How to Prepare for a Supplier Sustainability Audit
How to Prepare for a Supplier Sustainability Audit
A supplier sustainability audit is a formal review of your environmental data by a buyer, a third-party auditor, or a certification body. As CSRD supply chain requirements mature, more enterprise buyers are moving beyond questionnaire responses to on-site or remote audits of the underlying data. This guide explains what auditors look for and how to prepare your carbon data for scrutiny.
What Auditors Actually Check
A sustainability audit of your GHG data typically involves three things:
1. Data traceability: Can you show where each number came from? Auditors expect to see source documents (utility bills, fuel card statements, waste contractor invoices) that match the figures in your GHG inventory. "I estimated it" is acceptable for minor categories if documented โ but primary categories (Scope 1 and 2) require actual data.
2. Methodology consistency: Have you applied the same methodology (GHG Protocol, DEFRA factors) consistently across all categories? Mixing methodologies โ for example, using IPCC factors for one category and DEFRA for another โ is flagged as a methodology inconsistency.
3. Boundary completeness: Have you disclosed what is included and excluded from your inventory boundary? If you have excluded any emission source, you must document why it was excluded and whether it is material.
Documents to Prepare Before an Audit
Organise these in advance โ an auditor who has to wait for documents will flag the delay as a finding:
| Document | What it verifies |
|---|---|
| ---------- | ----------------- |
| Electricity bills (12 months) | Scope 2 kWh consumption |
| Gas bills (12 months) | Scope 1 mยณ consumption |
| Fuel card statements | Scope 1 diesel and petrol litres |
| F-Gas maintenance records | Scope 1 refrigerant kg |
| Waste contractor invoices/reports | Scope 3 Category 5 kg by disposal route |
| Flight and rail booking records | Scope 3 Category 6 km |
| HR headcount and commuting survey | Scope 3 Category 7 km |
| GHG methodology statement | Boundary, scope, and factor explanation |
The Methodology Statement
A one-to-two page document that explains: - Your organisational boundary (which sites, which legal entities) - Reporting period (calendar year) - Emission factors used (DEFRA 2023, version and date) - Any estimations used and their basis - Any categories excluded and the materiality justification
This document is the first thing an auditor reads. Without it, they cannot assess whether your numbers are correct.
Common Audit Findings and How to Avoid Them
Missing data for one site: If you have multiple locations, ensure all are included in the boundary. Auditors check site lists against your legal entity register.
Incorrect grid factor: Using a grid factor from a different year or country is a common error. Document the source of your grid factor (DEFRA 2023, IEA 2022 data) and the year it applies to.
Commuting survey not documented: "We estimated 20 km per person per day" without any supporting survey note is flagged. A simple email survey asking for home-to-office distance by mode is sufficient evidence.
Scope 3 categories completely missing: A GHG inventory showing only Scope 1 and 2 with no Scope 3 will fail any serious audit. Document at minimum Categories 3, 5, 6, and 7 โ even if some are zero or immaterial.
Using a Carbon Passport for Audit Evidence
A Carbon Passport from DeCarbonOPS includes your Scope 1/2/3 figures, the DEFRA methodology basis, and a timestamped public verification URL. When an auditor requests evidence, share the URL alongside your source documents. The calculation methodology is transparent and documented โ which satisfies the auditor's traceability requirement for the calculation step, leaving source document verification as the remaining audit scope.
Frequently Asked Questions
What is the difference between a Level 1 and Level 2 audit in EcoVadis?
EcoVadis does not use Level 1/2 audit terminology โ it uses a scorecard assessment with four thematic categories (Environment, Labour and Human Rights, Ethics, Sustainable Procurement). Third-party audits are separate from the EcoVadis questionnaire process and typically occur at Gold or Platinum scoring tiers or when a buyer requests physical verification. The EcoVadis 'Corrective Action Plan' is issued when gaps are identified โ addressing these quickly avoids a re-assessment.
How long do I need to retain source documents for sustainability audits?
Retain source documents (utility bills, fuel card statements, waste contractor records) for a minimum of 5 years. This matches the retention requirement under UK ESOS (Energy Savings Opportunity Scheme), EU ETS record-keeping, and most corporate audit trail expectations. For ISO 14064-1 third-party verification, the verifier will request 3 years of data at minimum. Store documents in a dedicated folder (physical or cloud) labelled by reporting year.
What happens if an auditor finds an error in my GHG inventory?
Errors found in audits typically result in a 'finding' requiring correction and re-submission. Minor calculation errors (wrong grid factor year, transposed figures) are classified as minor findings โ correct and resubmit within the audit window. Material errors (missing a whole site, incorrect scope assignment) are major findings requiring a revised inventory. Being proactive โ finding and disclosing errors yourself before submission โ is always better than an auditor finding them.
Can a Carbon Passport replace raw source documents in a sustainability audit?
A Carbon Passport provides the calculated output with methodology documentation โ it satisfies the 'what is the result and how was it calculated' part of an audit. It does not replace primary source documents (utility bills, fuel records). Auditors will still request source documents to verify that inputs match the inventory. Think of the Carbon Passport as your audit trail for the calculation step; your utility bills and fuel records are the audit trail for the raw data.
How often do large buyers conduct physical audits vs desk-based reviews?
Most large buyers conduct desk-based (document) reviews for Tier 2 and below suppliers, and reserve physical audits for Tier 1 direct suppliers with large spend. EcoVadis, CDP, and SAP Ariba are all desk-based. Physical audits are most common in automotive (VDA 6.3 process audit includes sustainability check), food (SMETA 4-pillar audit includes environmental), and NHS/public sector (Evergreen on-site assessments for high-risk suppliers). If you are Tier 1 to an automotive OEM or NHS framework supplier, budget for a physical audit within 2โ3 years.
Ready to get your Carbon Passport?
Generate a verified carbon report in 20 minutes โ free for your first annual report. Accepted by SAP Ariba, Coupa, and enterprise procurement teams across the EU.
Get started free