The term “conflict minerals audit” is often used to describe a wide variety of assessments that have emerged to review sourcing practices along the minerals and metals supply chain. There are audits of mining operations, mineral exporters, mineral processors, component or product manufacturers as well as of course the future audits of SEC issuers under Section 1502 of the Dodd-Frank Act. This blog provides a typology of audits to shed some light on the developments in the auditing space of conflict minerals.
Audits in the conflict minerals space can be broadly separated into three categories: legally required audits, membership audits and voluntary audits. In each category, the audit approach and objective can differ and consequently, the auditors carrying out the work can change.
Part A: legally required audits:
Ironically, the first legally required audit in the conflict minerals space is one of the latest to be carried out in practice. The Conflict Minerals Report Audit mandated by Section 1502 of the Dodd-Frank Act is a legal requirement for companies issuing reports to the U.S. Security and Exchange Commission (SEC). It follows an assurance approach that has similarities to a financial audit, albeit auditors are not required to be certified public accountants (CPAs). The Conflict Minerals Report Audit has two main objectives: 1) the verification that an issuer’s due diligence framework is designed in conformity with the criteria set forth in a nationally or internationally recognized due diligence framework (which to date is ONLY the OECD Due Diligence Guidance) and 2) whether the issuer actually performed the due diligence measures as they were described . As such, the audit is relatively “light” in that it does not verify whether the due diligence measures taken actually conform to the internationally recognized due diligence framework – it simply checks the design of the due diligence system on paper and verifies if the issuer has done what they said they would do.
The second, legally required, audits are the mine inspections and verification of exporters under the framework of the International Conference on the Great Lakes Region (ICGLR). These audits in principle apply to supply chain actors in the Member States of the ICGLR, subject to the condition that the country has implemented the ICGLR’s Regional Certification Mechanism (RCM). Currently only Rwanda and the DRC are moving towards a full implementation of the RCM. Audits under the ICGLR claim to be aligned with the OECD Due Diligence Guidance for Responsible Mineral Supply Chains from Conflict-Affected or High-Risk Areas (“OECD DDG”), thereby following the ISO certification approach. Audits are intended to provide evidence that mine sites are free of conflict and serious human rights abuse and that minerals exported from the country can be traced back to the mine of origin. Mine inspections are carried out by the respective Government agencies and the ICGLR’s Audit Committee is expected to provide guidelines on the accreditation of auditors for the assessment of exporters this year. However considering the slow progress of the RCM it might be another 2-4 years before these auditors get into the field.
Thirdly, audits under the OECD DDG can be considered legally required. The OECD DDG is currently the only internationally recognized due diligence framework referred to by the SEC, thereby making it somehow mandatory for companies to implement the guidance in order to comply with Section 1502. There are two types of audits included in the OECD DDG. The first audit is described in Step 4 of the Guidance and should be applied at “identified points in the supply chain”. Its objective is to verify that sourcing practices at these points are in conformance with the OECD DDG. The points identified are the smelter and refinery (for gold) and audits are to be carried out in accordance with ISO19011. However, the OECD itself does not propose an audit mechanism, nor does it accredit auditors. Rather, the Guidance refers to the need for institutionalized mechanisms to establish such audit schemes that conform to the guidelines set forth in Step 4. Such audit schemes include those described in Part B below, namely the CFSI, LBMA and DMCC. However, in particular for the CFSI, the program design may not yet be fully in compliance with the requirements of Step 4 of the OECD DDG. A compatibility analysis done in 2011 highlighted gaps which appear still relevant today in regards to the public disclosure of information as well as risk mitigation.
The second type of audit under the OECD DDG are the Upstream Risk Assessments which are described in more detail in the Appendix to the 3Ts Supplement of the Guidance. While strictly speaking these are risk assessments, the expectation here is to independently verify upstream actors’ conformance with the OECD DDG. As these assessments are not conducted under the framework of an institutionalized mechanism, there is more flexibility (or some may say inconsistency) in the approach followed as well as the procedure to select qualified auditors. In addition to the challenge related to auditor qualification, there is a shortage of auditors willing and able to carry out these assessments. In particular international auditors are reluctant to travel to remote areas in Central Africa on a regular basis. RCS is working on a detailed methodology and checklist for these upstream risk assessments, however input is required at the international level to ensure the results of the assessments are considered credible and can be relied upon further downstream.
Part B: Membership audits
Membership audits are those assessments which are mandatory for any participant in a given initiative or organization. These are not legally required, although companies face increasing pressure from downstream customers to join a specific organization. Membership audits include:
1) The Conflict-Free Smelter Initiative (CFSI): a program focused exclusively on tin, tantalum, tungsten and gold (3TG) processors and based on the ISO19011 Standard. Auditors are approved by the CFSI and the objective of the audit is to demonstrate that all incoming 3TG material is conflict free.
2) The London Bullion Market Association (LBMA): an association of gold refiners that used to be based on quality criteria only. Accreditation as “good delivery refiner” since 2012 includes the requirement to undergo regular audits of gold sourcing practices. The objective is to demonstrate compliance with the OECD DDG as well as conflict-free sourcing of gold. The LBMA allows for audits based on ISAE 3000 and ISO19011 Standards and is currently the only scheme offering both an assurance and certification approach for its members. Auditors are approved by the LBMA. The Dubai Multi Commodity Centre follows a similar approach for their refiners. However the DMCC audit guidance, while not excluding ISO based audits, is much more targeted towards assurance providers.
3) International Tin Research Institute (ITRI): ITRI established the in-region sourcing mechanism iTSCi, working with upstream companies to ensure the 3Ts are traceable to the mine of origin and are proven to be free of conflict and serious human rights abuses. ITSCI members are regularly audited (for mineral processors the audit may be carried out as part of the CFSI) and auditors are selected by ITRI.
Part C: Voluntary audits
Broadly speaking, voluntary audits are divided into two types: 1) Audits commissioned directly by the company wishing to demonstrate responsible 3TG sourcing practices. Depending on their operations, companies may use the World Gold Council’s Conflict-Free Gold Standard, the RJC’s Chain of Custody Standard or directly the OECD DDG. 2) Audits required by the company’s customer, comparable to Code of Conduct audits for social and environmental issues. This includes for example Signet’s Responsible Sourcing Protocol that is currently being applied to all Signet suppliers as well as other, company-specific, verifications of supplier’s sourcing practices. Another example, still in the jewellery sector, is the Jewelers Vigilance Committee’s (JVC) recent guide to conflict minerals, which recommends for companies to conduct supplier audits.
Voluntary audits differ in their approach and objectives depending on the individual company.
As this extensive list shows, the auditing business around conflict minerals compliance has grown tremendously in the past three years. While there are more and more qualified and experienced auditors available, auditor capacity remains a challenge in assuring these audits are carried out consistently and results can be relied upon with confidence. In addition, a lot of progress has been made in cross-recognizing audit results among different institutional mechanism, however there is certainly a need to further harmonize efforts and avoid the duplication of efforts. A first step towards this goal would be to raise awareness on the commonalities and differences among the audit mechanisms so as to create a better understanding of where there are overlaps.
Going forward, independent verification of practices along the mineral and metal supply chain will remain crucial to maintain the credibility of certification and approval mechanisms. This is particularly true for upstream and midstream operations where actors have the ability to exercise more direct influence over conditions at the mine site of origin. In the downstream part of the supply chains, verification is likely to be less concerned with mineral sourcing conditions and more focused on ensuring supplier claims are accurate and truthful. Consequently, there is significant potential to incorporate conflict minerals audits at component or product manufacturers into existing social, environmental or quality inspections and thus reduce the burden on auditees.
 AICPA Conflict Minerals Reports Q&A, January 2014
 ICLGR Member States are the DRC, its 9 adjoining countries, Sudan and Kenya.
 OECD Due Diligence Guidance for Responsible Mineral Supply Chains from Conflict-Affected or High-Risk Areas, Step 4, p.19