2015 ESOS Guidelines Chapter 6 – Role of Lead Assessor

The primary role of the lead assessor is to make sure the enterprise?s assessment meets ESOS requirements. Their contribution is mandatory, with the only exception being where 100% of energy consumption received attention in an ISO 50001 that forms the basis of the ESOS report.

How to Find a Lead Assessor

An enterprise subject to ESOS must negotiate with a lead assessor with the necessary specialisms from one of the panels approved by the UK government. This can be a person within the organisation or an third party. If independent, then only one director of the enterprise need countersign the assessment report. If an employee, then two signatures are necessary. Before reaching a decision, consider

  • Whether the person has auditing experience in the sector
  • Whether they are familiar with the technology and the processes
  • Whether they have experience of auditing against a standard

The choice rests on the enterprise itself. The lead assessor performs the appointed role.

The Lead Assessor?s Role

The Lead Assessor?s main job is reviewing an ESOS assessment prepared by others against the standard, and deciding whether it meets the requirements. They may also contribute towards it. Typically their role includes:

  • Checking the calculation for total energy consumption across the entire enterprise
  • Reviewing the process whereby the 90% areas of significant consumption were identified
  • Confirming that certifications are in place for all alternate routes to compliance chosen
  • Checking that the audit reports meet the minimum criteria laid down by the ESOS system

Note: A lead assessor may partly prepare the assessment themselves, or simply verify that others did it correctly.

In the former instance a lead assessor might

  • Determine energy use profiles
  • Identify savings opportunities
  • Calculate savings measures
  • Present audit findings
  • Determine future methodology
  • Define sampling methods
  • Develop audit timetables
  • Establish site visit programs
  • Assemble ESOS information pack

Core Enterprise Responsibilities

The enterprise cannot absolve itself from responsibility for good governance. Accordingly, it remains liable for

  • Ensuring compliance with ESOS requirements
  • Selecting and appointing the lead assessor
  • Drawing attention to previous audit work
  • Agreeing with what the lead assessor does
  • Requesting directors to sign the assessment

The Environment Agency does not provide assessment templates as it believes this reduces the administrative burden on the enterprises it serves.

Check our similar posts

Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

  • Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
  • Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
  • All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
  • VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

  • Access to company information when the phone ends up in the hands of anyone other than the authorised user.
  • Being billed for phone usage due to virus activity
  • Unauthorised phone activity monitoring through spyware
  • Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

The Cloud: Changing the Game for Small Businesses

There is a consensus among cloud experts that the onset of cloud computing will benefit small organisations the most. In fact, many even go as far as saying that the cloud and small businesses are a match made in IT heaven. How much of this is true and how much of this is merely part and parcel of the hype surrounding cloud computing?

The Cloud as the Great?Equaliser

If you closely examine the essential characteristics of cloud computing, particularly public cloud services, you will see why small organisations would be very interested in the cloud, and would eventually flock to it, like moths to a flame. And why not? Cloud computing is turning out to be the weapon that can allow small and medium organisations to compete on a more level playing field against large enterprises.

Here are some cloud computing benefits that may just close the gap between the two.

  • Significantly lower IT spending. With little to no investment at all on hardware infrastructure and practically zero maintenance costs, SMBs that would have required substantial capital for IT are now finding it easy to get a business started from scratch or develop and test out new products by using the cloud as the backbone of their IT set-up. The pay-as-you-go pricing scheme that cloud computing offers allows companies to start small and scale up as needed, or when the revenue starts coming in.
  • Higher employee productivity. Licensing fees for software applications can run high even if you don’t have a large staff. Good thing there are now a host of cloud-based office tools – word processors, spreadsheets, presentations, accounting systems, etc. – that can boost employee productivity without the corresponding costs that small businesses can ill afford. Plus, team members in remote locations can continue to collaborate with the rest through any internet-connected device in real time.
  • Easier, better communication. The easy accessibility of communication apps has also changed the way employees interact with fellow employees and more importantly, with customers. Whether through email, instant messaging, or social networks, cloud services have given individuals and businesses more ways of giving and getting feedback. The best thing about it is that most of these services don’t cost much or are even free, giving SMBs ample tools to create better products and improve service.
  • A Look at the Figures Many small businesses are already seeing the potential in the cloud, with SaaS (Software as a Service) applications most commonly used among the early adopters. These services include email and other communication apps, file sharing, and backup.

In a February 2012 Edge Strategies survey (commissioned by Microsoft) of 3,000 small businesses in the US, the following data came to light:

  • The number of small companies with 2 to 10 employees using paid cloud services will triple in the next three years;
  • Current cloud users report purchasing an average of 4 services in the cloud now and expect to use 6 in the future;
  • Fifty percent agree that cloud computing is going to become more important for businesses such as theirs.

Further, a survey of 323 SMBs recently released by social business site Spiceworks and sponsored by EMC reveals that from 48 percent at the start of 2012 and 28 percent a year ago, 62 percent of the businesses surveyed now use some type of cloud app.

What these numbers show is that cloud adoption among small and medium enterprises is starting to gain ground and for sure, more will do the same as understanding and awareness increase. Yes, these businesses should still perform their due diligence as there is no one-size-fits-all cloud solution. But for those companies who have managed to find the right cloud apps and services for their needs, it’s all sunny skies up ahead.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today