Tag Archives: compliance management

UPDATED ALERT: Piwowar Issues New Statement on Conflict Minerals Rule in Response to Closure of NAM v. SEC Lawsuit, Stein Pushes Back

SEC Acting Chairman Michael Piwowar and the SEC Division of Corporation Finance Staff both issued statements today (April 7, 2017) on the conflict minerals rule in light of the final Court action in NAM v. SEC.

The statements from both Staff and Acting Chairman Piwowar clarify that the Commission does not intend to recommend enforcement against any issuer that does not file a CMR or conduct due diligence of its smelters/refiners.  The statements do not amend the language of the rule itself to eliminate the CMR and due diligence requirement – they only clarify that no enforcement action will be taken if an issuer triggers the CMR/due diligence mandate, but files only the basic Form SD.

Reuters reported that the only other currently-sitting Commissioner, Kara Stein, took issue with Piwowar’s unilateral action :

The move sparked backlash from SEC Democratic Commissioner Kara Stein, who accused Piwowar of acting beyond his authority to gut the meat of a rule mandated by Congress, adopted by the SEC and reviewed by the courts.

“It is unprecedented for one commissioner, acting alone and without official notice and comment, to engage in de facto rulemaking,” she said.  “It represents a troubling attack not only on the Commission process, but also on the restraints of government power.”

We will continue to monitor new developments and keep you informed.  In the meantime, please do not hesitate to contact us with any questions.

You Are What Your Suppliers Do: Supplier Actions Make Headlines, Break Business

With companies facing increasing pressure for the actions of every part of their supply chain, demand for – and reliance on – supplier/corporate social responsibility (CSR) audits conducted by third parties has grown rapidly.

Shirts, Phones, Rocks and Shrimp

But there is concern about the quality, reliability and credibility of these audits.

CSR Auditing and Toilet Paper

Is Social Auditing Really Auditing?

Harvard Professor Identifies Factors for Meaningful CSR and Supply Chain Audits

You Don’t Know What Your Suppliers Are Hiding

Companies rely on their CSR audit firm to utilize qualified auditors, employ adequate QA/QC processes and expend adequate time to conduct a reasonable audit. Yet there are no generally-accepted professional CSR audit practitioner standards. Moreover, due to cost pressures, lowest cost audit providers are frequently selected that may not have appropriate auditing skills or training – the largest CSR audit firms conduct tens of thousands of these audits each year. Increasing audit time and costs to improve quality or credibility is typically not realistic – the business model is inherently high-volume, low margin.

Are these audits effective at findings supplier actions that create risks for you? Can a company gain confidence in their CSR audits without adding costs? Is a change in auditors necessary?

Improve Credibility for Disclosures, Media and Customers

Changing audit firms is not necessary, nor is another layer of auditing. Instead, a formalized auditor training program can be a low cost yet effective solution.

The Elm Consulting Group International is expanding our well-proven auditor training program to companies who use CSR/supply chain auditors. The intent of this program is for brands to provide detailed communication and training to their current CSR/supply chain auditors about the company’s requirements for auditor competence, audit quality and processes in order to enhance the credibility of audit information.

Our formalized training for existing CSR auditors builds their client’s confidence in the quality of the work provided. The program is not intended to provide training on specific audit topics such as child labor or worker rights. Instead, the focus is on proven audit techniques such as:

  • Understanding and applying professional skepticism
  • Interviewing and active listening
  • Identifying and responding to non-verbal cues within multi-cultural contexts
  • Evidence sampling methodologies
  • Using information from different sources
  • Verification and recomputation techniques
  • Judging audit evidence quality and limitations
  • Fraud detection
  • Using working papers and audit protocols
  • Writing effective and complete audit findings
  • Audit quality expectations, requirements and processes
  • Maintaining auditor independence, including auditor rotation

Our Qualifications as The Leader in Auditor Training

Our HSE auditor training experience began in the 1980s and we have successfully trained hundreds of external and internal auditors. Elm Principals hold auditor certifications from the US Board of Environmental, Health and Safety Auditor Certification (BEAC, now wholly merged into the Institute of Internal Auditors) and UK Institute of Environmental Management & Assessment, are approved trainers for the IIA EHS auditor certification program and are subject to annual continuing education requirements ourselves. Further, Elm Principals have served in various Board positions in The Auditing Roundtable (merged into the IIA in 2016) and BEAC, including the current BEAC Chair.  More information about our internal audit quality and auditor competence standards is available here.

Give us a call at 678-200-3424 or contact us via email to discuss how we can help you increase confidence in your CSR audits.

CSR Auditing and Toilet Paper

In the 1990s I worked for a large paper company and one of the products we made was a name brand toilet paper. As TP goes, this was nice stuff – 2 ply, thick and soft. We marveled that the product didn’t sell well in markets dominated by products that were thin, had holes and fell apart too easily. It baffled us that so many people didn’t care about what ends up on their hands.

Today there is a surprising demand for third party environmental/safety/social/supply chain audits that are equivalent to cheap TP – thin, single “ply” (i.e., one dimensional) and full of holes.   Yet even in the midst of so much reliance on audits, very few buyers of these audit services seem to be concerned. Its not only us that sees this – a fascinating article published earlier this week called out Amazon, The Children’s Place, Gap, Hanes, J-Crew, JC Penny, Kohl’s, Macy’s, Nike, Pink, Polo, Target, Walmart and Zara for “ineffective … CSR monitoring, corporate codes of conduct and industry ‘social audits’ … in protecting the rights, health and safety of millions of workers in global supply chains.”  This, after a decade of CSR audits, is the author’s conclusion.

The article goes on to discuss related failures and inconsistencies in certifications and audit scopes. Our own experiences support this – all too frequently we have seen companies pursuing various certifications solely in order to have a certificate to frame and hang in their lobby. One unfortunately memorable experience came a week after a client had completed their ISO14001 recertification audit. The ISO auditor passed the site with flying colors and was highly complimentary of their program. However, our compliance audit found – with little effort – criminal environmental violations that resulted in the site environmental manager losing his job and one of the few instances where self-disclosure to EPA was warranted without question. This isn’t necessarily a problem with the standards themselves – the problem rests completely with the auditors responsible for assessing the sites.

This criticism shouldn’t be a surprise to anyone who is familiar with current CSR audits and auditors. Certainly there are excellent and conscientious practitioners in the field, but the pricing model of these audits tends to support minimalism all the way around. In a recent article on this topic, we stated our belief that the pricing of CSR audits is directly in response to severe operating cost pressures placed on the manufacturers by the brands. But that circles back to consumer buying preferences as we pointed out six years ago. If attributes other than price and product performance were truly key buying criteria, then the entire economic ecosystem (eco-ecosystem??) would be different.

We do not offer typical CSR/supplier audits because we flatly refuse to compromise our professionalism in order to be cost competitive in this market. Our respect for clients and concern for the risks they face exceeds our desire to compete for revenue from these services in the current market. But, as evidenced by what the article states is an $80B year CSR industry, many people are okay with using cheap toilet paper and don’t seem to care what will end up on their hands.

A few key things you should do to help prevent continuing CSR audit failures:

  • Ensure the audit scope matches the auditor(s)’ backgrounds.  For example, after Raina Plaza, CSR auditors have been increasingly asked to provide information on structural engineering and local electrical code compliance.  These matters require specific technical knowledge beyond that of a typical CSR auditor.
  • Explore the auditor(s) professional qualifications. Do they hold a relevant third-party certification?  How much continuing education do they require on an annual basis?  What fraud detection training have they had?  What are the audit firm process for ensuring independence of the individual auditors, not just the firm as a whole?  Auditors should consider themselves professionals and hold themselves accountable to appropriate standards for qualifications.  If they don’t, that speaks volumes about their attitude toward their work.
  • Test the auditor(s) technical knowledge beyond their checklist.  Does the auditor understand the applicable requirements beyond what is written in the audit checklist or protocol?  There are few times when reality matches the criteria on paper.  You want a professional who is prepared to apply knowledge and expertise objectively and pragmatically, not just check boxes on paper or a screen.
  • Find out how much time the auditor(s) spend onsite, and on each audit activity.  Generally speaking, one day (or less) total on-site is too little for any credible audit scope.  The auditor should reasonably balance their time between document reviews, interviews and visual observations.  If you don’t feel there is adequate time spent or balance in the activities, make your auditor change their practices.
  • Observe – or get feedback on – the auditors’ bedside manner.  An auditor’s attitude and non-verbal cues have a significant impact on the amount and quality of information they are able to gather from the audited entity, and how that entity responds to the audit and corrective actions.  Interviews conducted by the auditor should be non-threatening.  Using active listening techniques without sounding condescending or like a robot is an art form not easily mastered.
  • Look at audit report findings and the cited evidence.  Are findings based solely on interviews?  While this can be acceptable in some settings/situations, information from interviews should be corroborated with another type of audit evidence such as documentation, recomputation or direct visual observations.  If findings are not based on objective and repeatable evidence, make your auditor change their practices.  Issues based on interviews alone should be brought forward in a mechanism outside the audit report as those don’t meet the requirement for a formal finding.
  • Determine how audit reports are peer reviewed – or are they peer reviewed at all?  Does the review require the auditors’ original notes so the reviewer can confirm that the audit evidence supports the findings?  All audit reports should go through a formal internal quality check.
  • Don’t get swayed by broad company or program certifications such as ISO.  While these certifications can be an indicator of internal process formalization, understanding the reality of auditor performance in your specific need is far more important.
  • When considering an auditor, call client references and discuss their experiences, both positive and negative.  Obviously, references are specifically selected to present a positive image.  Expressly ask the reference to offer comments about matters or situations that are not so positive.

What Does Trump and GOP Control Mean for Conflict Minerals, Sustainability?

UPDATE:  Acting SEC Chairman Piwowar issued a statement on January 31, 2017 opening the rule and the 2014 Guidance to public comment.

It has been an unusual campaign and election for the US presidency.  Donald Trump will take office in January and the Republicans will control of both houses of the legislature.

So is the fate of the US conflict minerals disclosure mandate in jeopardy?  Perhaps, but in our opinion the Trump administration will not change anything before the May 31, 2017 filing deadline for the CY2016 disclosure.  We recommend that all companies subject to the conflict minerals filing  continue to move forward as planned.  Looking even further out, we expect that the administration will face other dragons to slay through 2018 as well.  This is expected to be a topic of many conversations at the CFSI workshop we are attending this week.

Trump has made clear his disapproval of the Dodd-Frank Act in toto, so there is a general expectation that change will come, yet he faces other higher priority matters such as healthcare and the Federal budget.  But with the Senate and House now controlled by the Republicans, there likely will not be much opposition to a repeal of, or amendments to, Dodd-Frank.

Emerging regulatory initiatives such as expanding SEC reporting to include sustainability matters is also likely to face far more opposition during the Trump administration.

We occasionally are asked what we would do if the conflict minerals mandate was eliminated.  We would see some business loss, but Elm Sustainability Partners and The Elm Consulting Group International do much more than conflict minerals advisory.

Elm Sustainability provides a range of sustainability, corporate responsibility and supplier auditing services.  We review existing social auditor results and qualifications and are known for calculating economic value of sustainability programs using methods that withstand tough management scrutiny.

The Elm Consulting Group International has been in business for 15 years providing clients with the highest quality environmental, health and safety auditing available and that business continues to grow.

Through our six years in the conflict minerals space, we have made many friends and new clients we hope to continue to serve, whether related to conflict minerals or otherwise.  If you are looking for sustainability, social auditing or EHS auditing support, please give us a call.

Cobalt is the New Conflict Mineral

Conflict minerals information requests from customers increasingly include cobalt.  While cobalt is not an official conflict mineral, and the basis for the recent public attention is not the funding of armed groups, it is nonetheless being included in conflict minerals CMRT requests.

But cobalt is not one of the CMRT metals, and the CFSI smelter/refiner lists and audits do not include cobalt.  What do you do?  You can build on your existing conflict minerals program, but you need new data collection/verification tools, business criteria and customer reporting methodologies.

These are fundamental issues that every company will have to resolve before meaningful responses to customers can be provided, and it will likely take time.

Apropos: Dia de los Muertos and the Billable Hour

Today is Halloween in the US and Dia de los Muertos in Mexico.  It is a time based on the idea of reflecting on death.  Now we aren’t being morbid here – instead we grinned at the amusing irony of the timing of this article on LinkedIn which is an obituary to the billable hour.

We absolutely agree with the downsides of billable hours.  All of us at Elm, in prior points in our careers, have had ourselves and clients held hostage by the almighty billable hour.  Over the past several years, we decreased our use of hourly rates and billings – instead working on a daily rate or, increasingly, on a fixed fee basis.

Given all that is right with eliminating hourly billing, a reasonable person might ask why doing so remains ubiquitous for consulting/auditing firms?  Yet another irony for those of us who help client organizations in changing their internal culture – because it’s the way it’s been done in the past. 

Hmmmmm.

We’ll Be Seeing You

We’ve been quiet over the past several weeks because we’ve been busy.  A number of companies took us up on our recommendation to get a program review and we are continuing to conduct those through the end of the year.  But we will be back out and about soon and available to meet and chat.

Although our parent The Elm Consulting Group International has long been recognized as a leading environmental, health and safety auditing firm and  Elm Sustainability Partners is most well known for our conflict minerals services, we also provide other sustainability/supply chain risk assessment services.  We recently summarized our general experiences with sustainability in comments to the US Securities & Exchange Commission’s Concept Release as they explore the need for including sustainability disclosures within standard financial reporting.

Where we’ll be

We are always happy to talk at meetings, conferences or phone calls.  Please don’t hesitate to reach out.

Elm Sustainability Partners Wins Global Awards for Conflict Minerals for Second Year

For the second consecutive year, Elm Sustainability Partners has been recognized for our global excellence as the Conflict Minerals Advisory Firm of the Year and as Niche Audit Firm of the Year.  “We are pleased that our clients and others supported us this past year, in terms of both business and this award,” said Lawrence Heim, Managing Director.  “With the US Dodd-Frank Act regulatory conflict minerals filings in their third year, the scope of  sustainability and related verification services is changing rapidly.  Elm continues to provide clients with the highest professionalism and value possible.”

Elm Sustainability Partners awards are on page 45 of the ACQ5 Awards issue.

The ACQ5 Global Awards, now in its 11th year, recognizes services providers that are truly world class in the way they are run and in the services they deliver to clients. ACQ5 Global Awards decisions are firmly based on peer nominations following the receipt of detailed submissions from market participants and extensive year-round research into the markets in all global region. ACQ5 Global Awards cover global categories, best-in-class awards in all regions in over 100 countries around the world.

“Experts whose intimate knowledge and expertise in the cultural, financial and legal arenas are redefining our industry,” says Jake Robson, Group Editor of The ACQ5. “The 2016 ACQ5 Global Award winners always represent the best of breed in the industry and have earned these honours by standing out in a group of very impressive finalists. We are lucky enough to work with some of the most influential and enterprising private organisations in the world and are proud to share their message with our readers. Relying on reader insight and experience to provide nominations to the panel remains the cornerstone of our program and to identify industry leaders, individuals, teams and organizations that represent the benchmark of achievement and best practice in the business world.”

The 11th Annual ACQ5 Global Awards honour the leading deal teams, firms and professionals whose activities set the standard for our markets. This year, companies and individuals, representing every major market in the world, became finalists for the awards.

“Operating a legitimately independent nomination process, our award winners are chosen by our readership. Every year, we seek their assistance of our readers, the industry itself, in recognising industry leaders, eminent individuals, exemplary teams and distinguished businesses, which we believe represent the benchmark of achievement and best practice in a variety of fields – and every year, we turn to them to help as we strive to recognise an ever-widening spectrum of services, markets, industries and organisations that serve our global market place. We believe that by consulting our readers we can better identify the groups that are confronting the issues which face us at this ongoing complex juncture, and our awards will rise above the status of participation certificate and actually be an endorsement of their work.” Robson continued.

Our poll was not only designed to reflect actual performance in any particular area of expertise, it was also aimed to reflect direct market share based on a number of criteria. Voters were encouraged to base their decisions on addressing professionalism: experience, value for money & responsiveness in order for ACQ to derive a numerical rating from 1 – 5. In that sense, this poll should be considered a reflection of how professionals view any practice, individual or related sector supplier in terms of overall quality of service.  Only nominees receiving an average 4-star rating or above achieved a short-list status.

Is Social Auditing Really Auditing?

We are a rather vocal proponent of auditor qualifications and set a high bar for ourselves and others who call themselves auditors. Non-CPA auditors are “regulated” differently than CPAs and in some cases, less stringently. Auditor certifications are available for non-CPAs specific to areas of practice. These certifications vary greatly in terms of validity, rigor and length of time they have been established. In our case health, safety and environmental (HSE) auditor certification is applicable.

In the US, the Board of Environmental Auditor Certification (BEAC) was established in 1997 as a joint venture between the Institue of Internal Auditors (IIA) and The Auditing Roundtable. Earlier this year, BEAC and The Auditing Roundtable were wholly merged into IIA. Elm Principals obtained BEAC certification the year it was established and have maintained the annual continuing educational requirements to hold the certification continuously since then. Three of our Principals have for the past 10 years held – or currently hold – leadership positions on the Boards of The Auditing Roundtable and BEAC.  In the UK, the Institute of Environmental Management & Assessment (IEMA) offers auditor and practitioner certifications. One Elm Principal holds an IEMA certification as well.

The Independent Private Sector Audit (IPSA) requirements finalized under Dodd Frank Section 1502 for conflict minerals reports added more professional qualifications for IPSA practitioners. Elm responded by adding a stand alone page on our website describing our audit quality practices.  We haven’t seen other firms provide the same level of clarity, specificity and visibility on this matter.  From our beginning, we sought to ensure our qualifications, expertise and professionalism were unparalleled.

During the past 10 years, a new type of audit emerged – the social or corporate responsibility audit. Most of these audits are commissioned by large companies to be conducted of their suppliers to ensure that they are conforming to social responsibility standards. We have found over the years, the perceived value of these audits has reduced dramatically and price is far and away the primary auditor selection criteria. Of course, with reduced pricing comes reduced scoping and level of effort.

And here is the mic drop.

It isn’t unusual to see social auditor qualifications indicating something like 2,000 audits conducted over 10 years. At first, that sounds very impressive. But do some math – on average, that is 200 audits/year or 16.7/month. Assuming a full time US standard work year (2,080 hours) and 75% utilization, that comes to a little over 7.5 hours/audit average.

In comparison, Elm Principals average close to 30 years of experience each, and have conducted between 500 – 600 audits each. In comparison to the 2,000 social audits, we seem to be slackers. But again, doing math on conservative numbers (25 years and 500 audits), we average of 20 audits/year or 1.7/month. Again, assuming a full time US standard work year and 75% utilization, that comes to 78 hours/audit average.

These are just averages and different matters factor into real numbers for both social audits as well as ours (our average is more like 55 – 60 hours/audit). But clearly there is an order of magnitude difference between our HSE audits and social audits.

Are we inefficient or milking billable hours?  We hardly think so.  First off, our business model is different – we don’t run on billable hours, which relieves the pressure most firms have for project volume.  Our audits are far deeper and more complex than a typical supplier social audit – almost always requiring two to five auditors and a week on-site. We spend significant time delving into documentation, spreadsheets, permits and regulations at the federal, state/provincial and local levels. Our data sampling rate is generally far higher than the minimum statistically meaningful level. We carefully evaluate and confirm operating and production levels, including technical operating parameters for pollution control equipment. Most of our audits also include assessing performance of on-site contractors.  We even show up on site at 3 a.m. to observe third shift operations. And we cover the full breadth of environmental, health, safety and – when the client requests – sustainability indicators.

This is not to say that all social auditors are poor auditors or unqualified. We have observed some in the field and have been impressed.  There are also instances where limited audits/site visits are reasonable in the social auditing context.  But with social auditors expanding into other areas of supply chain and operations, the social audit approach and qualifications are not universally appropriate even though the price they offer may be attractive.  You may want to think carefully about your needs and expectations, as well as the numbers on CVs and ask yourself if the auditor is actually impressive or overworked and under-scoped.

Shirts, Phones, Rocks and Shrimp

You are most likely asking yourself what the nonsensical title means. It probably won’t seem nonsensical after you read this article.

New and emerging legal requirements, customer/consumer demands and media attention are pushing product compliance and procurement staff in unprecedented directions. Suppler responsibility is now a critical component of their functions and is no longer limited to just certain products or industries.

Arguably, the emphasis on supplier responsibility has it roots in the garment manufacturing sector and specifically, the offshore subcontractors in areas such as Bangladesh and Viet Nam. Working conditions and human rights violations were brought to light and brands initiated supplier screening and audit programs. There we have Shirts.

The electronics industry was next but things went further as a new US law (Dodd-Frank Section 1502) required publically traded companies to disclose origins of the ore used to produce tin, tantalum, tungsten and gold in their products. The sale of some of these ores soured from certain African countries was thought to fund violence and human rights abuses by informal militias.   Now automakers are being pilloried for the mica in their paint.  Phones and Rocks now join Shirts.

New laws in the US and UK require companies to continue their supply chain assessment and screening to include whether suppliers are supporting (or actively engaged in) human trafficking and slavery. A high profile lawsuit against a major US retailer alleged that the retailer’s sub-sub-contractor used slave labor as part of the supply chain for commercial shrimp production. Although the suit was dismissed, the issue in the public eye remains. So there you have it – connective tissue between Shirts, Phones, Rocks and Shrimp.

If your company hasn’t begun evaluating your supply chain beyond your direct supplier, there is a risk that that your product could be the next addition to our article’s title. We are happy to discuss this with you, so feel free to call.