The Human Rights Reporting and Assurance Frameworks Initiative: Considerations for the development of an assurance framework.



Similar documents
Sustainability reporting What you should know kpmg.com

Eumedion response to the IAASB Framework for Audit Quality

Strategy for : Fulfilling Our Public Interest Mandate in an Evolving World

The Auditor's Responsibilities Relating to Other Information

1. Whether the concept of materiality can be applied in the context of the CDM

Frequently Asked Questions

The Greenhouse Gas Protocol

ISRE 2400 (Revised), Engagements to Review Historical Financial Statements

ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

INDICATIVE GUIDELINES ON EVALUATION METHODS: EVALUATION DURING THE PROGRAMMING PERIOD

AUDITOR-GENERAL S AUDITING STANDARD 4 (REVISED) THE AUDIT OF SERVICE PERFORMANCE REPORTS. Contents

Assurance Engagements

How to Measure and Report Social Impact

MANAGING INFORMATION CDP ROADMAP GUIDE CLIMATE CHANGE REPORTING:

2013 Communication on Progress

Proposed Consequential and Conforming Amendments to Other ISAs

Call for Action Need to Increase Education in Sustainability for Accountants and Management!

Transparency of Firms that Audit Public Companies

QUALITY ASSURANCE (QA)/ QUALITY CONTROL (QC) AND VERIFICATION NEELAM SINGH WORLD RESOURCES INSTITUTE

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

Corporate Governance in New Zealand Principles and Guidelines

INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS

Chapter Five: Respect for Human Rights in Joint Ventures Relationships

SCP Issues for Business and Industry

Draft Scope 2 Accounting Guidance: What it could mean for corporate decisions to purchase environmental instruments

CONTENTS PREFACE 3 1. THE PURPOSE OF THE GRI SUSTAINABILITY REPORTING GUIDELINES 5

Our Impacts: accurate base factor data supporting Audit Ready Output

The criteria and guidelines Best Belgian Sustainability Report Edition 2014

Addressing Disclosures in the Audit of Financial Statements

GAO. Government Auditing Standards Revision. By the Comptroller General of the United States. United States Government Accountability Office

FINANCIAL MARKETS AUTHORITY CORPORATE GOVERNANCE IN NEW ZEALAND. Principles and Guidelines A handbook for directors, executives and advisers

A systematic comparison of the German Sustainability Code with the principles of the UN Global Compact and the OECD Guidelines for Multinational

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Statement on G7 Topic Trade and Supply Chain Standards

Solvency II Data audit report guidance. March 2012

Improving information to support decision making: standards for better quality data

Consultation Paper. ESMA Guidelines on Alternative Performance Measures. 13 February 2014 ESMA/2014/175

IIRC Prototype Framework

Expert Evidence In Professional Negligence Claims

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

Corporate performance: What do investors want to know? Reporting adjusted performance measures

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

Re: PCAOB Release No (Docket Matter No. 41) Concept Release on Audit Quality Indicators ( Concept Release )

IMPLEMENTATION NOTE. Validating Risk Rating Systems at IRB Institutions

Checklist for Customer Protection Management

Singapore Exchange Sustainability Reporting Guide. Guide to Sustainability Reporting for Listed Companies

SUSTAINABILITY REPORTING OF MAJOR GERMAN COMPANIES

Business Principles September 2014

AUSTRALIA. Submission to the SBSTA May Views on the Elaboration of a Framework for Various Approaches. I. Overview

Scope 2 Accounting Guidance: What it means for corporate decisions to purchase environmental instruments

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

Reporting Service Performance Information

Extractive Industries Transparency Initiative. Validation guide

Integrated Emissions Data Management Framework for Government and Corporate Greenhouse Gas Data Management, Modeling, and Reporting

Appendix 14 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

Portfolio Carbon Initiative

Application of King III Corporate Governance Principles

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, PARIS

Castan Centre for Human Rights Law Monash University Melbourne

4 Testing General and Automated Controls

Code of Professional Conduct & Ethics Association of Accounting Technicians of Sri Lanka

Improving natural capital reporting and finding the tools to help

FINANCIAL MANAGEMENT MATURITY MODEL

Application of King III Corporate Governance Principles

CDP s response to consultation feedback

MARKET CONDUCT ASSESSMENT REPORT

INFORMATION SYSTEM AUDITING AND ASSURANCE

Certification as a Sustainability Assurance Practitioner

The external assurance of sustainability reporting

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES. Financing Change initiative

Ref: B15.01 Eumedion response draft revised OECD principles on corporate governance

EXECUTIVE SUMMARY. EU Multi Stakeholder Forum on Corporate Social Responsibility 3-4 February, 2015 Brussels, Belgium

for Vocational Education and Training (KRIVET) but the findings are not included in this paper.

Chain of Custody Standard

Internal Mediation Services. Surrey County Council in partnership with South East Employers

Week 3. COM1030. Requirements Elicitation techniques. 1. Researching the business background

Guidance for the financial sector: Scope 3 accounting and reporting of greenhouse gas emissions. Summary of Scoping Workshop

Data Quality for BASEL II

Using Management Systems for Socially Responsible Practices in Supply Chains

Sustainability efforts must be a natural feature of daily business

Results and processes guide. Australian Government Australian Aged Care Quality Agency.

ETI PERSPECTIVE 2020: A FIVE YEAR STRATEGY

AQTF Audit Handbook. This publication remains current and applicable to the VET sector.

1. LEGAL REQUIREMENTS

Principles for the audit committee s role in performance management

Part B1: Business case developing the business case

The Legal basis for CPB and framework agreements

Working with an Expert

Fédération des Experts Comptables Européens. FEE Discussion Paper Providing Assurance on Environmental Reports

Basel Committee on Banking Supervision. Working Paper No. 17

Aberdeen City Council

PEACENEXUS INVESTMENT GUIDELINES

Special Purpose Reports on the Effectiveness of Control Procedures

ASSESSING THE EFFECTIVENESS OF COMPANY GRIEVANCE MECHANISMS

Reforming the business energy efficiency tax landscape

BT s supply chain carbon emissions a report on the approach and methodology

Private Certification to Inform Regulatory Risk-Based Oversight: Discussion Document

Module 13. Software Reliability and Quality Management. Version 2 CSE IIT, Kharagpur

Work Plan for : Enhancing Audit Quality and Preparing for the Future. The IAASB s Work Plan for December 2014

Transcription:

The Human Rights Reporting and Assurance Frameworks Initiative: Considerations for the development of an assurance framework Adam Carrel

Note from the project team for the Reporting and Assurance Frameworks Initiative During consultations on the Human Rights Reporting and Assurance Frameworks Initiative ( RAFI ) in October 2013, the RAFI project team noted the widely differing ways in which the terms assurance and audit are used by different stakeholders from different fields of practice. We remarked on the potential utility of a paper that could provide some background regarding these distinctions. Adam Carrel from EY, a participant in the New York consultation, kindly undertook to provide a white paper that could offer an overview on this issue, including some perspectives on the relative strengths and weaknesses of current audit and assurance models and lessons that RAFI might draw from them. The opinions expressed represent his perspectives and not necessarily those of EY. The RAFI project team welcomed this offer and is confident that the resulting paper will be a valuable contribution to on-going discussions, including as a stimulus to additional or differing perspectives on the issues raised. We hope this will further advance collective thinking about how RAFI might re-envision assurance in a form that could add value in the context of human rights reporting. 2

The Human Rights Reporting and Assurance Frameworks Initiative: Considerations for the development of an assurance framework Purpose The purpose of this white paper is to support a uniform base understanding on the meaning and potential implications of key assurance concepts, as they might apply to forthcoming human rights disclosures. The paper also attempts to provide an overview of the advantages and disadvantages, as well as the lessons learnt from the assurance of non-financial data over recent years. Key terms Outside of the financial context, terms like assurance and audit have taken on different meanings sometimes at odds with the original. For the purposes of this discussion the following key terms are defined as follows: Assurance - assurance entails an independent third party assessment, performed by entities that are held to specific professional standards governing assessment methodology, that opine on management s disclosures on in this context human rights. One notable aspect of these standards is that they require assurance providers to tailor their methodologies via a risk assessment of the specific circumstances of the individual client. It is for these reasons that this kind of assurance is typically provided by public accounting firms, though this does not have to be the case. Assurance is perhaps best suited to corporate-level disclosures because it looks at the overarching processes and controls that support the generation of accurate data, rather than strictly empirical evidence gathered at the site level. A company s controls are best understood as the checks and balances that a company deploys to ensure the consistent application of its internal reporting standards. It is through the testing of controls that an assurance provider obtains comfort over the reliability of an overall reporting function rather than purely the discrete data sets over which recalculations have been performed. In the context of human rights reporting, controls might include, for instance, processes that ensure security guards are screened for their training on human rights and for their record on the ground before being deployed to guard company facilities, or the controls that prevent procurement personnel from raising a purchase order for factories that have not been approved by social compliance. Historically the efficacy of corporate human rights functions have been subject to limited internal review, which has contributed to the relative stagnancy of process improvement in corporate human rights reporting over recent years. 3

Assurance may be classified as either Limited ( review-level in the US) or Reasonable ( examination-level in the US) with the former involving less work and resulting in a negatively framed opinion (i.e. nothing has come to our attention to suggest that [the disclosure] is not correct) and the latter involving more work resulting in positively framed opinion ([the disclosure] is a true and correct representation...). Audit - outside of financial statement assurance the term audit has come to apply most frequently to the assessment of non-financial information against established requirements, such as Health Safety and Environment auditing against Occupational Health and Safety requirements. As such it aligns better to individual production facilities/assets as it is not necessarily informed by overarching assurance standards or risk assessments of the corporate control environments to inform testing strategies. Non-financial auditing is primarily the domain of engineering firms and large sustainability-focused consultancies and typically results in the provision of a verification statement which, compared to assurance statements, are less prescriptive in what they can state. It is worth mentioning that individual site-based assessments often do, or at least should, form part of a human rights-focused assurance engagement. In the assurance context a site-based assessment is generally focused on assessing if company-wide processes are occurring as expected at a site-level as opposed to verifying that the specific site meets a specific standard, as in an audit. The primary difference between human rights assurance vs audit is perhaps best described as being that an audit is geared towards confirming that a certain facility/ asset meets a certain standard at a certain time, while assurance is geared towards confirming that an entity s processes imply that all of its assets and activities are likely to converge towards an acceptable standard. Materiality any discussion on non-financial assurance needs to address the often complex concept of materiality which, primarily via the GRI, has a dual meaning in the context of reporting and assurance. Materiality, in the traditional assurance sense, simply represents the threshold imposed by an assurance provider beyond which an error would be seen as significant to the users of a report. It is most easily applied to numerical datasets. For instance where a company might be reporting a total value of $1,000,000 in micro-finance loans issued, an assurance provider might impose a materiality threshold of 5 percent, meaning that any discrepancy in excess of $50,000 will need to be reconciled for the assurance provider to issue an unqualified (or clean ) opinion. Alternatively, in the sustainability reporting context, the term materiality has also been used to mean that the information in a report addresses the significant economic, environmental and social impacts of an organization and those that would substantively influence the assessments and decisions of stakeholders. For example, were an Oil and 4

Gas company operating in the US, South Sudan and Myanmar to base their public human rights disclosures entirely on the conditions in their Texan Oil refineries it would be said that the content of their human rights report would not reflect the principle of Materiality. Materiality, as defined in the sustainability reporting context, is perhaps the most important unifier of effective non-financial reporting given the historical propensity of such reports to reflect comfortable content as opposed to the real challenges at the nexus of business and society. As will be discussed further, assurance (properly applied) is perhaps the only means of enforcing an adherence to this later definition of materiality where there is no regulator to do so. The rationale for an assurance component to corporate human rights reporting For the purpose of simplicity (and in line with the author s later suggestion that RAFI might adopt a hybrid of assurance and audit approaches), the terms assurance and audit are referred to under the umbrella term assurance within the remainder of this paper. In some sectors (e.g. extractive industries) and geographies (e.g. Australasia and Western Europe) sustainability-related disclosures are not considered credible in the absence of third party assessment. In other sectors and geographies (e.g. the United States) the demand for sustainability assurance has not grown in parallel with the uptake of reporting. What is common across all experiences in non-financial reporting is that given that sustainability/human rights functions lack the kind of resources that support financial reporting, assurance providers almost always detect significant inaccuracies during even the most light-touch assessments. As such, two immediate benefits of assurance are a) that it instills greater confidence in users of human rights reports that the information is credible enough to be acted upon; and b) that material inaccuracies are addressed prior to publication. Expanding on this latter benefit, there is a common misconception that the relationship between the assurer and the assured is one-way and results purely in a pass or a fail at the conclusion of the engagement. In reality, and particularly in the context of sustainability assurance, assurance providers have significant latitude to work with reporters to remedy inaccuracies and recommend process improvements that can result in the betterment of future reports. Beyond these more obvious benefits, assurance has the additional advantages of a) elevating the awareness of the human rights function to executive officers that would not be engaged were assurance not performed including those responsible for risk management; and b) providing human rights/social compliance departments with access to third party expertise they might otherwise not have. 5

Lessons learned from current assurance/audit models Notwithstanding the benefits of assurance mentioned above, there are numerous lessons that can be learnt from current approaches to sustainability-related assurance/audit, which despite some or all of the benefits mentioned above nevertheless have often failed to arrive at an approach that was entirely fit for purpose. The remainder of this paper sets out a range of key lessons that may be of particular relevance and interest to RAFI as it moves forward. Should assurance/audit be made mandatory? There are few voluntary reporting mechanisms that incorporate mandatory assurance/audit, for the obvious reason that it might deter participation among companies unwilling to take on the cost and scrutiny of a third party. In that RAFI is looking to entice companies towards a new reporting framework within an already crowded marketplace this is an important consideration. However, it is important to note that much of what has constrained the full realization of the ambitions of the Global Reporting Initiative ( GRI ), Global Compact and the Carbon Disclosure Project ( CDP ) is that these organisations have had few or no means to ensure compliance with the intent of their reporting frameworks. Although each of these organizations, in particular the GRI, has gone to great lengths to describe the importance of the accuracy, completeness and above all materiality of reported content, many observers feel that too much of the content of reports is still skewed towards conveying those areas in which a company believes it has done well. Assuming then that mandatory assurance would require auditors to specifically assess the alignment of reported content with the RAFI reporting framework (discussed shortly) this could go a long way to ensuring that the outputs of RAFI reporters comprise meaningful information that furthers the cause of human rights awareness and performance improvement. Should the third party assessment align to assurance standards or audit standards? In deciding between assurance and audit-based approaches it is useful to note that, generally speaking, assurance adds more value to the reporter while audits often provide more easily digestible detail to users of reports. In performing audits of non-financial information, sustainability-focused consultancies have been under no obligation to: Be independent of the reporting entity 6

Have a structured review and approval process Define and adhere to a sampling and testing methodology Retain and archive audit evidence, among other things As such the findings of a typical non-financial audit (often described as a verification statement ) are a product of two key factors: the particular expertise of the consultant and the extent of company operations they were able to see. Each factor may be extensive or limited. An advantage of the absence of regulated obligations is that the expert consultant is generally able to provide a much more nuanced description of what a company is doing well and what it needs to improve upon and will also typically be much more transparent regarding the nature of the procedures involved. However, inferences should not necessarily be drawn from this verification statement that the findings expressed are representative of the whole enterprise. Assurance providers on the other hand are bound by internal and external assurance standards in particular ISAE 3000 (outside the US) and AT101 (inside the US) that prescribe the kind of practices not required of consultancies, described above. The rigors of these standards almost always detect and remedy process failures in the calculation and aggregation of information. However, they are often not geared towards the development of qualitative impressions drawn from specific site-based experiences, which are often more telling indicators of company performance than data-based assessments. As such, in considering new approaches in the human rights reporting space, it may be that a hybrid of both assurance and audit-based approaches would represent the best opportunity to leverage the benefits of both. Such an approach could draw on assurance to ensure that a necessary amount of work and review precedes the generation of an opinion and could draw on audit approaches to produce an opinion that contains meaningful commentary regarding the basis of that opinion. Should RAFI define the Criteria and Subject Matter for assurance? The previous section discussed the Standard (the requirements that the auditor is bound by) under which the assurance engagement would be performed. Two other important assurance concepts are Criteria and Subject Matter. The Criteria are what the human rights report would be audited against. Key examples of non-financial assurance criteria are the GRI Principles for informing report content (Materiality, Completeness, Stakeholder Inclusiveness and Sustainability Context) against which assurance providers assess the extent to which a report has reflected these principles. As another example, the AccountAbility principles which provide the 7

basis for sustainability assurance according to the AA1000AS are Inclusivity, Materiality and Responsiveness. The Subject Matter is what is being audited and it is generally up to the party being audited to define what this is. The GRI framework includes a number of indicators and management approach considerations on which GRI reports must be based to reflect G4 (or under the old paradigm to be classified as an A, B or C report). At the same time, the GRI framework does not stipulate that the Criteria must be applied when reports are assured against' the framework; nor that all Subject Matter must be included in the assurance. As such, companies are at liberty to get immaterial (i.e. irrelevant) subject matter assured (such as the GHG emissions of an insurance company) against selective criteria that often exclude the GRI Principle of Materiality. Users of these reports often understand an assurance statement as an indication that the whole report is reflective of GRI principles when in fact this may not be the case. As such, one means of addressing this weakness in the human rights reporting context could be to stipulate that if a report is to be assured, the subject matter must comprise at least x and y (say the whole report, or certain core content), and that the Criteria must include, say, Completeness, Accuracy and Materiality, the meaning of which would need to be publicly defined. This could help ensure that that assurance which is performed remains a legitimate signifier of transparency and does not inadvertently mislead the reader into believing that more assurance is provided than is actually the case. Avoiding the flaws of the current factory auditing paradigm 1 In developing and publishing a RAFI assurance framework which includes guidance on assurance subject matter and the criteria to be applied by assurance providers it is particularly important it does not simply reproduce the weaknesses of traditional supply chain audit outputs (i.e. verification that a certain factory population has been subject to a certain quantity of audits that returned a certain amount of compliances and noncompliances). As such, RAFI should look to avoid producing something equivalent to an audit protocol that auditors could simply populate with yes/no type entries. These binary approaches to supply chain assessment have significantly undermined downstream awareness of the reality of human rights impacts by focusing too heavily on physical indicators of 1 For further information on this, see EY, Human Rights and Professional Wrongs: rethinking corporate social compliance in the supply chain, available at http://www.ey.com/publication/vwluassets/ey_-_human_rights_and_professional_wrongs/$file/ey-socialcompliance-and-human-rights-report.pdf. 8

human rights (e.g. fire exits and birth certificates) without assessing the existence of management systems that should promote real and continuous improvement in human rights. Accordingly, in preparing guidance for assurance practitioners much could be gained by drawing on internal audit modes of assessment. This would include: Commencing each assurance engagement with a review of the systems for identifying the greatest/most salient human rights risks that then form the focal content of the report; Looking beyond reporting information that says that the company has a process to assess impacts and manage grievances, to look also at the appropriateness and effectiveness of those processes; Looking at whether such statements are borne out across the company s different operations (rather than, for example, just focused on the supply chain) and whether they carry through in practice at the operational level. In addition, assurance guidance should stress the importance of assessing the alignment of the entirety of a corporation s actions with the information disclosed under the RAFI reporting framework rather than simply those elements of a company s supply chain that have historically fallen into the purview of social compliance functions. This would require, in particular, looking at the incorporation of human rights assessments into actions such as: The provision of preferred supplier status Site selection and new-country entry Executive remuneration Mine plan development (e.g. an assurance engagement should not look exclusively at whether the terms of a resettlement action plan have been met but whether all options to avoid resettlement were initially exhausted) Energy procurement By doing so assurance engagements will stand to play a significant role in progressing the cause of meaningful dialogue on business and human rights, and result in both an assurance process that assists companies own efforts to implement the UN Guiding Principles, and an assurance opinion that significantly advances the capacity of stakeholders to make informed judgments of corporate human rights performance. Conclusion The author hopes that this paper will help stimulate constructive debate about the best approach to the development of an assurance framework in the context of the Human Rights Reporting and Assurance Frameworks Initiative. It has sought to do so by: a) clarifying how the terms audit and assurance are currently typically used in the nonfinancial context and the distinctions between the two; 9

b) identifying some strengths and opportunities from the existing practice of nonfinancial assurance that RAFI might wish to capture; c) identifying some weaknesses and pitfalls of the existing practice of non-financial assurance and audit that RAFI might wish to avoid; and d) pointing to some potential ways in which RAFI might develop a new, in some ways hybrid approach in its assurance framework, which might create something more fit for purpose. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information