Spreadsheet-built sustainability claims lacked lineage; ERP and audit to Workiva with Legal sign?off governed evidence

Overview

Claims in sustainability reports were assembled from scattered spreadsheets without a consistent trail back to systems of record. Finance, Sustainability, and Legal reconciled numbers by email, evidence lived in personal folders, and auditor requests triggered last?minute hunts. Intelligex implemented a governed evidence repository that pulled source data from the ERP and audit systems, mapped disclosures to standard clauses, and ran legal review and attestation workflows. Each claim now linked to controlled evidence with owner sign?offs, and disclosures referenced consistent, accessible support—while ERP, audit, and reporting tools stayed in place.

Client Profile

• Industry: Public technology and services
• Company size (range): Multi?region operations with distributed data owners
• Stage: ESG metrics built in spreadsheets; ERP and data warehouse held source data; ad hoc evidence collection; auditors requested proof late in the cycle
• Department owner: Legal & Compliance (Sustainability Reporting and Legal Operations)
• Other stakeholders: Finance/Controllership, Sustainability/ESG, Internal Audit, Procurement, Facilities, IT/Data Engineering, Investor Relations, External Assurance Providers

The Challenge

Metrics for emissions, energy, water, workforce, and ethics commitments were pulled from emails, share drives, and department trackers. Different teams used different definitions and timeframes, so the same claim could be supported by multiple, conflicting files. When reviewers asked, “What is the evidence for this disclosure?” owners attached screenshots or ad hoc workbooks without context.

Review steps were unclear. Legal wanted to confirm language and forward?looking statements; Finance wanted attestations that reconciliations were complete; Sustainability wanted traceability from the report back to a system of record. None of that lived in the tools that produced the report, so edits and clarifications played out across threads. During assurance, auditors issued PBC lists and teams recreated timelines and calculation logic by hand.

Standards mapping was manual. References to frameworks such as IFRS sustainability standards or the GHG Protocol were tracked in a matrix separate from the evidence, so when a claim changed, the mapping often lagged. New data from ERP or an audit platform did not automatically update the support behind the disclosure.

Why It Was Happening

Evidence lived outside the reporting path. The ERP, audit systems, and data warehouse contained the inputs, but disclosures were compiled in spreadsheets and documents without a controlled repository or attestation flow. Owners uploaded files to shared folders with inconsistent names and no lineage.

Governance was document?based, not system?based. The organization had a style guide for claims and a checklist for assurance, but review and approval were not enforced where data was assembled. Without a standard model for claims, evidence, and approvals, substantiation varied by author and deadline pressure.

The Solution

Intelligex set up a centralized evidence repository with integrations to ERP and audit systems, tied each disclosure to a standard claim record with definitions and required support, and added legal review and attestation workflows. Data owners attached system extracts or direct links, Finance and Sustainability certified reconciliation, and Legal approved language and risk qualifiers. Evidence packets were versioned and mapped to frameworks, and report builders referenced the same records. The design aligned to IFRS sustainability standards and the GHG Protocol, and used a reporting control platform such as Workiva ESG Reporting as the governed workspace.

• Integrations: ERP (for example, SAP or Oracle) for financial and operational data; audit/control systems for test results and narratives; data warehouse for operational metrics; reporting platform for disclosure assembly; identity/SSO for role?based access.
• Claim model: Standard records for each disclosure with definition, calculation method, data sources, and mapping to frameworks; required evidence types and owner assignments.
• Evidence capture: Direct system extracts or controlled files with metadata (source, period, owner, refresh date); automated pulls for scheduled data; lineage from disclosure to evidence to system of record.
• Workflows and approvals: Owner attestations for completeness and accuracy; Finance review for reconciliations; Legal review for language, safe?harbor qualifiers, and policy alignment; maker?checker for sensitive claims.
• Clause repository: Standard language blocks for common statements and risk qualifiers; legal deviation approvals; audit?ready versioning.
• Mappings and validations: Framework tags for IFRS and GHG Protocol concepts; consistency checks on period, boundary, and unit; variance prompts when updates change prior?year baselines.
• Dashboards and PBC support: Evidence completeness by disclosure; approvals and outstanding attestations; change history; exportable packets for assurance requests with references, files, and sign?offs.
• Security and privacy: Role?based permissions for claims and evidence; minimal personal data in notifications; immutable logs for submissions, edits, and approvals; retention aligned to records policy.

Implementation

• Discovery: Mapped current disclosures and their sources; inventoried ERP tables, audit systems, and warehouse views; collected existing framework mappings and style guides; sampled assurance PBC lists and prior findings; gathered Legal, Finance, Sustainability, and Audit requirements.
• Design: Authored the claim data model and required evidence types; defined source connectors and refresh cadence; created approval matrices for owner, Finance, and Legal; built a clause library for standard statements; planned framework tags and validation checks; outlined dashboards and audit exports; set change control.
• Build: Configured the reporting platform for claim records, evidence storage, and approvals; integrated ERP and audit systems for evidence pulls; enabled framework tagging and validations; implemented dashboards, PBC exports, and immutable logs; wired SSO and permissions.
• Testing/QA: Ran in shadow mode on a recent reporting cycle; reconciled claims to ERP and audit evidence; tested approvals, clause usage, and variance prompts; piloted with a subset of disclosures across environmental and social topics; tuned templates, fields, and messages from reviewer feedback.
• Rollout: Onboarded high?impact disclosures first; migrated legacy evidence into claim records; enabled automated pulls for stable sources; retained spreadsheet trackers as a monitored fallback early on; expanded to remaining claims after stable cycles; tightened approval thresholds as adoption grew.
• Training/hand?off: Delivered guides for owners on evidence submission and attestations; trained Finance and Legal on review queues, clause library, and change control; briefed Sustainability and IR on dashboards and report assembly; updated SOPs; transferred ownership of templates, mappings, and dashboards to Legal Ops and Sustainability under change control.
• Human?in?the?loop review: Established recurring reviews of claim changes, evidence gaps, and framework updates; recorded decisions with rationale and effective dates; updated definitions, clauses, and mappings accordingly.

Results

Evidence was centralized and traceable. Each disclosure referenced a claim record with a definition, sources, owner attestations, and legal approval, and the evidence linked back to systems of record. Report builders pulled from the same repository, and last?minute edits included the context and approvals needed for assurance.

Coordination improved across Legal, Finance, and Sustainability. Framework mappings lived alongside the claims, change history was visible, and PBC exports delivered consistent packets to auditors and customers. The organization kept its ERP, audit, and reporting tools; the new layer connected them with a controlled model, approvals, and evidence.

What Changed for the Team

• Before: Claims were assembled from spreadsheets and emails. After: Disclosures pulled from a governed repository with linked evidence.
• Before: Definitions and boundaries varied by author. After: Standard claim records held definitions, methods, and framework mappings.
• Before: Legal reviews happened in document threads. After: Legal approved language and qualifiers inside the workflow with versioning.
• Before: Auditors asked for proof late. After: PBC exports produced ready?made packets with files, lineage, and approvals.
• Before: Edits lacked traceability. After: Changes carried owner attestations, Finance checks, and logged rationale.
• Before: Evidence lived in personal folders. After: Source extracts and artifacts lived in a controlled repository with permissions.

Key Takeaways

• Treat disclosures as records; pair each claim with definitions, sources, and mapped frameworks.
• Pull from systems of record; integrate ERP and audit platforms so evidence is current and traceable.
• Encode review steps; require owner attestations, Finance checks, and Legal approvals in the path of work.
• Standardize language; use a clause library for recurring statements and govern deviations.
• Build for assurance; keep change history and exportable packets ready for PBC requests.
• Integrate, don’t replace; keep existing ERP, audit, and reporting tools—add the evidence layer and governance between them.

FAQ

What tools did this integrate with? The repository connected to ERP (for example, SAP or Oracle) for operational and financial extracts, pulled control narratives and test results from the audit platform, and surfaced claims and evidence in a reporting workspace such as Workiva ESG Reporting. Framework tags and definitions aligned to IFRS sustainability standards and the GHG Protocol.

How did you handle quality control and governance? Claim templates, clause libraries, and mappings lived under change control with Legal Ops and Sustainability as owners. Each disclosure required owner attestation, Finance review, and Legal approval before publication. Every submission, edit, approval, and export wrote to immutable logs, and dashboards surfaced missing evidence and overdue approvals.

How did you roll this out without disruption? High?impact disclosures onboarded first while spreadsheet trackers remained as a monitored fallback. Evidence for those claims was centralized, and report builders referenced the repository for language and support. As adoption stabilized, automated pulls expanded, required fields tightened, and legacy trackers were retired.

How were frameworks and methodologies kept in sync? Definitions included framework tags and calculation notes, and a clause library held standard statements. When standards or guidance changed, owners updated templates under change control, and claims showed effective dates and lineage. Variance prompts flagged when updates changed baselines or methodologies.

How did you support external assurance and PBC lists? Each claim produced an exportable packet with source files or direct links, owner attestations, Finance and Legal approvals, and change history. Packets aligned to assurance requests without reassembling evidence from inboxes.

What about sensitive or restricted data? Role?based permissions limited who could view claims and artifacts. Notifications carried minimal detail and linked back to the repository. All access and exports were logged, and retention followed records policy with legal hold available when needed.

Can this support additional topics beyond climate? Yes. The same model handled workforce, ethics, supply chain, and product claims by defining sources, evidence types, and approvers appropriate to each topic, with framework mappings updated accordingly.