2015 ESOS Guidelines Chapter 3 to 5 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  1. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  1. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  1. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  1. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  1. Notify the Environment Agency of Compliance within the deadline using the online notification system as soon as the enterprise believes is fully compliant.
  1. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact ecoVaro if we can assist in any way.

Check our similar posts

Article 8 of the EU Energy Efficiency Directive ? Orientation

Following in-depth discussion of the UK?s ESOS response, we decided to backtrack to the source, especially since every EU member is facing similar challenges. The core purpose of the directive is to place a pair of obligations on member states. These are

  1. To promote the availability of energy audits among final customers in all sectors, and;
  2. To ensure that enterprises that are not SMEs carry out energy audits at least every four years.

Given the ability for business to look twice at every piece of legislation it considers unproductive, the Brussels legislators took care to define what constitutes an enterprise larger than an SME.

Definition of a Large Undertaking

A large undertaking meets one or both of the following conditions:

  1. It employs 250 or more people
  2. Its annual turnover is more than ?50 million and its balance sheet total exceeds ?43 million

Rules for Energy Audits

If accredited / qualified in-house specialists are unavailable then independent experts should supervise audits. The talent shortage seems common to many EU businesses. In hindsight, the Union could have ramped up slower, especially since the first compliance date of 5 December 2015 does not leave much swing room.

ecoVaro doubts there was a viable alternative, given the urgent imperative to beat back the scourge of carbon that is threatening the viability of our planet. The legislators must have been of a similar mind when laying down the guidelines. Witness for example the requirement that penalties be ?effective, proportionate and dissuasive?.

In order to be compliant, an energy audit must

  1. Be based on twelve months of verifiable data that is
    • over a continuous period beginning no more than 24 months before the beginning of the energy audit, and;
    • identifies energy saving opportunities including paths to their achievement
  2. Analyse the participant’s energy consumption and energy efficiency
  3. Have not been used as the basis for an energy audit in a previous compliance period

Measurement of current status and progress tracing are at the core of energy saving and good governance generally. EcoVaro has a powerhouse of software tools available on the cloud to help project teams save time and money.

Why Spreadsheets can send the Pillars of Solvency II Crashing Down


Solvency II is now fast approaching and while it may provide added protection to policy holders, its impact on the insurance industry is not all a bed of roses. Expect insurance companies to restructure, increase manpower, and raise spending on actuarial operations and risk management initiatives. Those that cannot, will have to go. But what have spreadsheets got to do with all these?

Well, spreadsheets aren’t really the main casts in this blockbuster of a regulatory exercise but they certainly have a significant supporting role to play. Pillar I of Solvency II, which calls for improved supervision on internal control, risk management, and corporate governance, and Pillar II, which tackles supervisory reporting and public disclosure of financial and other relevant information, both affect systems that have high-reliance on spreadsheets.

A little background about spreadsheets might help.

Who needs an IT solution when you can have spreadsheets?

Everyone in any organisation just love spreadsheets; from the office clerk to the CEO. Because they’re so easy to use (not to mention they’re a staple in office computers), people employ them for processing numbers and as an all-around tool for planning, forecasting, reporting, complex modelling, market data analysis, and so on. They make such tasks faster and easier. Really?

You probably haven’t heard of spreadsheet hell

Unfortunately, spreadsheets do have certain shortcomings. Due to their inherent structure and lack of controls, it is so easy to commit simple errors like an accidental copy paste, an omission of a negative sign, an incorrect data input, or an unintentional deletion. Such shortcomings may seem harmless until your shareholders discover a multi-million discrepancy in your financial report.

And because spreadsheet errors can go undetected for a long time, they are constant targets of fraudsters. In other words, spreadsheets are high risk applications.

Solvency II Impact on Spreadsheet-based Financial and IT Systems

Regulations like Solvency II, are aimed at reducing risks to manageable levels. Basically, Solvency II is a risk-based system wherein a company?s capital requirements will depend on its measured riskiness. If companies want to avoid facing onerous capital requirements, they have to comply.

The three pillars of Solvency II have to be in place. Now, since spreadsheets (also known as User Developed Applications or UDAs) are high-risk applications with weak control features and prone to produce inaccurate reports, companies will have a lot of work to do to establish Pillars II and III.

There are at least 8 articles that impact spreadsheets in the directive. Article 82, for example, which requires firms to ensure a high level of data quality and accuracy, strikes at the very core of spreadsheets? weakness.

A whitepaper by Raymond Panko entitled ?Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks? mentioned that 94% of audited real world operational spreadsheets that were included in his study were found to have errors and that an average of 5.2% of all cells in the audited spreadsheets had errors.

Furthermore, many articles in the directive call for the enforcement of better documentation. This is one thing that’s very tedious and almost unrealistic to do with spreadsheets because just about anyone uses them. Besides, with different ‘versions? of the same data existing in different workstations throughout the organisation, it would be extremely difficult to keep track of them all.

Because of spreadsheets you now need an IT solution

It is clear that, with the growing number of regulations and the mounting complexity of tasks needed for compliance, spreadsheets no longer belong in this era. What you need is a server-based solution that allows for seamless collaboration, data reliability, data consistency, increased security, automatic consolidation, and all the other features that make regulation compliance more doable.

One important ingredient for achieving Solvency II compliance is sound data risk management. Sad to say, the ubiquitous spreadsheet will only expose your data to more risks.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

Advert-Book-UK

amazon.co.uk

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

  • Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
  • Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
  • All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
  • VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

  • Access to company information when the phone ends up in the hands of anyone other than the authorised user.
  • Being billed for phone usage due to virus activity
  • Unauthorised phone activity monitoring through spyware
  • Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

Ready to work with Denizon?

Contact Us Today