Starting in 2026, companies covered under SB 253 must submit GHG disclosures with third-party limited assurance. By 2030, that requirement rises to reasonable assurance. This post explains what climate audit-readiness looks like under SB 253, what companies should do now, and how assurance under this law differs from traditional financial audits.
What SB 253 Requires for Climate Audits
SB 253—the Climate Corporate Data Accountability Act—mandates annual disclosures of greenhouse gas (GHG) emissions from all covered entities starting in 2026. But the requirement doesn’t stop at disclosure. It also introduces a two-stage assurance timeline:
Year
Emissions Covered
Type of Assurance
2026
Scope 1 and Scope 2
Limited assurance
2030
Scope 1, 2, and 3
Reasonable assurance
The audit requirement places climate disclosures on par with financial disclosures in terms of scrutiny. Your GHG inventory must be robust, traceable, and verified by a third party.
What’s the Difference Between Limited and Reasonable Assurance?
This distinction matters—especially for internal planning and system design.
Limited assurance is essentially a plausibility check. The auditor evaluates whether your disclosures are “free from material misstatement,” but doesn’t validate every data point.
Reasonable assurance is much more rigorous. It involves direct verification of inputs, calculation methods, assumptions, and controls—similar to a financial audit.
Criteria
Limited Assurance
Reasonable Assurance
Depth
High-level review
Detailed substantiation
Auditor role
Inquiry and analytical review
Reperformance and source verification
Burden of proof
Lower
Higher
Timeline impact
Shorter audits
Longer, more resource-intensive audits
If your data systems and audit trails aren’t set up early, the 2030 transition will feel like a scramble.
Which Data Must Be Assured Under SB 253?
2026 Onward:
Scope 1: Direct emissions from owned or controlled sources (e.g. fuel combustion, company vehicles)
Scope 2: Indirect emissions from purchased electricity, steam, heat, or cooling
2030 Onward:
Scope 3: All other indirect emissions—often 80–90% of a company’s footprint. This includes:
Purchased goods and services
Business travel and employee commuting
Transportation and distribution
Product use and end-of-life
Leased assets and investments
This is where things get complex. Most companies don’t own the data for Scope 3, and collecting it from suppliers or modeled estimates presents an auditability challenge.
How SB 253 Audits Differ From Financial Audits
The mindset shift is important. While the vocabulary is similar, climate audits aren’t just a carbon copy of financial controls. Differences include:
Data sources are more distributed: Think fleet systems, procurement platforms, utility bills, supplier surveys—not just ERP data.
Emission factors change often: Carbon intensity of electricity varies by location and time. Audit frameworks must accommodate dynamic datasets.
Assumptions matter more: The auditor will look at estimation methods, materiality thresholds, and boundary definitions.
Third parties are involved: Data often comes from outside your enterprise—requiring supplier attestations or standardized proxies.
Without proper tooling and processes, most internal teams won’t be able to produce audit-ready data consistently.
Steps to Become Audit-Ready by 2026
Here’s what companies should be doing today to ensure SB 253 audit compliance:
1. Conduct a GHG Inventory Health Check
Are Scope 1 and 2 emissions being calculated accurately?
Are emission factors consistent and up to date?
Is your inventory aligned to the GHG Protocol?
2. Build a Clean Audit Trail
Store data inputs (utility bills, meter readings, fuel receipts) in an accessible and traceable format
Version-control your calculation logic
Maintain documentation for boundaries, exclusions, and assumptions
3. Select and Onboard an Assurance Provider Early
Check if your current financial auditor is accredited for climate assurance
Understand their data requirements ahead of 2026
Co-design your workflow with their methodology in mind
4. Start Phasing in Scope 3 Readiness
Even though assurance for Scope 3 begins in 2030, it’s wise to:
Segment high-impact categories (like purchased goods or logistics)
Collect supplier-specific or hybrid data
Identify estimation vs. actual data early
5. Implement Technology That Supports Audit-Grade Reporting
Centralize emissions data from across business units
Automate calculations with GHG Protocol-aligned logic
Enable auditor access and documentation trails
Track changes across versions and contributors
Choosing the Right Assurance Provider
Assurance under SB 253 can only be conducted by an independent third party approved by CARB. Expect CARB to finalize guidance and auditor accreditation standards by mid-2025.
In the meantime:
Look for providers with GHG verification experience, not just financial audit credentials
Prioritize those who follow ISAE 3410 or ISO 14064-3 standards
Ensure they can handle multi-region, multi-format data
Ask about their digital integration capabilities—not all use modern platforms
Pro tip: involve them early during your 2025 reporting cycle, even if assurance isn’t required yet. It’ll help pressure-test your systems before the 2026 mandate.
How Sprih Supports SB 253 Audit Readiness
At Sprih, we help companies shift from spreadsheet-based compliance to audit-grade carbon intelligence. For firms preparing for SB 253, we offer:
Automated Scope 1, 2, and 3 data ingestion
Audit trail generation with source attribution
Workflow tools to manage reviews, documentation, and approvals
Assurance-ready exports aligned with ISAE 3410
Integrations with selected third-party verifiers
We’ve worked with both public and private companies across logistics, life sciences, retail, and manufacturing—building scalable systems for climate reporting that can stand up to scrutiny.
