Why is the IPSA Audit different?
The IPSA Audit is like no other audit, and like many other audits. It is a performance audit, not an attest audit – so it’s not like an audit of a financial statement. It’s an audit that is submitted as part of a financial filing, so it may get scrutiny by the investors who review financial filings. The objectives include assessment of conformance to a system design, in all material respects. This is similar to audits of internal systems and controls (internal, risk management, or Sarbanes-Oxley audits). Materiality is a concept inherent in financial audits; it is discussed in greater depth in the latest iteration of Global Reporting Initiative framework for non-financial reporting. The auditing standards are not prescribed. The auditee determines the standards – for example, when they select the framework for their conflict minerals due diligence. It’s different because nobody has done these before, but it has characteristics of many other types of audits.
What should we do to get ready for the audit?
First, it helps to understand the basic of auditing. At its simplest, auditing compares an actual situation to a defined standard, and identifies gaps. Auditing involves a structured, documented process, and typically results in a report. Auditors gather evidence to develop findings in four main ways: reviewing documents and records; conducting interviews; or with visual observations. If the auditee has relied upon the work of others, the auditor may check to see if this reliance is reasonable. If you know this is how auditors gather evidence, then gather it yourself. Anticipate the kinds of things the auditor would want to see, and who they would want to talk to. The DFCMAudit.com auditors will include audit planning to help you prepare for the audit.
Is the OECD framework a safe bet?
The DFCM final rule requires filers to use a due diligence that is internationally-recognized. The Organization for Economic Cooperation and Development (OECD) Due Diligence Guidance for responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas is the only framework mentioned specifically in the final rule. It would seem to be a very safe bet.
What about this other framework for this other metal?
Other groups, such as sector trade associations, have begun work on due diligence frameworks that are unique to their industry. The rule does not limit filers to using OECD framework; in fact, the rule anticipates that others could evolve. Filers can use other frameworks if they are “internationally-accepted.”
That second audit objective sounds confusing. Or very limited. Or both. What does it really say?
The second audit objective is very limited. In a nutshell, the auditor must compare the activities described in the Conflict Minerals Report to what the filer actually did. The two must agree.
What should we prepare to get ready for the second objective?
Consider what auditors gather as audit evidence: documents and records; interviews; visual observations; and support for reliance on work done by others. The IPSA Auditor will probably begin by reading the Conflict Minerals Report, and asking for evidence to support it. DFCMAudit.com provides more detailed information in our audit kick-off meetings so our audit clients will be well-prepared, and there will be no surprises during the audit.