Tag Archives: audit

Conflict Minerals is Dead! Long Live Conflict Minerals!

The deadline for filing the CY2016 SEC conflict minerals disclosure has now passed, although there are likely to be a few late filers. It is too early to glean anything from the filings and at least three analyses will be conducted, including the Development International study, which is the most comprehensive of them. We all anxiously await these reports.

The future of the SEC disclosure requirement is murky and there is a chance that this may be the last year of mandated filing in the US. Many clients and others are asking us questions about the future of conflict minerals, and what the past results have been. These are our thoughts.

Looking forward, we do not know what is in store for the SEC rule. There are many moving parts politically and publically. We will know what happens when it happens. I’d like to think there will be adequate advance notice to those impacted, but even that is not assured.

But the review mirror tells a story too. While aspects of the rule’s impact are hotly debated, one thing is indisputable – it resulted in much greater visibility into material sourcing and other companies deep in supply chains. This has allowed some companies to reduce business risk by optimizing their supply chains – concentrating spending power or diversifying their supply base to manage potential disruptions. Companies identified that, unbeknownst to them, entities sanctioned by the US Department of Treasury Office of Foreign Asset Control (OFAC) may have been present in their supply chains. Supplier audits/screening improved in many cases.  Appropriate auditor qualifications in light of global reliance on audit results has also become a major question in the scheme of things.

Of course, the rule brought human rights abuses in the DRC and other countries out of the shadows and into the light of the public. But has the population of the DRC benefitted? Experts continue to argue both sides of the question. Without taking sides, earlier this year we attempted to evaluate one major criticism of the SEC rule – that it directly resulted in hundreds of thousands, if not millions, of jobs lost in the 3TG mining sector. The question we posed ourselves was what impact did the 2008 – 2010 global economic recession have on artisanal and small miner (ASM) job losses which are currently attributed only to Dodd-Frank Section 1502? Did the timing of 1502 coincidentally occur at a time when mining jobs were already in decline because of pre-existing macroeconomic conditions?

Our intent was to rely on existing literature rather than creating original research as this was an unfunded effort on our own part. After a few months, we ran into two insurmountable obstacles:

  • The existing DRC-specific literature we found does not acknowledge or give any consideration to potential impacts of the 2008 – 2010 global economic recession. Yet analyses from The World Bank, the World Economic Forum (WEF) and the International Finance Corporation (IFC) demonstrate that global economic downturns play a major role in commodity prices and mining jobs worldwide, including ASM.
  • The DRC has a uniquely major informal economy which some literature indicated accounts for up to 80% of the country’s total economic activity annually. There is a significant gap in available information on DRC’s informal economy and what is available was sometimes inconsistent with other data on the same matter or irrelevant to our study.

We found only two sources referencing global 3TG price influence on prices paid to DRC ASMs.  Other data supported the position that a very large number of ASM miners in DRC move between multiple jobs based on income potential, so when ore prices were low in the past, miners moved to agriculture or other income sources. There was a meaningful amount of anecdotal information supporting the hypothesis that several factors other than Section 1502 (such as the DRC’s own taxation and mining policies) had a direct effect on DRC ASM job losses within the timeframe of interest, but we were not willing to rely on non-empirical information. We put down our pen (or mouse) and moved on to other things.

So the debate will continue.

There have been developments beyond just the SEC rule. The European Union adopted their own version of a conflict minerals due diligence rule that impacts a different class of companies and goes into effect in 2021. And the application of the OECD Due Diligence Framework is expanding into other materials (such as cobalt) and other geographies. At the moment, that appears to be just the beginning of that trend and that future is unknown as well.

In the end, what can be said about Section 1502 in consideration of it’s possible end? It all depends on your perspective, but it ain’t over till it’s over.  And it ain’t over.

How to Say “DRC Conflict Free” Without an IPSA

As the SEC conflict minerals filing deadline closes in, companies are carefully assessing what to say in their Form SDs and conflict minerals reports, especially in light of the recent statement from the Commission about enforcement of the filings.  Certainly, part of the internal deliberations concern how – or whether – to describe product determinations.  If a company voluntarily chooses to use the words “DRC Conflict Free” in its Conflict Minerals Report, then an Independent Private Sector Audit (IPSA) is required.

But did you know that the words “DRC Conflict Free” can be used without triggering an IPSA?

Without going into the painful explanatory details, issuers who file only a Form SD can use the specific determination wording in the Form SD without needing an IPSA.  As SEC stated in FAQ #19,

An issuer is only required to obtain an IPSA of its Conflict Minerals Report and not of the disclosures contained in the body of its Form SD.

The basic rationale is that when the RCOI results indicate there is no reason to believe that necessary conflict minerals did or may have originated from a covered country,  only a Form SD is required and additional due diligence is not necessary.  Therefore, a Form SD-only filing means that products are “DRC Conflict Free” by virtue of the absence of materials from a Covered Country.

But be careful – this only applies to Form SD language.  We also caution against claiming DRC Conflict Free in a Form SD that includes the CMR exhibit – but the CMR doesn’t mirror the Form SD.

We are happy to answer any questions you may have.  Feel free to give us a call.

New Comments to SEC Show Ongoing Misunderstanding, Excess Spending for Conflict Minerals Rule

The new public comment period initiated by SEC Acting Chairman Michael Piwowar is now closed and we have reviewed almost all the submittals.  What is surprising is that there still seems to be significant misunderstanding or interpretations of the rule, and some issuers are spending far more than is likely necessary.  The following comments and estimates that caught our attention:

  • Two industry groups cite a company spending $10 million in initial implementation costs and $3 million in ongoing costs (most likely the same company).  We were shocked to see those numbers.  No client of ours, nor any of the many Fortune 500 we have direct or indirect contact with, has expended that much in relation to the Rule.  
  • One company is cited as needing 7 months to survey 300 suppliers.  If that is indeed current information, there are most likely program implementation approaches available that the company is unaware of, or has chosen not to pursue.
  • Another commenter privately disclosed their cost and associated scope of their efforts to us in an email dialogue.  Based on our understanding, that company is expending approximately 90% more effort than needed.  They have received poor guidance on the rule or made a voluntary decision to go down that path.
  • There are multiple references to an estimate of an IPSA costing $250,000 – $350,000 and taking six months.  This estimate appears to reflect the original proposed rule rather than the IPSA objectives and scope of the final rule and the subsequent guidance.  During the proposed rule phase, little guidance was available on the IPSA and the auditing community anticipated full supply chain audits, or audits that confirmed product determinations. The final rule made it abundantly clear that the actual IPSA objectives/scope are far narrower.  

If you think you are spending more than is necessary for your conflict minerals program, give us a call.  We can probably find ways to reduce your effort and costs.

BREAKING: Acting SEC Chair Opens Conflict Minerals Guidance, Rule for Public Comment

UPDATE February 2, 2017:  We have confirmed with SEC Staff that the request for comment does indeed extend to the entire rule, not just the 2014 Guidance.

Acting SEC Chairman Michael Piwowar issued a statement this evening concerning the conflict minerals rule and the April 29, 2014 Guidance from the Commission making the use of specific determination wording voluntary, and thus the Independent Private Sector Audit.  Piwowar is “directing the [SEC] staff to consider whether the 2014 guidance is still appropriate and whether any additional relief is appropriate in the interim.”  The statement includes a 45-day public comment period on the matter.

Although there is ambiguity in this statement that we hope to get clarity on soon, it appears that the statement may only relate to the 2014 guidance and not the rule as a whole.  In addition, it also appears that the outcome of the SEC’s action in relation to Piwowar’s statement applies to filings covering calendar year 2017 and therefore may not impact activities currently underway by issuers preparing for their CY2016 filings.

Updates and additional information will be provided during our webinar to be held Thursday, February 2.  Sponsored by TheCorporateCounsel.net, other panelists include Michael Littenberg, Christine Robinson and Dave Lynn.

You Are What Your Suppliers Do: Supplier Actions Make Headlines, Break Business

With companies facing increasing pressure for the actions of every part of their supply chain, demand for – and reliance on – supplier/corporate social responsibility (CSR) audits conducted by third parties has grown rapidly.

Shirts, Phones, Rocks and Shrimp

But there is concern about the quality, reliability and credibility of these audits.

CSR Auditing and Toilet Paper

Is Social Auditing Really Auditing?

Harvard Professor Identifies Factors for Meaningful CSR and Supply Chain Audits

You Don’t Know What Your Suppliers Are Hiding

Companies rely on their CSR audit firm to utilize qualified auditors, employ adequate QA/QC processes and expend adequate time to conduct a reasonable audit. Yet there are no generally-accepted professional CSR audit practitioner standards. Moreover, due to cost pressures, lowest cost audit providers are frequently selected that may not have appropriate auditing skills or training – the largest CSR audit firms conduct tens of thousands of these audits each year. Increasing audit time and costs to improve quality or credibility is typically not realistic – the business model is inherently high-volume, low margin.

Are these audits effective at findings supplier actions that create risks for you? Can a company gain confidence in their CSR audits without adding costs? Is a change in auditors necessary?

Improve Credibility for Disclosures, Media and Customers

Changing audit firms is not necessary, nor is another layer of auditing. Instead, a formalized auditor training program can be a low cost yet effective solution.

The Elm Consulting Group International is expanding our well-proven auditor training program to companies who use CSR/supply chain auditors. The intent of this program is for brands to provide detailed communication and training to their current CSR/supply chain auditors about the company’s requirements for auditor competence, audit quality and processes in order to enhance the credibility of audit information.

Our formalized training for existing CSR auditors builds their client’s confidence in the quality of the work provided. The program is not intended to provide training on specific audit topics such as child labor or worker rights. Instead, the focus is on proven audit techniques such as:

  • Understanding and applying professional skepticism
  • Interviewing and active listening
  • Identifying and responding to non-verbal cues within multi-cultural contexts
  • Evidence sampling methodologies
  • Using information from different sources
  • Verification and recomputation techniques
  • Judging audit evidence quality and limitations
  • Fraud detection
  • Using working papers and audit protocols
  • Writing effective and complete audit findings
  • Audit quality expectations, requirements and processes
  • Maintaining auditor independence, including auditor rotation

Our Qualifications as The Leader in Auditor Training

Our HSE auditor training experience began in the 1980s and we have successfully trained hundreds of external and internal auditors. Elm Principals hold auditor certifications from the US Board of Environmental, Health and Safety Auditor Certification (BEAC, now wholly merged into the Institute of Internal Auditors) and UK Institute of Environmental Management & Assessment, are approved trainers for the IIA EHS auditor certification program and are subject to annual continuing education requirements ourselves. Further, Elm Principals have served in various Board positions in The Auditing Roundtable (merged into the IIA in 2016) and BEAC, including the current BEAC Chair.  More information about our internal audit quality and auditor competence standards is available here.

Give us a call at 678-200-3424 or contact us via email to discuss how we can help you increase confidence in your CSR audits.

Dr. Seuss Essay on Auditing Updated

In the early 1970s, buried in one of his books, Dr Seuss penned a little known essay on auditing. For those not familiar with it, the full text follows:

Oh, the jobs people work at!


Out west near Hawtch-Hawtch
 there’s a Hawtch-Hawtcher Bee-Watcher. His job is to watch…
is to keep both his eyes on the lazy town bee. A bee that is watched will work harder, you see.

Well… he watched and he watched. But, in spite of his watch, 
that bee didn’t work any harder. Not mawtch.

So then somebody said,
“Our old bee-watching man
just isn’t bee-watching as hard as he can. 
He ought to be watched by another Hawtch-Hawtcher!
 The thing that we need
is a Bee-Watcher-Watcher!”

 The Bee-Watcher-Watcher watched the Bee-Watcher.
 He didn’t watch well. So another Hawtch-Hawtcher
had to come in as a Watch-Watcher-Watcher!


And today all the Hawtchers who live in Hawtch-Hawtch are watching on Watch-Watcher-Watchering-Watch,
Watch-Watching the Watcher who’s watching that bee.


You’re not a Hawtch-Watcher. You’re lucky, you see!”

Words of wisdom from an unlikely source.  And for a little amusement, Elm takes Seuss a little further.

We decided to try our own hand at rhyme
And update the story to these current times.

Auditors watch the things clients do
And also suppliers when they’re in scope too.
They see if the list of everything bought
Was made in conditions just like it was thought
Or from those hoping they’re not getting caught.

The Hawtch-Hawtch bee watcher failed as you know
Since audits alone don’t work, we shall show.
What can we learn from those watching the bee?
I see two things – well, actually three.

The bee – when watched – was supposed to work more
But that’s not what bee itself had in store.
Instead what it did was kept right on doing
Not a thing – the watcher was just cud-chewing.
The town of Hawtch-Hawtch thought things would be fine
As long as an auditor watched all the time.

That, my dear friends, is flaw number 1 –
Audits alone are but one part of the fun,
After the watching, there’s more to be done.

The next wrong expectation in this story I find
Is the scope of the watching is not well defined.
What does it mean to “Watch as hard as you can?”
The watchers weren’t sure – down to the last man.
Had they been told, they could do the job well
And not let past problems fester and swell.

Today, what of CSR, governance and sustainability?
The words are unclear – I think they’re meant to be.
No clarity was given those Hawtch Hawtch bee watchers
So they all failed, got sore feet and bad postures.

And now, my beloved, we’re at flaw number three
Which is simply bad audit and auditor quality.
Bad bee watching – at least supposedly so –
Made the line of watch-watchers grow – grow – grow
That perpetuated the flaws that all went before
Meaning Hawtch-Hawtch kept getting more, more and MORE
Of the same watch watchers already there
Who did nothing more than stare, stare and stare
At the same old thing day after day,
Focused on billable hours, bonus and pay.

Most of them ranked low and were unqualified
To be a watch watcher – they weren’t certified.
Maybe because that would cost a bit more
Than the ineffective work that had been done before.
But Hawtch-Hawtch didn’t care to look into this
Not concerned with things that were possibly missed.

Now Hawtch-Hatwch is not a maker of stuff
That uses slave labor and treats their folks rough
And whose business will shrink when good auditors see
What unscrupulous companies do with glee.

In sum, Seuss told us of things one through three
These things – for auditing – are important and key.
But, I say friend, don’t take it from me
Go back and look that old Hawtch-Hawtch bee.

CSR Auditing and Toilet Paper

In the 1990s I worked for a large paper company and one of the products we made was a name brand toilet paper. As TP goes, this was nice stuff – 2 ply, thick and soft. We marveled that the product didn’t sell well in markets dominated by products that were thin, had holes and fell apart too easily. It baffled us that so many people didn’t care about what ends up on their hands.

Today there is a surprising demand for third party environmental/safety/social/supply chain audits that are equivalent to cheap TP – thin, single “ply” (i.e., one dimensional) and full of holes.   Yet even in the midst of so much reliance on audits, very few buyers of these audit services seem to be concerned. Its not only us that sees this – a fascinating article published earlier this week called out Amazon, The Children’s Place, Gap, Hanes, J-Crew, JC Penny, Kohl’s, Macy’s, Nike, Pink, Polo, Target, Walmart and Zara for “ineffective … CSR monitoring, corporate codes of conduct and industry ‘social audits’ … in protecting the rights, health and safety of millions of workers in global supply chains.”  This, after a decade of CSR audits, is the author’s conclusion.

The article goes on to discuss related failures and inconsistencies in certifications and audit scopes. Our own experiences support this – all too frequently we have seen companies pursuing various certifications solely in order to have a certificate to frame and hang in their lobby. One unfortunately memorable experience came a week after a client had completed their ISO14001 recertification audit. The ISO auditor passed the site with flying colors and was highly complimentary of their program. However, our compliance audit found – with little effort – criminal environmental violations that resulted in the site environmental manager losing his job and one of the few instances where self-disclosure to EPA was warranted without question. This isn’t necessarily a problem with the standards themselves – the problem rests completely with the auditors responsible for assessing the sites.

This criticism shouldn’t be a surprise to anyone who is familiar with current CSR audits and auditors. Certainly there are excellent and conscientious practitioners in the field, but the pricing model of these audits tends to support minimalism all the way around. In a recent article on this topic, we stated our belief that the pricing of CSR audits is directly in response to severe operating cost pressures placed on the manufacturers by the brands. But that circles back to consumer buying preferences as we pointed out six years ago. If attributes other than price and product performance were truly key buying criteria, then the entire economic ecosystem (eco-ecosystem??) would be different.

We do not offer typical CSR/supplier audits because we flatly refuse to compromise our professionalism in order to be cost competitive in this market. Our respect for clients and concern for the risks they face exceeds our desire to compete for revenue from these services in the current market. But, as evidenced by what the article states is an $80B year CSR industry, many people are okay with using cheap toilet paper and don’t seem to care what will end up on their hands.

A few key things you should do to help prevent continuing CSR audit failures:

  • Ensure the audit scope matches the auditor(s)’ backgrounds.  For example, after Raina Plaza, CSR auditors have been increasingly asked to provide information on structural engineering and local electrical code compliance.  These matters require specific technical knowledge beyond that of a typical CSR auditor.
  • Explore the auditor(s) professional qualifications. Do they hold a relevant third-party certification?  How much continuing education do they require on an annual basis?  What fraud detection training have they had?  What are the audit firm process for ensuring independence of the individual auditors, not just the firm as a whole?  Auditors should consider themselves professionals and hold themselves accountable to appropriate standards for qualifications.  If they don’t, that speaks volumes about their attitude toward their work.
  • Test the auditor(s) technical knowledge beyond their checklist.  Does the auditor understand the applicable requirements beyond what is written in the audit checklist or protocol?  There are few times when reality matches the criteria on paper.  You want a professional who is prepared to apply knowledge and expertise objectively and pragmatically, not just check boxes on paper or a screen.
  • Find out how much time the auditor(s) spend onsite, and on each audit activity.  Generally speaking, one day (or less) total on-site is too little for any credible audit scope.  The auditor should reasonably balance their time between document reviews, interviews and visual observations.  If you don’t feel there is adequate time spent or balance in the activities, make your auditor change their practices.
  • Observe – or get feedback on – the auditors’ bedside manner.  An auditor’s attitude and non-verbal cues have a significant impact on the amount and quality of information they are able to gather from the audited entity, and how that entity responds to the audit and corrective actions.  Interviews conducted by the auditor should be non-threatening.  Using active listening techniques without sounding condescending or like a robot is an art form not easily mastered.
  • Look at audit report findings and the cited evidence.  Are findings based solely on interviews?  While this can be acceptable in some settings/situations, information from interviews should be corroborated with another type of audit evidence such as documentation, recomputation or direct visual observations.  If findings are not based on objective and repeatable evidence, make your auditor change their practices.  Issues based on interviews alone should be brought forward in a mechanism outside the audit report as those don’t meet the requirement for a formal finding.
  • Determine how audit reports are peer reviewed – or are they peer reviewed at all?  Does the review require the auditors’ original notes so the reviewer can confirm that the audit evidence supports the findings?  All audit reports should go through a formal internal quality check.
  • Don’t get swayed by broad company or program certifications such as ISO.  While these certifications can be an indicator of internal process formalization, understanding the reality of auditor performance in your specific need is far more important.
  • When considering an auditor, call client references and discuss their experiences, both positive and negative.  Obviously, references are specifically selected to present a positive image.  Expressly ask the reference to offer comments about matters or situations that are not so positive.

CY2016 Conflict Minerals Reports: Ready… Set… IPSA!!

How many conflict minerals IPSAs will be conducted for the CY2016 SEC filings given that nothing has changed from last year (or the year before) concerning the IPSA trigger?  Certainly you recall the April 29, 2014 Statement from the SEC’s Keith Higgins (who today announced that he will depart the SEC next month) clarifying that, until further specific action by the SEC, an IPSA is required only when an issuer voluntarily chooses to use the wording “DRC Conflict Free” when describing their products.

There has been no further action on the matter from the SEC.  Yet more companies are already asking us for proposals to conduct an IPSA even where the company doesn’t plan on making a “DRC Conflict Free” determination.  Such an IPSA could do more than meet the SEC audit objectives.  As a voluntary and perhaps “unofficial” audit, the scope can be more flexible and address substantive issues concerning program effectiveness and conformance to the OECD Due Diligence Guide or SEC requirements, helping the company to answer important questions about the quality and robustness of their due diligence program.  This kind of IPSA would provide much more value especially as due diligence programs are rapidly expanding beyond 3TG and the DRC.

It is worth serious consideration.

Another approach was very popular last year – our auditability reviews.  This gives clients a detailed understanding of how an IPSA auditor will likely interpret CMR language and approach an official IPSA.  We have identified much unintended – or unexpected – broadening of the IPSA scope and cost for clients and provided detailed insight as to how an auditor is likely to apply sampling and audit evidence elements of the Performance Audit standards to draft CMR language.  Our IPSA auditability reviews are a low cost, low risk alternative to a mock audit.

And what of those 12 companies called out by name in the Development International report as not filing an IPSA even though they classified at least one product as “DRC Conflict Free”?  We will see.

What Does Trump and GOP Control Mean for Conflict Minerals, Sustainability?

UPDATE:  Acting SEC Chairman Piwowar issued a statement on January 31, 2017 opening the rule and the 2014 Guidance to public comment.

It has been an unusual campaign and election for the US presidency.  Donald Trump will take office in January and the Republicans will control of both houses of the legislature.

So is the fate of the US conflict minerals disclosure mandate in jeopardy?  Perhaps, but in our opinion the Trump administration will not change anything before the May 31, 2017 filing deadline for the CY2016 disclosure.  We recommend that all companies subject to the conflict minerals filing  continue to move forward as planned.  Looking even further out, we expect that the administration will face other dragons to slay through 2018 as well.  This is expected to be a topic of many conversations at the CFSI workshop we are attending this week.

Trump has made clear his disapproval of the Dodd-Frank Act in toto, so there is a general expectation that change will come, yet he faces other higher priority matters such as healthcare and the Federal budget.  But with the Senate and House now controlled by the Republicans, there likely will not be much opposition to a repeal of, or amendments to, Dodd-Frank.

Emerging regulatory initiatives such as expanding SEC reporting to include sustainability matters is also likely to face far more opposition during the Trump administration.

We occasionally are asked what we would do if the conflict minerals mandate was eliminated.  We would see some business loss, but Elm Sustainability Partners and The Elm Consulting Group International do much more than conflict minerals advisory.

Elm Sustainability provides a range of sustainability, corporate responsibility and supplier auditing services.  We review existing social auditor results and qualifications and are known for calculating economic value of sustainability programs using methods that withstand tough management scrutiny.

The Elm Consulting Group International has been in business for 15 years providing clients with the highest quality environmental, health and safety auditing available and that business continues to grow.

Through our six years in the conflict minerals space, we have made many friends and new clients we hope to continue to serve, whether related to conflict minerals or otherwise.  If you are looking for sustainability, social auditing or EHS auditing support, please give us a call.

Apropos: Dia de los Muertos and the Billable Hour

Today is Halloween in the US and Dia de los Muertos in Mexico.  It is a time based on the idea of reflecting on death.  Now we aren’t being morbid here – instead we grinned at the amusing irony of the timing of this article on LinkedIn which is an obituary to the billable hour.

We absolutely agree with the downsides of billable hours.  All of us at Elm, in prior points in our careers, have had ourselves and clients held hostage by the almighty billable hour.  Over the past several years, we decreased our use of hourly rates and billings – instead working on a daily rate or, increasingly, on a fixed fee basis.

Given all that is right with eliminating hourly billing, a reasonable person might ask why doing so remains ubiquitous for consulting/auditing firms?  Yet another irony for those of us who help client organizations in changing their internal culture – because it’s the way it’s been done in the past. 

Hmmmmm.