CSR as Standards and Reporting

Logo of Global Reporting Initiative

Last week I had a short blog about stakeholder engagement and some of the events leading up to the tendency for businesses and organizations to look beyond clients and suppliers. But in order to be effective a systematic approach is needed that will enable organizations to categorize and absorb the knowledge gained from a more outgoing approach.

Other forms of stakeholder engagement can come through compliance and reporting on the corporations’ ability to conform to certain standards. There are many good reasons why corporations engage on compliance strategies. The main arguments are:

  1. Stamp of approval through accreditation
  2. Attractiveness to social responsible investors, and
  3. Branding the company as a social responsible member of the community (Locke et al, 2006:1f).

Initiatives such as Global Compact (GC), Global Reporting Initiative (GRI) or the supplementary Principles for Responsible Investments (PRI), enables companies to increase their transparency level (United Nations Global Compact, 2008, UNEP Finance Initiatives, 2005, Global Reporting Initiative, 2006). Some of these initiatives are sponsored by the United Nations (UN) and thereby giving companies that abide to the standards, a stamp of approval from a world recognised institution. Other standards organisations are private or semi-governmental institutions that have created systems for governing sustainable behaviour as for example systems issued by the International Organisation for Standardization[1].

Systems can also be grouped by industry or be customized to the individual company where they are called Code of Conduct or similar systems. Common for Codes of Conduct are that they in some form are linked to universal agreed treaties such as the human rights, labour standards or environmental agreements. There are, however, some drawbacks in relying too heavily on these systems. A company like e.g. Nike has adopted a comprehensive Code of Conduct system of standards and control which both rely on internal and external auditing, but has found that this does not safeguard the company from criticism on labour standards in its supply chain (Locke et al, 2006). The lessons learned from Nike is that standards and systems should not stand alone but should be complimented by other forms of stakeholder engagement such as joint training with suppliers and frequent meeting activities both formal and socially to increase cultural exchange between the parties (Locke & Romis, 2006).

The second driver for stakeholder engagement can be the access to social responsible investors. While only a few years ago the Social Responsible Investments (SRI) constituted a fraction of the total investment portfolio it was in 2008 representing investments of over 18 trillion USD (UNEP Finance Initiatives, 2005). For many companies it can be a benefit to be part of a SRI portfolio as it gives access to funds that other companies might not have access to. In addition, the system of control and auditing can enable the company to streamline its processes and get rid of organisational risk that might affect long-term profitability. Investigations into the link between profitability and CSR shows that companies that rate their CSR effort positively also have a significant better financial performance than companies that does not (Economist, 2008:6).

The third reason for adopting a compliance strategy is the potential for positive branding. The GC is now consisting of approximately 5000 companies (United Nations Global Compact, 2008) from around the world. Grouping with other well-branded businesses who subscribe to the GC standard can boost their corporate brand and increase the collective brand value of all. Other companies use CSR actively to differentiate themselves in an otherwise competitive market.

From leader to follower – the impact of Danish CSR legislation

One would epact that countries that have a dedicated CSR law would also be the ones that would lead the pack on reporting. However according to the latest KPMG International survey of Corporate Responsibility Reporting is Denmark at best a slow follower behind countries like India, Spain, Hungary, China and South Korea just to name a few.

Traditionally the Danes have though of them selves as the “inventors” quality reporting on CSR with companies like NovoNordisk, Novozymes and Danisco at the very top. But it would seem that success have fostered complacency and now just about everybody have overtaken this ones a beacon of CSR reporting. According to KPMG we have moved from Quality to Quantity as we see more and more reporting being done but the quality of these reports does not seem to follow. One might think that having a dedicated CSR law would foster quality but it would seem that it is the other way around.

It should not be that difficult to follow the law as it is quite easy to come up with a policy, create a report and act on its findings. But it looks like that most companies have focused on the letter of the law rather than internalising CSR as part of the business. This leads to the dilemma if CSR should be voluntary or involuntary as s the case in Denmark at least for the 1100 biggest companies.

If the KPMG survey is true it could mean that a voluntary approach foster quality in reporting such as in the areas of IT, Assurance, Integration, use of standards and use of communication channels. While a law approach would mean that one gets more CSR reporting but at a lower quality.

One could argue that quality will come as time passes and it is only a matter of getting the right tools implemented. But if one looks at the CSR reporting discourse that Danish companies have taken it would seem that companies goes for the lowest common denominator.

In my mind Danish companies have taken a clear and present competitive advantage and turned it into a exercise in cost reduction. Shame on you….

Integrating or delegating the CSR effort what should companies do?

For most companies CSR is believed to be an expense rather than a investment. This has resulted in quite different approaches to the CSR effort. Some have chosen to integrate their work inside the communication or Human Resource department while others have independent and dedicated to the task at hand. Yet others have opted for an outsourcing approach were they let their regular financial auditor, like KPMG or PWC or smaller consulting companies like Identitas or CSR Gender group do their reporting as part of their consulting services.

One would often think that integration would be the best approach that companies can take to their CSR reporting structure, but if you have no resources this might not be the case. There are actually some merits to outsourcing or teaming up with a business partner.

For one there is standardization of reporting. I have looked over hundreds of CSR reports of all types and there seem to be a infinite number of ways that one can write and report on the subjects within Environment, Social impact and Governance issues. Most of the major consulting firms will use a standard approach, either invented by them or using one of the majors reporting frameworks like Global Reporting Initiative (GRI) or one, or more of the standards issued by ISO. Standardisation enables analysts to compare and evaluate individual companies with each other across a wide range of indicators.

Secondly there is the subject of expertise and knowledge. Most business does not have CSR as part of their core business, they produce other types of products or service, which might or might not be related to such activities. The point is that most business does not have the capacity to create a sustainability report, which reflect a relative true image of the company’s behaviour. When organisations try to create reports for which they have no or very little understanding about their impact, at most these reports becomes fragments of reality and in worst case they are more or less conscious efforts at manipulation. So getting the right expertise in place can actual help the CSR reporting effort even though these resources are not part of the business itself.

Third, there is some merit to the focus on the core business. Some proponents of CSR almost make one believe that the only reason of business is to contribute to a better world that the product and organisation is secondary to this higher aim. However, any manager or business professional will tell you that the Reason E’tre for business lay in its product and not it’s organisation or how it conduct itself. This might come as a chock to some but without a clear product or service the organisation will not exist for very long and therefor have no way to behave either good or bad. This means that if you are managing organisations that produce technical systems for the medico industry you might not know that much about ethics or how to access your impact on society or the environment. So the best thing you might do, is actually to contact somebody who can help you with making this assessment and a external consultant might be the one you are looking for.

Corporate culture might be in the way of change. We all know that change in organisations does not come easy so you might want to have somebody who has no connection or previous history within the company to facilitate this change. Somehow it is just easier for a external consultant to ask the logistics manager if he receives any kickbacks from the main forwarders working contracts for the company than it is for the local communication specialist to do the same. The consultants role and work description is clear in most organisations that they enter and it is legitimate for them to investigate all the ins and outs of the organisations without there motives being put into question. So, for some companies it can actually help the process by having somebody from the outside either as an interim manager or consultant.

I think the lesson is that business “should do what it is good at” and if that includes CSR reporting, and organisational and cultural change management then they should do that. Organisations engaged in CSR activities should have a hard look at their core business and either establishes a strong connection with their reason for being or ask themselves if it is better concentrate on something else. If they come to the conclusion that they are not able or willing to engage in CSR activities, but that it is part of their license to operate they should think about what is best do a half ass job at it or find a suitable business partner to  facilitate the process.

Are the biggest necessarily the best?

Flags of the Nordic countries - from left: Fin...

Image via Wikipedia

I have done a small survey of the top ten employers in Scandinavia (Denmark, Sweden, Norway and Finland) to look for evidence that these companies are also engaging in CSR activities. My question was if the nordic companies subscribe to the UN Global Compact and if so what CSR system do they use for reporting?




Number Employees

Member of Global Compact

Using a normative reporting tool like GRI, ISO26000, Etc.



ISS Holding A/S





Cleaning and Facilities services









Securitas AB


Nokia OY







A.P. Møller – Mærsk A/S





Transportation and Retail


Volvo, AB














H & M Hennes & Mauritz AB





Textile retail


Helse Sør Øst RHF





Governmental Health institution


Skanska AB





Building and Construction


Electrolux, AB







It does seem like that the big companies have a tendency to use Global Reporting Initiative (GRI) as their preferred reporting platform. The ISO26000 haven’t found its way into the large corporations at this point but it’s still early days for the standard and I would not expect anything solid until next year.

Another interesting finding is that companies that have products that are relative close to the consumers like clothing, mobile phones or cars are more likely to have implemented a normative reporting system. On the other hand are companies and organisations like ISS and Securitas that does provide a service but who are not perceived as being close to the end consumer not as likely to have adopted a system which would is perceived as communicating transparency.

Can you ever have too much information – Lessons learned from the world of Business Intelligence

Business intelI was inspired by the headline Is GRI Too much transparency for NGOs? Which was posted on prizmablog.com and it made me think about how information is managed and how far we are from learning from each other’s mistakes in both the business and NGO/CSO world.

When I started in the field of business intelligence in the late 90’ties information of God, or at least we had a religious belief around information. All we wanted was to get as much information as possible little did we know that information would eventually make us inefficient and create weak decision-making systems.

In the transport industry was one of the main problems to know were stuff were? We transported ‘stuff’ all around the world with multiple stops along the way. When we wanted to know were ‘stuff’ were we needed to one see if it arrived at the destination or two pick up the phone and start asking around.

In one instance I had a package going from Vietnam to Copenhagen and it was lost and had not arrived on time. So I used a day calling the different stations along the supply chain all the way from Copenhagen to the different logistics hubs along the way all the way to south East Asia. In the end I got a hold of somebody in the Hanoi office and she might be able to help me out, but not until the day after because they only had power two hours a day so that she could use the computer. The next day I finally found my package in Belgium, but that is a different story.

The point is that we needed easy access to information and we needed it now. We had screaming clients in one end, and massive waste of man-hours in another and the solution was apparent to as all, we desperately wanted to know what was going on. The company was loosing both money and clients and at an alarming rate. To our benefit could be said that all our competitors was just as bad us so it was a level playing field.

So we started an information gathering project. All our packages had a barcode on them and that would form the backbone of our tracking service. All employees that handled packages were issued with a system for scanning and creating digital reference points. All in all, we figured that one package that were either shipped or received from outside Europe would receive somewhere between 30 and 50 checkpoints, as we called these reference points, along the way.  In 1998 we hit the implement bottom and in a matter of days we were overloaded with information, which we knew we needed but we had no system for handling.

Basically we became hugely inefficient and the system was extremely expensive to implement and we were unable to determine if we were taking right or wrong decisions. Just imaging the cost of scanners and computers that was needed to get all the equipment installed around the world, not to mention the man-hours. On top of that we had of cause a need to upgrade the electricity supply in Vietnam, so that they could transmit and retrieve data.

Later one we found out what to do and had training and systems in place for handling the incoming data but the starting point was nothing less than a disaster.

What NGO should learn from Business Intelligence  

So when one asks if the NGOs are able to handle the information they themselves have been asking for, my hypostasis would be that it’s a big NO. At least we had the benefit if knowing the business and its inner clockwork of the organization. The NGOs have no such perspective and the chance of miss interpreting data and making huge mistake are ever present.

What is needed it in my mind effective communication/information management. The transport business of 2011 is much more advanced than it was when I started and in the end left. The track and trace systems of today are much more intuitive and ‘Google’ inspired which really creates value for customers and transportation companies alike. The NGO or other organizations interested in transparency have no such system for handling data and have no experience. When I left the company some six years ago it was producing well over 10’000´000 checkpoints every day around the world at tens of thousands of locations.

How in the world would a NGO be able to handle just 1% or even less of that information? The GRI provides some individual 129 headlines, which in some way tell something about the company from economic data to its status on environmental impact and Human Rights. In a normal GRI report one would properly have somewhere between 500 and 3000 checkpoints. There is no way in my mind that NGO will be able to effectively use this data for anything than individual company analysis and spot checks without an effective information management system and training in how to use it.

So my small piece of advice is to think before you hit the implement bottom and get overwhelmed with information that you have no chance in the world to manage anyhow. Instead one should sit down and find out what information is needed, how we are going to handle it and what are we going to use it for. From there the NGO or other interested organization can systematically create databases of corporate GRI report data that is actually useful.

Why does the Danish government endorse the ISO26000 scheme when it is clearly not the intent of ISO

Panorama of ISO 26000

Image via Wikipedia

According to a resent published article on Ethical Corporation it is claimed that “Rogue certification of the new sustainability standards has become a challenge for ISO” and nothing could be truer.

At the same time that the ISO 26000 standard was issued a group of policy makers, companies, CSR professionals and not least Danish Standard held a conference promoting DS26000 a certifiable standard that organizations can use to certify their CSR work. In an almost simultaneous press release from International Organisation for Standardisation (ISO) was any claim of certification deemed as in contradiction to the intend of the CR ISO26000 standard itself. The Danish Standard have subsequently revised their communication and conveniently deleted all mention of certification on their site, but this does close get the ‘cat’ back into the bag so to speak.

Ethical Corporation lists a series of issues that they believe a certification of the ISO will bring to the surface. The list includes for example that consulting firms will attempt to make a ‘quick buck’ by offering ISO 26000 certification, which is true for Denmark were Danish Standard offered this type of service. Companies will start asking their suppliers to comply with ISO 26000 as a condition to do business, businesses trying to get favorable attention from consumers by claiming compliance with ISO 26000, and governments trying to use ISO 26000 to develop a social responsibility regulation. All of these behaviors have been seen in relation to other types of ISO standards products.
The standards-setting body of ISO have made it very clear that ISO 26000 was a voluntary guidance standard, not a management system. Since it is not a management system, such as ISO 9000 or ISO 14001, it is not at least in theory be a certifiable system.

“The decision to make ISO 26000 a guidance standard instead of a certifiable system reflected the concerns of industry representatives not to overburden business with costly certification requirements.”, says Paul Hohnen, an independent sustainability consultant who participated in the ISO 26000 negotiations as a representative of the Global Reporting Initiative.

While the Danish standard DS 26000 was only at its initial phases of its marketing process others have come a long way in their efforts to top the market. Such as the Hong Kong-based certification firm Accredited Certification International started openly “awarding” ISO 26000 certification to Chinese companies and announcing their names on its website. 

The question now is what will be the next move of ISO on these rouge operators will they do as they recently claimed in a press release and revoke Danish standard and others right to certify according to ISO. Or will they just ignore these operators because the price of revoking the license will be to great even for ISO. As Robert Frost, says Robert Frost, head of communication at the ISO central secretariat in Geneva puts it “Anyone tempted into buying such a service is wasting their money and risks damaging the credibility of their organisation since ISO has made it quite clear that ISO 26000 is not a certification standard,” and he continues “At this stage, ISO is more interested in stopping the practice than in naming the culprits,”. These comments might give an indication of what ISO intend to do but for many CSR professionals, researchers or just interested stakeholders this is the time when CSR standards are being put to the test and all future standards will in some form be emulated on the basis of the outcome of this discussion.

Can you be certified responsible?

Panorama of ISO 26000

Image via Wikipedia

The new standard from ISO 26000 is out and alive. I have written some words about the system before which are the biggest attempt to create one system for all the CR activities that an organization might engage in. I have some critical remarks on what I see as an attempt to micro manage norms and I believe is in essence a very big compromise. With over 100 pages of standard description it would make even the most committed CR professional dizzy.

There is certainly a need for some standardization within CR reporting no doubt. Just look at the top ten companies in your region and you will with guarantee find ten different ways of reporting. Even the ones using Global Reporting Initiative as a reporting platform have different ways of interpreting the standard even though it might seem very obvious at first.

What I find disturbing is that some organizations are certifying ISO 26000 for companies. So what the problem you might ask? Well if one get certified the auditor signs that a given organizations is living up certain predefined standards and have been audited in doing so. In a CR context this would mean that you are living up to the norms of your stakeholders. Basically CR can be defined as Engaging, Understanding and Complying with the norms of stakeholders and society at large. So with this definition an organization would be in compliance for about one second or less, which would be absurd.

As you might have guessed I do not believe that CR should be certifiable. Companies like Dansk Standard (DS) that claim that they can guide, audit and certify other companies CR efforts are in my eyes not creditable. A company might need outside assistance in their effort to engage with their stakeholders more effectively but certification is not the way to do that. There are several very good consulting companies on the market and they will be able to guide a CR process from start to end but a very few will put their name on the well and certify the company as being social responsible even if it was only a one year certification.

Any organization that I would come across with an DS26000 (the local certifiable version of ISO26000) plank on the wall would in my view be eligible for in-depth scrutiny by all the critical NGO’s and CSO’s that would claim to have a stake in its activities. I’m sure that companies that get that kind of certification have totally missed the point of what social responsibility means and what it entails.

There is a presentation of the DS standard in the start of next month maybe they will be able to convince me that I’m all wrong and of cause there is no issues related to being certifaiable good… I will keep you posted.