Now that we are six months away from the first SEC conflict minerals filing deadline, companies are considering engaging third parties to conduct simulated audits or audit readiness assessments in preparation for their formal independent private sector audit (IPSA). For the moment, we will put aside our view that companies should wait until the next SEC Q&A is published before deciding on the need for the IPSA for 2013 and related preparations.
Assuming that the decision has been made to move ahead with preparations for a 2013 IPSA, you may be developing an RFP for a simulated audit or audit readiness assessment – or perhaps have already issued one.
What should you expect to see in the auditors proposal?
Above all else, be prepared for significant variability in the responses. There are widely differing views on planning needs, project implementation scope, reporting, limitations and of course pricing. At this point, you may be thinking “Well, that doesn’t help me much,” and (even though we wrote it), we agree. What may help are these points:
- Most importantly, the relevant CMR language MUST be available to the auditor. Specific parts of the CMR form the basis of the IPSA – and any related preparation engagement. This also means that the definition of due diligence must be agreed upon internally and clearly defined. Without these, the auditor has nothing to audit – so what will the proposal be based on? Lots of assumptions and uncertainties that make for a confusing proposal with inflated costs. If these elements are still in draft form (as they most likely are at this point), the engagement results will not apply to any subsequent CMR language versions. Ask yourself if your CMR language and due diligence definition are developed enough to justify an IPSA preparation engagement, or produce valuable results.
- Another critical component is deciding what audit standard is preferred (and why), which in turn determines the audit firms you solicit/select – and that directly impacts costs. Attestation engagements conducted by public accountancies/CPAs are likely to be markedly more expensive than performance audits conducted by other firms. Both audit standards are designed to deliver the same level of assurance, so in most cases a company’s decision will boil down to
- WHO do you want to do your IPSA?
- WHY is it important that this specific auditor/firm be the one to conduct the audit?
- WHAT is the cost?
- HOW important is cost?
Finally, we come back to our original question of whether it is best to wait a few weeks before committing to such an engagement. SEC’s upcoming Q&A is expected to clarify audit trigger ambiguities which may negate the need for a 2013 IPSA and the associated preparatory activities, efforts and cost. Of course, you may have different motivations for such an assessment – including providing some level of comfort or assurance to executives that the processes have been reviewed by a third party. If that is the case, that is a different matter altogether, but it will still be important to clarify what will be included in the scope and what the review process will involve.
This isn’t the kind of thing you would expect a consulting/audit firm to talk about, but we have caused a number of clients to reassess their perceived need for such engagements for the moment. But why spend the money if it isn’t needed? Sure, we lose revenue in the near term but this demonstrates our commitment to be a trustworthy business partner with our clients.