2015 ESOS Guidelines Chapter 2 – Deadlines and Status Changes

The ESOS process is deadline driven and meeting key dates is a non-negotiable. The penalties for not complying / providing false or misleading information are ?50,000 each. Simply not maintaining adequate records could cost you ?5,000. The carrot on the end of the stick is the financial benefits you stand to gain.

Qualifying for inclusion under the ESOS umbrella depends on the status of your company in terms of employee numbers, turnover and balance sheet on 31 December 2014. Regardless of whether you meet the 2014 threshold or not, you must reconsider your situation on 31 December 2018, 2022 and 2026.

Compliance Period	Qualification Date	Compliance Period	Compliance Date
1	31 December 2014	From 17 July 2014* to 5 December 2015	5 December 2015
2	31 December 2018	From 6 December 2015 to 5 December 2019	5 December 2019
3	31 December 2022	From 6 December 2019 to 5 December 2023	5 December 2023
4	31 December 2026	From 6 December 2023 to 5 December 2027	5 December 2027

Notes:

1. The first compliance period begins on the date the regulations became effective

2. Energy audits from 6 December 2011 onward may go towards the first compliance report

Changes in Organisation Status

If your organisation status changes after a qualification date when you met compliance thresholds, you are still bound to complete your ESOS assessment for that compliance period. This is regardless of any change in size or structure. Your qualification status then remains in force until the next qualification date when you must reconsider it.

Check our similar posts

Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

User-Friendly RASCI Accountability Matrices

Right now, you’re probably thinking that’s a statement of opposites. Something dreamed up by a consultant to impress, or just to fill a blog page. But wait. What if I taught you to create order in procedural chaos in five minutes flat? ?Would you be interested then?

The first step is to create a story line ?

Let’s imagine five friends decide to row a boat across a river to an island. Mary is in charge and responsible for steering in the right direction. John on the other hand is going to do the rowing, while Sue who once watched a rowing competition will be on hand to give advice. James will sit up front so he can tell Mary when they have arrived. Finally Kevin is going to have a snooze but wants James to wake him up just before they reach the island.

That’s kind of hard to follow, isn’t it ?

Let’s see if we can make some sense of it with a basic RASCI diagram ?

Responsibility Matrix: Rowing to the Island
Activity	Responsible	Accountable	Supportive	Consulted	Informed
Person	John	Mary	Sue	James	Kevin
Role	Oarsman	Captain	Consultant	Navigator	Sleeper

Now let’s add a simple timeline ?

Responsibility Matrix: Rowing to the Island
?	Sue	John	Mary	James	Kevin
Gives Direction	?	?	A	?	?
Rows the Boat	?	R	?	?	?
Provides Advice	S	?	?	?	?
Announces Arrival	?	?	A	C	?
Surfaces From Sleep	?	?	?	C	I
Ties Boat to Tree	?	?	A	?	?

Things are more complicated in reality ?

Quite correct. Although if I had jumped in at the detail end I might have lost you. Here?s a more serious example.

There?s absolutely no necessity for you so examine the diagram in any detail, other to note the method is even more valuable in large, corporate environments. This one is actually a RACI diagram because there are no supportive roles (which is the way the system was originally configured).

Other varieties you may come across include PACSI (perform, accountable, control, suggest, inform), and RACI-VS that adds verifier and signatory to the original mix. There are several more you can look at Wikipedia if you like.

UK Hauliers Pull Together on ESOS

ESOS is what UK business needed, to encourage it to become more responsible for the environmental consequences of making money. Government has met with industry leaders to hammer out the finer details. Now there are heartening signs of intra-industry collaboration, for the example the FTA approach we discuss here.

The Freight Transport Association (FTA) is one of the UK?s biggest trade associations, and exists to represent the interests of companies moving goods by air, rail, sea and road. It is their representative at national, European and local level that advises them on legal compliance. In February 2015, it announced plans to help the industry comply with ESOS too.

The association has been active since the announcement of the UK?s Energy Saving Opportunity Scheme. It has engaged with government and membership through the portal of its Logistics Carbon Reduction Scheme (LCRS). The Environment Agency has singled this out as a benchmark other industries could follow.

FTA general manager for consultancy and tendering Karen Packham recently said, ?With our highly experienced and fully qualified team of transport auditors ?the FTA is best placed to offer practical advice and is able to provide specialist audits to ensure members are fully compliant ? and will gain all the benefits that the scheme has to offer.?

These co-audits with Environment Agency specialists advising, will focus on the full range of operational and supporting activities, and ensure that all haulage companies with over 250 employees do the following:

Assess energy use across their full spread of buildings, transport media and industrial activity

Examine energy-intensive pressure points and identify savings opportunities that provide financial benefit

Nominate an ESOS person to conduct future audits, or oversee and approve them independently

Report to the Environment Agency as scheme administrator per statutory intervals

Ecovaro has energy management software that turns metrics into high-level information that busy people understand. Give us a call if you are puzzling how best to present your data. We believe two heads can achieve so much more together.