Why Most Sustainability Data Fails Audits

Sustainability data usually looks amazing in the mirror.

It’s tidy. Confident. Wearing its best “we’ve got this” outfit. It has charts. It has gradients. It has a reassuring amount of green.

Then the audit shows up. Not with vibes, but with fluorescent lighting and questions like:

• “Show me the source.”

• “Who approved this?”

• “How did you calculate it?”

• “Can you reproduce it?”

That’s the moment a lot of sustainability data stops being a story… and starts being a liability.

Because audits don’t care how inspiring your targets are.

They care whether your data can survive:

• consistency checks,

• boundary questions,

• evidence trails,

• and the classic corporate horror film: “Version 14_FINAL_FINAL2.xlsx”.

And that’s why most sustainability data fails audits has very little to do with intent, and everything to do with operating model.

Why Most Sustainability Data Fails Audits

If you’re a logistics-heavy business, sustainability assurance is getting less optional by the month. CSRD moves sustainability reporting further into formal assurance expectations, with the EU expected to adopt limited assurance standards by 1 October 2026.

So for in-scope EU entities and many of their key partners, sustainability data will face the same kind of external scrutiny as financials.

Add the ISSB’s IFRS Sustainability Disclosure Standards (IFRS S1 and S2), designed to be applied together across governance, strategy, risk management, and metrics and targets.

And it’s not just theory.

Many jurisdictions are using these standards as the backbone of capital-market disclosures, which means boards, auditors, and investors treat them seriously. This is no longer “a sustainability report”. It’s a business risk signal with a spotlight on it.

Translation: the sustainability function is being dragged, gently but firmly, into the same world as financial reporting. Controls, evidence, repeatability, accountability.

Now for the uncomfortable part.

The audit doesn’t fail your ambition. It fails your plumbing.

Most sustainability programmes start as a reporting exercise:

• gather data from suppliers

• estimate Scope 3

• summarise it into a disclosure

• publish and pray

Audits flip the script. They ask whether your data is:

• complete (coverage and boundaries)

• accurate (inputs and factors)

• consistent (methods over time)

• traceable (evidence you can show)

• controlled (who changed what, when, and why)

That’s not ESG theatre. That’s data governance.

And many organisations already know they have a problem. Deloitte reports that 57% of executives cite data quality as the top ESG data challenge, and 88% report challenges with ESG data more broadly.In logistics-heavy environments, that data quality problem compounds across carriers, warehouses, and suppliers, where even basic activity data (weight, distance, lane) can be inconsistent or late.

So yes, the audit is tough. But it’s not unfair.

The 7 reasons sustainability data fails audits (especially in supply chains)

1) Your boundaries are fuzzy

Auditors love one question: “What exactly is in scope?”

Sustainability teams often define boundaries loosely:

• “global operations”

• “our value chain”

• “key suppliers”

• “where we have data”

Auditors need something sharper:

• which entities

• which facilities

• which modes

• which lanes

• which time periods

• which emission factors

• which exclusions and why

In logistics, fuzzy boundaries are where Scope 3 goes to hide.

2) Your Scope 3 is built on estimates you can’t reproduce

Scope 3 is messy. Everyone knows that. The audit doesn’t punish you for mess. It punishes you for untraceable mess.

If you can’t answer:

• where the activity data came from

• which factors you used

• how you handled gaps

• what changed year to year

…you’re not “early-stage”. You’re unauditable.

3) Your data trail is a scavenger hunt

Most sustainability data lives across:

• procurement systems

• transport invoices

• carrier portals

• warehouse reports

• supplier PDFs

• spreadsheets

• and Dave’s inbox

Audits require evidence trails that don’t depend on Dave’s memory.

And this is not hypothetical. Under regimes like CSRD, sustainability statements are subject to external assurance, which pulls documentation and traceability into the “non-negotiable” category.

4) Your controls are informal, which is audit-speak for “please don’t”

Financial data has controls:

• approvals

• versioning

• segregation of duties

• change logs

• reconciliations

Sustainability data often has:

• “someone checked it”

• “we agreed it looked right”

• “it matched last year-ish”

That gap is one reason assurance is rising fast. IFAC reported that 64% of companies obtained assurance over at least some ESG information in 2021 (up from 51% in 2019).And the CAQ reports 73% of S&P 500 companies that reported sustainability information in 2023 obtained assurance over certain of that information.

Assurance is becoming normal. “Informal controls” are becoming… noticeable.

5) Your calculations are correct, but not defensible

This is the sneaky one.

You can be “right” and still fail.

Example:

• you used a reasonable emissions factor

• you applied it consistently

• the number looks plausible

But you can’t prove:

• why that factor was chosen

• whether it matches the activity boundary

• how exceptions were handled

• whether your method aligns with your published methodology note

If the method in practice drifts from what you published in your methodology note, an auditor will treat that as a control issue, even if the number looks reasonable.

Audits don’t grade on vibes. They grade on defensibility.

6) Your claims and your data don’t match

This is where greenwashing risk sneaks in. Not always malicious. Often just overconfident.

Regulators have been increasingly active on misleading ESG claims. Reuters reported that DWS was fined by Frankfurt prosecutors over greenwashing related to ESG claims.

In Australia, the Federal Court fined Mercer for greenwashing after misleading sustainability statements about investment options.

The pattern is clear: regulators are moving from “don’t lie” to “prove what you say”, and that expectation is spreading beyond financial services.

7) Your sustainability reporting runs on spreadsheets and heroic effort

If your reporting process depends on:

• manual uploads

• copy-paste

• late-night reconciliations

• and “final_v7” file naming conventions

…then your risk isn’t just mistakes.

It’s key-person risk. It’s timing risk. It’s repeatability risk.

It’s audit failure risk.

And this is exactly why Deloitte’s data quality finding matters.The issue isn’t that people don’t care. It’s that the data supply chain is under-engineered.

The logistics reality: your biggest emissions aren’t yours

Logistics-heavy businesses feel this first because your footprint lives in:

• carriers

• subcontractors

• ports

• warehouses

• suppliers with wildly different reporting maturity

So even if your own warehouse footprint is well-controlled, Scope 3 dominance means it won’t save you if your carrier network can’t provide credible, consistent data at lane and mode level.

That’s why sustainability data needs a supply chain of its own: reliable inputs, defined handoffs, controls, and visibility.

What auditors actually want (so you can stop guessing)

Auditors don’t need perfection. They need maturity.

A sustainability dataset becomes audit-ready when it has:

• Clear boundaries: what’s included and excluded, and why

• Evidence trails: source documents and system extracts tied to numbers

• Repeatable methods: same logic produces same output

• Change control: who updated what, and approvals

• Reconciliations: checks that totals match operational reality

• Documentation: methodology that matches execution

• Governance: named owners, not “the team”

Under CSRD, limited assurance is a stepping stone, but it still expects structured processes and evidence, not a marketing doc with a carbon appendix.

The fix: build sustainability data like finance data (without making everyone miserable)

Here’s the practical, operator-friendly approach.

1) Build a single source of truth for activity data

For logistics, this means a clean dataset like:

• shipments by lane and mode

• standardised weight and distance assumptions

• carrier allocation

• warehouse energy and throughput where relevant

• exceptions and missing data rules

And crucially: pulled directly from TMS/WMS and operational systems wherever possible, not stitched together from ad-hoc spreadsheets and “best guesses”.

2) Standardise emission factors and lock them down

Define:

• which emission factors are approved

• why they’re approved

• what boundary they apply to

• and when they change

Version-control this properly to avoid the auditor’s favourite horror story: “We changed the factor mid-year and no one wrote it down.”

Because they will find it. They always do.

3) Create the audit pack by design, not by panic

Every reported number should be traceable to:

• a system extract or source document

• a calculation rule

• an approval

• a reconciliation check

And the audit pack should be assembled continuously (quarterly is a great rhythm), not invented in a sweaty year-end scramble when everyone suddenly discovers the word “assurance”.

4) Treat claims like contracts

If you say “reduced emissions”, “low carbon network”, or “sustainable lanes”, you need:

• a baseline definition

• a method

• evidence

• a boundary statement

Simple rule: If you wouldn’t sign it as a clause in a customer contract, don’t put it in a sustainability slide without evidence.

5) Make ownership explicit

Name owners for:

• data collection

• methodology

• factor updates

• exception handling

• approvals

• external reporting

If nobody owns it, the audit will.

Where Good Intentions Go to Get Disciplined

Most businesses don’t fail audits because they lack good intentions. They fail because they lack a control layer between operational reality and sustainability reporting.

That control layer is what turns messy activity data into something that’s:

• traceable

• repeatable

• defensible

• and ready for scrutiny

For instance, when a new customer requires lane-level emissions proof, the control layer can pull auditable activity data plus standardised factors for those lanes, instead of triggering a one-off spreadsheet scramble and a late-night email chain.

If you want the audit-ready version of sustainability data:

• Start with Sustainability – what we measure, how we defend it, and how it ties to real logistics decisions: https://www.transportworks.com/sustainability

• Explore Technology – the milestone and data model layer that makes traceability real (and repeatable): https://www.transportworks.com/technology

• Use KPI Reporting – how we turn messy operational inputs into decision-grade reporting you can stand behind: https://www.transportworks.com/kpi-reporting

Because the future isn’t “more sustainability reporting”.

It’s sustainability reporting that can survive scrutiny.

FAQs: Why Most Sustainability Data Fails Audits

Audits don’t fail because you tried.

They fail because the data couldn’t stand up when the questions got specific.

The future belongs to reporting that can be tested, traced, and trusted.

Build it to hold weight.

Transport Works. Because Your Supply Chain Won’t Fix Itself.

Insights from Danyul Gleeson, Founder & Logistics Chaos Tamer-in-Chief at Transport Works

Danyul has been in the trenches - warehouses where pick paths were sketched on pizza boxes and boardrooms where the “supply chain strategy” was a shrug. He built Transport Works to flip that script: a 4PL that turns broken systems into competitive advantage. His mission? Always Delivering - without the chaos.

Sources & References

Deloitte

• Trust the Numbers? Data Challenges Complicate ESG Reporting Highlights that 57% of executives cite data quality as the top ESG challenge and that 88% report broader ESG data difficulties, underscoring why sustainability data often fails assurance.

IFRS Foundation / International Sustainability Standards Board (ISSB)

• IFRS S1 – General Requirements for Disclosure of Sustainability-related Financial Information

• IFRS S2 – Climate-related Disclosures Establishes sustainability reporting as part of mainstream financial disclosures, with requirements covering governance, strategy, risk management, and Scope 1, 2, and 3 emissions.

European Commission / Accountancy Europe

• Corporate Sustainability Reporting Directive (CSRD)

• FAQs: Fundamentals to Assurance on Sustainability Reporting Confirms the move toward limited assurance for sustainability reporting, with expectations aligning sustainability disclosures more closely with financial audit standards.

Committee of European Auditing Oversight Bodies (CEAOB)

• Guidelines on Limited Assurance on Sustainability Reporting Outlines expectations for audit evidence, controls, and documentation under CSRD-aligned assurance engagements.

International Federation of Accountants (IFAC)

• Momentum Builds for Corporate ESG Disclosure and Assurance Reports that a majority of companies already obtain assurance over ESG information, highlighting the rapid normalisation of sustainability audits.

Center for Audit Quality (CAQ)

• S&P 500 Sustainability Reporting and Assurance Analysis Finds that 73% of S&P 500 companies reporting sustainability information in 2023 obtained assurance over at least part of that data.

Reuters

• DWS Fined Over Greenwashing Claims Example of regulatory enforcement where ESG claims could not be substantiated with defensible data.

Australian Federal Court / Australian Securities and Investments Commission (ASIC)

• Mercer Superannuation Greenwashing Case Demonstrates regulatory movement from aspirational sustainability claims toward provable, evidence-based disclosures.

EY

• Overview of IFRS Sustainability Disclosure Standards Practical interpretation of IFRS S1 and S2 and their implications for governance, auditability, and reporting controls.