SlideShare a Scribd company logo
1 of 45
How to Audit Non-Financial
Information
Guidelines of IIA Spain
Nicolas Jerkovic
Chaiman Sustainability Committee
IIA Buenos Aires @InstitutoIAIA @NicolasJerkovic
Hernan Huwyler
Member of the Non-Financial Information Committee
IIA Madrid @AuditorInterno @hewyler
Buenos Aires, August 10th 2018
[2]
Non-Financial Information
Environmental,
social and
governance
Sustainability
Diverse
sources,
purposes,
measurement
units and
reports
Non based on
accounting
standards
Generally non-
regulated but…
Global Reporting
Initiative
Sustainability
Accounting Standards
[3]
Apple
Annual
Report
Financial
information
[4]
Shell
Annual
Report
Financial
information
[5]
Shell
Annual
Report
Financial
information
[6]
Shell
Annual
Report
Examples of
non-financial
information
[7]
Shell
Annual
Report
Examples of
non-financial
information
[8]
Shell
Annual
Report
Examples of
non-financial
information
[9]
[10]
Why Relevant?
1975
S&P 500 Market Value
Today
Tangibles
Intangibles
Financial information
Audited annual statements
Non financial information
Reputation
Market differentiation
Credibility
Information gap
[11]
Why Relevant?
COSO 2013
NFI should have the same
rigor than NF
Non financial information
Complies with external
methodologies
Considers a required precision
level
Financial
+ Non
financial
[12]
Knowledge Factory
IIA Spain
Issue
Scope
Key IIA
members
Commission
Papers,
studies and
articles
Structure
Chairperson
Study groups
Peer review
Compilation
IIA Spain
Formatting
Approval
Diffusion
[13]
Internal Audit and the
Non-financial
Information
Auditores Internos de España
[14]
Non-Financial Information
Directive
2014/95/EU
non-financial
statements in
annual
reports
listed companies + FSI > staff 500
environmental, social and employee matters, respect
for human rights, anti-corruption and bribery
matters, board diversity
UN Global Compact, OECD guidelines, ISO 26000,
Global Reporting Initiative
no requirement regarding external audit's role in
respect of non-financial information
[15]
Non-Financial Information
Directive
2014/95/EU Contents
•Business model
•Policies, controls
•Outcomes
•Key risks
•KPIs
•Diversity
•Humanrights
•Staff
•Corruption
•Social
•Environmental
Topics
[16]
Non-Financial Information
Fragmented Past and
future
oriented
Immature
standards
Lacking
internal
policies
Assurance maps
Combined
assurance
Data integrity
audits
Link to non-
financial risks
Training for skills
gaps
Outsourcing
High-quality
assurance
Compliance effort
Traceability
[17]
Internal audit is uniquely situated within an organization to
provide insight on and support the implementation of
integrated reporting.
Internal audit:
• is familiar with process implementation in the organization
• can affect consistency of communication of metrics across
business units
• provides assurance to increase the credibility of metrics in the
non-financial report
• offers insight on potential risks to the organization
has a «seat at the table» from which it can influence the
adoption of Non-Financial Reporting to improve and strengthen
communications with internal and external stakeholders
Internal Audit Value Proposition
[18]
How to audit NFI?
Integrated
approach
based on
misreporting
risks
Materiality
External
reporting
Approvals
within 1st and
2nd lines of
defense
Confirmation
with 3Ps
Standards
ISO and
national
legislation
Clear
quantification
procedures
Validations
of data
collection and
KPIs
SMEs
Estimations!
[19]
How to audit NFI?
Audits on NFI
Assurance on
CSR reporting
Protection of
reputation
Scope
Internal and
external
reports
Regulated or
not
Roles
Auditing
Consultancy to
management
(Monitoring of GRC
projects)
Hot topics
How to audit
risks, business
plans and
compliance
NFI traceability
[20]
How to audit NFI?
Analytical
reviews
consistency
Benchmarking
industry
standards
Disclosure
explanatory
notes
Reasonability
physical or
chemical
relationships
correlations
[21]
How to audit NFI?
Governance
1 LoD
Set targets, collect and validate NF data,
calculate KPI
• Technical dept, operational reporting
2 LoD
Define reporting template and process
• Compliance, HSEQ, InfoSec, HR, CSR
3 LoD Reassurance that controls address NFI risks
[22]
How to audit NFI?
Standards
ISAE
3000
Assurance over non-financial information
• Internal control, sustainability and
compliance audits
• 3420 future FI, 3402 service organizations
ISAE
3410
Assurance engagements on greenhouse gas
• GHG statement is free from material
misstatement due to fraud or error
[23]
Tool SASB Five-Factor Test
What ESG data is important?
Direct
financial
impact
and risks
Legal and
complian
ce requie-
ments
Compe-
titive
driver
Stakeholder
concern
and social
trends
Opportu-
nity for
innova-
tion
Total
score
Eviro-
mental
GHG emisions 10 10 7 7 7 41
Air quality 5 7 5 5 5 27
Water management 8 6 7 5 10 36
Social Human rights 4 8 6 9 4 31
Community relations 3 5 5 10 2 25
Gover-
nance
Ethics 5 9 5 8 1 28
HSEQ 5 8 6 7 3 29
Risk management 10 9 8 7 7 41
Signed off by finance, EHSQ, legal, compliance, risk, investor relations, HR and IA
[24]
Tool Materialy Matrix
Importanceto
stakeholders
Impact on the organization
HighLow
High
CriticalResponsible
Not pertinent Strategic
Ethics
GHG
Air
Quality
Risks
HSEQ
Human
rights
Community
• Consultation to
stakeholders
• Media review
• Benchmarking
of ESG reports
• Industry reports
on trends and
issues
• Sustainability
risks
HR
Tax
+assurance
[25]
Case Study Carbon Audit
Primary data sources
Field Operation
Managers
Yield of soybean
> metric tons
per hectare,
equipment
runtime
Fleet Operations
Manager
Gasoline and
diesel fuel
consumed
> gallons
Cost Accounting
Analyst
Utility bills for
drying and
storage
> kW, gas cubic
feet
Fertilizers and
pesticides
> lbs
[26]
Case Study Carbon Audit
GHG quantification
Master data
•Plantations
•Facilities
•Fleet vehicles
•Equipment
•Land use change
Sustainability Reporting Manager
Voluntary
disclosure
reporting
GHG emissions of
soybean production
> kg CE/ton soybean
(CO2, N2O, CH4)
Standard
ISO 14064 standards
for greenhouse gas
accounting and
verification
Emissions
management software
+ Excel spreadsheets
[27]
Case Study Carbon Audit
1. Determine the scope and plan for the engagement
Reasonable assurance (high), voluntary reporting last 3 years, external annual report
(claims made, policies outlined and data published), company website and internal reports
on energy savings
2. Identify key risks
Discussions with the Sustainability Reporting Manager and the Cost Accounting Analyst
about scenarios (with current controls): system outage, activity data missing, improper
cut-off, data input errors, omitted plantations and equipment, inaccurate quantification
methodology, incorrect estimates
3. Determine the appropriate test approach
Synergies with financial audits of energy and gas invoices
4. Complete the engagement and document findings
[28]
Internal Audit Work Program
Accuracy
Data reflects the
reality
Conformance with
standards in
precision or detail
Verify that
•the primary data sources are accurate (clear internal data
questionnaires, measurement units and periods, certified
information reported by 3Ps)
•the secondary data sources are credible (databases from
recognized international organizations, government and
industry bodies)
•internal validations are done by independent and
competent personnel before submission (analytical reviews,
end-to-end recons, data checking, site visits,
reconfirmations)
[29]
Internal Audit Work Program
Accuracy
Data reflects the
reality
Conformance with
standards in
precision or detail
Verify that
•external assurance is obtained for nonfinancial reporting
•input data is compared to the applicable performance limits
•data based on estimations are clearly identified and
reviewed
Recalculate aggregation and conversion of NFI
Review conformance against standards
Sample testing against supporting documentation
[30]
Internal Audit Work Program
Consistency
Data is comparable
in two or more
representations
All systems reflects
the same
information
Verify that
•the policy for non-financial reporting is based on long-term
strategies and goals (e.g. differentiation, sustainability,
carbon reduction objectives, safety, compliance)
•the procedures for calculation of non-financial information
are based on specific and authoritative standards with
common definitions (e.g. ISO 14064 for carbon footprint,
updated procedures)
•the presentation of non-financial information is fair and
consistent from period to period (e.g. methodological
changes)
•KPIs variations against previous periods are investigated
[31]
Internal Audit Work Program
Completeness
Full coverage or
occurrence of
required data (not
for optional data)
Data can be traced
Verify that
•there are integrity checks of all operational data under
scope based on identified misreporting risks (control with
inventory of sites, no double-counting controls)
•data is managed with a reliable tool supporting the
collection, aggregation and reporting
•records of all relevant data, work papers and corrections
are retained
•supporting documentation is stored safely and is easily
accessible by relevant employees
Re-perform integrity controls (all periods, all sites)
[32]
Internal Audit Work Program
Relevance
Data is applicable
and helpful for the
objectives
Verify that
•there is a materiality assessment for reporting NFI to
internal and external shareholders
•compliance requirements are considered for external
disclosing (e.g. carbon accounting reporting, climate change
and carbon reporting, regulatory reporting to environmental
agencies)
•transparency meets key external stakeholder expectations
•stakeholders are aware of internal controls in place
regarding non-financial data
[33]
Internal Audit Work Program
Timeliness
Data is up to date
when decisions are
made
Verify that
•there are clear reporting timelines (communicated,
monitored, detailed allocation of tasks and due dates)
•NFI is reported on regular basis in compliance with
reporting requirements
[34]
Case Study Carbon Audit
Illustrative internal audit recommendations
Absence of a carbon reporting procedure
The procedure to collect, validate, control, calculate and report carbon emission is not
formalized. As a result, the disclosing of GHG emissions of soybean production in the
annual reports could contain unreliable information. In 2017, the spreadsheets for GHG
emission modeling lacked of consistent integrity controls and had discrepancies in the
electricity invoice dates for October and November. The Sustainability Reporting Manager
explained that spreadsheets containing formulas for GHG emissions were being improved
at that time. We recommend to define roles and responsibilities (RACI) based on the ISO
14064 and to establish an internal procedure with clear instructions.
[35]
Case Study Carbon Audit
Illustrative internal audit recommendations
Unreconciled supporting data
The GHG emission data included in the 2017 annual report is not reconciled to supporting
data. As a result, the disclosed data could have gaps in own-use electricity and gas and
omissions in soy plantation aggregates. In April 2017, the consumptions of natural gas
used in the grain dryers in Roque Perez and Murphy were omitted. In May 2017, the gas
consumption for Roque Perez showed a discrepancy in -1,000 cubic feet. The Cost
Controlling Analyst explained that the Field Operation Managers for these farms resigned
at that time and he was performing numerous other tasks which impacted in the controls.
We recommend to embed integrity controls against the plantation site master file in the
emissions management software.
[36]
Case Study Carbon Audit
Illustrative internal audit recommendations
Absence of retrospective adjustments
Changes in the methodology of calculating GHG emissions lacked of a retrospective
adjustments to past emissions data, including the 2014 baseline (base-year GHG
inventory). As a result, the disclosed GHG emissions of soybean production in the annual
reports could contain incomparable information. In 2017, key equivalencies and metrics
for GHG were adjusted in -5% to reflect sector-specific and country-specific
considerations. The Sustainability Reporting Manager confirmed that the 2014 baseline
was not updated with the new quantification methodology. We recommend to recalculate
the previously reported emissions and disclose the changes in the methodology.
[37]
Discussion how to audit?
People KPIs 2015 2016 2017
Average engagement score me@Company
survey
n/a 7.0 7.0
Employee attrition 4.2% 3.9% 4.4%
Attrition rate of high performers 1.7% 1.7% 1.8%
Promotion rate of high performers n/a 35% 37%
Promotion rate - overall n/a 12% 13%
% of people performance management
process completion
98% 98% 98%
% of development action plan completion 91% 92% 89%
[38]
Discussion how to audit?
Social KPIs 2015 2016 2017
Patients reached with diabetes care products
(estimate in millions)
26.8 28 27.7
Donations (DKK million) 105 106 103
New patent families (first filings) 77 74 65
Gender in management (ratio men:women) 60:40 59:41 60:40
Relevant employees trained in business
ethics
98% 99% 99%
Product recalls 2 6 6
Failed inspections 0 0 0
[39]
Non-Financial
Reporting:Building trust
with internal audit
European Confederation of
Institutes of Internal Auditing
[40]
The role of internal
audit in non-financial
and integrated
reporting
Chareted Institute of Internal
Auditors
[41]
The External Assurance
of Sustainability
Reporting
Global Reporting Initiative
[42]
Implementation Guide
for Companies
Sustainability Accounting
Standards Board
[43]
ISAE 3000 Standard for
Assurance over Non-
financial Information
International Federation of
Accountants
[44]
AA1000 Assurance
Standard
First sustainability
assurance standard
AccountAbility
[45]
Share your Success
Instituto de Auditores Internos de
Argentina
https://iaia.org.ar/
@institutoiaia

More Related Content

What's hot

Theory of working capital
Theory of working capitalTheory of working capital
Theory of working capital
jpbbk
 
Audit of cooperative society
Audit of cooperative societyAudit of cooperative society
Audit of cooperative society
RS P
 
99700905 cost-of-capital-solved-problems
99700905 cost-of-capital-solved-problems99700905 cost-of-capital-solved-problems
99700905 cost-of-capital-solved-problems
varsha nihanth lade
 
2. bond valuation_and_interest_rates
2. bond valuation_and_interest_rates2. bond valuation_and_interest_rates
2. bond valuation_and_interest_rates
Ezgi Kurt
 

What's hot (20)

MBA Finance Project Topics
MBA Finance Project TopicsMBA Finance Project Topics
MBA Finance Project Topics
 
Reliance industries working capital project
Reliance industries working capital projectReliance industries working capital project
Reliance industries working capital project
 
Investment decision
Investment decisionInvestment decision
Investment decision
 
Management of Receivables
Management of ReceivablesManagement of Receivables
Management of Receivables
 
Financial Modeling
Financial ModelingFinancial Modeling
Financial Modeling
 
Accounting annual report
Accounting annual report Accounting annual report
Accounting annual report
 
Accounts Receivable Management
Accounts Receivable ManagementAccounts Receivable Management
Accounts Receivable Management
 
Corporate valuation
Corporate valuation Corporate valuation
Corporate valuation
 
REPORT ON SUMMER TRAINING A FINANCIAL STATEMENT ANALYSIS AND INTERPRETATION...
 REPORT ON SUMMER TRAINING  A FINANCIAL STATEMENT ANALYSIS AND INTERPRETATION... REPORT ON SUMMER TRAINING  A FINANCIAL STATEMENT ANALYSIS AND INTERPRETATION...
REPORT ON SUMMER TRAINING A FINANCIAL STATEMENT ANALYSIS AND INTERPRETATION...
 
Measuring organizational performance
Measuring organizational performanceMeasuring organizational performance
Measuring organizational performance
 
Ranjith j gowda's STUDY ON FINANCIAL PERFORMANCE(Ratio) OF VIJAYA BANK * Ranj...
Ranjith j gowda's STUDY ON FINANCIAL PERFORMANCE(Ratio) OF VIJAYA BANK * Ranj...Ranjith j gowda's STUDY ON FINANCIAL PERFORMANCE(Ratio) OF VIJAYA BANK * Ranj...
Ranjith j gowda's STUDY ON FINANCIAL PERFORMANCE(Ratio) OF VIJAYA BANK * Ranj...
 
Theory of working capital
Theory of working capitalTheory of working capital
Theory of working capital
 
Audit of cooperative society
Audit of cooperative societyAudit of cooperative society
Audit of cooperative society
 
Governing body of ifrs
Governing body of ifrsGoverning body of ifrs
Governing body of ifrs
 
Accounts- Trend Analysis
Accounts- Trend AnalysisAccounts- Trend Analysis
Accounts- Trend Analysis
 
99700905 cost-of-capital-solved-problems
99700905 cost-of-capital-solved-problems99700905 cost-of-capital-solved-problems
99700905 cost-of-capital-solved-problems
 
Capital budgeting
Capital budgetingCapital budgeting
Capital budgeting
 
Ind as 115
Ind as 115Ind as 115
Ind as 115
 
Financial Reporting Quality and Investment Efficiency
Financial Reporting Quality and Investment EfficiencyFinancial Reporting Quality and Investment Efficiency
Financial Reporting Quality and Investment Efficiency
 
2. bond valuation_and_interest_rates
2. bond valuation_and_interest_rates2. bond valuation_and_interest_rates
2. bond valuation_and_interest_rates
 

Similar to How to Audit Non Financial Information

2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector
Nikhat Rasheed
 

Similar to How to Audit Non Financial Information (20)

Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptx
 
Slideshareersion strategic report regulations guidance for companies and inv...
Slideshareersion strategic report regulations  guidance for companies and inv...Slideshareersion strategic report regulations  guidance for companies and inv...
Slideshareersion strategic report regulations guidance for companies and inv...
 
7 M&E: Indicators
7 M&E: Indicators7 M&E: Indicators
7 M&E: Indicators
 
SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptx
 
JohanCVJuly2015
JohanCVJuly2015JohanCVJuly2015
JohanCVJuly2015
 
Technical Audit
Technical  AuditTechnical  Audit
Technical Audit
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
Presentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - English
Presentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - EnglishPresentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - English
Presentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - English
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Intro to ISO
Intro to ISOIntro to ISO
Intro to ISO
 
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
IFPRI - Results and Impact Management System (RIMS)
IFPRI - Results and Impact Management System (RIMS)IFPRI - Results and Impact Management System (RIMS)
IFPRI - Results and Impact Management System (RIMS)
 
2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector
 
M&e services
M&e servicesM&e services
M&e services
 
Measuring and Improving MP1.ppt
Measuring and Improving MP1.pptMeasuring and Improving MP1.ppt
Measuring and Improving MP1.ppt
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 

More from Hernan Huwyler, MBA CPA

Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdfProf. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Hernan Huwyler, MBA CPA
 
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Hernan Huwyler, MBA CPA
 
Model to Quantify Compliance Risks.pdf
Model to Quantify Compliance Risks.pdfModel to Quantify Compliance Risks.pdf
Model to Quantify Compliance Risks.pdf
Hernan Huwyler, MBA CPA
 
Profesor Hernan Huwyler MBA CPA - Operacional Compliance
Profesor Hernan Huwyler MBA CPA - Operacional ComplianceProfesor Hernan Huwyler MBA CPA - Operacional Compliance
Profesor Hernan Huwyler MBA CPA - Operacional Compliance
Hernan Huwyler, MBA CPA
 
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023 Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler, MBA CPA
 

More from Hernan Huwyler, MBA CPA (20)

Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdfProf. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
 
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
 
Model to Quantify Compliance Risks.pdf
Model to Quantify Compliance Risks.pdfModel to Quantify Compliance Risks.pdf
Model to Quantify Compliance Risks.pdf
 
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
Prof Hernan Huwyler MBA CPA - Ditch your Heat MapsProf Hernan Huwyler MBA CPA - Ditch your Heat Maps
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
 
Profesor Hernan Huwyler MBA CPA - Operacional Compliance
Profesor Hernan Huwyler MBA CPA - Operacional ComplianceProfesor Hernan Huwyler MBA CPA - Operacional Compliance
Profesor Hernan Huwyler MBA CPA - Operacional Compliance
 
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023 Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
 
The Behavioral Science of Compliance CUMPLEN.pdf
The Behavioral Science of Compliance CUMPLEN.pdfThe Behavioral Science of Compliance CUMPLEN.pdf
The Behavioral Science of Compliance CUMPLEN.pdf
 
R is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using RR is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using R
 
Compliance and the russian invasion - Prof Hernan Huwyler
Compliance and the russian invasion - Prof Hernan HuwylerCompliance and the russian invasion - Prof Hernan Huwyler
Compliance and the russian invasion - Prof Hernan Huwyler
 
DPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy RisksDPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy Risks
 
Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
Master in Sustainability Leadership Sustainability Risks Prof Hernan HuwylerMaster in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
 
Cyber Laundering and the AML Directives
Cyber Laundering and the AML DirectivesCyber Laundering and the AML Directives
Cyber Laundering and the AML Directives
 
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
 
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
 
Qa Financials - 10 Smart Controls for Software Development
Qa Financials  - 10 Smart Controls for Software DevelopmentQa Financials  - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software Development
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
 
IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento
IE Curso  ISO 37301 Aseguramiento de Controles de Cumplimiento IE Curso  ISO 37301 Aseguramiento de Controles de Cumplimiento
IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 

Recently uploaded

Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
dlhescort
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 

Recently uploaded (20)

Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60%  in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60%  in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
Phases of Negotiation .pptx
 Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 

How to Audit Non Financial Information

  • 1. How to Audit Non-Financial Information Guidelines of IIA Spain Nicolas Jerkovic Chaiman Sustainability Committee IIA Buenos Aires @InstitutoIAIA @NicolasJerkovic Hernan Huwyler Member of the Non-Financial Information Committee IIA Madrid @AuditorInterno @hewyler Buenos Aires, August 10th 2018
  • 2. [2] Non-Financial Information Environmental, social and governance Sustainability Diverse sources, purposes, measurement units and reports Non based on accounting standards Generally non- regulated but… Global Reporting Initiative Sustainability Accounting Standards
  • 9. [9]
  • 10. [10] Why Relevant? 1975 S&P 500 Market Value Today Tangibles Intangibles Financial information Audited annual statements Non financial information Reputation Market differentiation Credibility Information gap
  • 11. [11] Why Relevant? COSO 2013 NFI should have the same rigor than NF Non financial information Complies with external methodologies Considers a required precision level Financial + Non financial
  • 12. [12] Knowledge Factory IIA Spain Issue Scope Key IIA members Commission Papers, studies and articles Structure Chairperson Study groups Peer review Compilation IIA Spain Formatting Approval Diffusion
  • 13. [13] Internal Audit and the Non-financial Information Auditores Internos de España
  • 14. [14] Non-Financial Information Directive 2014/95/EU non-financial statements in annual reports listed companies + FSI > staff 500 environmental, social and employee matters, respect for human rights, anti-corruption and bribery matters, board diversity UN Global Compact, OECD guidelines, ISO 26000, Global Reporting Initiative no requirement regarding external audit's role in respect of non-financial information
  • 15. [15] Non-Financial Information Directive 2014/95/EU Contents •Business model •Policies, controls •Outcomes •Key risks •KPIs •Diversity •Humanrights •Staff •Corruption •Social •Environmental Topics
  • 16. [16] Non-Financial Information Fragmented Past and future oriented Immature standards Lacking internal policies Assurance maps Combined assurance Data integrity audits Link to non- financial risks Training for skills gaps Outsourcing High-quality assurance Compliance effort Traceability
  • 17. [17] Internal audit is uniquely situated within an organization to provide insight on and support the implementation of integrated reporting. Internal audit: • is familiar with process implementation in the organization • can affect consistency of communication of metrics across business units • provides assurance to increase the credibility of metrics in the non-financial report • offers insight on potential risks to the organization has a «seat at the table» from which it can influence the adoption of Non-Financial Reporting to improve and strengthen communications with internal and external stakeholders Internal Audit Value Proposition
  • 18. [18] How to audit NFI? Integrated approach based on misreporting risks Materiality External reporting Approvals within 1st and 2nd lines of defense Confirmation with 3Ps Standards ISO and national legislation Clear quantification procedures Validations of data collection and KPIs SMEs Estimations!
  • 19. [19] How to audit NFI? Audits on NFI Assurance on CSR reporting Protection of reputation Scope Internal and external reports Regulated or not Roles Auditing Consultancy to management (Monitoring of GRC projects) Hot topics How to audit risks, business plans and compliance NFI traceability
  • 20. [20] How to audit NFI? Analytical reviews consistency Benchmarking industry standards Disclosure explanatory notes Reasonability physical or chemical relationships correlations
  • 21. [21] How to audit NFI? Governance 1 LoD Set targets, collect and validate NF data, calculate KPI • Technical dept, operational reporting 2 LoD Define reporting template and process • Compliance, HSEQ, InfoSec, HR, CSR 3 LoD Reassurance that controls address NFI risks
  • 22. [22] How to audit NFI? Standards ISAE 3000 Assurance over non-financial information • Internal control, sustainability and compliance audits • 3420 future FI, 3402 service organizations ISAE 3410 Assurance engagements on greenhouse gas • GHG statement is free from material misstatement due to fraud or error
  • 23. [23] Tool SASB Five-Factor Test What ESG data is important? Direct financial impact and risks Legal and complian ce requie- ments Compe- titive driver Stakeholder concern and social trends Opportu- nity for innova- tion Total score Eviro- mental GHG emisions 10 10 7 7 7 41 Air quality 5 7 5 5 5 27 Water management 8 6 7 5 10 36 Social Human rights 4 8 6 9 4 31 Community relations 3 5 5 10 2 25 Gover- nance Ethics 5 9 5 8 1 28 HSEQ 5 8 6 7 3 29 Risk management 10 9 8 7 7 41 Signed off by finance, EHSQ, legal, compliance, risk, investor relations, HR and IA
  • 24. [24] Tool Materialy Matrix Importanceto stakeholders Impact on the organization HighLow High CriticalResponsible Not pertinent Strategic Ethics GHG Air Quality Risks HSEQ Human rights Community • Consultation to stakeholders • Media review • Benchmarking of ESG reports • Industry reports on trends and issues • Sustainability risks HR Tax +assurance
  • 25. [25] Case Study Carbon Audit Primary data sources Field Operation Managers Yield of soybean > metric tons per hectare, equipment runtime Fleet Operations Manager Gasoline and diesel fuel consumed > gallons Cost Accounting Analyst Utility bills for drying and storage > kW, gas cubic feet Fertilizers and pesticides > lbs
  • 26. [26] Case Study Carbon Audit GHG quantification Master data •Plantations •Facilities •Fleet vehicles •Equipment •Land use change Sustainability Reporting Manager Voluntary disclosure reporting GHG emissions of soybean production > kg CE/ton soybean (CO2, N2O, CH4) Standard ISO 14064 standards for greenhouse gas accounting and verification Emissions management software + Excel spreadsheets
  • 27. [27] Case Study Carbon Audit 1. Determine the scope and plan for the engagement Reasonable assurance (high), voluntary reporting last 3 years, external annual report (claims made, policies outlined and data published), company website and internal reports on energy savings 2. Identify key risks Discussions with the Sustainability Reporting Manager and the Cost Accounting Analyst about scenarios (with current controls): system outage, activity data missing, improper cut-off, data input errors, omitted plantations and equipment, inaccurate quantification methodology, incorrect estimates 3. Determine the appropriate test approach Synergies with financial audits of energy and gas invoices 4. Complete the engagement and document findings
  • 28. [28] Internal Audit Work Program Accuracy Data reflects the reality Conformance with standards in precision or detail Verify that •the primary data sources are accurate (clear internal data questionnaires, measurement units and periods, certified information reported by 3Ps) •the secondary data sources are credible (databases from recognized international organizations, government and industry bodies) •internal validations are done by independent and competent personnel before submission (analytical reviews, end-to-end recons, data checking, site visits, reconfirmations)
  • 29. [29] Internal Audit Work Program Accuracy Data reflects the reality Conformance with standards in precision or detail Verify that •external assurance is obtained for nonfinancial reporting •input data is compared to the applicable performance limits •data based on estimations are clearly identified and reviewed Recalculate aggregation and conversion of NFI Review conformance against standards Sample testing against supporting documentation
  • 30. [30] Internal Audit Work Program Consistency Data is comparable in two or more representations All systems reflects the same information Verify that •the policy for non-financial reporting is based on long-term strategies and goals (e.g. differentiation, sustainability, carbon reduction objectives, safety, compliance) •the procedures for calculation of non-financial information are based on specific and authoritative standards with common definitions (e.g. ISO 14064 for carbon footprint, updated procedures) •the presentation of non-financial information is fair and consistent from period to period (e.g. methodological changes) •KPIs variations against previous periods are investigated
  • 31. [31] Internal Audit Work Program Completeness Full coverage or occurrence of required data (not for optional data) Data can be traced Verify that •there are integrity checks of all operational data under scope based on identified misreporting risks (control with inventory of sites, no double-counting controls) •data is managed with a reliable tool supporting the collection, aggregation and reporting •records of all relevant data, work papers and corrections are retained •supporting documentation is stored safely and is easily accessible by relevant employees Re-perform integrity controls (all periods, all sites)
  • 32. [32] Internal Audit Work Program Relevance Data is applicable and helpful for the objectives Verify that •there is a materiality assessment for reporting NFI to internal and external shareholders •compliance requirements are considered for external disclosing (e.g. carbon accounting reporting, climate change and carbon reporting, regulatory reporting to environmental agencies) •transparency meets key external stakeholder expectations •stakeholders are aware of internal controls in place regarding non-financial data
  • 33. [33] Internal Audit Work Program Timeliness Data is up to date when decisions are made Verify that •there are clear reporting timelines (communicated, monitored, detailed allocation of tasks and due dates) •NFI is reported on regular basis in compliance with reporting requirements
  • 34. [34] Case Study Carbon Audit Illustrative internal audit recommendations Absence of a carbon reporting procedure The procedure to collect, validate, control, calculate and report carbon emission is not formalized. As a result, the disclosing of GHG emissions of soybean production in the annual reports could contain unreliable information. In 2017, the spreadsheets for GHG emission modeling lacked of consistent integrity controls and had discrepancies in the electricity invoice dates for October and November. The Sustainability Reporting Manager explained that spreadsheets containing formulas for GHG emissions were being improved at that time. We recommend to define roles and responsibilities (RACI) based on the ISO 14064 and to establish an internal procedure with clear instructions.
  • 35. [35] Case Study Carbon Audit Illustrative internal audit recommendations Unreconciled supporting data The GHG emission data included in the 2017 annual report is not reconciled to supporting data. As a result, the disclosed data could have gaps in own-use electricity and gas and omissions in soy plantation aggregates. In April 2017, the consumptions of natural gas used in the grain dryers in Roque Perez and Murphy were omitted. In May 2017, the gas consumption for Roque Perez showed a discrepancy in -1,000 cubic feet. The Cost Controlling Analyst explained that the Field Operation Managers for these farms resigned at that time and he was performing numerous other tasks which impacted in the controls. We recommend to embed integrity controls against the plantation site master file in the emissions management software.
  • 36. [36] Case Study Carbon Audit Illustrative internal audit recommendations Absence of retrospective adjustments Changes in the methodology of calculating GHG emissions lacked of a retrospective adjustments to past emissions data, including the 2014 baseline (base-year GHG inventory). As a result, the disclosed GHG emissions of soybean production in the annual reports could contain incomparable information. In 2017, key equivalencies and metrics for GHG were adjusted in -5% to reflect sector-specific and country-specific considerations. The Sustainability Reporting Manager confirmed that the 2014 baseline was not updated with the new quantification methodology. We recommend to recalculate the previously reported emissions and disclose the changes in the methodology.
  • 37. [37] Discussion how to audit? People KPIs 2015 2016 2017 Average engagement score me@Company survey n/a 7.0 7.0 Employee attrition 4.2% 3.9% 4.4% Attrition rate of high performers 1.7% 1.7% 1.8% Promotion rate of high performers n/a 35% 37% Promotion rate - overall n/a 12% 13% % of people performance management process completion 98% 98% 98% % of development action plan completion 91% 92% 89%
  • 38. [38] Discussion how to audit? Social KPIs 2015 2016 2017 Patients reached with diabetes care products (estimate in millions) 26.8 28 27.7 Donations (DKK million) 105 106 103 New patent families (first filings) 77 74 65 Gender in management (ratio men:women) 60:40 59:41 60:40 Relevant employees trained in business ethics 98% 99% 99% Product recalls 2 6 6 Failed inspections 0 0 0
  • 39. [39] Non-Financial Reporting:Building trust with internal audit European Confederation of Institutes of Internal Auditing
  • 40. [40] The role of internal audit in non-financial and integrated reporting Chareted Institute of Internal Auditors
  • 41. [41] The External Assurance of Sustainability Reporting Global Reporting Initiative
  • 43. [43] ISAE 3000 Standard for Assurance over Non- financial Information International Federation of Accountants
  • 45. [45] Share your Success Instituto de Auditores Internos de Argentina https://iaia.org.ar/ @institutoiaia