My company is not publicly-traded, and so is not subject to the Securities and Exchange Commission.  Will we need to do a IPSA Audit? 

No.  Your company is not subject to SEC rules and regulations, so you are not subject to DFCM or the IPSA Audit. 


Our customers are asking for a conflict minerals audit.  The rule talks about an “independent audit” – aren’t all audits supposed to be independent?  Is this the audit our customers are asking for?

Yes, all audits require independence of the auditors.  DFCM and other aspects of conflict minerals and supply chain management involve several audits.  Smelters are a notable inflection point in the minerals supply chain.  The reasoning is that if the smelters can be determined to be free of conflict minerals, then everything downstream from there (likely including you) is conflict free.  The Conflict Free Smelter program requires audits, as do other supplier codes of conduct.   Make sure you know what audit(s) your customers are asking for. 


If our customers ask us for a IPSA Audit, do we have to do one? 

This would not be a matter of regulation, since companies that are not publicly-traded are not regulated by the Securities and Exchange Commission.  It can be a matter of merchantability of your products.  As other new requirements have been imposed, it has been typical of companies to push these requirements up their supply chain.  Auto makers did this for environmental management systems (EMSs) in the 1990s, and Wal-Mart and other retailers have vigorously pushed their suppliers for non-financial performance.  Audits have been a factor in both – and could be required again for conflict minerals.  Make sure this is what your customers require (contact us at if you’d like help with this); if so, then you probably have to do one. 


What if some of our suppliers tell us that they have conflict minerals in their products?

If your company is not publicly traded, then you are not a filer for purposes of DFCM.  Even though your products contain a conflict mineral, you do not need to prepare a Conflict Minerals Report, obtain an independent audit, or make a regulatory submittal.  However, you probably sell to customers that do.  If you learn that your products contain conflict minerals, and this is different from what you have told your customers before, it would be good practice to update your response to your customers.   As professionals have worked on other aspects of compliance and risk management, we advise clients not to communicate this without considering how this might affect your customer relationship, and what actions may be required next. 


Are there other reasons for our company to do a IPSA Audit? 

At its simplest, auditing compares an actual situation to a defined standard, and identifies gaps.  Auditing involves a structured, documented process, and typically results in a report.  Auditors gather evidence to develop findings in four main ways:  reviewing documents and records; conducting interviews; or with visual observations.   If the auditee has relied upon the work of others, the auditor may check to see if this reliance is reasonable. Auditors offer the advantage of independence – we look at things through a different pair of eyes.   Since you are not required to do a Conflict Minerals Report that aligns with the DFCM rule, and you are not limited by the objectives for the independent IPSA Audit, then you and an auditor can determine audit objectives that suit your purpose.  Certified Risk Management Auditors will be familiar with standard risk management frameworks; this perspective could be helpful to your company’s management, board, customers, and other stakeholders.


Sign In