Tamper-Proof Internal Control & Approval Records

Hide the approval contents, approver and separation of duties

Prove approved with proper authority and procedure

Prove approvals and segregation of duties happened "under legitimate authority and process" — verified independently by auditors without exposing contents, tamper-proof, and durable across staff turnover.

Finance & FinTech · Manufacturing · Listed companies (J-SOX scope) · Audit firms 5 min read

live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist

01 · WHO IT'S FOR

Who this is for.

For those asked, in audit, whether "this approval was made under legitimate authority and process" — in internal control (J-SOX) and approval workflows. Workflow logs survive, but is there a guarantee they weren't rewritten? Can you show the legitimacy of segregation of duties (who may approve) without exposing the contents?

Internal-control, internal-audit, and finance leads at listed companies, finance, manufacturing
Teams required to evidence approval workflows (requisition, payment, segregation of duties)
Organizations wanting to cut audit-response effort with a trail, not document assembly

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma

Hand over the original

approval_id:: AP-2024-001
amount:: 1,200,000 JPY
category:: capex
requester:: Tanaka (Dept. head)
approver_1:: Yamada (Director)
approver_2:: Takahashi (CFO)

↓ all of it goes to the AI / outside

With Lemma

Hand over just the facts

subject:: did:lemma:approval-AP2024-001
issuer:: did:lemma:org-acme-fin
sourceHash:: 0x4f8a…e1d3
lineageChain:: [request, approve_1, approve_2]
recordedAt:: 2024-08-15T14:30:00Z
integrity:: poseidon-merkle
ZK verified:: ✓ VALID

↓ only the necessary facts to the AI

At the moment an approval occurs, we cryptographically fix that "a holder of legitimate authority approved it under a legitimate process." The approval contents (amount, counterparty, document body) are not disclosed. Segregation of duties (who may approve) is bound as an authority proof and kept tamper-free via provenance.

When audit arrives, internal audit, the audit firm, and third parties verify the same proof independently — without disclosing the era's data.

See the technical details ↗

03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method	Pass without exposing	Independent verification	Tamper-proof
Access control only	△	✗	✗
Masking / anonymization	△	✗	✗
Encryption only	✓	✗	✗
Lemma (ZK proof)the only one with all 3	✓	✓	✓

04 · HOW IT WORKS

What's next

Not a standalone SaaS purchase. We enter through AI-adoption / data-governance consulting and a PoC, landing on an existing monthly plan.

A 30-minute review — identify control points in approval flows where audit/tampering risk concentrates.
Narrow to 1–2 decisions (results) to prove — e.g. "a legitimately authorized person approved per segregation of duties." Not the approval contents.
Design connection and authority definitions — connection to existing workflow/ERP, and segregation-of-duties/authority definitions.
Prove one path via a (quote-based) PoC.
Land on an existing monthly plan (indicative) — Lemma Critical / Compliance; pricing confirmed in conversation.

Tell us the one approval flow where audit/tampering risk matters most, in the first 30 minutes. No disclosure of sensitive data required.

05 · RELATED

Related use cases

Still have questions? See the FAQ →

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Verifiable Origin in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →