Simon Propper considers weaknesses in the CSR industry that should be addressed in light of the BP Deepwater Horizon disaster

In a previous article I suggested that BPs series of safety and environmental crises should cause the CR profession to rethink the established approaches to managing social, ethical and environmental issues. If a company can be judged to have achieved best practice and still fail consistently and severely, we can hardly just carry on as before. Several thoughtful comments in response to that article mainly agreed that CR best practice, as currently applied, is not up to the job. Since then others have gone further even making the accusation that the CR community collaborated in the BP disaster. That is nonsense - failure does not equal collaboration - but to improve CR we need to understand the weaknesses and propose remedies. Its easy to declare CR broken, but altogether harder to propose how it can be repaired. Below are ten proposals to make CR more robust. Im putting these forward for discussion rather than suggesting that they provide a definitive solution. The CR community needs to collaborate in improving its approach and increasing its effectiveness. It is after all a young profession working to refine new techniques and gain acceptance in the wider business community. To put the limitations of CR in context, accounting standards have been continually refined for a hundred years but have still not eliminated all fraud. 1. Strong governance Accountability for CR in most companies is too fuzzy. This is in part due to the multifaceted nature of the subject, meaning that it meddles in everybody elses business. The same of course applies to management of risk and legal compliance yet these functions tend to be well anchored in the corporate structure. CR needs a dedicated chief responsibility officer (CRO), reporting to the CEO. The days of the head of communications or operations doubling as the head of CR should be ended. Indeed these functions require oversight by the CRO. CR also requires a board committee, of equal stature to the audit committee, ensuring management control and regular reports to the board. Most existing CR committees do not have this seniority and many lack any clear function at all. 2. Non-executive director representation CR needs board representation through a board member not tasked with delivering operational performance in other words a non-executive. This director would also chair the CR committee. The appointment criteria should ensure that he or she has the skills to scrutinise performance and strategy across a broad range of social, ethical and environmental issues.

3. Governance Logically, outsourcing and the company supply chain should not require its own section here. Like any other business function it should be managed through the other safeguards listed. However the rush to remove capital intensive operations from the company assets and take advantage of low labour costs in the east, has been so rapid and extreme that some giant and successful companies now comprise little more than strategy, finance and marketing teams. While companies have worked out how to acquire the products and services they need in a cost effective way, they have been much less successful in managing the CR implications of their outsourcing. There has been some progress notably in electronics, apparel and retail but control, particularly over multi-tier supply chains is much lower than when the same operations were in house. It may eventually be seen to be a factor in the humbling of both Toyota and BP. But what to do? Most supplier vetting is undertaken by the purchasing department which is often not well resourced and does not necessarily possess the appropriate skills. Better control of outsourcing issues will require significantly greater focus and funding. It would take a separate article to explain how this could best be implemented, but review of the sourcing policies and contracts independent of the purchasing team responsible for them is an obvious step. Reebok used to operate such a system until their take-over by Adidas. 4. Enhanced compliance function Compliance is an important factor. Many companies already have the right policies and systems but fail to stick to them when business pressures make a short-cut appealing. Compliance needs a boost in status and proper funding to enable regular thorough audits. It may never be the most popular role in a company but it should command universal respect and some fear too. The CEO must make support for the compliance function explicit and take a stand against managers taking short-cuts. 5. External oversight Companies cannot afford to be insular about CR and benefit from exposure to external perspectives, even when critical. Although there have been some teething problems, external panels provide companies with a greater level of assurance that they are behaving appropriately and important early warning of issues looming. 6. Culture change Those of us immersed in CR day to day easily forget what a new field it is and how long is the journey to being fully integrated in business. Ten years ago, CR was barely recognised yet today theres almost no CEO of a major company who will dismiss the subject and many are strong advocates.

But business is a conservative culture and change that does not instantly earn profit is slow to establish. Companies committed to CR really do need to step-up the corporate culture campaigns. The most significant element being the unqualified support of management especially the CEO. Tacit support will no longer suffice. We need far more CEOs to admire for their CR leadership. 7. Performance related pay There has been plenty of talk about incorporating CR goals into remuneration and many companies say they do this in their reports. My impression is that the extent is very limited, both in terms of value and the breadth of employees covered. This is a vital part of the company message that CR is core to business. Companies reward behaviour they value or should so if CR is important to the business it must comprise a significant slice of remuneration. Conversely poor CR performance or noncompliance must be seen to be punished. Money talks. 8. Get the KPIs right There are really two points here: get the right KPIs and give them the right profile. Here is an example of how the wrong KPI can be used. Most companies track their lost time injury frequency rate (LTIFR) and see it as a key measure of safety performance. If you look at BPs it has steadily improved. Most injuries are caused by people falling over or crashing vehicles. So a strong focus on hand-rails and driving safety will bring down your LTIFR. But less frequently a really major critical incident will come along and endanger many lives. An oil rig explosion or mine wall collapse for example. Guard rails and nice driving dont help here. So its all too easy, with the best intentions, to use the wrong KPI and misdirect effort to improve performance. Companies need to review their KPIs and seriously test their adequacy as measures of impact on people and the environment. The second point is the profile given to CR KPIs. If CR is taken seriously they should sit alongside the other business KPIs both in internal board reports and the company annual report. CEOs should get used to briefing investors on CR performance in the same presentations that address strategy and financials. 9. Risk identification All quoted companies maintain a risk register and inform shareowners of risks they judge material in their annual report. The risk registers record risks of any type, including social and environmental factors. The difficulty comes in assessing the probability of a particular event occurring and the severity of the consequences if it does, a challenge amplified by the nature of social and environmental issues. Companies are not good at identifying their own weaknesses yet these are often the causes of social and environmental lapses. When problems occur the consequences

can be difficult to predict since regulators behave inconsistently and NGOs may or may not launch a damaging campaign. As a result many companies currently underestimate the probability and severity of risks from social and environmental impact. The methodology for rating risk needs to be updated. 10. An overhaul of ISO14001 and OHSAS18000 The international standards for environment and health and safety management cover a large segment of all CR issues and something is not working when certified companies continue to make consistent large mistakes. It could be that the standards themselves are too loose, placing emphasis on procedures not performance. It was often said of the ISO9000 quality standard that you could manufacture crap provided you did it consistently every day. Or perhaps the accreditation system isnt sufficiently rigorous, handing out tickets too easily in return for the fees. I cant say for sure, but some of the HSE managers I most respect, say that their own systems need to be much tighter than the accredited system. That cant be right. I hope that these ten proposals for robust CR are helpful and will encourage further discussion within the CR community. BP has tested the credibility of all working in this field and the case demands a vigorous response.