieldwork?
- Do you have preferred windows for site visits or sampling (e.g., seasonal operations, maintenance shutdowns) we must avoid or target?
- Who will manage logistics on your side (name, role, contact) — and do they have procurement/legal authority?
How Will You Choose an Assurance Partner?
- What single criterion would make you select one assurance firm over another even if other things were similar?
- Which credentials or proofs are must-haves in your RFP evaluation?
- Do you plan to run a formal RFP, direct selection, or use a preferred vendor list for this engagement?
- What's your decision timeline for selecting a provider and signing an engagement letter?
- Who needs to be consulted or give final approval before the engagement is signed (list roles and any required committees)?
-
-
Success
Review results against success signals, agree remediation or control improvements, and plan annual follow-up to increase efficiency year-over-year.
Success Reviews
- Results Review & Validation
- Remediation & Control Improvement Workshop
- Executive Summary & Sign‑off
- Annual Readiness & Efficiency Planning
- Registry & Investor Disclosure Readiness Session
Issues & Enhancements
- Assign an owner to deliver each selected efficiency project with an initial plan and budget.
- Obtain executive approval to proceed with the prioritized remediation roadmap and associated budget.
- Authorize disclosure language and timing for investor/registry communications.
- Confirm escalation paths (audit committee, legal) for any unresolved adverse or qualified findings.
- Collect executive signatures/approvals for the remediation budget and plan.
- Finalize and file disclosure text for upcoming earnings or regulatory deadlines.
- Notify assurance team of any governance escalations required and provide points of contact.
- Schedule quarterly executive check‑ins to monitor remediation progress.
- Review Prior Year Effort & Pain Points
- Agree a realistic annual cadence (readiness assessment, fieldwork windows, reporting) that minimizes last‑minute work.
- Select 2–3 efficiency projects (automation, standardization) to implement before the next cycle.
- Establish KPIs and a quarterly review process to monitor control maturity and remediation progress.
- Set and calendarize the readiness assessment window and next year's fieldwork dates.
- Introductions & Meeting Objectives
- Create a KPI dashboard template and schedule the first quarterly review.
- Document required data extracts and automation requirements to reduce manual sampling effort.
- Review Registry Requirements & Deadlines
- Produce finalized disclosure text and investor messaging that accurately reflects the assurance outcome and remediation commitments.
- Confirm registry submission package, evidence, and the responsible submitter with deadlines.
- Agree an escalation and legal review path for any disclosures that could create legal or reporting risk.
- Finalize and obtain sign‑off on disclosure language for filings and investor communications.
- Prepare and upload the registry submission with the required evidence package by the deadline.
- Draft a short investor FAQ and distribute to Investor Relations for review.
- If needed, initiate legal review of disclosure wording and any mitigation disclaimers.
- Ensure the client and assurance team have a shared, explicit understanding of where the results sit relative to the success signals.
- Identify which findings are material and require remediation, disclosure, or timeline changes.
- Secure acceptance of the assurance opinion or document required follow-up actions to resolve open items.
- Assign owners and due dates for each high/medium finding remediation plan.
- Prepare and circulate a one‑page Management Response to Findings for sign‑off.
- If required, update registry submission or public disclosure language and recheck deadlines.
- Schedule the Remediation Workshop within two weeks to convert findings into implementation plans.
- Recap Prioritized Findings
- Convert findings into a prioritized remediation roadmap with owners and realistic timelines.
- Define specific control changes or process improvements that will mitigate root causes.
- Agree on evidence and acceptance criteria that will demonstrate remediation closure to the assurance team.
- Publish the remediation roadmap (owner, milestone, evidence required) and load into project tracking.
- Assign technical and process owners for control upgrades and schedule discovery sessions where required.
- Estimate and request budget or internal headcount for systemic remediation work.
- Define dates for interim check‑ins and a final remediation validation window before the next assurance cycle.
- Executive Summary of Assurance Outcome
- Financial, Disclosure & Regulatory Implications
- Map Findings to Disclosure Obligations
- Define Target Future State Metrics
- Root Cause Analysis
- One‑Sentence Current State & Success Signal Recap
- Proposed Remediation Investment & Timeline
- Consequence Assessment
- Draft Disclosure & Investor Messaging
- Define Remediation Options & Effort Estimates
- Improvement Options: Process, Data, & Automation
- Proposed Annual Cadence & Readiness Windows
- Prioritization by Impact, Cost, and Risk Appetite
- Decide Handling of Qualified/Adverse Findings
- Findings Walkthrough (Scope 1,2,3 & Projects)
- Decision Points & Required Approvals
- Submission & Approval Process
- Communications Plan to Investors & Registries
- Management Responses & Clarifications
- Draft Remediation Plan with RACI and Timelines
- KPIs, Reporting & Continuous Improvement Loop