Beruflich Dokumente
Kultur Dokumente
Richard Hollands
A definition
the commitment of business to contribute to sustainable economic development working with employees, their families, the local community and society at large to improve their quality of life.
World Business Council for Sustainable Development, (2000), Corporate Social Responsibility: Making Good Business Sense, p10.
CSR is about managing the impacts on society and stakeholders of a organisations operations, processes, behaviour etc. Typically this means an organisations Social, Ethical and Environmental (SEE) activities in the wider world. CSR has a relationship with an organisations financial activities too. CSR is at the core of public service and charity organisations. CSR lies at the heart of reputation management.
Operating beyond basic legal compliance from the board downwards; Considering the impacts on society and the environment; Managing social, ethical and environmental risks; Having relationships with stakeholders that are responsible, fair, and respect human rights; Responding to the needs and expectations of diverse stakeholder groups; and, Building the above into governance & management systems.
Rayner, J., (2003), Managing Reputational Risk curbing threats, leveraging opportunities, Chichester, England: John Wiley & Sons.
providing independent assurance to the Board and Audit Committee that the organisation is managing risk effectively; raising awareness of risk and control matters to improve the risk management in the business of their organisations; and, co-ordinating risk reporting to the Board/Audit Committee.
Traditional audits do not address CSR risks; Turnbull risks include health, safety, environmental, reputational and business probity (ie CSR-type risks) resulting in an assurance gap!;
Responsible methods
Combination
Traditional methods
the achievement of objectives; compliance with rules, regulations and legislation; the reliability of records and information; economy, efficiency and effectiveness; and, that assets are safeguarded.
the achievement of objectives in a responsible way with adverse impacts upon stakeholders being minimised and positive impacts maximised; compliance with rules, regulations and legislation with stated values that are consistent with responsible practice(s); the reliability of records and information for internal and external (stakeholder) purposes; that the optimum use of resources are employed in a responsible way; and, that assets are safeguarded, including assets external to the organisation such as its investment in society and the environment.
Integrated into risk-based approach: CSR risks considered as part of all relevant risks;
Planned audit activity of CSR where there is no underpinning corporate objective will be difficult to deliver;
Considered for both strategic and individual assignment plans; Re-balancing of resources and priorities; and, Is planned audit coverage proportionate to the risk(s)?
Adopting the integration principle reduces the potential for an assurance gap and increases the potential for audit adding value; Comparing what is with what should be: is the operational activity being performed in a way that is consistent with responsibility values? Consider the external perception of the CSR risks impact on reputation.
Start from the position that all internal audits are a proven and structured process; Recognise that there is a role for specialists in the assurance of CSR; specific issues may require expert resources; Use collaboration to acquire specialist help, and as a basis for developing auditors competency and knowledge of CSR; and, specialist agencies should be considered as part of any audit planning.
contribution to the business aims; alignment with the stated mission and values; consistency with accepted codes of conduct and policies; effect upon stakeholders; costs and benefits of CSR activities have been considered, and; management have considered and taken appropriate measures to manage [CSR] risks.
This type of audit combines the doing responsible things and doing things responsibly approaches. Internal audit should assess and report upon not only how well activities have delivered against planned benefits but that they have
Appropriate for reviews of operational units of an organisation. Should be used to confirm any CSR-related issues are working on the ground when there is no specific risk. .
Employed on single CSR issue of an organisations business such as a CSR-type risk within the risk register.
Or where a specific operational unit has a high exposure to a CSR-type risk and needs to be considered specifically as part of a wider review.
Specific investigations or where a fundamental breakdown in effective risk management and controls has occurred which leaves the organisation open to significant risk.