Module 5: Verification and Audit

Module 5: Verification and Audit

Learning Objectives

By the end of this module, you will be able to:

1. Describe the ISAE 3000 verification process and what it requires from the company
2. Prepare a verification-ready data package
3. Anticipate and address the five most common verification findings before the audit begins
4. Understand the difference between limited assurance and reasonable assurance — and which you need
5. Build verification costs into your financial model and fundraising timeline

5.1 What Verification Means

Impact verification is not an inspection of your business — it is an audit of your impact claim. The verifier is answering one question: "Is the company's stated SUI magnitude supported by the evidence, methodology, and data system presented?"

Verification follows the ISAE 3000 (Revised) standard — the international standard for assurance engagements on non-financial information. The same standard used by accounting firms to audit sustainability reports. It has two assurance levels:

Assurance Level	Standard Expression	What it Means	Appropriate For	Typical Cost
Limited Assurance	"Nothing has come to our attention that causes us to believe the assertion is materially misstated"	Verifier reviewed the methodology and sampled the data; found no major problems	First verification; Series A stage; internal impact reporting	$8,000–$25,000
Reasonable Assurance	"In our opinion, the assertion is fairly stated in all material respects"	Full audit of methodology and data; positive opinion issued	Green bond prospectus; MDB co-investment; blended finance trigger	$25,000–$75,000

Start with limited assurance. Move to reasonable assurance when the financial stakes justify the higher cost — typically at the point of seeking a blended finance structure or green bond issuance.

5.2 Who Can Verify Your SUI

Your verifier must be:

• Independent: No financial interest in the verification outcome; not your investor, your auditor, or your technology provider
• Competent: Experience with the relevant sector (a GHG verifier for climate claims; a water quality specialist for water claims) and familiar with LCA methodology
• Credible: Recognised by the market — investors and DFIs will ask "who verified this?" The name should carry weight

Types of verifiers used in the CTH portfolio:

• Big Four accounting firms (Deloitte, PwC, EY, KPMG) — maximum credibility, highest cost, best for Series B+ and green bond issuances
• Specialist ESG/GHG verifiers (Bureau Veritas, SGS, TÜV Rheinland, SCS Global Services) — strong credibility, mid-range cost, good for Series A impact verification
• Boutique impact verifiers (Rina, Trellis Climate, South Pole verification services) — good sector expertise, lower cost, appropriate for limited assurance at seed/Series A
• Academic institutions (CIAT, IICA, national agriculture research institutes) — high technical credibility for AgTech claims, lower commercial credibility for financial instruments

Contact CTH at impact@cleantechhub.net for introductions to verifiers with Latin American experience in your sector.

5.3 Preparing for Verification: The Pre-Audit Checklist

Complete this checklist before the verifier engagement begins. Every unchecked item will slow the audit and increase cost.

Methodology Documentation

• [ ] SUI Specification Document completed and internally reviewed
• [ ] All emission factors and conversion coefficients cited with source, version, and date
• [ ] Baseline documented with source and geographic/temporal scope
• [ ] Impact pathway documented (from application event to outcome, step by step)
• [ ] Scope boundaries defined (Scope 1, 2, 3 coverage stated explicitly)
• [ ] Uncertainty quantification methodology documented
• [ ] Known limitations and material uncertainties disclosed

Data Package

• [ ] All application event records for the audit period exported from SSOT in structured format
• [ ] All outcome measurement data (lab reports, sensor data, field records) organised by application event
• [ ] Change log showing all data corrections during the audit period
• [ ] Baseline data source documents (PDFs of cited reports, downloaded data files)
• [ ] Digital Twin model file with all version history
• [ ] Access credentials prepared for verifier (read-only SSOT access, time-limited)

Governance Documentation

• [ ] Data governance policy (who can write/read/export)
• [ ] Quality control procedures (how errors are detected and corrected)
• [ ] Internal review process (who signs off on impact reports before external publication)

5.4 The Five Most Common Verification Findings

Anticipate and address these issues before the verifier finds them:

Finding 1: Undisclosed Data Gaps

What it looks like: Verifier finds periods where data was not collected or records are missing — and the company had not disclosed this.

Resolution: Proactively disclose all data gaps in the SUI Specification. Document the gap, its magnitude (what percentage of the audit period is affected), and how you handled it (extrapolation, conservative estimate, exclusion). Disclosed gaps are manageable; discovered gaps undermine trust.

Finding 2: Baseline Contested

What it looks like: Verifier argues your baseline overstates the counterfactual — for example, using a national average that is higher than what your specific customers would have used.

Resolution: Disaggregate your baseline to the most specific level available. If national data is the only option, document why and note the potential for overstatement. Some verifiers will accept a sensitivity analysis showing the SUI magnitude under a conservative (lower) baseline.

Finding 3: Attribution Not Established

What it looks like: Verifier cannot confirm that the outcome change is caused by your product rather than by concurrent factors (weather, management changes, other interventions).

Resolution: Design your data collection to include control data — measurements from comparable sites that did not receive your product, or pre/post measurements with explicit controls for other factors. At minimum, document the other factors that could explain the outcome change and explain why they are not the primary driver.

Finding 4: Double Counting

What it looks like: The same impact event is counted more than once — for example, a product applied to the same hectare in two consecutive seasons counted as two independent SUI events without adjustment for persistence effects.

Resolution: Define your SUI's temporal boundary explicitly. If one application per growing season is the standard, document this. If there is an overlap risk (e.g., product persistence carries impact into the next season), quantify it and subtract it from your SUI count or magnitude.

Finding 5: Inadequate Chain of Custody

What it looks like: The verifier cannot trace from the reported SUI total back to the individual application event records — the chain of evidence is broken somewhere between Tier 1 (Ingest) and the reported output.

Resolution: Test your own chain of custody before the audit. Pick a random SUI event from your ledger and trace it backwards: ledger entry → Digital Twin calculation → Tier 1 ingest record → source document. If you cannot complete this trace in under 10 minutes, your chain of custody has a gap that needs fixing.

5.5 After Verification: Maintaining Verification Status

Verification is not a one-time event — it is an ongoing commitment. Plan for:

• Annual re-verification: Most verifiers issue annual limited assurance statements. Budget for this in your operational costs from Series A onwards ($10,000–$30,000/year depending on volume).
• Material change triggers: Any material change to your product, methodology, or baseline requires notification to your verifier and possibly a mid-cycle review.
• Model version updates: When you update your Digital Twin (new emission factors, revised LCA boundary), document the change and its effect on historical SUI calculations. Some changes require retrospective restatement — better to address this proactively than to have investors or DFIs discover it.
• SSOT continuous improvement: Plan your path from your current SSOT level to the next level on an 18–24 month cycle. Verification costs decrease and reliability increases with each SSOT level upgrade.

Module 5 Deliverable

Produce a Verification Readiness Report — a self-assessment against the pre-audit checklist (section 5.3) with a remediation plan for each unchecked item. Submit to CTH with a proposed timeline for first verification engagement.

Upon completing all five modules and submitting all deliverables, you are eligible for:

• CTH "Impact Ready" designation (displayed in CTH portfolio materials)
• Facilitated introduction to CTH's verifier network
• CTH Impact Investor Package review and investor matching session
• Access to CTH's blended finance facilitation programme