Integrating or delegating the CSR effort what should companies do?

For most companies CSR is believed to be an expense rather than a investment. This has resulted in quite different approaches to the CSR effort. Some have chosen to integrate their work inside the communication or Human Resource department while others have independent and dedicated to the task at hand. Yet others have opted for an outsourcing approach were they let their regular financial auditor, like KPMG or PWC or smaller consulting companies like Identitas or CSR Gender group do their reporting as part of their consulting services.

One would often think that integration would be the best approach that companies can take to their CSR reporting structure, but if you have no resources this might not be the case. There are actually some merits to outsourcing or teaming up with a business partner.

For one there is standardization of reporting. I have looked over hundreds of CSR reports of all types and there seem to be a infinite number of ways that one can write and report on the subjects within Environment, Social impact and Governance issues. Most of the major consulting firms will use a standard approach, either invented by them or using one of the majors reporting frameworks like Global Reporting Initiative (GRI) or one, or more of the standards issued by ISO. Standardisation enables analysts to compare and evaluate individual companies with each other across a wide range of indicators.

Secondly there is the subject of expertise and knowledge. Most business does not have CSR as part of their core business, they produce other types of products or service, which might or might not be related to such activities. The point is that most business does not have the capacity to create a sustainability report, which reflect a relative true image of the company’s behaviour. When organisations try to create reports for which they have no or very little understanding about their impact, at most these reports becomes fragments of reality and in worst case they are more or less conscious efforts at manipulation. So getting the right expertise in place can actual help the CSR reporting effort even though these resources are not part of the business itself.

Third, there is some merit to the focus on the core business. Some proponents of CSR almost make one believe that the only reason of business is to contribute to a better world that the product and organisation is secondary to this higher aim. However, any manager or business professional will tell you that the Reason E’tre for business lay in its product and not it’s organisation or how it conduct itself. This might come as a chock to some but without a clear product or service the organisation will not exist for very long and therefor have no way to behave either good or bad. This means that if you are managing organisations that produce technical systems for the medico industry you might not know that much about ethics or how to access your impact on society or the environment. So the best thing you might do, is actually to contact somebody who can help you with making this assessment and a external consultant might be the one you are looking for.

Corporate culture might be in the way of change. We all know that change in organisations does not come easy so you might want to have somebody who has no connection or previous history within the company to facilitate this change. Somehow it is just easier for a external consultant to ask the logistics manager if he receives any kickbacks from the main forwarders working contracts for the company than it is for the local communication specialist to do the same. The consultants role and work description is clear in most organisations that they enter and it is legitimate for them to investigate all the ins and outs of the organisations without there motives being put into question. So, for some companies it can actually help the process by having somebody from the outside either as an interim manager or consultant.

I think the lesson is that business “should do what it is good at” and if that includes CSR reporting, and organisational and cultural change management then they should do that. Organisations engaged in CSR activities should have a hard look at their core business and either establishes a strong connection with their reason for being or ask themselves if it is better concentrate on something else. If they come to the conclusion that they are not able or willing to engage in CSR activities, but that it is part of their license to operate they should think about what is best do a half ass job at it or find a suitable business partner to  facilitate the process.

Why does the Danish government endorse the ISO26000 scheme when it is clearly not the intent of ISO

Panorama of ISO 26000

Image via Wikipedia

According to a resent published article on Ethical Corporation it is claimed that “Rogue certification of the new sustainability standards has become a challenge for ISO” and nothing could be truer.

At the same time that the ISO 26000 standard was issued a group of policy makers, companies, CSR professionals and not least Danish Standard held a conference promoting DS26000 a certifiable standard that organizations can use to certify their CSR work. In an almost simultaneous press release from International Organisation for Standardisation (ISO) was any claim of certification deemed as in contradiction to the intend of the CR ISO26000 standard itself. The Danish Standard have subsequently revised their communication and conveniently deleted all mention of certification on their site, but this does close get the ‘cat’ back into the bag so to speak.

Ethical Corporation lists a series of issues that they believe a certification of the ISO will bring to the surface. The list includes for example that consulting firms will attempt to make a ‘quick buck’ by offering ISO 26000 certification, which is true for Denmark were Danish Standard offered this type of service. Companies will start asking their suppliers to comply with ISO 26000 as a condition to do business, businesses trying to get favorable attention from consumers by claiming compliance with ISO 26000, and governments trying to use ISO 26000 to develop a social responsibility regulation. All of these behaviors have been seen in relation to other types of ISO standards products.
The standards-setting body of ISO have made it very clear that ISO 26000 was a voluntary guidance standard, not a management system. Since it is not a management system, such as ISO 9000 or ISO 14001, it is not at least in theory be a certifiable system.

“The decision to make ISO 26000 a guidance standard instead of a certifiable system reflected the concerns of industry representatives not to overburden business with costly certification requirements.”, says Paul Hohnen, an independent sustainability consultant who participated in the ISO 26000 negotiations as a representative of the Global Reporting Initiative.

While the Danish standard DS 26000 was only at its initial phases of its marketing process others have come a long way in their efforts to top the market. Such as the Hong Kong-based certification firm Accredited Certification International started openly “awarding” ISO 26000 certification to Chinese companies and announcing their names on its website. 

The question now is what will be the next move of ISO on these rouge operators will they do as they recently claimed in a press release and revoke Danish standard and others right to certify according to ISO. Or will they just ignore these operators because the price of revoking the license will be to great even for ISO. As Robert Frost, says Robert Frost, head of communication at the ISO central secretariat in Geneva puts it “Anyone tempted into buying such a service is wasting their money and risks damaging the credibility of their organisation since ISO has made it quite clear that ISO 26000 is not a certification standard,” and he continues “At this stage, ISO is more interested in stopping the practice than in naming the culprits,”. These comments might give an indication of what ISO intend to do but for many CSR professionals, researchers or just interested stakeholders this is the time when CSR standards are being put to the test and all future standards will in some form be emulated on the basis of the outcome of this discussion.

ISO26000 certified ? Update

I have had quite a few posts on the ISO26000 standard and not least the attempts to create a certified version. I’m therefore glad to see that Ethical Corporation have taken up the story which is quickly is turning into a real scandal and a potential crisis for the ISO organization. It is not that the standard is bad or poor work it is just that the system is being used for something that it was not intended for.

You can find the article in Ethical Corporation here.

ISO14000 for SME

In order for small and medium size enterprises to make it among all the big companies out there they are often required to present documentation for their CSR efforts.

A new tool is provided from ISO called ISO 14001 Environmental Management Systems – An easy-to-use checklist for small business – Are you ready? And it provides some of the basic checklists that most companies will ask for in a supplier.

ISO claims that some 223000 companies are now using their environmental standard and it is bound to have an effect on subcontractors around the world. It has for a long time been nearly impossible for SMEs to provide documentation for the environmental management work but with this new tool they at least have a fighting chance to get into the game.

I for one welcome the initiative. For years SME have had to invent their own systems for coping with customer pressure now they will have a affordable system that can be handled with the minimum of resources required. I have in the past been quite critical of some of the stuff that ISO does but sometime they do get it right and this is one of those times. See more here.

What systems do

I have on several occasions discussed the shortcoming of having a systems only approach to CSR. There is no doubt that systems are one of the major ways that companies and organizations alike tries to navigate the troubled waters of CSR and to some extent they have been successful in their endeavor. However, only relying on systems will not make your organization more ethical or create new markets that you can explore. I have been working with organizational management systems for the past 15 years and I have never seen innovation or improved reputation, because I had a better management system then all the others in my field of business. So what do systems do?

  1. Systems are for management not for leadership. Systems will give you a good idea about what is going on in your organization. For many big companies it can be quite a problem to find out what is really going on, a well designed system will give you the data you need to manage your business in an effective way. It will not, however, lead your business in the direction you want it to go, this is a task you will have to do yourself.
  2. Data is God. One of the best things about systems is that they provide you will massive amounts of data. When I started in the systems world we just wanted as much data as possible about all the different processes we were engaged in. Today the main purpose seems to be to limit the flow of information and figuring out what is really important in order for management to take some form of well founded decisions.
  3. Managers are rational. One of the miss perceptions is that top management will rely on what the system tells them and take decision based on the factual information received. The fact is that most systems will not give you one or just two options to choose from. Rather they will give you more options than you had when you started out. So when managers take decision they do so based on what the systems tell them, in what direction they think the company should go, Company politics and their gut feeling. 2 +2 or not necessarily equal to 4 in the world of business rather it will be the exception.  
  4. Systems are different. I have done both internal and external systems, and believe me there are big difference in how they are used. If one uses a management system like ISO9000 one will soon discover that it does not provide the detail needed in order to micro manage all your business requirements. While ISO is a very good system it works best on the strategic and tactical level (they will most certainly disagree with me on this point) but when it comes to looking at what people actually do do it becomes to general and difficult to work with. So what most organization do is to invent their own system that can be used to micro manage and improve all the sub-processes. This does not mean that one have several independent systems working out of sync. It just means that every organization is different and when applying a system approach one will find that in order to make things work one need a multi-level approach.
  5. Systems can be a requirement. Some systems are used for actually managing the business while other is more for show. Some will be formulated as requirements from your suppliers or the customers that your business deals with. A lot of companies screen their suppliers in order to find out who to deal with. Most commonly one will screen for systems that will ensure supplier quality such as ISO9000 or equivalent. A requirement may also come from investors so that you need to live up to UN PRI or FTSE4Good screen criteria in order to be eligible for investments.
  6. Systems can reduce risk. As I have outlined are systems really good a providing data. Recently have systems also been used to provide data that supports the business CSR efforts. As systems tell you what is “really” going on you can use that data to find out if there are thing going on, that could be labeled as unethical (if you have a good system it should keep you out of illegal activities). So if you know what is going on, you can also react upon the information and do the “right thing”. Many companies get in trouble because they do not use the information that their system provides them with.

There is a tendency within the group of CSR professionals to rely to heavily on systems because that is what they think management understands. Also, in most cases systems is a way of managing the scares resources in the CSR department which might be one or half a person. However, systems are only half the story about business driven CSR and the idea about “doing well by doing good”. Leadership and strategic thinking, not systems in themselves, needs to be the motors in any business endeavor and not least the organization CRS effort.

Get certified to ISO 26000 (part II)

As promised I went to the official opening of DS26000 a Danish interpretation of ISO26000 which you can be certified to. The DS stands for Danish Standard and the organisation have a license to certify ISO products in Denmark. The presentation was situated in the centre of beautiful Copenhagen at the 400 years old observatory. You might be able to remember I had my doubt about the new program and being at the presentation did nit make me less apprehensive.

  • The international ISO organisation does not support any type of certification actually they state very clearly that any claim that one is certified to the ISO26000 standard is contradictory to it wishes. As they state in there press release per 30 of November on their position as:

ISO 26000 has the purpose of globally enhancing social responsibility, sustainability and ethical behaviour in all kinds of organizations

There will be no accredited certification to ISO 26000 as this is contrary to the intent and spirit of the standard

Any claims of certification to ISO 26000 are misleading and are not a demonstration of conformity to ISO 26000

ISO members will report any organizations providing certification to ISO 26000 to the ISO Central Secretariat

ISO shall communicate this to its members who will be requested to communicate within their own countries to regulators, stakeholders and industry.”

I had the opportunity to ask the panel about what they thought of the position of ISO on making a certified standard and they claim that. 1) It is not contradictory to ISO26000. 2) That DS are front runners and others might see the benefit in the long term. 3) That the ISO process was in essence a compromise and that Danish organisations have more freedom to manoeuvre.

  • CSR is in essence a product of globalization. This means in practice that any CSR effort has to meet the needs of the globalised world e.g utilization across borders, regions, cultures, etc. One cannot go against the international norms and standards because the organisations rely on systems that can be used in more than just one reality. If a given system is going to be successful it basically needs to look beyond itself.

In the world of economics international systems have been in place for a long time and even though there are many flaws they do act as a platform for a common language.

  • ISO wants the standard to be in the front end of formulation what the discourse on CSR should look like. But already one month after the initial start-up we see that there are cracks in the interpretation and how the system should be implemented. With DS going their own way and with the emergence of new CR standards like BS8900, it is unlikely that it will have the rigidity needed to stand the test of time. Simply because there is no consistency or common understand of what the basics of the standard is about.


I think it is a grave mistake to create a certified program and thereby showing how divided the organisations are on the issue of CSR (understood in the broadest possible terms). The ISO 26000 was one of the milestones that many organisations and professionals had been waiting for and the product in it self is not all bad. It is a compromise and there are flaws but it is to be expected and I’m sure that it can be worked out. However, if the debate is going to be about formalities and process like certification, lengths, definitions and claims of legitimacy then we are not doing the world a favour by introducing yet another definition of what good CSR work looks like.

I also wonder what the response is going to be from ISO, if any. If the organisation should live up to their words presented in the press release they would have to sanction DS in some way or another or at least make a public statement about if they support DS in their business venture. It is a clear conflict which needs to be resolved as quickly as possible not for the sake of the organisations but to insure the future success of the ISO26000.

Can you be certified responsible?

Panorama of ISO 26000

Image via Wikipedia

The new standard from ISO 26000 is out and alive. I have written some words about the system before which are the biggest attempt to create one system for all the CR activities that an organization might engage in. I have some critical remarks on what I see as an attempt to micro manage norms and I believe is in essence a very big compromise. With over 100 pages of standard description it would make even the most committed CR professional dizzy.

There is certainly a need for some standardization within CR reporting no doubt. Just look at the top ten companies in your region and you will with guarantee find ten different ways of reporting. Even the ones using Global Reporting Initiative as a reporting platform have different ways of interpreting the standard even though it might seem very obvious at first.

What I find disturbing is that some organizations are certifying ISO 26000 for companies. So what the problem you might ask? Well if one get certified the auditor signs that a given organizations is living up certain predefined standards and have been audited in doing so. In a CR context this would mean that you are living up to the norms of your stakeholders. Basically CR can be defined as Engaging, Understanding and Complying with the norms of stakeholders and society at large. So with this definition an organization would be in compliance for about one second or less, which would be absurd.

As you might have guessed I do not believe that CR should be certifiable. Companies like Dansk Standard (DS) that claim that they can guide, audit and certify other companies CR efforts are in my eyes not creditable. A company might need outside assistance in their effort to engage with their stakeholders more effectively but certification is not the way to do that. There are several very good consulting companies on the market and they will be able to guide a CR process from start to end but a very few will put their name on the well and certify the company as being social responsible even if it was only a one year certification.

Any organization that I would come across with an DS26000 (the local certifiable version of ISO26000) plank on the wall would in my view be eligible for in-depth scrutiny by all the critical NGO’s and CSO’s that would claim to have a stake in its activities. I’m sure that companies that get that kind of certification have totally missed the point of what social responsibility means and what it entails.

There is a presentation of the DS standard in the start of next month maybe they will be able to convince me that I’m all wrong and of cause there is no issues related to being certifaiable good… I will keep you posted.