Solutions for Hope Illustrates Audit Risk

The highly-touted Solutions for Hope (SfH) Project in the DRC has received global publicity as a potential model for future conflict-free mineral sourcing within the DRC.  As part of the project,

an independent audit of the operations was conducted to evaluate conformance of the operation to the OECD Due Diligence Guidance. This work was conducted by Gregory Mthembu-Salter, a consultant to the United Nations Group of Experts.

This audit document, which forms the basis of SfH’s conflict-free mine claims, is available on the SfH website.  (NOTE:  When we began writing this piece, the link to this audit report functioned properly.  At the time of our publication, the link appears to have become corrupted, therefore we include the document in its exact form as originally downloaded from the SfH website on April 5, 2012.  SfH OECD audit report)

With the world carefully watching the SfH project, one expects the highest attention to detail and scrutiny at each step in the process.  However, with all due respect to Mr. Mthembu-Salter (whom Elm will be meeting at the end of this month at the ITRI Conflict Minerals Programme in Cape Town South Africa), it is unlikely that an SEC Conflict Minerals Report (CMR) auditor would be willing to rely on this document in its current form presented by SfH.

The audit document raises potential concerns of “reliance risk” on the part of SfH participants/supply chain, and “audit risk” under US audit standards expected for SEC CMR audits under Section 1502 of Dodd-Frank.  In our opinion (shared by others in the audit profession), the document is decidedly informal and lacks credibility as an audit report – or as a document on which an audit professional should rely – in that it, for example:

  • Does not specifically identify the name of the auditor/report author, and contains no signature.
  • Is written on a blank page with no letterhead or other indication of a professional provenance.
  • Does not discuss the specific information reviewed, audit or sampling methodology.
  • Contains no indication of the time period under review.
  • Appears to be an excerpt from a larger report that may contain key information relevant to the audit scope, limitations and credibility, although the larger report is not available.
  • Lacks clarity on the audit standard applied.  OECD Guidance Step 4 (the only audit framework directly incorporated into the Guidance) applies to smelters/refiners, not upstream companies.  If the SfH document is part of the upstream supply chain risk assessment/management plan under Step 2 or 3 of the OECD Guidance, that is not an “audit” and should be clearly indicated.

SEC’s proposed rules refer to the US Government Accountability Office Government Auditing Standard (known as GAGAS or the “Yellow Book”) as the applicable CMR audit framework.  During the Commission’s October 2011 Roundtable, SEC staffers and industry panelists (such as ourselves and the Chair of AICPA’s Auditing Standards Board) supported the use of the Performance Audit standard within the Yellow Book.

A performance audit reviews the quality/credibility of information relied upon by an issuer and would almost certainly call into question the credibility and provenance of the SfH audit document in the form that it is currently available.  In the performance audit framework, the audit could go further into information management controls of the project – questioning how/why the project would be willing to rely on such an informal document as the critical and fundamental basis for the project’s conflict-free claims, and whether information management controls create risks.  An auditor’s assessment of information management controls and risks are discussed extensively in Chapter 6 (Field Work Standards for Performance Audits) of the Yellow Book.

These concerns can create the basis of an audit finding and be part of the “audit risk” disclosure, reverberating to entities relying on SfH and its information – especially those subject to CMR reporting.  Of course, until the SEC finalizes their regulation, the timing for such reporting is not known and should be far enough in the future for SfH to address these concerns.

What can be learned?

As companies develop conflict minerals due diligence processes, they should anticipate being subject to additional scrutiny by customers and the general public.  In many cases (especially suppliers to issuers filing a CMR), this will take the form of proving the veracity/quality of information as well as the credibility of experts relied upon.  Viewing conflict minerals due diligence planning, execution and information through the eyes of an audit professional may yield valuable insights to help prevent audit findings and reduce reliance risk.  Contact us to learn how our auditing expertise can help you.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − 1 =