Responsible Sourcing Report 2021
Section 16: Auditor Requirements
LBMA’s Responsible Sourcing Programme (Programme) is only as good as the audit process and the auditors themselves. Ongoing review and enforcement of LBMA’s Approved Auditor requirements are important elements for the credibility of the Programme. LBMA engages with auditors through training sessions, webinars and robust quality control.
LBMA’s ongoing scrutiny helps ensure that Approved Auditors meet the stringent standards expected of them as set out in the Responsible Sourcing: Third-Party Audit Guidance (Audit Guidance).
The OECD Due Diligence Guidance mandates the auditor as the party responsible for checking that the GDL refiner is applying the right level of due diligence required for a counterparty, rather than the industry programme provider such as LBMA.
The auditor’s procedures are based on the output of their planning and risk assessment of the business model and the risk profile of the GDL refiner, which is unique for each engagement. LBMA puts significant efforts into reviewing the audit reports received, and will often challenge an auditor and ask for more information based on this scrutiny. In certain circumstances, LBMA will engage with the auditor to draw their attention to information learned about potential risks associated with a refiner’s supply chain.
The Audit Guidance notes, under Auditor Qualification, that the auditor (also referred to as the Approved Service Provider) must be able to fulfil include the following requirements:
Independence: The service provider must have complete financial and other independence from the GDL refiner. In particular, the auditing body shall not provide services for the GDL refiner related to the design, establishment or implementation of the GDL refiner’s precious metals supply chain practice for a period of at least 24 months prior to the engagement.
Institutional capacity: The service provider must have adequate organisational capacities including:
- A robust system of quality control, including at least the minimum requirements for independence, conflicts of interest, ethics and audit quality control reviews to be followed
- The capacity to process appeals and/or handle complaints.
In addition, auditors are required to detail in the Auditor Application Form their quality assurance and conflicts of interest policies, and explain how they comply with the various core principles, which include ethical conduct, due professional care, independence and integrity. Where any of these aspects come under disrepute, the auditor is removed from the Approved Service Providers List. In such circumstances, another audit can also be requested.