Introduction
In the past decade, social responsibility has evolved to become an important element of risk management. A key part of the reputational image of the firm, integrating social responsibility into the enterprise risk management framework of the firm is an effective strategy to keeping the firm’s stakeholders satisfied and the organization’s reputation in high esteem. Increasingly reports, surveys and rankings are conducted on the social license to operate.1 The trustworthiness, environmental footprint, social responsibility and overall perceived quality of citizenship of the firm is increasingly being questioned and becoming a factor in the success of the organization. The perceived social responsibility of a firm can affect sales and profits just as much as a successful or unsuccessful marketing campaign or the quality of the products and services produced.
Social responsibility, like most areas of risk management, involves both an internal component as well as an external component. The firm has a portfolio of internal stakeholders; employees, managers, Board members, future employees, as well as external stakeholders; customers, suppliers, regulators, investors, creditors, and communities in which the organization operates as well as society at large. Managing and balancing the interests of these various stakeholders, each of whom likely have their own agenda, as well as the interests of the organization itself, requires a systematic approach.
The social responsibility of the firm is tied closely to the reputational risk of the firm. However, the social responsibility extends to also include the environmental risk of the firm as well as the societal risk. In the current social media era, a firm ignores it social responsibilities, and the associated risks, at its peril.
The social license to operate ranking compiled by Dalhousie University defines social license as a ranking compiled from four factors.
Trustworthy—they live up to their promises and provide good value
Social responsible—they contribute positively to the local community
Environmentally responsible—they use sustainable practices
Ethical—they treat employees and customers fairly2
The social responsibility ranking of a firm affects more than just the reputation of the firm. It can have real operating effects as well. Firstly, all else being equal, customers prefer to deal with organizations that have high social responsibility. Secondly, suppliers also prefer to also deal with high social responsibility organizations. Thirdly, in the war for top talent, social responsibility is as likely to rank as high as potential income in attracting and retaining the most sought-after employees, and in particular socially conscious millennials. We conclude our partial list by noting that both equity and debt investors are increasingly looking at social responsibility as a major factor for their investing decisions. The rise of environment, social, and governance (ESG) investing criteria and specialty ESG funds have become an important factor in the capital markets based on the demands of socially conscious investors. Banks now routinely include ESG criteria in their lending analysis. Having high standards for social responsibility risk is much more than just trying to do the right thing. It has almost become an imperative for business success.
Case Study: BP Deep Water Horizon
The Deep Water Horizon oil spill is the largest oil spill in American history.3 It occurred in the Gulf of Mexico in 2010 on the BP operated and leased rig. How did this spill that killed 11 people and flooded the Gulf of Mexico with estimates of 200 million gallons of oil occur? Like many catastrophes there was not one reason that this occurred but a combination that led to the perfect storm. There are countless articles and tales that the BP executives are responsible for the spill because of their mandate and culture of making decisions that were based on speed of drilling at the expense of safety. The top down culture of being a hard-driving corporation led the way that decisions were made by BP executives. But it was not BP executives alone that caused this tragedy. The Transocean crew was also responsible for some questionable decision making along with the federal regulators who were responsible for signing off on the drilling plans at each stage of the drilling. Seems like the perfect storm. There was human and technical errors along with BP which was a risk taking corporation at the helm that was operating without a robust regulatory process in place.
With years of excellent safety records, federal regulators may have missed possible risks and “rubber stamped” drill plans. The longer an organization goes without a mishap the more complacent and over confident they can become. This may have been another factor in this situation. Over the years, while there were no mishaps, the conditions that the rigs were operating were changing as they moved into deeper and deeper waters which provide much different rigging conditions. It did not appear that there were any extensive workable, let alone tested processes and controls in place to deal with such a massive accident or oil spill.
Social responsibility and perhaps more importantly the perception of an organization’s social responsibility is a complex risk. It cannot be managed in parts but instead must be managed in a holistic manner. For instance, it is not sufficient to be closely and carefully managing environmental risk, while the perception of the social responsibility of the firm is in tatters. The adage that “it takes a lifetime to build a good reputation but only a moment to destroy it” comes to mind. Social responsibility is a risk that needs to be consciously as well as continuously managed. Unlike an engineering risk, a process cannot be simply put into place, and then assumed it will be effective forever. Societal opinions and judgments are continually evolving in subtle ways. Likewise, the risk management of social responsibility must also be continually evolving and subtly adjusting in order to keep pace.
Developing a Social Responsibility Risk Management Strategy
Management of social responsibility risk begins with a thorough stakeholder analysis. An organization needs to know who its stakeholders are, and not just the direct stakeholders such as customers and suppliers. In our ubiquitous social-media connected world, it can be argued that the stakeholders are everyone and they exist everywhere. Obviously, it is not practical or feasible to manage social responsibility to the entire global population, but the point is to be aware of who the potential interested parties are, and what their expectations for proper behavior for the firm are. As with all types of risk, awareness of where risk may arise is the first step of risk management.
The key element of social responsibility is the social environment and context in which the firm both exists and operates. What makes this particularly challenging to manage is that the social environment is constantly changing. Ultimately it is the culture, both internally and externally, that is the environment in which the firm has to manage social responsibility.
Tracking changing expectations is tricky. It is even more challenging to predict what social expectations are going to be in even the short-term future. Social media has dramatically accelerated how quickly perceptions can change and also accelerated how quickly they can become widespread. However, social media can also be harnessed to be the organization’s eyes and ears on changing trends. Tracking what social media is saying about the company, and about its industry, can provide solid clues in how trends are forming and where they might be going. Social media is also a front-line communication tool that the corporation can use to communicate with its social stakeholders.
While social media tracking is a start for tracking social responsibility risks, other tools should also be used. Many of the tactics for tracking brand and marketing strategies can be employed including surveys, focus groups and even test marketing. Additionally, the tools discussed in Chapter 6 on qualitative risk analysis also can be utilized including the Delphi method for risk assessment. The key point is to ensure both identity diversity as well as cognitive diversity for sourcing the individuals who will provide the input to the list of risks and their measurement. Initially there is likely to be more divergent opinions on social responsibility risks than there might be for a more traditional risk such as exchange rate risk or cyber-risk. Social responsibility risk is obviously social in nature, and thus it is not sufficient to target a specific segment for opinions as it might be with a targeted marketing strategy.
One concept that is helpful to keep in mind when listing and ranking social responsibility risks is that of the sociological imagination. This is a term that was coined by the sociologist C. Wright Mills. The term implies thinking beyond your own individual context, to the context of your world and how it relates to that of the broader society. It is thinking not about how individuals react, but instead how individuals react in the context of a group, whether that be their work peer group, their professional peer group, or their social action peer group, or their bowling league peer group, or even their cocktail party peer group.
A sociological imagination looks at issues from the lens of a sociologist. As such it is holistic in nature, focusing on the system, rather than on the individuals that make up a group. In this manner, the sociological imagination mindset is more in line with the concepts of complexity thinking, than the reductionist approach of complicated thinkers who are more in tune with the quantitative analysis that was covered in Chapter 6.
Social responsibility risk, and its more narrowly defined cousin reputational risk, are culture based; whether the culture of the firm, or the culture of the society in which the firm operates. Culture cannot be reduced to a complicated set of mathematical equations. A different type of analysis is needed, and the concept of the sociological mindset fills in the gaps. The issue is that traditional risk management is much more cause and effect, and reductionist based. Traditional risk management has difficulty dealing with complexity and emergence, but the fact is that complexity and emergence is at the center of much of what the enterprise risk manager has to deal with. Simply because something is difficult to measure and manage does not give one license to avoid dealing with it.
Once the social responsibility risks have been identified and an attempt to rank their relative importance has been made, the next step is to create a risk map as introduced in Chapter 6. As with all risks, we believe that it is important to think of both the potentially positive as well as the potentially negative social responsibility risks, and thus plotting both negative and positive risks is key.
For each of the risks listed and mapped, a prioritization of the risks should start to evolve. Prioritizing the social responsibility risks is not a trivial task due to the extremely subjective nature of the risks, and their tendencies to change their context quickly. Prioritization is likely to involve a fair bit of debate, guess work, and trade-offs. Social responsibility issues tend to be ethically ambiguous and consensus will often be impossible to develop. Prioritization however must be dealt with as it will not be possible or feasible to deal with the entirety of social responsibility risks. The prioritization of social responsibility risks will never be complete and will be an ongoing task.
With the challenging task of prioritization as complete as can be, the next step is to decide upon the responses to each of the prioritized risks. Recalling the discussion from Chapter 7, the range of responses span: eliminate, mitigate, reduce, hedge, ignore, and embrace. This entire range of responses will of course not be applicable to all social responsibility risks, but the key point is to be cognizant of the fact that social responsibility risk can be treated both as something to avoid or something that could be embraced. The attitude of the firm toward these risks just might be a key factor in how the firm is perceived in managing them.
Risk management strategies can then be developed for managing each of the risks. To guide the development of risk management strategies for social responsibility risks it is helpful to develop an organizational values statement to aid in the process. The values statement for social responsibility ideally should be short, easy to understand, and easy to interpret. An excellent example in our opinion is Google’s well publicized value statement of “Don’t be evil,” which was amended for its parent Alphabet to be “Do the right thing.”4 There is no confusion with the intention or the meaning of the statement, and no need to produce an extensive set of guidelines. There is no need for special training sessions on implementation. Both of these value statements concisely sum up social responsibility values in one short and simple sentence.
With guidance from the values statement, ongoing evolution of risk management can be implemented for social responsibility risk. There needs to be ongoing analysis that the risk management strategies are appropriate, as social responsibility risk is likely to be the most dynamic of all of the risks that the organization has to manage. The prioritization of risks will be changing, the preferred responses to the risks will be changing, and indeed the optimal risk management strategies will be constantly changing. Social responsibility risk is much more dynamic than financial or operational risks. The enterprise risk management process for dealing with them needs to be just as dynamic.
The final component of successful social responsibility risk management is to have a well-developed and proactive communication strategy. In large part social responsibility risk is communication risk. Just as an organization likes to stay ahead of society in terms of its brand positioning, so too the goal of social responsibility risk should be to stay ahead of any issues or opportunities that may arise.
One of the first places to start with the external communication strategy is social media. Just as social media can be a catalyst for the rapid dissemination of information, (real or perceived), that raise risk issues for the firm, so can social media be a tool for detecting early warning signs of risk and a communication tool for managing the communication part of the risk response.
It needs to be recognized that there are two very clear, but not always distinct parts to the communication. One part of the communication risk response is external. An equally important part of the communication risk response in internal. Ensuring social responsibility risk responses and policies are well known and consistently understood, applied, and adhered to. Employees need to be empowered, but they also must be empowered from a base of consistent values and themes surrounding social responsibility. Social responsibility risk is not an area for rogue experimentation.
TBL(Triple Bottom Line)
To incorporate social responsibility into the DNA of an organization, many companies have incorporated the principles known as the TBL. TBL principles involve an organization making decisions based not only on the economic benefits, but also a combination of the economic, social, and environmental consequences of a decision. Because of its three legged approach, some commentators refer to the Triple Bottom Line as Three P management which stands for People, Planet, and Profits.
The TBL is an operating philosophy that integrates social responsibility into the decision making of the organization. Thus, TBL is consistent with managing social responsibility risk. It explicitly recognizes that there is more utility in operating a company than just the profit function. Organizations operating under TBL strive to maximize their social utility rather than just their wealth utility. This foregoing of profit maximization, or shareholder wealth maximization is legally incorporated into those few companies that have registered as Benefit Corporations. Traditional corporations have as their legal mandate to maximize shareholder wealth, (while adhering to all legal and regulatory constraints of course). Benefit Corporations have as their legal mandate to also consider the social and environment in addition to the profit consequences of their decisions. As such, a Benefit Corporation is not necessarily profit or value maximizing. A Benefit Corporation is in essence an organization that has legally incorporated the principles of the TBL into its incorporation. At the time of this writing, the number of Benefit Corporations is few. However, the legal framework for these entities has only been in existence since 2010 in the United States so it will be interesting to see how well accepted this form of organization proves to be.
Case Study: TOMS
TOMS is a strong example of an organization that operates under the TBL principle.5 TOMS company started in May 2006 a decade after the term TBL was coined by John Elkington. TOMS is a company that sells several products but their main product is shoes. They have done a masterful job at marketing and making their social giving a strategic competitive advantage. TOMS is known as the company who give a pair of shoes to someone in need with the purchase of each pair of shoes. This strategy aligns with people who feel a social responsibility to the betterment of the planet and all people on the planet. As TOMS’s has grown over the years and introduced other products they have continued to move their products and heighten their social responsibility. With the sale of eyewear came a full eye exam and a pair of glasses to a person in need for each pair of glasses sold.
This marketing theme of “giving” threads its way into the second pillar of TBL which is the planet. TOMS expanded sales into coffee with TOMS Roasting Co. Coffee. With the purchase of a bag of coffee TOMS provides 140 liters of safe water to someone in need. This is equivalent to a week’s supply. TOM’s moved the focus to sustainability and the planet when they paired up with giving partners who had the expertise in providing sustainable healthy water systems in eight different countries in the work.
Their giving does not stop there. The purchase of a TOMS bag helps their giving partners to provide materials and education to people to assist with the healthy delivery of babies in countries where the mortality rate is higher. Lastly, a more topical issue is bullying in the schools. The purchase of a knapsack helps to fund bullying prevention programs and training to educators on recognizing and resolving bullying.
TOMS is a for profit company. It is not a charity. They have done a great job of showing how the TBL lines can still be profitable. In fact an argument could be made that they may be more profitable because of the connection that they have made to the public and especially to the younger generations in the world that seem to rank the importance of social and environment responsibility right along with making profits!
While the TBL is an attractive policy for companies that want to be socially responsible, there are some difficulties with the approach. The first difficulty is reporting. With TBL, there are literally three factors to account for, instead of the single profit and loss factor of traditional accounting. However, for companies that are managing their social responsibility risk, this extra accounting is a positive and not a negative.
The second issue of making relative tradeoffs is trickier. With traditional profit management, decision making is relatively easy and straightforward as there is a single profit maximization goal.6 Tradeoffs between social, environmental, and profit objectives however are subjective. Consider the case of a pulp mill in an economically depressed area. A proposed expansion of the pulp mill would presumably improve the profit objective and given that it is in an economically depressed region it would also be a strong positive for employment and thus a desired social good. A pulp mill however tends to be negative for the environment. The issue becomes, how do you make decisions about the trade-offs between tons of pollution and valuable jobs in a depressed economy? There are seldom easy answers when it comes to the measurement of TBL components and the relative importance of those components.
The Era of Empathy
With the combination of changing demographics, the increasing importance of technology and social media, and the increasing focus on knowledge industries, the trends seem to be that we are on the cusp of a new era for business. Columbia Business School professor, Rita McGrath, posits that we are entering an “Era of Empathy.”7 In a Harvard Business Review article, Professor McGrath argues that the first era of management was execution, where the goal was simply thinking about how to get things done. It was in essence an era of engineering when machines were first coming into use after the industrial revolution. The second era was expertise, which saw the rise of scientific management and concepts such as Taylorism. It could be argued that the era of expertise has a joint rise with the development of business schools. McGrath argues that we are at the leading edge of what she calls the “Era of Empathy,” which extends not only externally to customers, but also internally to employees and other stakeholders.
The concept of an “Era of Empathy” is completely consistent with social responsibility. Empathy is understanding and appreciating (although not necessarily agreeing with) the context within which the organization operates. It is no longer sufficient to an organization to simply create great product that is cleverly marketed. Consumers are becoming more informed, more intelligent, and more demanding. To be successful, a corporation has to be empathetic to the society in which it operates.
Concluding Thoughts
Management of social responsibility risk is an evolving new factor for completive advantage. It should be a natural part of an organization’s ERM implementation. However, it is important to not just manage the social responsibility risk. The corporation has to “walk the talk.” Simply managing social responsibility risk is not sufficient. A corporation needs to develop its values, believe in its values, and most important of all, act in accordance with its values.
1See for example Dalhousie University’s annual report, Howard, V., A. Kader, T. Lightfoot, M. Adams, P. Cunningham, J. Friesen, and T. Walker. 2017. “Social License to Operate Ranking.” https://dal.ca/news/2018/01/31/who-do-you-trust--dal-researchers-publish-canada-s-first--social.html (accessed February 2, 2018).
2Ibid.
3http://slate.com/articles/health_and_science/science/2016/09/bp_is_to_blame_for_deepwater_horizon_but_its_mistake_was_actually_years.html
4See http://bgr.com/2015/10/04/google-dont-be-evil-alphabet/ (accessed February 27, 2018).
6Technically, the goal of a traditional organization is value maximization. Value maximization differs from profit maximization in that value is a combination of profits relative to the risk taken. Another consideration for embracing enterprise risk management.
7McGarth, R. 2014. “Management’s Three Eras: A Brief History.” Harvard Business Review.