Upload
oecd-directorate-for-financial-and-enterprise-affairs
View
67
Download
0
Embed Size (px)
DESCRIPTION
Presentation by KPMG on audits. Day 3 of the 6th ICGLR-OECD-UN GoE Forum on responsible mineral supply chains, 15 November 2013. Visit: http://mneguidelines.oecd.org/icglr-oecd-un-forum-kigali-2013.htm
Citation preview
Conflict Minerals Audit and Mutual
Recognition
Esther RodriguezKPMG
OECD
15 November 2013
2© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
How do upstream assessments and audits complement smelter/refiner audits?
What does it mean for Accountancy Bodies to use ISAE 3000?
■ The independence, ethics and qualification of auditors
■ Main elements of an audit:
– Risk based approach - This includes performing a risk assessment, planning and performing assurance procedures, gathering sufficient appropriate assurance evidence and performing an overall evaluation to form the assurance conclusion.
– Assurance procedures are designed by the auditor based on the output of the auditor’s planning and risk assessment, which is unique for each engagement.
– Risks are considered when a reasonable possibility of a material misstatement in the disclosures in the Compliance Report. It is therefore not possible to prescribe the assurance procedures that should be performed (or the sample sizes to be selected).
3© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
As ISAE 3000 auditors, can we rely on upstream audits?
■ Sometimes we have to rely on previous certifications / audits and we will have to exert judgement on whether that certification is reliable and performed according to our competence, and independent requirements.
■ This means:
– evaluating the robustness and credibility not only of the auditor but of the audit system so that it enables us to rely on that certificate and not to duplicate effort.
■ Examples:
– ICGLR
– Dodd Frank and CFS
4© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
How do industry smelter/refiner audit programmes provide mutual recognition?
Challenges:
- The Paradox
- Can ISAE3000 auditors perform CFS, RJC audits?
- Need Criteria (Example from LBMA)■ Relevance: information sources used has a logical connection to the
LBMA Responsible Gold Guidance; ■ Completeness: all relevant factors that could affect the conclusions
are not omitted;■ Reliability: the Refiner’s application is consistent across its
operations and suppliers;■ Neutrality: the information sources used to inform the Refiner’s
conclusions are free from bias;■ Understandability: the Refiner’s conclusions and the reasons behind
them are clear
- Can we use these audits as evidence? – Criteria– Scope and degree of testing to evaluate whether the audit
conclusion in line with risks and materiality– Comfort that the audit has been done by an auditor with following
competences: ■ Financial independence ■ Ethics requirement■ Organisational and individual competence■ Experience in non-financial assurance■ Understanding of subject matter: Anti Money Laundering, KYC,
Fraud and Bribery, Payments of taxes and royalties, ability to perform stock reconciliations, etc.
■ Industry expertise
Certification / Audit Guidance
Based on:
iTSCi Audits ?Conflict Free Smelter Program (CFS)
ISO standard 19011
Responsible Jewellery Council and RJC Chain of Custody Standard
ISO standard 19011
World Gold Council Conflict-Free Gold Standard
ISAE 3000
DMCC ISAE 3000 Mandatory / ISO also acceptable
LBMA Responsible Gold
ISAE 3000 and ISO 19011
ICGLR 3rd party audits
In development
5© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
How to best incorporate the progressive nature of due diligence as recommended by the Guidance into audit programmes and protocols?
Our recommendation:
• To follow the example of the WGC and the LBMA who have developed audit guidance to support the audit standards they recognize, be it ISO or ISAE 3000.
• Time to revise lessons learnt from LBMA and other audits and issue further clarifications and best practice guidelines
• Challenges around the interpretation of conflict, high risk, acceptable evidence, going beyond tier 1 suppliers…
• Establish an Audit Working Group to align all different standards and ensure there is mutual recognition
Suggested Content for Audit Protocol:
• Context
• Key assurance concepts: meaning of assurance, timing, scope
• Guidance on application of specific assurance concepts: subject matter, criteria, evidence, frequency, materiality, competencies
• Guidance on the assurance approach: site selection, use of existing certifications
• Conformance and non-conformances and Action Plans
6© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Disclosure of information - what can and should be made accessible to auditors?
Refiner
Recycled Gold Trader
(Dubai)
- Melted Gold Bars
Mines
(Europe)
Low Risk
No Red Flags
Low Risk
No Red Flags
No details of composition
Due Diligence:• Regular visits by Refiner
CEO• Declaration letter signed by
Trader’s CEO
7© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
Disclosure of information - what can and should be made accessible to auditors?
Refiner
Recycled Gold Trader
(Dubai)
- Melted Gold Bars
Mines
(Europe)
Evidence requested included:
-Gold composition analysis- Customs declarations
- Delivery Notes - Invoices
Mined Gold from:Ghana
Other African countries?
High Risk
Red Flags
KP
MG
Au
dit
Recommendation:
• Guidance on what is considered acceptable evidence, e.g. Declaration letter not being sufficient
• Recycled Gold Additional Due Diligence:
• Is the recycled gold declared actually recycled?
• Guidance on due diligence expected when recycled gold is provided in melted bars
Thank you