Auditing and Assessments
We have deep experience in auditing and assessments in many industry sectors.
Independent Private Sector Audits
Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Conflict Minerals”) became effective for the 2013 reporting year. The SEC Rule implementing DFCM requires companies using tin, tantalum, tungsten, or gold (“3TG”) in products they manufacture or contract to manufacture to learn about the country of origin, to perform due diligence, and to make annual filings to the SEC. The SEC Rule includes a provision for many companies to obtain an Independent Private Sector Audit (IPSA), to be submitted with their SEC filings.
Douglas Hileman Consulting LLC (DHC) conducted one of only four (4) IPSAs submitted to the SEC for the 2013 reporting year. DHC was one of only three U.S.-based firms to conduct an IPSA that was submitted for the 2014 reporting year. DHC’s distinctive experience is ideally suited for an IPSA. Mr. Hileman supported approximately 100 financial audit procedures during his years with a Big 4 firm. He was supporting financial audits from the beginning of Sarbanes-Oxley provisions. Many aspects of the DFCM rule, compliance, audit preparedness, and auditing – and companies’ learning curve to implement and achieve efficiencies - are reminiscent of the early Sarbanes-Oxley years.
Mr. Hileman submitted comments to the SEC on the proposed DFCM Rule; the SEC referenced these comments approximately ten times. He has helped clients in an advisory capacity, and has considerable experience in DFCM program elements and challenges. DHC understood the unique aspects and challenges of IPSAs very early. DHC created the website www.DFCMAudit.com for companies interested in IPSAs, prospective IPSA auditors, or other stakeholders interested in learning more about IPSAs.
He led an audit to terms of an SEC consent decree. He has worked with Internal Audit in many capacities. He had conducted audits to the “yellow book” standards, which are the standard for the IPSA. DHC brings a distinctive blend of experience in enterprise risk management for many types of audits.
The stakes for some audits can be high. An audit report with numerous or substantial findings can lead to loss of customers, enforcement issues, loss of prestige – or even loss of career opportunities. These risks are high when there have been changes, such as a new staff, or a new regulation. Risks are also high when the audit is required as a condition of an enforceable agreement, such as a consent decree, or a provision of a purchase & sale agreement.
Douglas has been involved in auditing for over 35 years. He has been active in professional auditing organizations, and has served on the board of two. He helped develop a certificate program in Environmental Auditing for UC Irvine Extension, and taught in the program for eight years. Auditors get credentials, attend auditing conferences, network with other auditors, and take continuing education.
Yet the success of an audit ultimately depends upon the auditee. Most auditees have “day jobs” – in operations, quality, safety, environmental, or other functions. If the success of an audit is important, where is training for auditees? There was none – until now.
DHC developed an approach to address this glaring gap, and to help auditees achieve success in audits. Training includes three focus areas: auditing fundamentals; applicable audit criteria; and mock audit exercises.
DHC has provided audit readiness support for Clients in situations including:
An audit was required as a condition of a consent decree, with the audit report submitted to a regulatory authority. Audit findings could trigger increased fines or penalties, notably for repeat findings.
The Client was procuring an audit to meet the requirement of Dodd-Frank Conflict Minerals. The Client wished to be prepared with identification of applicable audit evidence, and to familiarize staff with interviewing skills.
A Client had self-reported numerous exceedances of permit limits to local authorities, as required by their operating permit. The Client felt they could be at risk for a detailed inspection and/or enforcement action.
New regulations required substantial changes to Client internal processes and controls for estimating and reporting reserves for environmental liabilities. A poor audit report could risk changes to reserve requirements, delay in release of financial information – or (worst case) a qualified audit opinion for the financial audit.
In each case, the auditees got comfortable with the auditing process, and their roles in the auditing process. They also reported that they were able to improve their processes, and achieve better compliance, because they “began looking at their own work through the eyes of an auditor.”
An audit is simply a comparison of an actual situation to a specified criteria or standard, with the goal of assuring conformance or identifying gaps (if any), and does so using a structured, documented process. This basic definition is deceptively complicated to achieve.
First, the auditor (and the party procuring the audit) must agree upon the criteria or standard. DHC is experienced in specialty audits when the standard is distinctive to a business need. For example:
• Terms of a purchase & sale agreement
• Readiness for conformance with a new industry standard
• Progress towards meeting project goals
• Customer specifications
• Ability to implement written plans required by regulation (spill prevention, emergency response)
• Terms of a lease or financing agreement
• Provisions of an insurance contract
• An organization’s own policy or procedure (for example, for tracking and assessing emerging issues, or for operational continuity)
• Management systems to implement requirements imposed by others
Second, the auditor needs to evaluate the “actual.” An auditor must develop a reasonable approach o sampling, testing, and evaluation. DHC’s experience in subject matters, operations, and auditing helps make for a better audit – one that provides value to our clients.
Internal Audits, Audit Program Support and Audit Review
Internal Audit is an organization’s “third line of defense” against risks of non-compliance, operational mishaps, improper reporting, or mis-alignment with business strategy. Other areas – such as Environmental, Safety, Sustainability, Operations, Supply Chain - have their own auditing programs to monitor conformance with laws, regulations, standards, and other compliance requirements. These are considered “second lines of defense” (2LODs) according to a widely-referenced position paper by the Institute of Internal Auditors.
DHC has helped clients’ Internal Audit groups as a specialist supporting audits. Focus areas have included compliance with specified environmental regulations, management of financial reserves for environmental liabilities, environmental compliance and risk management, readiness for new regulations, assessments of organization and staffing, and tracking of emerging issues.
DHC has also performed with Quality Assurance Reviews of their 2LOD auditing programs, re-designed audit programs, and provided audit coaching and training. DHC applies principles of enterprise risk management and financial audit support to these engagements. This has helped clients improve business processes, strengthen controls, make more informed selection of data management vendors, document corrective actions, and modify auditing programs to achieve better results at lower costs.
Benefit Corporations (Non-Financial)
Many states now provide for the establishment of a “benefit corporation” as a legal structure for purpose-driven entrepreneurs to make money while pursuing social or environmental purposes. Traditionally, a new enterprise had two main options in choosing a type of legal entity. They could choose to incorporate as a corporation – with the primary (if not sole) purpose of pursuing profits for investors. Or, they could establish a non-profit to pursue stated purpose, but with limited ability to make money.
Several groups have arisen to establish various social and environmental performance criteria. Their business models vary, and some offer certifications or statements of endorsement. However, the social purpose behind each Benefit Corporation is as varied as the entrepreneurs who establish them. No standard certification, audit, or report from a non-profit or other enterprise will provide assurance to Benefit Corporation investors on the performance of the organization to their stated goals.