Building Systems That Survive the Audit
We focus on Vocabulary, Lineage, Taxonomy, and the financial nexus where ESG data originates (Accounts Payable). This is where theory becomes operational reality.
Pre-Work Assessment
Complete this self-assessment to identify your starting knowledge baseline.
Knowledge Check Questions
-
1. Can your data scientists and auditors understand each other's terminology
without
translation?
☐ Yes, we have a shared lexicon document
☐ Partial—some terms aligned, others cause confusion
☐ No—frequent miscommunication about AI concepts
☐ Not sure—haven't observed these interactions
-
2. When your AI generates an ESG metric, can you trace it back to the specific
source document (invoice, receipt, contract)?
☐ Yes, full data lineage with document IDs
☐ Partial—can trace to database but not original document
☐ No—metrics are aggregated without provenance tracking
☐ Not applicable—we don't use AI for metric generation
-
3. Where does most of your Scope 3 emissions data originate?
☐ Accounts Payable invoices and procurement records
☐ Supplier surveys and self-reported data
☐ Industry averages and estimation models
☐ Multiple sources without clear hierarchy
☐ Don't know our primary data source
Episode 2.1 The Lexicon of Trust (Translator Box)
Bridging the gap between Data Scientists and Auditors. We must align the vocabulary to avoid "Translation Risk."
Translation Exercise
Task: Create a glossary mapping your AI team's vocabulary to audit terminology. Identify the 5 terms most likely to cause miscommunication in your organization.
The Taxonomy Engine
80 min
The Premise: CSRD tells you *to report*; the EU Taxonomy tells you *what counts as green*. An AI can generate a perfect CSRD report that fails the Taxonomy's Technical Screening Criteria (TSC). We build the "Double-Check" logic: ensuring activities flagged as "Sustainable" pass the Do No Significant Harm (DNSH) criteria.
The "Greenwashing Firewall" Algorithm
Logic Rule (Illustrative Example): IF (Activity = "Manufacture of Cement") AND (Carbon Intensity > 0.469 tCO2e/t product) THEN (Taxonomy Eligible = FALSE) regardless of marketing claims.
This hard-coded constraint prevents the AI from classifying activities as "green" when they fail technical thresholds.
The Provenance Gap
70 min
Tracing data back to the source. If the AI summarized the data, where is the original invoice? We build the Evidence Ladder: Raw Data → Aggregated Data → AI Insight → Report.
☕ Case Study: Project Espresso (Chapter 2)
Setup: AI finds gaps in the Vietnamese fertilizer data due to coffee stains.
Failure Mode (The Action): It silently "infills" the data using Regional Averages from Brazil because the variable name "Coffee_Region" was ambiguous.
Result: You report a 20% water reduction that never happened.
Control: Provenance Tagging. Any synthetic data must be explicitly flagged in the JSON schema before visualisation.
Evidence Artifact: The "Infill Audit Log" showing every substitution made during processing.
- Every AI-generated metric must link back to a specific Document ID (Invoice #).
- "Synthetic/Infilled" data must be flagged in the metadata column.
- Confidence scores must be stored alongside the value (e.g., "500kg [0.42]").
Public Eligibility & Data Classification
60 min
What data is safe to publish? Managing the risk of exposing sensitive supply chain maps to competitors via "Transparency" reports. The tension between "Openness" and "Trade Secrets."
Aggregated Regional Impact, Policy Statements.
Supplier Names, Specific Audit Scores.
Exact GPS of strategic mines (Rare Earths), Pricing formulas.
The Redaction Game
Activity: Review a sample "Transparency Report." Identify the 3 data points that inadvertently reveal your proprietary supplier pricing structure to a competitor using AI scraping.
The Accounts Payable Nexus
This module has been elevated to Level 0: Episode 0.0 to establish the financial baseline immediately.
Go to Level 0 →Module Summary
Key Takeaways
Conceptual Framework
- • Shared lexicons prevent "translation risk" between technical and audit teams
- • EU Taxonomy requires hard-coded validation, not just reporting compliance
- • Data provenance must trace AI insights back to source documents
- • Accounts Payable is the true nexus of ESG data, not dashboards
Practical Tools Acquired
- • Framework-to-audit vocabulary translator
- • Greenwashing firewall algorithms with DNSH criteria
- • Evidence ladder architecture (Raw → Aggregate → Insight → Report)
- • Financial-ESG reconciliation protocols at invoice level
Post-Module Assessment
Revisit your pre-work assessment. Has your understanding shifted?
Reflection Questions
-
1. Based on Episode 2.1, identify the most dangerous vocabulary mismatch in your
organization.
Example: "Hallucination" (AI team) vs "Data Integrity Failure" (Audit)
-
2. Does your organization have a financial-ESG reconciliation layer (Episode
2.5)?
If yes, what's the variance threshold? If no, where would you implement it?
-
3. If you implemented ONE architectural control from this module, which would have
the highest ROI?
Options: Lexicon translator, Taxonomy firewall, Evidence ladder, Data classification, AP reconciliation
Next Module
Level 3: The Lucas Cycle
Systems That Raise—exploring how automation designed to elevate safety can accidentally lower the floor. We examine oversight drift, training bias, and the moment when helpful systems become controlling ones.