Helping to build responsible supply chains.

Are you conflicted over getting an IPSA? Five factors to consider in addition to cost.

DSC_2578This is the second in a two post series. First post here. 

Based on current SEC guidance, an Independent Private Sector Audit (IPSA) is needed if a company files a conflict minerals report and makes a “DRC Conflict Free” product declaration.  The SEC Conflict Minerals Final Rule estimated the cost of an IPSA to be on average $100K for large issuers. The estimate appears to be on the high side, by as much as two to three times actual.    If an IPSA is performed the actual amount could be argued, but in any case there would be additional cost.

The rule provides for two types of audit possibilities: 1) an attestation audit by certified public accounting firms, or 2) a performance audit by auditors other than certified public accountants. A performance audit would typically be less expensive and administratively easier, but no matter how you slice it, an IPSA requires additional cost and resource demands.

Apart from cost, there are also other matters that a business should consider when evaluating the need for an IPSA. Below are five factors that may help build the business case for an IPSA and justify the cost.

  1. Non-compliance /Brand Protection – There have been a number of evaluations done by independent organizations on the filings submitted during the first two years, for which the evaluator established “compliance” criteria. Based on these criteria, they identified a high percentage of non-compliance with the filings.  This implies non-compliance to the rule.  However, the rule was constructed and developed to allow for flexibility on how a company meets their reporting obligation. Additionally the court decision also changed how a company may disclose their product determination. While not all companies may have met legal compliance, some of the companies identified in these evaluations as non-compliant are actually in compliance with the law. They are just not in compliance with the criteria established by those organizations conducting the evaluation. If a company is concerned with being viewed as non-compliant by a non-enforcement organization, then conducting an IPSA could be used to help dispel their characterization as non-compliant, as a formal conclusion would be included in their filing. Thus protecting their brand.
  2. Rank and Spank – Periodically, NGOs and other entities are conducting independent assessments to try to increase the type and amount of information disclosed in filings or as marketing opportunities for the assessors. If a company is concerned about their rank or scoring performance in these assessments, they will fare better in the outcome by having an IPSA conducted, thus enhancing their rank and not get spanked as hard.
  3. Stronger Program – They say what gets measured gets improved. Similar to this, an IPSA would garner greater awareness within an organization as management would be more likely to follow the results of an IPSA and potentially look at improving the program. Thus an IPSA would likely lead to a stronger program as the audit firm would identify where weaknesses exist or provide insight into ways to strengthen a program.
  4. Compliance with the Rule as Written – For the purist, having an IPSA would make sure you are complying with the rule as written.
  5. End Regulatory Uncertainty. There exist a high level of uncertainty and companies are weary of the ambiguity of the SEC requirements. Having an IPSA removes some of the uncertainty and avoids a last-minute rush, should the SEC issues further guidance requiring an IPSA.  The closer to the filing deadline the higher the cost.

As stated in my last post, the SEC should issue further guidance, sooner rather than later. This guidance should either re-affirm that IPSAs are only required when a company makes a “DRC conflict-free” product description or that an IPSA is needed for any Conflict Minerals Report filed. If the SEC were to stick with the original requirement for an IPSA regardless of product description, I believe more companies would make “DRC conflict-free” declarations as it would not have any bearing on whether or not an IPSA is required. 

Conclusion – In anticipation of further SEC guidance, a company who is filing a Conflict Minerals Report should be prepared for an IPSA. Whether or not you pull the trigger on getting an IPSA will be based on the individual company business case and SEC guidance. If pursuing an IPSA, companies should seriously consider evaluating the differences/needs of an attestation audit versus a performance audit as there may be higher cost and possible additional administrative requirements for the former.  If you are conflicted over getting an IPSA, considering the five factors outlined above, the additional cost may be a worthwhile investment in your brand and your performance.