Our Impacts: accurate base factor data supporting Audit Ready Output



Similar documents
Aberdeen City Council IT Asset Management

Aberdeen City Council IT Security (Network and perimeter)

External assurance on the Trust's Quality Report

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance

Internal Audit Charter. Version 1 (7 November 2013)

Miscellaneous Technical Statement

Audit, Risk and Compliance Committee Charter

An Introduction to Continuous Controls Monitoring

ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

Corporate Governance Statement

INTERNATIONAL STANDARD ON RELATED SERVICES 4410 ENGAGEMENTS TO COMPILE FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION CONTENTS

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Aberdeen City Council

The Importance of IT Controls to Sarbanes-Oxley Compliance

Auditing Standard ASA 600 Special Considerations Audits of a Group Financial Report (Including the Work of Component Auditors)

Thompson Jenner LLP Last revised April 2013 Standard Terms of Business

Auditing Standard ASA 330 The Auditor's Responses to Assessed Risks

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

Compliance Policy AGL Energy Limited

Data Protection Act Guidance on the use of cloud computing

Evergreen Solar, Inc. Code of Business Conduct and Ethics

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

New Zealand Institute of Chartered Accountants

INFORMATION TECHNOLOGY SECURITY STANDARDS

Guidance Statement GS 007 Audit Implications of the Use of Service Organisations for Investment Management Services

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

CROSSWORD CYBERSECURITY PLC

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

Report on Inspection of PricewaterhouseCoopers LLP (Headquartered in New York, New York) Public Company Accounting Oversight Board

G3MS. An uncomplicated carbon management solution Australian edition

HEALTH SERVICE EXECUTIVE NATIONAL FINANCIAL REGULATION INTRODUCTION TO NATIONAL FINANCIAL REGULATIONS NFR - 00

ISO27001 Controls and Objectives

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015

Report to Governors on the Quality Report 2013/14

Application to access Chesters Trade

Solihull Metropolitan Borough Council. IT Audit Findings Report September 2015

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

AUDIT COMMITTEE CHARTER of the Audit Committee of SPANISH BROADCASTING SYSTEM, INC.

The end of SAS70 what next for Performance Assurance?

Mount Gibson Iron Limited Corporate Governance Policies and Practices Manual Shareholder Communication Policy

How To Protect School Data From Harm

Access Governance. Delivering value. What you gain. Putting a project back on track for success

[300] Accounting and internal control systems and audit risk assessments

Echo Entertainment Group Limited (ABN ) Risk and Compliance Committee Terms of Reference

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200

Internal Audit Terms of Reference

Annual Report and Accounts 2013

Police and Crime Commissioner for Staffordshire and Chief Constable of Staffordshire

Corporate Governance Statement

Reporting on Control Procedures at Outsourcing Entities

Standard terms of business

GUIDANCE NOTE DECISION-MAKING PROCESS

Third Party Security Requirements Policy

CHARTER OF ETHICS AND BEHAVIOUR

Information Security Policies. Version 6.1

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE

Environmental Operational Reporting and Offset Management Standard

Data Protection Policy

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Internal Audit Final Report Strategic Finance Accounts Receivable March 2014

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE

ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER

Charter of the Compliance and Operational Risk Management Office (CORMO)

Improving information to support decision making: standards for better quality data

Reorganising central government. Synergy reporting for Mergers and Acquisitions

Informatics Policy. Information Governance. Network Account and Password Management Policy

Efficiency and transparency Jaguar Land Rover

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

Commercial Online Banking

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Guidance Statement GS 019 Auditing Fundraising Revenue of Not-for-Profit Entities

EVOGENE LTD. (THE COMPANY ) AUDIT COMMITTEE CHARTER

Financial Services Guidance Note Outsourcing

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

University of Aberdeen Information Security Policy

Annual Governance Statement 2013/14

Introduction to the NHS Information Governance Requirements

Downloaded from Datalog

BOARD CHARTER Link Administration Holdings Limited ("Company") ABN

Information Governance Strategy & Policy

Newcastle University Information Security Procedures Version 3

Clause 1. Definitions and Interpretation

COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)

Pan European Socially Responsible Investment Policy

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Electronic Trading Information Template

Copyright, Language, and Version Notice The official language of this [Certification Protocol] is English. The current version of the [Certification

The Information Systems Audit

Supplier Engagement Guidance

INTERNATIONAL STANDARD ON AUDITING 700 FORMING AN OPINION AND REPORTING ON FINANCIAL STATEMENTS CONTENTS

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

Committees Date: Subject: Public Report of: For Information Summary

Transcription:

Our Impacts: accurate base factor data supporting Audit Ready Output Report on third party sourced base factors used within the Our Impacts platform as at 31 January 2014 and the design of internal controls to meet the related control objectives.

Contents Section 1: Report by the Management of Ecometrica 1 Our Impacts: accurate base factor data supporting Audit Ready Output Section 2: Ecometrica s Management Assertions Section 3: PwC Assurance Report Section 4: Management s Internal Control Objectives and Reporting Criteria 1 Throughout this document, Ecometrica refers to Ecometrica Limited.

Section 1: Report by the Management of Ecometrica Our Impacts: accurate base factor data supporting Audit Ready Output About Ecometrica At Ecometrica we believe that bringing new technologies to market and setting new standards for serving customers will make environmental accounting better, faster and more effective. We are passionate about clear, correct, and meaningful environmental management that helps businesses meet their sustainability challenges, reduce costs, and increase overall performance. We help our clients measure their environmental impacts, from greenhouse gases, energy, waste and water management all the way through to full supply chain accounting. Because of our values we naturally make the best software and information products in the sector. Our innovative and intelligent software distils our technical expertise and market experience into simple web-based tools that anyone can understand and use, with full setup, training and guidance provided by our experts. Ecometrica s mission is to provide clarity and illumination on environmental impacts. Our goal is not to tell our clients what to do, but to provide them with the best information so that they can decide which direction is right for their organisation. We are here to help our clients build knowledge and capacity, manage relationships, and navigate difficult times. The Our Impacts Greenhouse Gas Accounting Platform We believe that all organisations should have access to the best possible GHG information, irrespective of whether they are big or small, experts or beginners. That is why Our Impacts is used by some of the smallest and largest businesses in the world. In order to deliver our vision we have brought together a number of innovative technologies including one of the industry s most comprehensive databases of emission and conversion factors, a leading team of experts to maintain it, unique algorithms that automatically select the most appropriate emission and conversion factors according to the input data, and the ability to calculate GHG emissions in real time. Our philosophy means that we do not simply sell software and leave our clients to it but instead we provide expert support throughout the GHG assessment process. Our experts provide support through system set up, boundary setting and data collection and carry out a quality assurance exercise on every completed assessment meaning that the quality of output from Our Impacts is not only Audit Ready but of the very highest standard in the industry. 1

Audit Ready Output Audit Ready Output is a concept that ensures that all outputs from a GHG accounting system are fit for purpose and can be subject to independent audit without the need for reporting organisations to carry out any further calculations, clarification, data manipulation or other pre-audit work. Features of an audit ready system must therefore include: A database of up to date and accurate emission factors; A database of up to date and accurate conversion factors; A credible system for ensuring that emission and conversion factors are maintained; A system of quality assurance checks embedded into the GHG assessment work flow; The ability to present all of the information an auditor would need to carry out an independent assurance exercise on the GHG results, including pdf reports, excel sheets, and supporting evidence for submitted data; and Controls that ensure the data and results cannot be changed by clients after publication without authorisation from Ecometrica. Why we have sought independent assurance Ecometrica has gained an excellent reputation in the GHG accounting sector over the last six years and now that GHG accounting has become mainstream through the GHG Regulations implemented in 2013, we need to communicate our credentials to those who have limited experience in corporate sustainability reporting or GHG accounting. We therefore asked PwC to carry out an independent assurance exercise so that their findings would enhance confidence and trust in the base factors that support Our Impacts and its ability to deliver a clearly laid out and Audit Ready assessment report. We also believe credible third party assurance over the accuracy of the base factors supporting Our Impacts will help us reduce the financial and time burden associated with the auditing of this information, contributing to our market leading product. 2

Section 2: Ecometrica s Management Assertions: 1. The base factors used in the Our Impacts application as at 31 January 2014 are up to date and have been accurately sourced from the third party publications as specified in the source recorded within the database, and included in the assessment. 2. We have designed, and put into operation, controls to enable us to ensure that the population of base factors used within the Our Impacts application are valid, accurate and the access to update or amend the base factors has been restricted; mathematical calculations (addition and multiplication) carried out by the Our Impacts application are arithmetically accurate and the assessment produced from the Our Impacts application is independently reviewed before being provided to clients. The key Internal Control Objectives (Reporting Criteria) and the underlying controls in place as at 31 January 2014 are described in Section 4, below. The Directors of Ecometrica Limited are, and shall be, responsible for the Management Assertions, the Internal Control Objectives and the design of internal controls placed in operation over the accuracy of base factors used within the Our Impacts application. Specifically, the Directors are responsible for establishing appropriate internal controls to ensure continued compliance with the Management Assertion and Reporting Criteria. Richard Tipper Chairman of Ecometrica Limited Signed for and on behalf of Ecometrica Limited 3 March 2014 3

Section 3: PwC Assurance Report Independent Assurance Report to the Directors of Ecometrica Limited The Directors of Ecometrica Limited ( Ecometrica ) engaged us to provide assurance on the Management Assertions described below and set out in Ecometrica s Our Impacts: accurate base factor data supporting Audit Ready Output Report as at 31 January 2014. Our conclusion Based on the procedures we have performed and the evidence we have obtained: Nothing has come to our attention that causes us to believe that the Management Assertion on the base factors used in the Our Impacts application as at 31 January 2014, is not fairly stated in all material respects, in accordance with the Reporting Criteria; and In our opinion, Management s Assertion on the design of the internal controls put into operation, as at 31 January 2014, is fairly stated in all material respects, in accordance with the Reporting Criteria. This conclusion is to be read in the context of what we say below. Management Assertions The scope of our work was restricted to providing limited assurance over base factors used within the Our Impacts system, which can be directly agreed to third party sources (the base factors ), and reasonable assurance over the design of controls put into operation in respect of this data (the controls) as at 31 January 2014 (collectively the Management Assertions ). The Reporting Criteria against which the Management Assertions were assessed comprised third party published information (for base factors) and management s stated Internal Control Objectives (for controls). Our assurance does not extend to information in respect of earlier periods or to any other information included in the Our Impacts: accurate base factor data supporting Audit Ready Output Report. Professional standards applied and level of assurance We performed a limited assurance engagement on the base factors and a reasonable assurance engagement on the design of the controls in accordance with International Standard on Assurance Engagements 3000 Assurance Engagements other than Audits and Reviews of Historical Financial Information issued by the International Auditing and Assurance Standards Board. A limited assurance engagement is substantially less in scope than a reasonable assurance engagement in relation to both the risk assessment procedures, including an understanding of internal control, and the procedures performed in response to the assessed risks. Our Independence and Quality Control We applied the Institute of Chartered Accountants in England and Wales (ICAEW) Code of Ethics, which includes independence and other requirements founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour. We apply International Standard on Quality Control (UK&I) and accordingly maintain a comprehensive system of quality control including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements. Our work was carried out by an independent team with experience in assurance. Understanding reporting and measurement methodologies The Management Assertions need to be read and understood together with the Reporting Criteria. The absence of a significant body of established practice on which to draw to evaluate and measure non-financial information allows for different, but acceptable, measurement techniques. The nature, methods and precision used to determine non-financial information can result in materially different measurements, affecting comparability between entities and over time. The Reporting Criteria used for the reporting of the Management Assertions was as at 31 January 2014. Work done Considering the risk of material misstatement of the Management Assertions, we: made enquiries of Ecometrica s management; assessed the risk and evaluated the design of the key structures, systems, processes and controls for managing, recording and reporting the base factor data; tested that the controls included within the Our Impacts Report had been implemented as at the reporting date; and performed limited substantive testing on a selective basis of the base factor data to third party sources to check that data had been appropriately recorded and collated. Our procedures did not include testing the operating effectiveness of the controls stated in the description and, accordingly, we do not express an opinion thereon. Ecometrica s responsibilities The Directors of Ecometrica are responsible for: designing, implementing and maintaining internal controls over information relevant to the preparation of the Management Assertions that is free from material misstatement, whether due to fraud or error; establishing objective Reporting Criteria for preparing the Management Assertions; measuring and reporting the Management Assertions based on the Reporting Criteria; and the content of the Our Impacts: accurate base factor data supporting Audit Ready Output Report. Our responsibilities We are responsible for: planning and performing the engagement to obtain assurance about whether the Management Assertions are free from material misstatement, whether due to fraud or error; forming an independent conclusion, based on the procedures we have performed and the evidence we have obtained; and reporting our conclusion to the Directors of Ecometrica. This report, including our conclusions, has been prepared solely for the Directors of Ecometrica as a body in accordance with the agreement between us. We permit this report to be disclosed in the Our Impacts: accurate base factor data supporting Audit Ready Output Report as at 31 January 2014, to enable the Directors to show they have addressed their governance responsibilities by obtaining an independent assurance report in connection with the Management Assertions. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Directors as a body and Ecometrica for our work or this report except where terms are expressly agreed between us in writing. PricewaterhouseCoopers LLP Chartered Accountants, Glasgow 3 March 2014 The maintenance and integrity of Ecometrica s website is the responsibility of the Directors; the work carried out by us does not involve consideration of these matters and, accordingly, we accept no responsibility for any changes that may have occurred to the reported Selected Information or Reporting Criteria when presented on Ecometrica s website.

Section 4: Management s Internal Control Objectives and Reporting Criteria 1: Controls provide reasonable assurance that access to the Our Impacts application and its underlying data is restricted appropriately Control Ref 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 New users are authorised by a member of the management team prior to being granted access to Our Impacts to ensure that only approved staff have access to use the application. Modification of users' access rights to the Our Impacts application are authorised by a member of the management team prior to being executed. Access to the Our Impacts application is revoked for leavers by the IT team once notified of their departure. End users of the Our Impacts application can only access the application using the standard authentication procedures reducing the risk of unauthorised access. User recertifications are carried out on a quarterly basis for all users of the Our Impacts application to ensure that the user list comprises only those authorised. The recertification list is automatically generated and then approved by a member of management through an electronic sign off. Privileged access to underlying databases is restricted to a small number of individuals. Access requests for DBA access are submitted and authorised by a member of the management team prior to access being granted for new users. Privileged access to the underlying databases is revoked for leavers by the IT team once notified of their departure. User recertifications are carried out on a quarterly basis for those with privileged access to the underlying databases to ensure that the user list comprises only those authorised. The recertification list is automatically generated and then approved by a member of management through an electronic sign off. Privileged users can only access the underlying databases using standard authentication procedures reducing the risk of unauthorised access. Privileged access to the underlying operating system is restricted to a small number of individuals. Access requests for OS access are submitted and authorised by a member of the management team prior to access being granted for new users. User recertifications are carried out on a quarterly basis for those with privileged access to the underlying OS to ensure that the user list comprises only those authorised. The recertification list is automatically generated and then approved by a member of management through an electronic sign off. Privileged users can only access the underlying OS using standard authentication procedures reducing the risk of unauthorised access. 5

2: Controls provide reasonable assurance that systems are in place to prevent loss or corruption of data and any issues or problems arising are dealt with through a remedial process Control Ref 2.1 2.2 A back up of Our Impacts and its supporting databases is performed daily. This back up is stored off-site from Ecometrica s premises through a cloud computing provider. There is an application driven process for responding to incidents and tracking the remedial process to ensure that the risk of loss or corruption of data is mitigated. 3: Controls provide reasonable assurance that changes and/or implementations do not cause inaccurate processing of data due to errors in development Control Ref 3.3 3.4 3.5 System and User Acceptance Testing takes place prior to changes being promoted to the live environment. Version control software is used to track all changes made to the live environment. All upgraded versions of the Our Impacts application are authorised by management prior to implementation into the live environment. 4: Controls provide reasonable assurance that Ecometrica has procedures in place to ensure that all base factors used in the compilation of reports issued using the Our Impacts application are accurate, valid and updated in a timely manner. Control Ref 4.1 Base factors are made live within the Our Impacts application when Ecometrica become aware of an updated factor, which is achieved through a proactive and continuous research process and within a maximum of 60 days of Ecometrica becoming aware of an updated factor. 6

4.2 4.3 4.4 Base factors not derived from an external source but calculated by Ecometrica internally are the subject of a review and approval process by another member of the analyst team. Base factors uploaded directly to the database (bulk uploads) are the subject of review and approval by another member of the analyst team prior to becoming live. Base factors uploaded through the Our Impacts application are the subject of review and approval by another member of the analyst team, which is enforced through an automated segregation of duties control embedded within the application that does not allow the creator of a base factor to approve it for uploading into the application database. 5: Controls provide reasonable assurance that Ecometrica has procedures in place to ensure that the mathematical calculations undertaken by the Our Impacts application are accurate and the emissions reported in each assessment can be traced back to input data and emission factor sources. Control Ref 5.1 5.2 5.4 Emissions selected for inclusion and disclosure in a client assessment are the subject of review and approval for reasonableness (internal QA process) by an Ecometrica analyst before the finalised assessment report is issued to the client. Addition and multiplication calculations carried out by the Our Impacts application are automated to ensure they cannot be manipulated or result in calculation errors. Completed assessments produced by the Our Impacts application can demonstrate the customer source data, base factor applied and source of this base factor for emission calculations disclosed in the assessment. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information