Tamper-Proof Internal Control & Approval Records

Hide the approval contents, approver and separation of duties
Prove approved with proper authority and procedure

Prove that approvals and segregation of duties happened "under legitimate authority and process," so auditors can verify it independently without seeing the contents. The records cannot be tampered with afterward, and the basis survives staff turnover.

Finance & FinTech · Manufacturing · Listed companies (J-SOX scope) · Audit firms 4 min read
🔔 Plan · Lemma Compliance →
01 · WHO IT'S FOR

For internal-control teams

Not being able to show an approval or segregation of duties was legitimate when a J-SOX audit asks, solved by a tamper-proof trail.

  • Internal-control, internal-audit, and finance leads at listed companies, finance, manufacturing

  • Teams required to evidence approval workflows (requisition, payment, segregation of duties)

  • Organizations wanting to cut audit-response effort with a trail, not document assembly

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma
Hand over the original
approval_id:
AP-2024-001
amount:
1,200,000 JPY
category:
capex
requester:
Tanaka (Dept. head)
approver_1:
Yamada (Director)
approver_2:
Takahashi (CFO)
↓ all of it goes to the AI / outside
With Lemma
Hand over just the facts
subject:
did:lemma:approval-AP2024-001
issuer:
did:lemma:org-acme-fin
sourceHash:
0x4f8a…e1d3
lineageChain:
[request, approve_1, approve_2]
recordedAt:
2024-08-15T14:30:00Z
integrity:
poseidon-merkle
ZK verified:
✓ VALID
↓ only the necessary facts to the AI

At the moment an approval occurs, we cryptographically fix that "a holder of legitimate authority approved it under a legitimate process." The approval contents (amount, counterparty, document body) are not disclosed. Segregation of duties (who may approve) is bound as an authority proof and kept tamper-free via provenance.

When audit arrives, internal audit, the audit firm, and third parties verify the same proof independently — without disclosing the era's data.

See the technical details ↗
03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method Pass without exposing Independent verification Tamper-proof
Access control only
Masking / anonymization
Encryption only
Lemma (ZK proof)the only one with all 3
04 · HOW IT WORKS

What's next

Not a standalone SaaS purchase. We enter through AI-adoption / data-governance consulting and a PoC, landing on an existing monthly plan.

  1. A 30-minute review — identify control points in approval flows where audit/tampering risk concentrates.
  2. Narrow to 1–2 decisions (results) to prove — e.g. "a legitimately authorized person approved per segregation of duties." Not the approval contents.
  3. Design connection and authority definitions — connection to existing workflow/ERP, and segregation-of-duties/authority definitions.
  4. Prove one path via a (quote-based) PoC.
  5. Land on an existing monthly plan (indicative) — Lemma Critical / Compliance; pricing confirmed in conversation.

Tell us the one approval flow where audit/tampering risk matters most, in the first 30 minutes. No disclosure of sensitive data required.

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the five proofs.

See use scenarios for Verifiable Origin in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Learn how it works — Verifiable Origin →