California’s SB 253 climate audit law requires companies to prepare for third‑party assurance of Scope 1–3 GHG emissions, starting with limited assurance in 2026 and advancing to reasonable assurance by 2030. This blog explains what climate audit-readiness looks like under SB 253, what companies should do now, and how assurance under this law differs from traditional financial audits.
What SB 253 Requires for Climate Audits
SB 253—the Climate Corporate Data Accountability Act—mandates annual disclosures of greenhouse gas (GHG) emissions from all covered entities starting in 2026. But the requirement doesn’t stop at disclosure. It also introduces a two-stage assurance timeline:
Year
Emissions Covered
Type of Assurance
2026
Scope 1 and Scope 2
Limited assurance
2030
Scope 1, 2, and 3
Reasonable assurance
The audit requirement places climate disclosures on par with financial disclosures in terms of scrutiny. Your GHG inventory must be robust, traceable, and verified by a third party.
What’s the Difference Between Limited and Reasonable Assurance?
This distinction matters—especially for internal planning and system design.
Limited assurance is essentially a plausibility check. The auditor evaluates whether your disclosures are “free from material misstatement,” but doesn’t validate every data point.
Reasonable assurance is much more rigorous. It involves direct verification of inputs, calculation methods, assumptions, and controls—similar to a financial audit.
Criteria
Limited Assurance
Reasonable Assurance
Depth
High-level review
Detailed substantiation
Auditor role
Inquiry and analytical review
Reperformance and source verification
Burden of proof
Lower
Higher
Timeline impact
Shorter audits
Longer, more resource-intensive audits
If your data systems and audit trails aren’t set up early, the 2030 transition will feel like a scramble.
Which Data Must Be Assured Under SB 253?
2026 Onward:
Scope 1: Direct emissions from owned or controlled sources (e.g. fuel combustion, company vehicles)
Scope 2: Indirect emissions from purchased electricity, steam, heat, or cooling
2030 Onward:
Scope 3: All other indirect emissions—often 80–90% of a company’s footprint. This includes:
Purchased goods and services
Business travel and employee commuting
Transportation and distribution
Product use and end-of-life
Leased assets and investments
This is where things get complex. Most companies don’t own the data for Scope 3, and collecting it from suppliers or modeled estimates presents an auditability challenge.
How SB 253 Audits Differ From Financial Audits
The mindset shift is important. While the vocabulary is similar, climate audits aren’t just a carbon copy of financial controls. Differences include:
Data sources are more distributed: Think fleet systems, procurement platforms, utility bills, supplier surveys—not just ERP data.
Emission factors change often: Carbon intensity of electricity varies by location and time. Audit frameworks must accommodate dynamic datasets.
Assumptions matter more: The auditor will look at estimation methods, materiality thresholds, and boundary definitions.
Third parties are involved: Data often comes from outside your enterprise—requiring supplier attestations or standardized proxies.
Without proper tooling and processes, most internal teams won’t be able to produce audit-ready data consistently.
Steps to Become Audit-Ready by 2026
Here’s what companies should be doing today to ensure SB 253 audit compliance:
1. Conduct a GHG Inventory Health Check
Are Scope 1 and 2 emissions being calculated accurately?
Are emission factors consistent and up to date?
Is your inventory aligned to the GHG Protocol?
2. Build a Clean Audit Trail
Store data inputs (utility bills, meter readings, fuel receipts) in an accessible and traceable format
Version-control your calculation logic
Maintain documentation for boundaries, exclusions, and assumptions
3. Select and Onboard an Assurance Provider Early
Check if your current financial auditor is accredited for climate assurance
Understand their data requirements ahead of 2026
Co-design your workflow with their methodology in mind
4. Start Phasing in Scope 3 Readiness
Even though assurance for Scope 3 begins in 2030, it’s wise to:
Segment high-impact categories (like purchased goods or logistics)
Collect supplier-specific or hybrid data
Identify estimation vs. actual data early
5. Implement Technology That Supports Audit-Grade Reporting
Centralize emissions data from across business units
Automate calculations with GHG Protocol-aligned logic
Enable auditor access and documentation trails
Track changes across versions and contributors
Choosing the Right Assurance Provider
Assurance under SB 253 can only be conducted by an independent third party approved by CARB. Expect CARB to finalize guidance and auditor accreditation standards by mid-2025.
In the meantime:
Look for providers with GHG verification experience, not just financial audit credentials
Prioritize those who follow ISAE 3410 or ISO 14064-3 standards
Ensure they can handle multi-region, multi-format data
Ask about their digital integration capabilities—not all use modern platforms
Pro tip: involve them early during your 2025 reporting cycle, even if assurance isn’t required yet. It’ll help pressure-test your systems before the 2026 mandate.
How Sprih Supports SB 253 Audit Readiness
At Sprih, we help companies shift from spreadsheet-based compliance to audit-grade carbon intelligence. For firms preparing for SB 253, we offer:
Automated Scope 1, 2, and 3 data ingestion
Audit trail generation with source attribution
Workflow tools to manage reviews, documentation, and approvals
Assurance-ready exports aligned with ISAE 3410
Integrations with selected third-party verifiers
We’ve worked with both public and private companies across logistics, life sciences, retail, and manufacturing—building scalable systems for climate reporting that can stand up to scrutiny.
FAQs
What does “climate audit readiness” mean under SB 253?
Climate audit readiness involves building a greenhouse gas reporting system that supports third‑party assurance. That means data must be traceable, methodologies clearly documented, version-controlled, and internal processes tested to align with assurance standards set out in SB 253.
When must companies achieve audit readiness for SB 253 compliance?
By 2026, companies must submit Scope 1 and Scope 2 emissions reports with limited assurance. By 2030, they must obtain reasonable assurance for Scopes 1 and 2, and limited assurance for Scope 3 emissions.
What distinguishes limited assurance from reasonable assurance in SB 253 audits?
Limited assurance is a high-level plausibility review confirming disclosures are free of material misstatements. Reasonable assurance is a rigorous, audit-quality verification involving re-performance and testing of data inputs and control systems.
What data practices support audit-readiness under SB 253?
Audit-readiness depends on traceable data linked to source documents like meter readings and invoices, transparent documentation of methodologies aligned with the GHG Protocol, and strict version control with change logs.
How should companies internally prepare for external assurance reviews?
Companies should conduct internal dry-run assessments to simulate what an external verifier would encounter. This internal review helps to identify gaps, correct inconsistencies, and ensure clean, audit-grade data before formal assurance.
How does SB 253 assurance differ from traditional financial audits?
Climate audits rely on diverse data sources—such as fleet telemetry, utility bills, supplier surveys—rather than ERP systems. Emission factors and assumptions may change frequently, requiring dynamic audit processes unlike static financial controls.
What actionable steps should companies take today to become audit-ready?
Companies should begin by conducting a GHG inventory health check to assess emissions calculation consistency and alignment to protocol standards. They must ensure documentation, data platforms, assurance workflows and internal governance are established well ahead of the 2026 deadline.
