P1 · Verifiable Origin

Tamper-Proof Internal Control & Approval Records

Approved ≠ provably legitimate

Prove approvals and segregation of duties happened "under legitimate authority and process" — verified independently by auditors without exposing contents, tamper-proof, and durable across staff turnover.

Finance & FinTech · Manufacturing · Listed companies (J-SOX scope) · Audit firms 5 min read
Sections
  1. § 01 Who this is for
  2. § 02 Why existing tools fall short
  3. § 03 Our approach
  4. § 04 What you get
  5. § 05 Worked example
  6. § 06 Architecture concept
  7. § 07 What Lemma cryptographically guarantees
  8. § 08 What's next
  9. § 09 Related use cases

Who this is for

For those asked, in audit, whether "this approval was made under legitimate authority and process" — in internal control (J-SOX) and approval workflows. Workflow logs survive, but is there a guarantee they weren't rewritten? Can you show the legitimacy of segregation of duties (who may approve) without exposing the contents?

  • Internal-control, internal-audit, and finance leads at listed companies, finance, manufacturing
  • Teams required to evidence approval workflows (requisition, payment, segregation of duties)
  • Organizations wanting to cut audit-response effort with a trail, not document assembly

Why existing tools fall short

Three things at once: prove "legitimacy" without exposing the approval contents; let auditors verify independently; make it tamper-proof.

Tool Prove without revealing Independently verifiable Tamper-proof
Workflow / ledger DB
Signed PDF
Audit log (in-system)
ZK proof + provenance (Lemma)

Workflows and audit logs can be rewritten by an admin and can't independently show "was this legitimate authority." Only ZK proof + provenance does all three. Only work requiring all three at once is Lemma's territory.

Our approach

At the moment an approval occurs, we cryptographically fix that "a holder of legitimate authority approved it under a legitimate process." The approval contents (amount, counterparty, document body) are not disclosed. Segregation of duties (who may approve) is bound as an authority proof and kept tamper-free via provenance.

When audit arrives, internal audit, the audit firm, and third parties verify the same proof independently — without disclosing the era's data.

What you get

All figures are directional.

The control / finance side (internal control, internal audit) Show legitimacy while keeping the approval contents in-house. Answer "did you rewrite it later?" without disclosing the original. e.g. audit response shifts from collecting and reconciling vouchers to presenting one proof.

Auditors / regulators Verify "approved under legitimate authority and process" without seeing contents, independent of the system or staff testimony. e.g. from eyeballing logs to a cryptographically reproducible trail.

As an organization The basis of approvals and the legitimacy of segregation of duties survive staff turnover — reducing dependence on individuals.

Worked example

At a listed company's payment-approval flow, it's later asked in audit: "Was this payment approved by a legitimately authorized person following segregation of duties, at the time?" Workflow logs survive, but configuration changes and after-the-fact edits are possible: "we have logs, but can't prove a tamper-free, legitimate approval."

Had Lemma been in place, "a legitimately authorized person approved under a legitimate process" was fixed as a proof at approval time. Internal audit and the audit firm verify legitimacy without seeing the contents, and confirm no later tampering.

Architecture concept

We don't replace your approval workflow or ERP. We insert one authority-proof-and-provenance-anchor step where an approval is finalized.

  • Authority proof: prove "a legitimately authorized person approved" via Groth16 (Circom); bind segregation of duties (who may approve).
  • Provenance anchor: fix the approval's moment as a docHash, commit with Poseidon over BN254.
  • Selective disclosure: BBS+ over BLS12-381 — present only the metadata (legitimacy), not the approval contents.

The approval contents stay in-house; only the cryptographic fact "approved under legitimate authority and process" travels.

What Lemma cryptographically guarantees

  • The approval's time and proof that "a legitimately authorized person approved under a legitimate process"
  • The approval record's docHash and the legitimacy of segregation of duties
  • The approval's cryptographic identity, unchanged years later
  • A trail that internal audit, the audit firm, and third parties verify independently — without disclosing contents

What's next

Not a standalone SaaS purchase. We enter through AI-adoption / data-governance consulting and a PoC, landing on an existing monthly plan.

  1. A 30-minute review — identify control points in approval flows where audit/tampering risk concentrates.
  2. Narrow to 1–2 decisions (results) to prove — e.g. "a legitimately authorized person approved per segregation of duties." Not the approval contents.
  3. Design connection and authority definitions — connection to existing workflow/ERP, and segregation-of-duties/authority definitions.
  4. Prove one path via a (quote-based) PoC.
  5. Land on an existing monthly plan (indicative) — Lemma Critical / Compliance; pricing confirmed in conversation.

Tell us the one approval flow where audit/tampering risk matters most, in the first 30 minutes. No disclosure of sensitive data required.

Related use cases

Get Started

Ready to prove?

Talk to us about your use case. We respond within one business day.

Book a Discovery Call → Demo repo