Conflict Minerals Compliance Basics: Data Assessment and Assurance

Today in our “Conflict Minerals Compliance Basics” series we are going to touch on data assessment and assurance.

To effectively highlight areas of risk and provide auditable evidence of your due diligence process, your efforts and the resulting data must first be well organized. Once data is organized it must be continuously reviewed and assessed for accuracy, plausibility, consistency, gaps and reasonableness. Key issues to consider throughout the process are supplier response rates and requests for confidentiality, missing and erroneous data, and discovery of red flags, which warrant further investigation. It is only by spending time assessing these issues will you be able to gain a realistic perspective of the potential risks associated with your supply chain.

Data Assessment and Assurance

The importance of gathering comprehensive data is critical for identifying supply chain risks and preparing for an audit. Factor in the global nature of supply chains, language barriers, political obstacles, confidentiality concerns plus the sensitive nature of the materials being traced and the complexities involved in this kind of work become clear. 

 The types of important information that will be collected include: the location of the facilities that are used in the production or storage of the products being traced, as well as a list of materials that are included in the products Meetings and telephone contacts to follow-up on missing data and questions will need to be scheduled appropriately based on time zones. 

 After successfully engaging suppliers and obtaining required data, you will also need procedures for data quality assessment. Completed templates and surveys need to be reviewed for reasonableness and missing data. Verifying responses and obtaining additional information may require several iterations of follow-up just within the first tier of your supply chain.

You should expect to spend 15 to 60 minutes of time per supplier to collect the required information. Remember, you will also likely need to follow up with suppliers on a regular basis, such as each quarter, to understand if there have been any changes in their supply chains. Though this time commitment is spread out over the course of the year, when dealing with very large supply chains it may quickly become a very significant use of human resources. 

You will also need mechanisms to track the progress of your telephone and email queries, so that you can easily determine which items are closed and which still need to be addressed. Building these tracking systems after the data collection has begun will not be as efficient as having them ready to go from day one. Furthermore, it is critical to maintain working documentation of your due diligence efforts in preparation for an audit, whether internal, external or conducted by an agency. This objective evidence should be retrievable and utilized to substantiate findings that are recorded in an audit report. 

 One area where we experience a significant need for fact checking is in identification of smelters and refiners noted in templates. We have found many times that smelters listed for a given component are in fact a different of company such as semiconductor fabricator, solder manufacture, or metal trader. In addition, the names of smelters as provided by your suppliers will vary. We have found that on average you can expect five or six different spellings of each smelter provided. Having a robust database of smelter aliases, both known smelters and known non-smelters, will expedite this process. Verifying the veracity of smelter information may thus also include multiple telephone and email communications across locations worldwide, in addition to Internet research.

Overall, complying with Section 1502 of the Dodd-Frank Act presents a significant challenge to organizations given the sheer volume of data being collected. These data require organization, analysis, and management so they may become actionable and meaningful. Actionable in the sense they may be used for SEC compliance purposes and meaningful so they paint a picture your supply chain and the potential risks that lie therein. 

If you want to learn more about data assessment and assurance go to Source Intelligence’s white paper library.