SlideShare a Scribd company logo
1 of 45
How to Audit Non-Financial
Information
Guidelines of IIA Spain
Nicolas Jerkovic
Chaiman Sustainability Committee
IIA Buenos Aires @InstitutoIAIA @NicolasJerkovic
Hernan Huwyler
Member of the Non-Financial Information Committee
IIA Madrid @AuditorInterno @hewyler
Buenos Aires, August 10th 2018
[2]
Non-Financial Information
Environmental,
social and
governance
Sustainability
Diverse
sources,
purposes,
measurement
units and
reports
Non based on
accounting
standards
Generally non-
regulated but…
Global Reporting
Initiative
Sustainability
Accounting Standards
[3]
Apple
Annual
Report
Financial
information
[4]
Shell
Annual
Report
Financial
information
[5]
Shell
Annual
Report
Financial
information
[6]
Shell
Annual
Report
Examples of
non-financial
information
[7]
Shell
Annual
Report
Examples of
non-financial
information
[8]
Shell
Annual
Report
Examples of
non-financial
information
[9]
[10]
Why Relevant?
1975
S&P 500 Market Value
Today
Tangibles
Intangibles
Financial information
Audited annual statements
Non financial information
Reputation
Market differentiation
Credibility
Information gap
[11]
Why Relevant?
COSO 2013
NFI should have the same
rigor than NF
Non financial information
Complies with external
methodologies
Considers a required precision
level
Financial
+ Non
financial
[12]
Knowledge Factory
IIA Spain
Issue
Scope
Key IIA
members
Commission
Papers,
studies and
articles
Structure
Chairperson
Study groups
Peer review
Compilation
IIA Spain
Formatting
Approval
Diffusion
[13]
Internal Audit and the
Non-financial
Information
Auditores Internos de España
[14]
Non-Financial Information
Directive
2014/95/EU
non-financial
statements in
annual
reports
listed companies + FSI > staff 500
environmental, social and employee matters, respect
for human rights, anti-corruption and bribery
matters, board diversity
UN Global Compact, OECD guidelines, ISO 26000,
Global Reporting Initiative
no requirement regarding external audit's role in
respect of non-financial information
[15]
Non-Financial Information
Directive
2014/95/EU Contents
•Business model
•Policies, controls
•Outcomes
•Key risks
•KPIs
•Diversity
•Humanrights
•Staff
•Corruption
•Social
•Environmental
Topics
[16]
Non-Financial Information
Fragmented Past and
future
oriented
Immature
standards
Lacking
internal
policies
Assurance maps
Combined
assurance
Data integrity
audits
Link to non-
financial risks
Training for skills
gaps
Outsourcing
High-quality
assurance
Compliance effort
Traceability
[17]
Internal audit is uniquely situated within an organization to
provide insight on and support the implementation of
integrated reporting.
Internal audit:
• is familiar with process implementation in the organization
• can affect consistency of communication of metrics across
business units
• provides assurance to increase the credibility of metrics in the
non-financial report
• offers insight on potential risks to the organization
has a «seat at the table» from which it can influence the
adoption of Non-Financial Reporting to improve and strengthen
communications with internal and external stakeholders
Internal Audit Value Proposition
[18]
How to audit NFI?
Integrated
approach
based on
misreporting
risks
Materiality
External
reporting
Approvals
within 1st and
2nd lines of
defense
Confirmation
with 3Ps
Standards
ISO and
national
legislation
Clear
quantification
procedures
Validations
of data
collection and
KPIs
SMEs
Estimations!
[19]
How to audit NFI?
Audits on NFI
Assurance on
CSR reporting
Protection of
reputation
Scope
Internal and
external
reports
Regulated or
not
Roles
Auditing
Consultancy to
management
(Monitoring of GRC
projects)
Hot topics
How to audit
risks, business
plans and
compliance
NFI traceability
[20]
How to audit NFI?
Analytical
reviews
consistency
Benchmarking
industry
standards
Disclosure
explanatory
notes
Reasonability
physical or
chemical
relationships
correlations
[21]
How to audit NFI?
Governance
1 LoD
Set targets, collect and validate NF data,
calculate KPI
• Technical dept, operational reporting
2 LoD
Define reporting template and process
• Compliance, HSEQ, InfoSec, HR, CSR
3 LoD Reassurance that controls address NFI risks
[22]
How to audit NFI?
Standards
ISAE
3000
Assurance over non-financial information
• Internal control, sustainability and
compliance audits
• 3420 future FI, 3402 service organizations
ISAE
3410
Assurance engagements on greenhouse gas
• GHG statement is free from material
misstatement due to fraud or error
[23]
Tool SASB Five-Factor Test
What ESG data is important?
Direct
financial
impact
and risks
Legal and
complian
ce requie-
ments
Compe-
titive
driver
Stakeholder
concern
and social
trends
Opportu-
nity for
innova-
tion
Total
score
Eviro-
mental
GHG emisions 10 10 7 7 7 41
Air quality 5 7 5 5 5 27
Water management 8 6 7 5 10 36
Social Human rights 4 8 6 9 4 31
Community relations 3 5 5 10 2 25
Gover-
nance
Ethics 5 9 5 8 1 28
HSEQ 5 8 6 7 3 29
Risk management 10 9 8 7 7 41
Signed off by finance, EHSQ, legal, compliance, risk, investor relations, HR and IA
[24]
Tool Materialy Matrix
Importanceto
stakeholders
Impact on the organization
HighLow
High
CriticalResponsible
Not pertinent Strategic
Ethics
GHG
Air
Quality
Risks
HSEQ
Human
rights
Community
• Consultation to
stakeholders
• Media review
• Benchmarking
of ESG reports
• Industry reports
on trends and
issues
• Sustainability
risks
HR
Tax
+assurance
[25]
Case Study Carbon Audit
Primary data sources
Field Operation
Managers
Yield of soybean
> metric tons
per hectare,
equipment
runtime
Fleet Operations
Manager
Gasoline and
diesel fuel
consumed
> gallons
Cost Accounting
Analyst
Utility bills for
drying and
storage
> kW, gas cubic
feet
Fertilizers and
pesticides
> lbs
[26]
Case Study Carbon Audit
GHG quantification
Master data
•Plantations
•Facilities
•Fleet vehicles
•Equipment
•Land use change
Sustainability Reporting Manager
Voluntary
disclosure
reporting
GHG emissions of
soybean production
> kg CE/ton soybean
(CO2, N2O, CH4)
Standard
ISO 14064 standards
for greenhouse gas
accounting and
verification
Emissions
management software
+ Excel spreadsheets
[27]
Case Study Carbon Audit
1. Determine the scope and plan for the engagement
Reasonable assurance (high), voluntary reporting last 3 years, external annual report
(claims made, policies outlined and data published), company website and internal reports
on energy savings
2. Identify key risks
Discussions with the Sustainability Reporting Manager and the Cost Accounting Analyst
about scenarios (with current controls): system outage, activity data missing, improper
cut-off, data input errors, omitted plantations and equipment, inaccurate quantification
methodology, incorrect estimates
3. Determine the appropriate test approach
Synergies with financial audits of energy and gas invoices
4. Complete the engagement and document findings
[28]
Internal Audit Work Program
Accuracy
Data reflects the
reality
Conformance with
standards in
precision or detail
Verify that
•the primary data sources are accurate (clear internal data
questionnaires, measurement units and periods, certified
information reported by 3Ps)
•the secondary data sources are credible (databases from
recognized international organizations, government and
industry bodies)
•internal validations are done by independent and
competent personnel before submission (analytical reviews,
end-to-end recons, data checking, site visits,
reconfirmations)
[29]
Internal Audit Work Program
Accuracy
Data reflects the
reality
Conformance with
standards in
precision or detail
Verify that
•external assurance is obtained for nonfinancial reporting
•input data is compared to the applicable performance limits
•data based on estimations are clearly identified and
reviewed
Recalculate aggregation and conversion of NFI
Review conformance against standards
Sample testing against supporting documentation
[30]
Internal Audit Work Program
Consistency
Data is comparable
in two or more
representations
All systems reflects
the same
information
Verify that
•the policy for non-financial reporting is based on long-term
strategies and goals (e.g. differentiation, sustainability,
carbon reduction objectives, safety, compliance)
•the procedures for calculation of non-financial information
are based on specific and authoritative standards with
common definitions (e.g. ISO 14064 for carbon footprint,
updated procedures)
•the presentation of non-financial information is fair and
consistent from period to period (e.g. methodological
changes)
•KPIs variations against previous periods are investigated
[31]
Internal Audit Work Program
Completeness
Full coverage or
occurrence of
required data (not
for optional data)
Data can be traced
Verify that
•there are integrity checks of all operational data under
scope based on identified misreporting risks (control with
inventory of sites, no double-counting controls)
•data is managed with a reliable tool supporting the
collection, aggregation and reporting
•records of all relevant data, work papers and corrections
are retained
•supporting documentation is stored safely and is easily
accessible by relevant employees
Re-perform integrity controls (all periods, all sites)
[32]
Internal Audit Work Program
Relevance
Data is applicable
and helpful for the
objectives
Verify that
•there is a materiality assessment for reporting NFI to
internal and external shareholders
•compliance requirements are considered for external
disclosing (e.g. carbon accounting reporting, climate change
and carbon reporting, regulatory reporting to environmental
agencies)
•transparency meets key external stakeholder expectations
•stakeholders are aware of internal controls in place
regarding non-financial data
[33]
Internal Audit Work Program
Timeliness
Data is up to date
when decisions are
made
Verify that
•there are clear reporting timelines (communicated,
monitored, detailed allocation of tasks and due dates)
•NFI is reported on regular basis in compliance with
reporting requirements
[34]
Case Study Carbon Audit
Illustrative internal audit recommendations
Absence of a carbon reporting procedure
The procedure to collect, validate, control, calculate and report carbon emission is not
formalized. As a result, the disclosing of GHG emissions of soybean production in the
annual reports could contain unreliable information. In 2017, the spreadsheets for GHG
emission modeling lacked of consistent integrity controls and had discrepancies in the
electricity invoice dates for October and November. The Sustainability Reporting Manager
explained that spreadsheets containing formulas for GHG emissions were being improved
at that time. We recommend to define roles and responsibilities (RACI) based on the ISO
14064 and to establish an internal procedure with clear instructions.
[35]
Case Study Carbon Audit
Illustrative internal audit recommendations
Unreconciled supporting data
The GHG emission data included in the 2017 annual report is not reconciled to supporting
data. As a result, the disclosed data could have gaps in own-use electricity and gas and
omissions in soy plantation aggregates. In April 2017, the consumptions of natural gas
used in the grain dryers in Roque Perez and Murphy were omitted. In May 2017, the gas
consumption for Roque Perez showed a discrepancy in -1,000 cubic feet. The Cost
Controlling Analyst explained that the Field Operation Managers for these farms resigned
at that time and he was performing numerous other tasks which impacted in the controls.
We recommend to embed integrity controls against the plantation site master file in the
emissions management software.
[36]
Case Study Carbon Audit
Illustrative internal audit recommendations
Absence of retrospective adjustments
Changes in the methodology of calculating GHG emissions lacked of a retrospective
adjustments to past emissions data, including the 2014 baseline (base-year GHG
inventory). As a result, the disclosed GHG emissions of soybean production in the annual
reports could contain incomparable information. In 2017, key equivalencies and metrics
for GHG were adjusted in -5% to reflect sector-specific and country-specific
considerations. The Sustainability Reporting Manager confirmed that the 2014 baseline
was not updated with the new quantification methodology. We recommend to recalculate
the previously reported emissions and disclose the changes in the methodology.
[37]
Discussion how to audit?
People KPIs 2015 2016 2017
Average engagement score me@Company
survey
n/a 7.0 7.0
Employee attrition 4.2% 3.9% 4.4%
Attrition rate of high performers 1.7% 1.7% 1.8%
Promotion rate of high performers n/a 35% 37%
Promotion rate - overall n/a 12% 13%
% of people performance management
process completion
98% 98% 98%
% of development action plan completion 91% 92% 89%
[38]
Discussion how to audit?
Social KPIs 2015 2016 2017
Patients reached with diabetes care products
(estimate in millions)
26.8 28 27.7
Donations (DKK million) 105 106 103
New patent families (first filings) 77 74 65
Gender in management (ratio men:women) 60:40 59:41 60:40
Relevant employees trained in business
ethics
98% 99% 99%
Product recalls 2 6 6
Failed inspections 0 0 0
[39]
Non-Financial
Reporting:Building trust
with internal audit
European Confederation of
Institutes of Internal Auditing
[40]
The role of internal
audit in non-financial
and integrated
reporting
Chareted Institute of Internal
Auditors
[41]
The External Assurance
of Sustainability
Reporting
Global Reporting Initiative
[42]
Implementation Guide
for Companies
Sustainability Accounting
Standards Board
[43]
ISAE 3000 Standard for
Assurance over Non-
financial Information
International Federation of
Accountants
[44]
AA1000 Assurance
Standard
First sustainability
assurance standard
AccountAbility
[45]
Share your Success
Instituto de Auditores Internos de
Argentina
https://iaia.org.ar/
@institutoiaia

More Related Content

What's hot

Knowledge management
Knowledge management Knowledge management
Knowledge management Ebi Pearlin
 
Audit case study
Audit case studyAudit case study
Audit case studyIan Jickell
 
Leadership across culture
Leadership across cultureLeadership across culture
Leadership across cultureStudsPlanet.com
 
How to Perform a Successful Internal Quality Audit
How to Perform a Successful Internal Quality AuditHow to Perform a Successful Internal Quality Audit
How to Perform a Successful Internal Quality AuditGreenlight Guru
 
Ben and jerry's CASE STUDY ORGANIZATIONAL DESIGN
Ben and jerry's CASE STUDY ORGANIZATIONAL DESIGNBen and jerry's CASE STUDY ORGANIZATIONAL DESIGN
Ben and jerry's CASE STUDY ORGANIZATIONAL DESIGNUpasana Talukdar
 
Best Practices in Auditing
Best Practices in AuditingBest Practices in Auditing
Best Practices in AuditingPECB
 
Organizational Restructuring ppt
Organizational Restructuring pptOrganizational Restructuring ppt
Organizational Restructuring pptK. Gaanyesh
 
The baldrige framework for performance excellence
The baldrige framework for performance excellenceThe baldrige framework for performance excellence
The baldrige framework for performance excellenceKen Dy
 
global reporting initiative & sustainability reporting
global reporting initiative & sustainability reportingglobal reporting initiative & sustainability reporting
global reporting initiative & sustainability reportingNidhi Mathai
 
GRI Introduction
GRI IntroductionGRI Introduction
GRI Introductionmkorzelius
 
Demonstration of the audit simulation - Susan Whittaker and Glenn Duckworth
Demonstration of the audit simulation - Susan Whittaker and Glenn DuckworthDemonstration of the audit simulation - Susan Whittaker and Glenn Duckworth
Demonstration of the audit simulation - Susan Whittaker and Glenn DuckworthThe Higher Education Academy
 
Benchmarking For Best Practice
Benchmarking For Best PracticeBenchmarking For Best Practice
Benchmarking For Best PracticeMichael Barger
 
Legal & Regulatory Compliance Audit Services
Legal & Regulatory Compliance Audit ServicesLegal & Regulatory Compliance Audit Services
Legal & Regulatory Compliance Audit ServicesPiyush Bhandari
 

What's hot (20)

Knowledge management
Knowledge management Knowledge management
Knowledge management
 
Audit case study
Audit case studyAudit case study
Audit case study
 
Leadership across culture
Leadership across cultureLeadership across culture
Leadership across culture
 
How to Perform a Successful Internal Quality Audit
How to Perform a Successful Internal Quality AuditHow to Perform a Successful Internal Quality Audit
How to Perform a Successful Internal Quality Audit
 
Flowchart
FlowchartFlowchart
Flowchart
 
Ben and jerry's CASE STUDY ORGANIZATIONAL DESIGN
Ben and jerry's CASE STUDY ORGANIZATIONAL DESIGNBen and jerry's CASE STUDY ORGANIZATIONAL DESIGN
Ben and jerry's CASE STUDY ORGANIZATIONAL DESIGN
 
Change management
Change managementChange management
Change management
 
Best Practices in Auditing
Best Practices in AuditingBest Practices in Auditing
Best Practices in Auditing
 
Benchmarking
BenchmarkingBenchmarking
Benchmarking
 
Organizational Restructuring ppt
Organizational Restructuring pptOrganizational Restructuring ppt
Organizational Restructuring ppt
 
The baldrige framework for performance excellence
The baldrige framework for performance excellenceThe baldrige framework for performance excellence
The baldrige framework for performance excellence
 
Internal Audit Manual
Internal Audit ManualInternal Audit Manual
Internal Audit Manual
 
global reporting initiative & sustainability reporting
global reporting initiative & sustainability reportingglobal reporting initiative & sustainability reporting
global reporting initiative & sustainability reporting
 
GRI Introduction
GRI IntroductionGRI Introduction
GRI Introduction
 
Demonstration of the audit simulation - Susan Whittaker and Glenn Duckworth
Demonstration of the audit simulation - Susan Whittaker and Glenn DuckworthDemonstration of the audit simulation - Susan Whittaker and Glenn Duckworth
Demonstration of the audit simulation - Susan Whittaker and Glenn Duckworth
 
Benchmarking For Best Practice
Benchmarking For Best PracticeBenchmarking For Best Practice
Benchmarking For Best Practice
 
Motivation - Early & contemporary theories of motivation
Motivation - Early & contemporary theories of motivationMotivation - Early & contemporary theories of motivation
Motivation - Early & contemporary theories of motivation
 
Benchmarking
Benchmarking Benchmarking
Benchmarking
 
Legal & Regulatory Compliance Audit Services
Legal & Regulatory Compliance Audit ServicesLegal & Regulatory Compliance Audit Services
Legal & Regulatory Compliance Audit Services
 
The iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkThe iia s 2017 international professional practices framework
The iia s 2017 international professional practices framework
 

Similar to How to Audit Non Financial Information

Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxpaul young cpa, cga
 
Slideshareersion strategic report regulations guidance for companies and inv...
Slideshareersion strategic report regulations  guidance for companies and inv...Slideshareersion strategic report regulations  guidance for companies and inv...
Slideshareersion strategic report regulations guidance for companies and inv...Ardea International
 
7 M&E: Indicators
7 M&E: Indicators7 M&E: Indicators
7 M&E: IndicatorsTony
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxpaul young cpa, cga
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...OECD Governance
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Issharing notes123
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College SectorNikhat Rasheed
 
Measuring and Improving MP1.ppt
Measuring and Improving MP1.pptMeasuring and Improving MP1.ppt
Measuring and Improving MP1.pptssuserf2880f
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 

Similar to How to Audit Non Financial Information (20)

Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptx
 
Slideshareersion strategic report regulations guidance for companies and inv...
Slideshareersion strategic report regulations  guidance for companies and inv...Slideshareersion strategic report regulations  guidance for companies and inv...
Slideshareersion strategic report regulations guidance for companies and inv...
 
7 M&E: Indicators
7 M&E: Indicators7 M&E: Indicators
7 M&E: Indicators
 
SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptx
 
JohanCVJuly2015
JohanCVJuly2015JohanCVJuly2015
JohanCVJuly2015
 
Technical Audit
Technical  AuditTechnical  Audit
Technical Audit
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
Presentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - English
Presentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - EnglishPresentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - English
Presentation- Seminar Standard Cost Model - Turkey, 5-6 April 2018 - English
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Intro to ISO
Intro to ISOIntro to ISO
Intro to ISO
 
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
OECD Framework for Regulatory Policy Evaluation, Launch of the report, Christ...
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
IFPRI - Results and Impact Management System (RIMS)
IFPRI - Results and Impact Management System (RIMS)IFPRI - Results and Impact Management System (RIMS)
IFPRI - Results and Impact Management System (RIMS)
 
2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector2008 Pioneering The Employment Services Audit In The Ontario College Sector
2008 Pioneering The Employment Services Audit In The Ontario College Sector
 
M&e services
M&e servicesM&e services
M&e services
 
Measuring and Improving MP1.ppt
Measuring and Improving MP1.pptMeasuring and Improving MP1.ppt
Measuring and Improving MP1.ppt
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 

More from Hernan Huwyler, MBA CPA

Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdfProf. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdfHernan Huwyler, MBA CPA
 
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Hernan Huwyler, MBA CPA
 
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
Prof Hernan Huwyler MBA CPA - Ditch your Heat MapsProf Hernan Huwyler MBA CPA - Ditch your Heat Maps
Prof Hernan Huwyler MBA CPA - Ditch your Heat MapsHernan Huwyler, MBA CPA
 
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023 Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023 Hernan Huwyler, MBA CPA
 
The Behavioral Science of Compliance CUMPLEN.pdf
The Behavioral Science of Compliance CUMPLEN.pdfThe Behavioral Science of Compliance CUMPLEN.pdf
The Behavioral Science of Compliance CUMPLEN.pdfHernan Huwyler, MBA CPA
 
Compliance and the russian invasion - Prof Hernan Huwyler
Compliance and the russian invasion - Prof Hernan HuwylerCompliance and the russian invasion - Prof Hernan Huwyler
Compliance and the russian invasion - Prof Hernan HuwylerHernan Huwyler, MBA CPA
 
DPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy RisksDPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy RisksHernan Huwyler, MBA CPA
 
Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
Master in Sustainability Leadership Sustainability Risks Prof Hernan HuwylerMaster in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
Master in Sustainability Leadership Sustainability Risks Prof Hernan HuwylerHernan Huwyler, MBA CPA
 
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...Hernan Huwyler, MBA CPA
 
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?Hernan Huwyler, MBA CPA
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301Hernan Huwyler, MBA CPA
 
Qa Financials - 10 Smart Controls for Software Development
Qa Financials  - 10 Smart Controls for Software DevelopmentQa Financials  - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software DevelopmentHernan Huwyler, MBA CPA
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
 
IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento
IE Curso  ISO 37301 Aseguramiento de Controles de Cumplimiento IE Curso  ISO 37301 Aseguramiento de Controles de Cumplimiento
IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento Hernan Huwyler, MBA CPA
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
IDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk dataIDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk dataHernan Huwyler, MBA CPA
 

More from Hernan Huwyler, MBA CPA (20)

Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdfProf. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
Prof. Hernan Huwyler IE Law School - AI Risks and Controls.pdf
 
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...
 
Model to Quantify Compliance Risks.pdf
Model to Quantify Compliance Risks.pdfModel to Quantify Compliance Risks.pdf
Model to Quantify Compliance Risks.pdf
 
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
Prof Hernan Huwyler MBA CPA - Ditch your Heat MapsProf Hernan Huwyler MBA CPA - Ditch your Heat Maps
Prof Hernan Huwyler MBA CPA - Ditch your Heat Maps
 
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023 Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
Hernan Huwyler - IE Compliance Corporate Risk Management Full 2023
 
The Behavioral Science of Compliance CUMPLEN.pdf
The Behavioral Science of Compliance CUMPLEN.pdfThe Behavioral Science of Compliance CUMPLEN.pdf
The Behavioral Science of Compliance CUMPLEN.pdf
 
R is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using RR is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using R
 
Compliance and the russian invasion - Prof Hernan Huwyler
Compliance and the russian invasion - Prof Hernan HuwylerCompliance and the russian invasion - Prof Hernan Huwyler
Compliance and the russian invasion - Prof Hernan Huwyler
 
DPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy RisksDPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy Risks
 
Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
Master in Sustainability Leadership Sustainability Risks Prof Hernan HuwylerMaster in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
Master in Sustainability Leadership Sustainability Risks Prof Hernan Huwyler
 
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
Hernan Huwyler - Iberoamerican Compliance Conference UCM Congreso Iberoameric...
 
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
 
Qa Financials - 10 Smart Controls for Software Development
Qa Financials  - 10 Smart Controls for Software DevelopmentQa Financials  - 10 Smart Controls for Software Development
Qa Financials - 10 Smart Controls for Software Development
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
 
IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento
IE Curso  ISO 37301 Aseguramiento de Controles de Cumplimiento IE Curso  ISO 37301 Aseguramiento de Controles de Cumplimiento
IE Curso ISO 37301 Aseguramiento de Controles de Cumplimiento
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized World
 
IDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk dataIDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk data
 

Recently uploaded

Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato pptElizangelaSoaresdaCo
 
Entrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsEntrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsP&CO
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfHajeJanKamps
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfAnhNguyen97152
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZKanakChauhan5
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Winbusinessin
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Tata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakTata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakEditores1
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGlokeshwarmaha
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBBPMedia1
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 

Recently uploaded (20)

Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato ppt
 
Entrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsEntrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizations
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZ
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Tata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerakTata Kelola Bisnis perushaan yang bergerak
Tata Kelola Bisnis perushaan yang bergerak
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 

How to Audit Non Financial Information

  • 1. How to Audit Non-Financial Information Guidelines of IIA Spain Nicolas Jerkovic Chaiman Sustainability Committee IIA Buenos Aires @InstitutoIAIA @NicolasJerkovic Hernan Huwyler Member of the Non-Financial Information Committee IIA Madrid @AuditorInterno @hewyler Buenos Aires, August 10th 2018
  • 2. [2] Non-Financial Information Environmental, social and governance Sustainability Diverse sources, purposes, measurement units and reports Non based on accounting standards Generally non- regulated but… Global Reporting Initiative Sustainability Accounting Standards
  • 9. [9]
  • 10. [10] Why Relevant? 1975 S&P 500 Market Value Today Tangibles Intangibles Financial information Audited annual statements Non financial information Reputation Market differentiation Credibility Information gap
  • 11. [11] Why Relevant? COSO 2013 NFI should have the same rigor than NF Non financial information Complies with external methodologies Considers a required precision level Financial + Non financial
  • 12. [12] Knowledge Factory IIA Spain Issue Scope Key IIA members Commission Papers, studies and articles Structure Chairperson Study groups Peer review Compilation IIA Spain Formatting Approval Diffusion
  • 13. [13] Internal Audit and the Non-financial Information Auditores Internos de España
  • 14. [14] Non-Financial Information Directive 2014/95/EU non-financial statements in annual reports listed companies + FSI > staff 500 environmental, social and employee matters, respect for human rights, anti-corruption and bribery matters, board diversity UN Global Compact, OECD guidelines, ISO 26000, Global Reporting Initiative no requirement regarding external audit's role in respect of non-financial information
  • 15. [15] Non-Financial Information Directive 2014/95/EU Contents •Business model •Policies, controls •Outcomes •Key risks •KPIs •Diversity •Humanrights •Staff •Corruption •Social •Environmental Topics
  • 16. [16] Non-Financial Information Fragmented Past and future oriented Immature standards Lacking internal policies Assurance maps Combined assurance Data integrity audits Link to non- financial risks Training for skills gaps Outsourcing High-quality assurance Compliance effort Traceability
  • 17. [17] Internal audit is uniquely situated within an organization to provide insight on and support the implementation of integrated reporting. Internal audit: • is familiar with process implementation in the organization • can affect consistency of communication of metrics across business units • provides assurance to increase the credibility of metrics in the non-financial report • offers insight on potential risks to the organization has a «seat at the table» from which it can influence the adoption of Non-Financial Reporting to improve and strengthen communications with internal and external stakeholders Internal Audit Value Proposition
  • 18. [18] How to audit NFI? Integrated approach based on misreporting risks Materiality External reporting Approvals within 1st and 2nd lines of defense Confirmation with 3Ps Standards ISO and national legislation Clear quantification procedures Validations of data collection and KPIs SMEs Estimations!
  • 19. [19] How to audit NFI? Audits on NFI Assurance on CSR reporting Protection of reputation Scope Internal and external reports Regulated or not Roles Auditing Consultancy to management (Monitoring of GRC projects) Hot topics How to audit risks, business plans and compliance NFI traceability
  • 20. [20] How to audit NFI? Analytical reviews consistency Benchmarking industry standards Disclosure explanatory notes Reasonability physical or chemical relationships correlations
  • 21. [21] How to audit NFI? Governance 1 LoD Set targets, collect and validate NF data, calculate KPI • Technical dept, operational reporting 2 LoD Define reporting template and process • Compliance, HSEQ, InfoSec, HR, CSR 3 LoD Reassurance that controls address NFI risks
  • 22. [22] How to audit NFI? Standards ISAE 3000 Assurance over non-financial information • Internal control, sustainability and compliance audits • 3420 future FI, 3402 service organizations ISAE 3410 Assurance engagements on greenhouse gas • GHG statement is free from material misstatement due to fraud or error
  • 23. [23] Tool SASB Five-Factor Test What ESG data is important? Direct financial impact and risks Legal and complian ce requie- ments Compe- titive driver Stakeholder concern and social trends Opportu- nity for innova- tion Total score Eviro- mental GHG emisions 10 10 7 7 7 41 Air quality 5 7 5 5 5 27 Water management 8 6 7 5 10 36 Social Human rights 4 8 6 9 4 31 Community relations 3 5 5 10 2 25 Gover- nance Ethics 5 9 5 8 1 28 HSEQ 5 8 6 7 3 29 Risk management 10 9 8 7 7 41 Signed off by finance, EHSQ, legal, compliance, risk, investor relations, HR and IA
  • 24. [24] Tool Materialy Matrix Importanceto stakeholders Impact on the organization HighLow High CriticalResponsible Not pertinent Strategic Ethics GHG Air Quality Risks HSEQ Human rights Community • Consultation to stakeholders • Media review • Benchmarking of ESG reports • Industry reports on trends and issues • Sustainability risks HR Tax +assurance
  • 25. [25] Case Study Carbon Audit Primary data sources Field Operation Managers Yield of soybean > metric tons per hectare, equipment runtime Fleet Operations Manager Gasoline and diesel fuel consumed > gallons Cost Accounting Analyst Utility bills for drying and storage > kW, gas cubic feet Fertilizers and pesticides > lbs
  • 26. [26] Case Study Carbon Audit GHG quantification Master data •Plantations •Facilities •Fleet vehicles •Equipment •Land use change Sustainability Reporting Manager Voluntary disclosure reporting GHG emissions of soybean production > kg CE/ton soybean (CO2, N2O, CH4) Standard ISO 14064 standards for greenhouse gas accounting and verification Emissions management software + Excel spreadsheets
  • 27. [27] Case Study Carbon Audit 1. Determine the scope and plan for the engagement Reasonable assurance (high), voluntary reporting last 3 years, external annual report (claims made, policies outlined and data published), company website and internal reports on energy savings 2. Identify key risks Discussions with the Sustainability Reporting Manager and the Cost Accounting Analyst about scenarios (with current controls): system outage, activity data missing, improper cut-off, data input errors, omitted plantations and equipment, inaccurate quantification methodology, incorrect estimates 3. Determine the appropriate test approach Synergies with financial audits of energy and gas invoices 4. Complete the engagement and document findings
  • 28. [28] Internal Audit Work Program Accuracy Data reflects the reality Conformance with standards in precision or detail Verify that •the primary data sources are accurate (clear internal data questionnaires, measurement units and periods, certified information reported by 3Ps) •the secondary data sources are credible (databases from recognized international organizations, government and industry bodies) •internal validations are done by independent and competent personnel before submission (analytical reviews, end-to-end recons, data checking, site visits, reconfirmations)
  • 29. [29] Internal Audit Work Program Accuracy Data reflects the reality Conformance with standards in precision or detail Verify that •external assurance is obtained for nonfinancial reporting •input data is compared to the applicable performance limits •data based on estimations are clearly identified and reviewed Recalculate aggregation and conversion of NFI Review conformance against standards Sample testing against supporting documentation
  • 30. [30] Internal Audit Work Program Consistency Data is comparable in two or more representations All systems reflects the same information Verify that •the policy for non-financial reporting is based on long-term strategies and goals (e.g. differentiation, sustainability, carbon reduction objectives, safety, compliance) •the procedures for calculation of non-financial information are based on specific and authoritative standards with common definitions (e.g. ISO 14064 for carbon footprint, updated procedures) •the presentation of non-financial information is fair and consistent from period to period (e.g. methodological changes) •KPIs variations against previous periods are investigated
  • 31. [31] Internal Audit Work Program Completeness Full coverage or occurrence of required data (not for optional data) Data can be traced Verify that •there are integrity checks of all operational data under scope based on identified misreporting risks (control with inventory of sites, no double-counting controls) •data is managed with a reliable tool supporting the collection, aggregation and reporting •records of all relevant data, work papers and corrections are retained •supporting documentation is stored safely and is easily accessible by relevant employees Re-perform integrity controls (all periods, all sites)
  • 32. [32] Internal Audit Work Program Relevance Data is applicable and helpful for the objectives Verify that •there is a materiality assessment for reporting NFI to internal and external shareholders •compliance requirements are considered for external disclosing (e.g. carbon accounting reporting, climate change and carbon reporting, regulatory reporting to environmental agencies) •transparency meets key external stakeholder expectations •stakeholders are aware of internal controls in place regarding non-financial data
  • 33. [33] Internal Audit Work Program Timeliness Data is up to date when decisions are made Verify that •there are clear reporting timelines (communicated, monitored, detailed allocation of tasks and due dates) •NFI is reported on regular basis in compliance with reporting requirements
  • 34. [34] Case Study Carbon Audit Illustrative internal audit recommendations Absence of a carbon reporting procedure The procedure to collect, validate, control, calculate and report carbon emission is not formalized. As a result, the disclosing of GHG emissions of soybean production in the annual reports could contain unreliable information. In 2017, the spreadsheets for GHG emission modeling lacked of consistent integrity controls and had discrepancies in the electricity invoice dates for October and November. The Sustainability Reporting Manager explained that spreadsheets containing formulas for GHG emissions were being improved at that time. We recommend to define roles and responsibilities (RACI) based on the ISO 14064 and to establish an internal procedure with clear instructions.
  • 35. [35] Case Study Carbon Audit Illustrative internal audit recommendations Unreconciled supporting data The GHG emission data included in the 2017 annual report is not reconciled to supporting data. As a result, the disclosed data could have gaps in own-use electricity and gas and omissions in soy plantation aggregates. In April 2017, the consumptions of natural gas used in the grain dryers in Roque Perez and Murphy were omitted. In May 2017, the gas consumption for Roque Perez showed a discrepancy in -1,000 cubic feet. The Cost Controlling Analyst explained that the Field Operation Managers for these farms resigned at that time and he was performing numerous other tasks which impacted in the controls. We recommend to embed integrity controls against the plantation site master file in the emissions management software.
  • 36. [36] Case Study Carbon Audit Illustrative internal audit recommendations Absence of retrospective adjustments Changes in the methodology of calculating GHG emissions lacked of a retrospective adjustments to past emissions data, including the 2014 baseline (base-year GHG inventory). As a result, the disclosed GHG emissions of soybean production in the annual reports could contain incomparable information. In 2017, key equivalencies and metrics for GHG were adjusted in -5% to reflect sector-specific and country-specific considerations. The Sustainability Reporting Manager confirmed that the 2014 baseline was not updated with the new quantification methodology. We recommend to recalculate the previously reported emissions and disclose the changes in the methodology.
  • 37. [37] Discussion how to audit? People KPIs 2015 2016 2017 Average engagement score me@Company survey n/a 7.0 7.0 Employee attrition 4.2% 3.9% 4.4% Attrition rate of high performers 1.7% 1.7% 1.8% Promotion rate of high performers n/a 35% 37% Promotion rate - overall n/a 12% 13% % of people performance management process completion 98% 98% 98% % of development action plan completion 91% 92% 89%
  • 38. [38] Discussion how to audit? Social KPIs 2015 2016 2017 Patients reached with diabetes care products (estimate in millions) 26.8 28 27.7 Donations (DKK million) 105 106 103 New patent families (first filings) 77 74 65 Gender in management (ratio men:women) 60:40 59:41 60:40 Relevant employees trained in business ethics 98% 99% 99% Product recalls 2 6 6 Failed inspections 0 0 0
  • 39. [39] Non-Financial Reporting:Building trust with internal audit European Confederation of Institutes of Internal Auditing
  • 40. [40] The role of internal audit in non-financial and integrated reporting Chareted Institute of Internal Auditors
  • 41. [41] The External Assurance of Sustainability Reporting Global Reporting Initiative
  • 43. [43] ISAE 3000 Standard for Assurance over Non- financial Information International Federation of Accountants
  • 45. [45] Share your Success Instituto de Auditores Internos de Argentina https://iaia.org.ar/ @institutoiaia