Responsible Raw Materials Initiative

Audit Process & Roles

 

Program Management

The Conflict-Free Smelter Program (CFSP) is managed by the Conflict-Free Sourcing Initiative (CFSI). Table 1 below summarizes the management responsibilities for each party in the audit process.[i]

Table 1: Roles and Responsibilities

Program Management Tasks

CFSI

Auditor

Auditee

Pre-Audit Phase

Submission of the Smelter Information Questionnaire

   

X

Determination of Eligibility

X

   

Communication of Eligibility

X

   

Initiation of Audit Process

X

   X

Completion of Pre-Audit Checklist

   

X

Preparation of Proposal

 

X

 

Assigning an Auditor

X

   

Contracting

X

X

X

Scheduling & Logistics

 

X

X

Submission of Line Item Summary (2-4 weeks prior to scheduled audit)

   

X

Selection of 50% of transactions for review

 

X

 

Preparation of Audit Plan

 

X

 

Respond to Technical Questions from the Auditee

X

X

 
 

Onsite Audit Phase

Selection of remaining 50% of transactions for review

 

X

 

Onsite Audit

 

X

X

Notification of Limitations

X

X

 
 

Post-Audit Phase

Report Drafting & Submission

 

X

 

Submission of Draft Reports to Auditee

 

X

 

Comment on Reports

   

X

Report Submission to Auditee

 

X

 

Report Submission to CFSI

 

X

 

Report Quality Management

X

X

 

Report Review and Compliance Determination

ARC

   

Completion of the Corrective Action Plan (CAP)

   

X

Collection & Review of Corrective Action Plan

 

X

 

Review of Corrective Actions

X

 X  

Finalization of Reports

 

X

 

Submission of Final Reports to Auditee

 

X

 

Comment on Reports

   

X

Submission of Final Reports to CFSI

 

X

 

Report Review and Compliance Determination

ARC

   

Communication of Compliance Determination

X

   

Publication of Audit Summary Report

X

 

X

 

Audit Tools

The following tools are available for the CFSP:

Table 2: Document List for the CFSP

Document

Purpose

Smelter Information Questionnaire

Basic information on the potential auditee’s operations to determine eligibility for the CFSP

Agreement for the Exchange Of Confidential Information

Agreement to allow the exchange of confidential information between CFSI, the auditor and the auditee.

Auditee Agreement

Agreement to be audited by the CFSP according to the specified process.

Pre-Audit Checklist

Basic information on the auditee’s operations to determine the audit scope.

Audit Protocol for Tin and Tantalum

Description of the tin / tantalum audit requirements.

Audit Procedure for Tin and Tantalum

Description of the tin / tantalum audit process.

Audit Protocol for Tungsten

Description of the tungsten audit requirements.

Audit Procedure for Tungsten

Description of the tungsten audit process.

Gold Standard and Instruction

Description of the gold audit requirements and process.

Line Item Summary for Tin and Tantalum

Auditing tool for documenting transactions, validating management systems, material origin, and chain of custody.

Line Item Summary for Tungsten

Auditing tool for documenting transactions, validating management systems, material origin, and chain of custody.

Line Item Summary for Gold

Auditing tool for documenting transactions, validating management systems, material origin, and chain of custody.

Audit Report Template

Outline of audit report contents and format. .

Audit CAP Template

Corrective action plan template to summarize audit findings (auditor), propose corrective action (auditee) and track corrective action progress (auditee and auditor).

 

Pre-Audit Phase

Eligibility

Program Management Tasks

CFSI

Auditor

Auditee

Submission of the Smelter Information Questionnaire

   

X

Determination of Eligibility

X

   

Communication of Eligibility

X

   

 

Smelter Information Questionnaire (SIQ): Interested smelters and refiners must first submit a completed Smelter Information Questionnaire, including but not limited to the following fields:

  1. Contact information
  2. Metal(s) and mineral(s) processed by the smelter / refiner
  3. Inputs and outputs for each metal
  4. Additional questions to help determine program eligibility

Determination of Eligibility: A CFSI workgroup reviews the SIQs and determines eligibility for each entity that applies.

Communication of Eligibility: The CFSI informs interested smelters of their eligibility and initiates the audit process, if appropriate.

Audit Request and Contracting
 

CFSI

Auditor

Auditee

Initiation of Audit Process

X

   

Completion on Pre-Audit Checklist

    X

Request for Proposals

X

   

Preparation of Proposal

 

X

 

Assigning an Auditor

X

   

Contracting

X

X

X

 

Active Status: A smelter or refiner can be listed on the CFSI “active” list once they have signed the Auditee Agreement.

Pre-Audit Checklist (PAC): The Pre-Audit Checklist covers the following information necessary to determine the scope of the audit:

  1. Facilities and products covered
  2. Metals/Minerals covered
  3. Sourcing locations
  4. Volume of transactions
  5. Audit location(s)
  6. Contact person
  7. Other information necessary to determine the audit scope.

Re-audits: A compliant smelter undergoing a re-audit will be listed as “re-audit in progress” on the CFSI website when the Pre-Audit Checklist is received.

Request for Quotes: Upon receipt of the completed Pre-Audit Checklist, the CFSI requests quotes from accredited audit firms.

Audit Proposal: The audit firms prepare proposal including the timeline and fee schedule for the auditee.

Assigning an Auditor: The CFSI assigns an auditor to each auditee based on:

  1. Availability
  2. Cost
  3. Quality
  4. Timing
  5. Regional considerations

Contracting: The auditee and auditor directly agree on contracting. The auditors invoice the CFSI for the audit and the CFSI invoices the auditee for payment of all non-initial audits.

Audit Preparation
 

CFSI

Auditor

Auditee

Scheduling & Logistics

 

X

X

Preparation of Audit Plan

 

X

 

Respond to Technical Questions from the Auditee

 X

X

 

 

The logistics preparation is managed directly between the auditor and auditee. This includes:

Auditor:

  • Agreement on the audit date;
  • Organization of logistics for the auditor;
  • The auditor will share the following documents with the auditee:
    • Relevant audit protocol and procedure
    • Audit Agenda
    • 50% of the transactions to be sampled (the other 50% is shared on-site)

The auditor will also respond to any logistics questions from the auditee in preparation for the onsite phase. Any technical or compliance related questions should be directed to the QPM.

Auditee:

  • Agreement on the audit date;
  • Where required, assistance in the organization of logistics for the auditor (including, e.g. facilitation of visa requests);
  • Technical preparation for the audit, including:
    • Review of the Audit Protocol and Procedure
    • Preparation of documentation as required for the audit
    • Organization of team members to ensure availability for interviews

Onsite Audit Phase

 

CFSI

Auditor

Auditee

Onsite Audit

 

X

X

Notification of Limitations

X

X

 

 

Onsite Audit: The onsite audit typically takes 1-3 days per facility audited. The auditor may increase the time required for the onsite audit if the size and / or complexity of the auditee’s operations so requires.

A typical agenda for the onsite audit includes:

  1. Opening meeting and management review: review the purpose, scope and methodology of the audit with the facility management team; identify key facility personnel who will assist throughout the audit process.
  2. Facility tour: conduct an entire walkthrough to analyze the processes, storage, receiving and shipping including a physical inventory check of onsite and offsite storage warehouses.
  3. Documentation review: review the facility’s conflict minerals policy and its usage within management and procurement procedures; validating that the systems and controls are in place to assure conformance to the OECD Due Diligence guidance; conduct a mass balance review (including total material receipts, current inventory and sales volumes), validating recycled/scrap purchases, ore, concentrate and other non-recycled/scrap material source documentation.
  4. Closing meeting and management review: communicate audit results to the facility management including recap of the audit findings and non-compliances found during the assessment (see more below).

 Limitations: Any limitations to the audit are noted by the auditor in the audit report. If the auditor is not able to complete the audit due to limitations, the CFSI will be notified.

 Notifications: Notifications are due in the following cases:

Limitation

Notification to

Timeframe

Unable to complete the audit due to the auditee’s refusal of access to premises or evidence.

CFSI

24h

Unable to complete the audit due to time constraints / lack of preparation / absence of key staff members of the auditee.

CFSI

72h

Reason to believe goods directly or indirectly financed or benefited armed groups that are perpetrators of serious human rights abuses in the DRC or an adjoining country.

CFSI

24h

Confirmation that documentation provided by the auditee is fraudulent or has been manipulated.

CFSI

24h

 

Closing Meeting: The auditor will hold a closing meeting with the auditee. Closing meetings must include, at a minimum:

  1. Presentation of the audit findings and conclusion as well as to discuss recommended steps for improvement.
  2. Recording of any disagreement or comments of the auditee on the findings and audit conclusion in the Corrective Action Plan.
  3. Discussion of next steps regarding:
    1. Reporting: Timeline for the drafting, review and finalization of reports;
    2. Corrective Action Phase: Timeline, responsibilities and next steps.

Please refer to the next Section for details on reporting and the management of corrective actions.

The auditor will leave a copy of the Corrective Action Plan with the auditee during the closing meeting.

Post-Audit Process

The specific outcomes of a downstream supplier audit are:

  1. Completed Corrective Action Plan, if applicable
  2. Detailed Audit Report
Reporting
 

CFSI

Auditor

Auditee

Report Drafting & Submission to CFSI

 

X

 

Report Quality Management

X

X

 

Submission of Final Reports to Auditee

 

X

 

Opportunity for Comment on Reports

   

X

Report Submission to Auditee

 

X

 

Report Submission to CFSI

 

X

 

 

Audit Reports: Audit reports follow the requirements of ISO19011:2011 standard for reporting. The auditor will prepare a summary audit report and completed line item summary.

Opportunity for Comment: All audit reports are submitted to the auditee for comment within ten (10) working days of the closing meeting. The auditee then has five (5) working days to return their comments to the auditor. The auditor must then submit the finalized report to the CFSI in 5 days.

Quality Review: The CFSI carries out the quality review of all audit reports and works directly with the auditor for any questions or observations.

Compliance Determination
 

CFSI

Auditor

Auditee

Report Review and Compliance Determination

ARC

   

Communication of Compliance Determination

X

   

 

The Audit Review Committee (ARC): The CFSI will submit the reports from the auditee (Line Item Summary and Summary Audit Report and Checklist) to the Audit Review Committee at their next available weekly meeting. The CFSI will notify the auditee and auditor of the meeting at which the report will be reviewed.

The Audit Review Committee is an independent body of experts who review the reports and recommendations from the auditor and issue a final determination of compliance. The ARC may ask for follow up questions from the auditee or the auditor, and they may ask for either party to join an ARC meeting in order to further discuss the findings and observations.

Communication of Compliance: The CFSI will formerly notify the auditee of ARC’s decision within three days of the ARC’s decision. In the case of a compliant determination, the CFSI website will be updated within three days of notification to the auditee. In any case, the CFSI will communicate the results to the auditee within 28 days of completion of the on-site audit.

Corrective Action Phase
 

CFSI

Auditor

Auditee

Collection & Review of Corrective Action Plan

 

X

 

Approval of Corrective Action Plan

 

X

 

Review of Corrective Actions

 

X

 

Finalization of Reports

 

X

 

Submission of Final Reports to Auditee

 

X

 

Opportunity for Comment on Reports

   

X

Submission of Final Reports to CFSI

 

X

 

Report Review and Compliance Determination

ARC

   

 

Corrective Action Plan: The auditee has 60 days to correct any findings outlined in the compliance determination letter. The auditor then has 30 days to re-assess and complete the CAP template report for submission to ARC.

Review Process: The CAP report will be submitted to the auditee for review in the same manner as the initial report. The auditor will then submit the report to ARC for ARC’s review. The timing of submission and review is the same as for the initial report.

Validity: The validation is valid for one (1) year. Auditees that are not compliant after the 90 day corrective action phase are not listed on the CFSP Compliant Smelter List and have one additional opportunity to undergo corrective actions before being found non-compliant or enrolling in an Extended Corrective Action Plan.


[i] All costs are the responsibility of the auditee after the first audit.