Heads Up — Anticipating the independent private sector audit after the year 2 conflict minerals reporting cycle

Published on: 25 Aug 2015

Download PDFVolume 22, Issue 29

by Christine Robinson and Kristen Sullivan, Deloitte & Touche LLP

For the second year, registrants subject to the SEC’s final rule1 on conflict minerals under Section 1502 of the Dodd-Frank Act2 filed a Specialized Disclosure Form (Form SD) indicating whether conflict minerals (tin, tantalum, tungsten, or gold — commonly referred to as 3TG) necessary to the functionality or production of their products manufactured or contracted to be manufactured may have originated in the Democratic Republic of the Congo (DRC) or an adjoining country.3HU-vol22-issue-29-1

This Heads Up discusses (1) the current state of conflict minerals reporting under the final rule, especially in light of a recent federal appellate court ruling regarding the rule’s constitutionality; (2) Year 2 takeaways; (3) the independent private sector audit (IPSA); and (4) recommended next steps for registrants that are subject to the final rule and other conflict minerals reporting requirements. In addition, this publication provides illustrative examples in two appendixes. Appendix A highlights the due diligence section of a sample Conflict Minerals Report (CMR) and indicates the corresponding requests that an IPSA practitioner may make. Appendix B illustrates formats that a registrant may use to document the design of its conflict minerals compliance program.

The Current State

HU-vol22-issue-29-2The constitutionality of the final rule has been challenged in federal court and may still be an open question despite a recent ruling of the U.S. Court of Appeals for the District of Columbia Circuit (the “Appellate Court”) depending on whether the issue is further litigated (see timeline below). As a result, the SEC has not issued any further guidance to help registrants navigate certain aspects of the final rule.

One of the biggest questions looming as a result of the SEC’s partial stay and the “temporary suspension” of the IPSA requirement is “When will the IPSA be required?” Under the final rule, the temporary transition period for large issuers4 (during which registrants that declared their products to be “DRC conflict undeterminable” were not required to obtain an IPSA) expired at the end of the calendar-year 2014 filing period. Consequently, registrants are now weighing the odds of whether the IPSA requirement will go into effect for calendar-year 2015 reporting given the following:

  • The final rule provides that if a registrant determines through its due diligence process that its conflict minerals originate in the DRC or an adjoining country, the registrant must file a CMR as an exhibit to its Form SD and include an IPSA report. Beginning with calendar-year 2015, this requirement also applies to registrants with products that are “DRC conflict undeterminable” since they must describe those products as “not been found to be ‘DRC conflict free.’ ”
  • However, the SEC staff’s April 29, 2014, statement clearly indicates that:

    No company is required to describe its products as “DRC conflict free,” having “not been found to be ‘DRC conflict free,’ ” or “DRC conflict undeterminable.” If a company voluntarily elects to describe any of its products as “DRC conflict free” in its [CMR], it would be permitted to do so provided it had obtained an [IPSA] as required by the [final] rule. Pending further action, an IPSA will not be required unless a company voluntarily elects to describe a product as “DRC conflict free” in its [CMR]. [Footnote omitted; emphasis added]

Editor’s Note: Although the Appellate Court upheld its initial ruling, final resolution of the legal action challenging the constitutionality of the final rule remains uncertain. Depending on the SEC’s course of action, a series of next steps could ensue. However, it remains difficult to predict a likely outcome of the case and any response by the SEC related to the final rule. Accordingly, we strongly recommend that registrants consult with their SEC counsel to determine whether and, if so, when an IPSA is required.

Even in light of the uncertainty about the IPSA timing and the temporary IPSA suspension currently in place, many registrants have begun focusing on readiness for an IPSA. Given the unique subject matter and scope of the future IPSA, an increasing number of registrants are looking to obtain a preliminary evaluation of their readiness for an IPSA to (1) allow adequate time for addressing potential gaps and (2) bolster the confidence of management in the sufficiency of the due diligence process that will be subject to the IPSA.

The Year 2 Takeaways

While Year 2 conflict minerals filings revealed certain trends that are largely consistent with those found in Year 1 filings, they also highlighted additional implications for a future IPSA. Our evaluation of the Year 2 conflict minerals filing trends focused on the following topics related to the future potential IPSA:

  • Disclosure of due diligence measures by OECD step.5
  • Separation of the reasonable country of origin inquiry (RCOI) and due diligence.
  • Suitability of criteria.
  • Use of the product label “DRC conflict free.”

Disclosure of Due Diligence Measures by OECD Step

Almost 60 percent of CMR filers disclosed their due diligence measures by specific OECD step. Some nongovernmental organizations (NGOs) have encouraged registrants to disclose information about their conflict minerals compliance program by OECD step6 to provide a more robust and comprehensive description of the due diligence measures they have taken to promote greater accountability. While this approach can help an IPSA practitioner understand how a registrant’s activities align with each OECD step, it is critical for the registrant to deliberately indicate the program element aligned with each OECD step as either RCOI or due diligence. The due diligence elements of the registrant’s conflict minerals compliance program can then be organized and disclosed in a manner that easily identifies them as subject to the future IPSA. In the discussion below, we further explore how registrants can be responsive to various NGO requests while maintaining a clear distinction between RCOI and due diligence to promote an efficient IPSA.

Separation of RCOI and Due Diligence

More than half (about 55 percent) of registrants that filed a CMR described their RCOI separately from the due diligence measures performed. Many achieved this separation by using defined headings in the CMR. Separately describing RCOI and due diligence measures in the CMR can add clarity to the description of the registrant’s conflict minerals compliance program while minimizing potential duplication in the process description. In addition, separate descriptions can help the IPSA practitioner efficiently identify the content of the CMR that will be subject to the IPSA.

Of the registrants that disclosed their conflict minerals compliance program by OECD step, approximately 85 percent included all five steps of the OECD Framework in their description within the CMR of the due diligence measures performed. Often, however, registrants that identified RCOI separately from due diligence measures also included RCOI activities in their description of due diligence measures. In addition to being repetitive, this overlap resulted in the improper inclusion of RCOI activities within the scope of the IPSA. The SEC staff has emphasized that only due diligence design and due diligence measures performed should be included within the IPSA’s scope. In the SEC’s FAQs on conflict minerals, SEC FAQ 18 clarifies that aspects of the OECD Framework may include procedures for obtaining information about a conflict mineral’s country of origin and consequently may be part of the registrant’s RCOI process:

The IPSA does not need to include the [RCOI] because, under the [final] rule, that inquiry is a distinct step separate from the due diligence process. As a result, the [IPSA practitioner] need only opine on whether the design of the [registrant’s] due diligence framework is in accordance with the portion of the nationally or internationally recognized due diligence framework beginning after the country of origin determination. [Emphasis added]

While there is no clear guidance on what activities represent RCOI as opposed to due diligence, the final rule does provide some insight into what registrants might consider. The final rule states that a registrant’s “policies with respect to the sourcing of conflict minerals will generally form a part of [its RCOI],” suggesting that the adoption and maintenance of a conflict minerals policy may be part of the RCOI process. The final rule also indicates that the OECD Framework covers both RCOI and due diligence. It states that the RCOI “is consistent with the supplier engagement approach in the OECD [Framework] where [registrants] use a range of tools and methods to engage with their suppliers. The results of the inquiry may or may not trigger due diligence. This is the first step [registrants] take under the OECD [Framework] to determine if the further work outlined in the OECD [Framework] — due diligence — is necessary” (footnote omitted).

We have observed that many registrants continue to struggle with clearly defining the conflict minerals activities that represented RCOI as opposed to due diligence measures. One of the biggest challenges is that conflict minerals compliance and due diligence programs are often executed through a continuous set of activities, which make it difficult for registrants to draw a bright line in assigning discrete activities to RCOI and due diligence measures, respectively (as those terms are defined in the final rule). But as we move into the third year of compliance with the final rule, registrants are likely to become more confident about clearly defining activities as RCOI versus due diligence with the emergence of an evidence base of examples and reinforcement of the SEC staff’s related guidance. We believe that as a starting point, it is important for registrants to more clearly define in their conflict minerals compliance program documentation (1) the RCOI and due diligence measures they performed and (2) the corresponding OECD steps they used as guidance for each measure. The future CMR development will emerge from that starting point and will position registrants to more effectively meet evolving stakeholder expectations of transparency into the comprehensive conflict minerals compliance program while they focus on distinguishing between RCOI and due diligence measures in accordance with the SEC staff’s guidance. A CMR that clearly distinguishes between RCOI and the due diligence measures performed is likely to better enable the IPSA practitioner to accomplish the two IPSA objectives described in the final rule. (For a discussion of these objectives, see IPSA Objective 1 and IPSA Objective 2 below.)

Suitability of Criteria

A unique aspect of the IPSA is that in forming an opinion in accordance with the second IPSA objective described in the final rule, the IPSA practitioner will use the description of the due diligence measures performed, as disclosed in the CMR, as the criteria for evaluating the due diligence measures the registrant actually undertook. To enable the IPSA practitioner to perform the IPSA engagement (as either an examination attestation or a performance audit), the registrant’s description of the due diligence measures performed must meet the “suitable criteria” requirement. To satisfy this requirement, the registrant’s description of the due diligence measures performed must be measurable, objective, relevant, and complete. Terms or phrases such as “we provide appropriate training” or “we ensure,” or a description of measures that the registrant will undertake in the future, will most likely not meet the suitable criteria requirement. Drafting the description in plain English can help ensure that the description meets the suitable criteria requirement and make the CMR easier to read, as well as facilitate third-party assurance procedures and reperformance in an IPSA.

Use of the Product Label “DRC Conflict Free”

According to the SEC staff’s statement issued on April 29, 2014, a registrant may elect to describe any of its products as “DRC conflict free” in its CMR if it obtained an IPSA. In our analysis of the calendar-year 2014 filings, of the 11 registrants we identified that used the “DRC conflict free” label in their CMR to describe one or more of their products, 6 had not obtained an IPSA.

The instructions on Form SD state:

The term DRC conflict free means that a product does not contain conflict minerals necessary to the functionality or production of that product that directly or indirectly finance or benefit armed groups . . . in the [DRC] or an adjoining country. Conflict minerals that a registrant obtains from recycled or scrap sources . . . are considered DRC conflict free.

On the basis of this definition, registrants may be using the “DRC conflict free” label when they find that they either (1) do not source from the DRC or an adjoining country or (2) source from scrap or recycled sources. However, the Form SD instructions indicate that in such instances, it would be more appropriate to include descriptions of these products in the body of Form SD under a separate heading titled “Conflict Minerals Disclosure.” In light of the SEC staff’s April 2014 statement, registrants should use the “DRC conflict free” label in their CMR only when describing products that are sourced from the DRC or an adjoining country via certified conflict-free sources. While many registrants refer to the fact that the term “DRC conflict free” is defined in the final rule, confusion can still arise about whether the label means that the registrants (1) are not sourcing from the DRC or adjoining countries, (2) are sourcing from recycled or scrap sources, or (3) are sourcing from the DRC or adjoining countries via certified conflict-free smelters or refiners. Clarity on the use of the “DRC conflict free” label will help prevent potential scrutiny of why an IPSA was not obtained.

Understanding the IPSA

The number of IPSAs performed for the calendar-year 2014 filings increased slightly to six as compared with the four IPSAs performed for the calendar-year 2013 filings. Exactly 50 percent of the IPSAs for both the calendar-year 2013 filings and the calendar-year 2014 filings were performed as an attestation examination engagement as opposed to a performance audit. While the IPSA requirement for calendar-year 2015 is still uncertain, the IPSA is clearly defined as an element of Section 1502 of the Dodd-Frank Act, which the SEC was charged with implementing. The “temporary suspension” of the IPSA, as introduced by the SEC’s partial stay in May 2014, is therefore just temporary. Registrants can benefit from understanding the objectives of the IPSA to appropriately prepare.

IPSA Objective 1

As stated in the final rule, the IPSA’s first objective is for the IPSA practitioner “to express an opinion or conclusion as to whether the design of the [registrant’s] due diligence measures as set forth in the [CMR], with respect to the period covered by the report, is in conformity with, in all material respects, the criteria set forth in the nationally or internationally recognized due diligence framework used by the [registrant].” Approximately 47 percent of registrants included a section header in their CMR to describe their due diligence design. Most commonly, these registrants used a heading or subheading such as “Due Diligence Design.” Such a heading helps the IPSA practitioner identify the section of the CMR that is subject to the procedures and opinion related to the IPSA’s first objective.

There are two primary ways in which a registrant can address the design of its program:

  • Make an assertion such as “The design of the Company’s due diligence program conforms to the due diligence–related steps of the OECD Framework.”
  • Describe in the CMR the design of its conflict minerals compliance program for each OECD step that the registrant considers to be due diligence.

If the registrant has made an assertion, the IPSA practitioner would look to obtain documentation that supports the registrant’s statement. Clearly stating that the design conforms to the “due diligence–related steps of the OECD Framework” focuses the IPSA practitioner on only those design activities and OECD steps that the registrant designates as due diligence as defined by the final rule.

The phrase “in all material respects” was intentionally excluded from the assertion example above. Approximately 45 percent of registrants filing a CMR included the phrase “in all material respects” in their design assertion. In our view, the language “in all material respects,” which is included in the description of the IPSA objective, applies to the IPSA practitioner’s opinion or conclusion. Since the registrant is responsible for designing its due diligence process in conformity with a nationally or internationally recognized framework, the registrant’s assertion should cover the design of the due diligence process in its entirety. Accordingly, we do not believe that it is appropriate to include the language “in all material respects” in the registrant’s assertion. However, there is an implicit understanding that when the registrant makes an assertion about the design of its due diligence program (or, for that matter, other assertions in corporate reporting), it may consider materiality in its conclusion and representation related to any subject matter.

Describing in the CMR the design of the registrant’s conflict mineral compliance program for each OECD step the registrant considers to be due diligence can result in repetition of content if the registrant also discloses its due diligence measures performed by OECD step. SEC FAQ 21 clarifies that:

The [final] rule does not require [a registrant] to include a full description of the design of its due diligence in the [CMR]. Under the [final] rule, however, the due diligence measures undertaken that are the subject of the second part of the IPSA must be described in the [CMR], and the description must be in sufficient detail for the [IPSA practitioner] to be able to form an opinion or conclusion about whether the description in the [CMR] is consistent with the process the [registrant] actually performed. [Emphasis added]

To support the design of its program, the registrant should maintain documentation to substantiate how its conflict minerals compliance program meets the objectives of the OECD steps related to due diligence. This may include a program narrative that outlines the registrant’s processes and addresses the guidance in the OECD Framework (including the supplements). As a complement to a program narrative, the registrant may also take a more detailed mapping approach under which the steps, substeps, and supplements of the OECD Framework are used as a map (typically in the form of a spreadsheet) for aligning the design components of the registrant’s program with the OECD steps related to due diligence. See Appendixes A and B for an example of a CMR layout, illustrative potential requests from the IPSA practitioner, and examples of design documentation.

IPSA Objective 2

The final rule indicates that the IPSA’s second objective is for the IPSA practitioner to express an opinion or conclusion about “whether the [registrant’s] description of the due diligence measures it performed as set forth in the [CMR], with respect to the period covered by the report, is consistent with the due diligence process that the [registrant] undertook.” Once the IPSA practitioner has determined that the description of the due diligence measures performed meets the suitable criteria requirement (as discussed in Suitability of Criteria above), the IPSA practitioner will most likely (1) ask about the registrant’s population related to each measure subject to testing to understand how that population was identified and the nature of documentation maintained by the registrant and (2) make sample selections to request specific documentation in support of the measure disclosed. For example, if the registrant included statements indicating that it surveyed a percentage of its suppliers and followed up with suppliers that did not initially respond to its survey request, the IPSA practitioner would most likely (1) inquire about how the registrant identified its population of suppliers and determined which suppliers to survey, (2) obtain the registrant’s list of suppliers, and (3) select a sample to test whether the registrant received a response from each supplier in that group and whether the registrant followed up if a response was not received. For each supplier in the selected sample, the IPSA practitioner would most likely request evidence that either a survey response was received by the registrant or that the registrant performed follow-up with the supplier. See Appendix A for an illustration of a due diligence measure included in a CMR and a description of the corresponding requests the IPSA practitioner may make.

Next Steps

Heading into Year 3, registrants will again be seeking to strike a balance between providing the disclosures required in the CMR under the final rule and providing transparency to meet the expectations of external stakeholder groups. In addition, registrants will continue to focus on making process improvements to their conflict minerals compliance program as a whole to promote efficiency and inspire confidence in their program. In our view, registrants can effectively accomplish these objectives through a well-structured CMR, which is the best preparation for a future IPSA.

At this time, we recommend that registrants undertake the following:

  • Seek SEC counsel — Registrants should consult with their SEC counsel to determine whether and, if so, when an IPSA is required in light of (1) the SEC staff’s April 2014 statement and, for large issuers, (2) the expiration of the final rule’s temporary transition period as of the end of the calendar-year 2014 filing period.
  • Seek assurance readiness — For most registrants, the IPSA will represent a new assurance process involving new subject matter. Assurance readiness can help a registrant prepare for a future IPSA so that it can better understand (1) how the IPSA will be performed, (2) what the IPSA will entail, and (3) the IPSA implications of the CMR organization and structure. The assurance readiness practitioner will most likely perform procedures such as analyzing the draft CMR from an IPSA perspective and assessing the nature and sufficiency of supporting documentation. These procedures can give the registrant a better idea of the quality and level of documentation that may be requested to support the registrant’s due diligence program. In much the same way, assurance readiness is also useful for registrants not immediately seeking the ISPA.
  • Engage with your IPSA practitioner early — Both certified public accounting (CPA) firms and non-CPA firms can perform the IPSA. The registrant’s financial statement auditor is likely to be well positioned to perform the IPSA given that it may already meet many of the GAGAS7 and AICPA independence requirements. Initiating discussions with an assurance practitioner early in the process will be critical for the registrant to establish expectations, gain an understanding of the unique attributes of the IPSA, and get in front of any gaps in documentation and potential pitfalls in the registrant’s approach to preparing its CMR.
  • Stay tuned! — We recommend that registrants remain intently focused on the following marketplace developments related to the final rule and other conflict minerals reporting requirements:
    • The Appellate Court’s recent decision to uphold its previous ruling may (1) extend the legal action beyond the May 31, 2016, filing deadline or (2) result in additional guidance from the SEC staff depending on the SEC’s next steps.
    • It is likely that global developments such as the European Union’s (EU’s) conflict minerals regulation will continue to evolve, and greater clarity on requirements may emerge. The manner in which the EU regulation has evolved since it was first introduced illustrates for registrants that proposed requirements can change drastically in a short time. While debate on the EU regulation is likely to continue and any mandated requirement is still a few years away, U.S. registrants are encouraged to stay apprised of this regulation and other global developments that may have an impact on the global supply chain of industries affected by the SEC’s final rule.
    • We anticipate that select NGOs will look to publish various forms of analysis of the Year 2 filings as well as establish clear expectations earlier in the process for Year 3 filings.

Boards and audit committees can also better prepare themselves to execute their governance oversight responsibility by considering how:

  • The registrant’s conflict minerals compliance program (1) meets the requirements of the final rule, the objectives of the OECD Framework, and stakeholder expectations and (2) compares with its peers’ respective conflict minerals compliance programs.
  • Attention from NGOs or the media, positive or negative, should influence program governance.
  • The registrant’s conflict minerals compliance program addresses risk related to its exposure to sourcing from the DRC and adjoining countries (and, ultimately, funding of armed groups in those areas).
  • The objectives of the IPSA and robustness of the registrant’s conflict minerals compliance documentation support the due diligence description in the registrant’s CMR.
  • Efforts related to conflict minerals compliance can improve, and be integrated into, other aspects of the supply chain.

As registrants await final resolution of the legal challenge to the final rule, they can prepare for the future IPSA by undertaking assurance readiness steps for improving the organization of their CMR content and enhancing the documentation supporting their conflict minerals compliance program. In addition, as conflict minerals compliance requirements continue to evolve, registrants will be well served to stay abreast of marketplace developments that may influence compliance demands — real or perceived — such as NGO or stakeholder expectations or additional SEC staff guidance.

Appendix A — Sample CMR Layout

CMR portions subject to the IPSA are indicated in black text below.

HU-vol22-issue-29-3

Appendix B — Forms of Design Documentation

The examples below illustrate how a registrant may document the design of its conflict minerals compliance program by using (1) a narrative format or (2) a spreadsheet.

Narrative Format

A registrant should pay special attention to the 3T8 and gold supplements when using a narrative format to document how its program is designed in accordance with the OECD Framework.

HU-vol22-issue-29-4

Spreadsheet

By using a spreadsheet format such as the one illustrated below, a registrant can clearly and efficiently map the design of its conflict minerals compliance program to the steps of the OECD Framework, including the 3T and gold supplements, to demonstrate how the program meets the OECD Framework’s objectives.

Step 3: Design and implement a strategy to respond to identified risks
OECD Substep3T SupplementGold SupplementProgram DetailsRCOI or Due Diligence
A. Report findings of the supply chain risk assessment to the designated senior management of the company A. Report findings to designated senior management, outlining the information gathered and the actual and potential risks identified in the supply chain risk assessment. A. Report findings to designated senior management, outlining the information gathered and the actual and potential risks identified in the supply chain risk assessment. [Registrant describes the process for reporting to senior management, including frequency and content of reports.] [Registrant indicates whether this OECD step is RCOI or due diligence.]
____________________

1 SEC Final Rule Release No. 34-67716, Conflict Minerals.

2 Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act directs the SEC to issue rules requiring certain registrants to disclose their use of conflict minerals if those minerals are “necessary to the functionality or production of a product” manufactured by those registrants. Section 1502 amends the Securities and Exchange Act of 1934 to add subsection 13(p).

3 The adjoining countries are Angola, Burundi, the Central African Republic, the Republic of the Congo, Rwanda, South Sudan, Tanzania, Uganda, and Zambia.

4 For small issuers, the temporary transition period is the first four calendar years.

5 The OECD is the Organisation for Economic Co-operation and Development. The OECD steps are described in the OECD’s Due Diligence Guidance for Responsible Supply Chains of Minerals From Conflict-Affected and High-Risk Areas (the “OECD Framework”).

6 For example, see Mining the Disclosures: An Investor’s Guide to Conflict Minerals Reporting, which is available for download on the Responsible Reporting Network’s Web site.

7 Generally accepted government auditing standards.

8 The term 3T refers only to the conflict minerals tin, tantalum, and tungsten.

Download

Related Topics

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.