Tag Archives: internal controls

Harvard Professor Identifies Factors for Meaningful CSR and Supply Chain Audits

Well known Harvard Business School Professor Michael W. Toffel recently published the results of three studies into CSR/social auditing, including what makes an audit valuable and how to help plants actually learn from the audit results.  Prof. Toffel narrates the key insights in this 4-minute video.

Our main takeaways were:

  1. Toffel states that “We assume that most clients want the auditors to tell them the unvarnished truth.  Obtaining accurate information from these auditors is critical to enable brands to manage this risk.”  We are not sure this is universally so and impacts how plants respond to audit findings.
  2. They found a relationship between three aspects of audit team makeup and the number of audit findings reported:
    • Returning auditors tend to have fewer findings than an auditor who has not audited the site previously.
    • More years of auditing experience and training means a higher number of findings than auditors with less experience/training.
    • Female audit team members tend to identify more findings than male auditor team members.
  3. The biggest improvements came when a highly-trained team performed an announced audit.
  4. Audits are a critical method for knowledge transfer “and for knowledge to be transferred effectively, you have to have a knowledgeable auditor, but you also have to have a receptive factory manager.”  The receptiveness of a plant manager is linked to Point #1 above.
  5. Factories in countries with greater press freedom were substantially likelier to improve.
  6. Audit teams seem to have fewer findings where the factory pays rather than the brand. While Toffel suggests this may be a result of conflict of interest, we believe there is another side that is more prevalent.  Factories are subject to enormous cost pressures and tend to select the lowest cost providers, which translates to less experienced/trained auditors not fully prepared to identify complex situations and findings.

The direct linkage between qualified auditors and the quality of audit results is a drum have been beating for years, but in the current environmental of increased supply chain transparency – and  liability – companies should rethink the value, make-up and execution of supplier audits.  Call us to discuss our views on this further

We’ll Be Seeing You

We’ve been quiet over the past several weeks because we’ve been busy.  A number of companies took us up on our recommendation to get a program review and we are continuing to conduct those through the end of the year.  But we will be back out and about soon and available to meet and chat.

Although our parent The Elm Consulting Group International has long been recognized as a leading environmental, health and safety auditing firm and  Elm Sustainability Partners is most well known for our conflict minerals services, we also provide other sustainability/supply chain risk assessment services.  We recently summarized our general experiences with sustainability in comments to the US Securities & Exchange Commission’s Concept Release as they explore the need for including sustainability disclosures within standard financial reporting.

Where we’ll be

We are always happy to talk at meetings, conferences or phone calls.  Please don’t hesitate to reach out.

Is Social Auditing Really Auditing?

We are a rather vocal proponent of auditor qualifications and set a high bar for ourselves and others who call themselves auditors. Non-CPA auditors are “regulated” differently than CPAs and in some cases, less stringently. Auditor certifications are available for non-CPAs specific to areas of practice. These certifications vary greatly in terms of validity, rigor and length of time they have been established. In our case health, safety and environmental (HSE) auditor certification is applicable.

In the US, the Board of Environmental Auditor Certification (BEAC) was established in 1997 as a joint venture between the Institue of Internal Auditors (IIA) and The Auditing Roundtable. Earlier this year, BEAC and The Auditing Roundtable were wholly merged into IIA. Elm Principals obtained BEAC certification the year it was established and have maintained the annual continuing educational requirements to hold the certification continuously since then. Three of our Principals have for the past 10 years held – or currently hold – leadership positions on the Boards of The Auditing Roundtable and BEAC.  In the UK, the Institute of Environmental Management & Assessment (IEMA) offers auditor and practitioner certifications. One Elm Principal holds an IEMA certification as well.

The Independent Private Sector Audit (IPSA) requirements finalized under Dodd Frank Section 1502 for conflict minerals reports added more professional qualifications for IPSA practitioners. Elm responded by adding a stand alone page on our website describing our audit quality practices.  We haven’t seen other firms provide the same level of clarity, specificity and visibility on this matter.  From our beginning, we sought to ensure our qualifications, expertise and professionalism were unparalleled.

During the past 10 years, a new type of audit emerged – the social or corporate responsibility audit. Most of these audits are commissioned by large companies to be conducted of their suppliers to ensure that they are conforming to social responsibility standards. We have found over the years, the perceived value of these audits has reduced dramatically and price is far and away the primary auditor selection criteria. Of course, with reduced pricing comes reduced scoping and level of effort.

And here is the mic drop.

It isn’t unusual to see social auditor qualifications indicating something like 2,000 audits conducted over 10 years. At first, that sounds very impressive. But do some math – on average, that is 200 audits/year or 16.7/month. Assuming a full time US standard work year (2,080 hours) and 75% utilization, that comes to a little over 7.5 hours/audit average.

In comparison, Elm Principals average close to 30 years of experience each, and have conducted between 500 – 600 audits each. In comparison to the 2,000 social audits, we seem to be slackers. But again, doing math on conservative numbers (25 years and 500 audits), we average of 20 audits/year or 1.7/month. Again, assuming a full time US standard work year and 75% utilization, that comes to 78 hours/audit average.

These are just averages and different matters factor into real numbers for both social audits as well as ours (our average is more like 55 – 60 hours/audit). But clearly there is an order of magnitude difference between our HSE audits and social audits.

Are we inefficient or milking billable hours?  We hardly think so.  First off, our business model is different – we don’t run on billable hours, which relieves the pressure most firms have for project volume.  Our audits are far deeper and more complex than a typical supplier social audit – almost always requiring two to five auditors and a week on-site. We spend significant time delving into documentation, spreadsheets, permits and regulations at the federal, state/provincial and local levels. Our data sampling rate is generally far higher than the minimum statistically meaningful level. We carefully evaluate and confirm operating and production levels, including technical operating parameters for pollution control equipment. Most of our audits also include assessing performance of on-site contractors.  We even show up on site at 3 a.m. to observe third shift operations. And we cover the full breadth of environmental, health, safety and – when the client requests – sustainability indicators.

This is not to say that all social auditors are poor auditors or unqualified. We have observed some in the field and have been impressed.  There are also instances where limited audits/site visits are reasonable in the social auditing context.  But with social auditors expanding into other areas of supply chain and operations, the social audit approach and qualifications are not universally appropriate even though the price they offer may be attractive.  You may want to think carefully about your needs and expectations, as well as the numbers on CVs and ask yourself if the auditor is actually impressive or overworked and under-scoped.

Shirts, Phones, Rocks and Shrimp

You are most likely asking yourself what the nonsensical title means. It probably won’t seem nonsensical after you read this article.

New and emerging legal requirements, customer/consumer demands and media attention are pushing product compliance and procurement staff in unprecedented directions. Suppler responsibility is now a critical component of their functions and is no longer limited to just certain products or industries.

Arguably, the emphasis on supplier responsibility has it roots in the garment manufacturing sector and specifically, the offshore subcontractors in areas such as Bangladesh and Viet Nam. Working conditions and human rights violations were brought to light and brands initiated supplier screening and audit programs. There we have Shirts.

The electronics industry was next but things went further as a new US law (Dodd-Frank Section 1502) required publically traded companies to disclose origins of the ore used to produce tin, tantalum, tungsten and gold in their products. The sale of some of these ores soured from certain African countries was thought to fund violence and human rights abuses by informal militias.   Now automakers are being pilloried for the mica in their paint.  Phones and Rocks now join Shirts.

New laws in the US and UK require companies to continue their supply chain assessment and screening to include whether suppliers are supporting (or actively engaged in) human trafficking and slavery. A high profile lawsuit against a major US retailer alleged that the retailer’s sub-sub-contractor used slave labor as part of the supply chain for commercial shrimp production. Although the suit was dismissed, the issue in the public eye remains. So there you have it – connective tissue between Shirts, Phones, Rocks and Shrimp.

If your company hasn’t begun evaluating your supply chain beyond your direct supplier, there is a risk that that your product could be the next addition to our article’s title. We are happy to discuss this with you, so feel free to call.

Hints of Value Emerging from Conflict Minerals Disclosure Efforts

Dodd-Frank Section 1502 and the associated SEC conflict minerals disclosure mandates have been highly criticized since their beginnings.  Many arguments against these arose – among them: the approach required by the law was the wrong tool for the solving the problem; there was no practical way to determine the ultimate effectiveness of the expense and activities companies had to incur; the benefit of the requirements cannot be determined or quantified; and SEC is not the correct venue for social agenda matters.

Even so, regulated companies began working on their compliance efforts after the SEC adopted the rules in August 2012, with many more jumping on the bandwagon through 2013.

In the 15 months of work since the SEC rules, a glimmer of business value is emerging from the efforts.  What we are seeing (and hearing from others) are some positive developments, such as:

  • Greater understanding of suppliers. This is the first integrated effort some companies have undertaken to identify suppliers across their organization.  At the least, companies are frequently surprised at the number of suppliers they have, or how outdated their supplier data is.  Some have used this as a reason to implement broad supply chain optimization projects, consolidating suppliers and spend to obtain cost savings.  Of course, not all supplier lists are carefully reviewed.  We recently received a request to fill out an EICC template from the IT solution implemented by a client for whom we conducted the original conflict minerals program gap assessment.
  • More insight into products themselves.  Not every company understands the breadth of products offered.  Companies reducing corporate overhead at times leave decisionmaking to business units, which can result in new products or product changes made without knowledge of corporate functions or leadership.  Conflict minerals projects are bringing these forward and highlighting the need for increased communications internally about new products and changes to existing products.
  • Improved documentation and knowledge of design specifications for contact manufacturers.  Not all companies have rigorous documentation about product requirements for their contract manufacturers to use.  We have found a surprising amount of informal – and even undocumented – communications with contract manufacturers.  Conflict minerals compliance activities have increased company knowledge about the amount of influence on design, specifications or product performance for contract manufacturers
  • Improved supplier prequalifications.  Discussions about adding a conflict minerals check to new supplier qualification reviews has brought forth gaps and missing controls in existing processes.  In these cases, companies have improved their overall processes and controls for on-boarding new suppliers.
  • Strengthened importance and visibility of corporate social responsibility (CSR) activities.  The linkage of the conflict minerals legal compliance mandate to CSR activities, departments and reporting has increased their visibility within their organizations.  This comes at a time when increasing pressure is being felt on other CSR issues that have caught the public’s attention in recent months.
  • Preparing for the future.  There is a general sense that supply chain transparency mandates will increase – either from new legal requirements – such as in the EU – or from other stakeholders.  Conflict minerals compliance activities can create an overall structure to be leveraged for future sourcing transparency initiatives.

Some of these were predicted as anticipated benefits early on.  While the value of these benefits may not be easily quantifiable, we do think they offer at least some silver lining to the compliance burden.

Do HSE Management Systems Audits Support Regulatory Compliance? Not So Much…

A recent survey in the UK continues to demonstrate the gap between technical regulatory compliance and HSE management systems conformance.

An article published in the June 2013 the environmentalist (the journal of the Institute of Environmental Management & Assessment, or iema) provided a short overview of research results that compared accredited certification bodies processes and “whether third-party audits of an environmental management system (EMS) could provide sufficient assurance of a firm’s legal compliance”.

The findings:

the competence of [EMS] auditors is generally limited to assessing the presence of procedures.

Clearly, assessing the mere presence of procedures is not the same as evaluating the content, adequacy, appropriate or effectiveness of those procedures. Not even close.

There was a notable divergence in opinions on the perceptions of how well EMS audits address regulatory compliance. Not surprisingly, 92% of the certification bodies were convinced their audits reflect regulator conclusions very well or quite well. Yet the regulators themselves hold a far different view with only 17% saying EMS audits address regulatory compliance very well or quite well.

We would call that a gap.

The article is also available online for iema members and subscribers.

 

Elm and MetalMiner Announce CMCheckPoint(sm) Available for Purchase

Elm Sustainability Partners LLC (a newly created subsidiary of The Elm Consulting Group International LLC) and MetalMiner jointly announce the public availability of Elm’s CMCheckPointSM.

Completely unique in the marketplace, CMCheckPointSM is a detailed conflict minerals program assessment tool for downstream companies. It can be implemented by internal staff to review compliance and implementation decisions and strategies, track completion of program development and even score severity of identified gaps. Proprietary graphics and flowcharts are included, as well as information from the May 30, 2013 Q&A from SEC and detailed table of contents of the Federal Register version of the rules.

CMCheckPointSM is not an IT system for supplier engagement/response tracking/data exchange, but a spreadsheet for creating/evaluating overarching management programs and regulatory compliance decisions applicable to downstream companies. It covers the SEC regulatory elements, the OECD 5 step framework and related supplements.

“This tool has developed through various forms for longer than most consulting firms have been in the conflict minerals advisory space,” said Lawrence Heim, Director of Elm Consulting Group International LLC/Elm Sustainability Partners LLC.

Heim continued: “CMCheckPointSM reflects actual project implementation experience (including Fortune 200 companies) and scores of detailed discussions/reviews with many of the world’s most recognized corporate leaders in conflict minerals program development. It is also the result of hundreds of research hours, sifting through the regulation and preamble; guidance documents from industry associations, law firms, accounting firms, international organizations; comment letters to SEC’s proposed regulation; GAO documents; certain legal filings; and publicly available information from credible sources like the OECD Pilot Program Reports.”

“Nobody understands conflict minerals regulations as deeply as Elm Sustainability Partners,” said Lisa Reisman managing editor of MetalMiner, “we are thrilled to be able to offer an alternative to higher cost consulting services from a leading subject matter expert that will greatly expedite any company’s conflict minerals compliance program.”

Click each to see screenshots of excerpts from CMCheckPointSM

Main summary, scoring and navigation page excerpt.

Automated categorical scoring raw data charts.

Detailed final regulation table of contents.

Sample topic guidance and assessment page.

Exclusive color-coded regulatory flow chart.

The tool can be downloaded through MetalMiner’s website either on a standalone basis or with consulting/training support packages.

You might be falling behind on conflict minerals if…

One of the more common questions we hear from companies on the topic of conflict minerals is “Are we behind the curve?”

Every company faces their own challenges in understanding the requirments, assessing their needs and implementing programmatic changes.  But there are a number of common guideposts that provide reasonable indications on general progress – and shed light on whether your company is falling behind.

So, in an unabashed take-off of Jeff Foxworthy’s “You Might be a Redneck If…”, we offer the following.  If any of these sound familiar, then it is probably time to pick up the pace.  Second quarter is fast approaching and one consistent trend has emerged for companies who are immersed in this right now – this process takes more time, and is more complex, than it seems.  It is valuable to ensure you have as much time as possible in 2013 to make key decisions, gather data and develop processes to support SEC reporting or customer information requests.

You might be falling behind on conflict minerals if…

You had not heard the term “conflict minerals” before the first of this year.

Customer information requests on conflict minerals are piling up unanswered.

Your company has not established an internal conflict minerals team, or assigned formal leadership responsibility to look into the matter.

Consultant proposals for conflict minerals support are sitting on your desk that have not been reviewed or approved.

You don’t have at least a general sense about the range of your company’s products that contain conflict minerals.

You are not certain if existing information management systems can link specific suppliers through your manufacturing processes to a final product.

You think that you don’t need anything more than a spreadsheet or IT system to solve this problem.

You haven’t read the SEC regulation, the OECD Due Diligence Framework and at least one White Paper or Client Alert from a law firm or consultant.

You have not identified or assessed what gaps may exist between the SEC regulation, OECD Framework, customer requirements and your existing internal management systems.

You have not attended at least one conference or webinar on the topic (free webinars are offered practically weekly).

You have not notified your suppliers that you will soon be contacting them for more information about the products they supply you.

You don’t know how you will contact suppliers to gather relevant conflict minerals information.

You don’t know what your industry associations are doing relative to conflict minerals.

The company’s strategy is hoping the issue goes away.

 

We are available to help with any questions.

Elm Continues to Respond to Changing Needs on Conflict Minerals Assessments, Consulting

Elm announces CM CheckPointSM, a new rapid and highly cost-effective conflict minerals program assessment method/deliverable to be available late January 2013.  CM CheckPointSM is intended for companies who have already begun program development or implementation and are looking for high-level “navigation checks” – rather than deep dives –  from a third party to confirm strategic direction, alignment with SEC regulations and/or project status.

Features of CM CheckPointSM include:

  • Assesses from a high-level perspective practices/status/available documentation against the three-step process for SEC regulatory compliance (plus reporting/auditing) and the 5-step process of OECD Due Diligence framework and related supplements
  • Reviews from a high-level perspective the framework, strategy, procedures, and generalized level of implementation at the company’s corporate level
  • Topic/element/task general completion status indicators of Complete, Partially Complete, Not Started, Not Applicable
  • Severity rankings for  identified gaps/deficiencies reflecting potential importance to program implementation or potential audit outcome
  • Can be used to confirm site-level program implementation/consistency with corporate expectations
  • Automated summary report generation on-site with intuitive visual indicators
  • Comment fields for each topic and sub-element allow highlighting of relevant data, findings or limitations encountered
  • Minimal disruption – requires a single Elm assessor and only a few days on site, including on-site summary reporting

Evolutionary steps in developing CM CheckPointSM relied on internal client staff and resources to conduct the process as an internal self-assessment.  Over time, the feedback we received was that companies supported a form of quick assessment, but expressed a strong preference for having an external subject matter expert at the helm to offer specific expertise, guidance and understanding especially in relation to what we call “emerging industry consensus”.  With CM CheckPointSM,  this review is facilitated by us, guiding users through the SEC conflict minerals regulations and related programs, maximizing the efficiency of the review and providing broad benchmarking insight from our experiences.

CM CheckPointSM was not designed for companies seeking strategic advisory or consulting support for initial program conflict minerals program scoping and design.  In that case, a detailed assessment utilizing a multi-disciplinary team of subject matter experts is best to establish a solid foundation (and related documentation) for decisions, systems and procedures reflecting corporate strategies/goals, systems, special circumstances combined with verification of site operations.

Contact us for more information.

New Study from UC Davis Claims Shareholder Value Decreases with Conflict Minerals Disclosure

A new study released last week from Paul Griffin, a professor in the UC Davis Graduate School of Management, claims that shareholder value has suffered in response to past (voluntary) public disclosures on conflict minerals.  The release summary from Phys.org stated:

Griffin and his research team examined 206 companies from December 2010 through March 2012 and found those companies — half who had voluntarily disclosed before the law became mandatory — lost $6.5 billion in shareholder value due to declining equity values. Both disclosing and nondisclosing companies were affected because of the ripple effect in capital markets when uncertainties arise about a particular business practice — using conflict minerals, in this case.

The study methodology claims to correct for other factors possibly influencing stock pricing before and after such disclosures.  Elm’s analysis of the impact of the 2010 Enough company rankings on corporate revenues was cited within the study, although Professor Griffin acknowledged the differing parameters and goals of the respective studies.

We have only begun our review of Griffin’s study (given its timing, our plate has been full with the final SEC rule) and hope to have more detailed commentary soon.