This new ISO standard has to do with corporate social responsibility. IFS North America Senior Advisor Bill Leedale discusses how EAM, ERP and other enterprise software can help industry comply with ISO 26000.
By Bill Leedale
We are entering an era where corporate social responsibility (CSR) is of central concern to executives of almost every enterprise. With the publication of
ISO 26000, a standard for CSR based on the UN Global Compact, executives now have a reliable blueprint for action. But to what extent is enterprise
technology up to the task of documenting CSR initiatives?
Enterprise Resources Planning (ERP) can currently address some elements of ISO 26000, but
with few exceptions has a ways to go to address challenging areas like the environmental requirements of this critical new standard.
The new standard focuses on four key domains:
• Human Rights
• Labor Relations
• The Environment
The importance of documenting and managing CSR practices becomes eminently clear when we consider the tragedy surrounding the 2010
explosion of the BP Deepwater Horizon offshore oil rig. BP’s reputation as a good corporate citizen has been diminished and they may be held liable for
damages due to their actions, particularly if they cannot document that they had been following accepted practices for two of the key areas dealt with ISO
26000…environmental protection and labor relations.
Not Just Altruism
BP is only the latest example of how social responsibility is of critical importance to an enterprise from not only the standpoint of public perception,
but for protecting the interests of investors and other stakeholders. There are a number of examples of environmental or other crises stemming from CSR
impacting the value of the company. Consider earlier examples like Union Carbide and the disastrous chemical leak in Bhopal, India — which not
only claimed the lives of thousands and continues to affect the regional ecosystem, but immediately led to a 12-point drop in Union Carbide Stock.
Other corporate liabilities can result not just from catastrophic events but from day-to-day practices that have not been well-documented from a
social responsibility standpoint. Consider the situation faced by a
number of Wisconsin paper mills charged with cleanup of polychlorinated biphenyls (PCBs) from carbonless copy papers after depositing them in
the Fox River between 1973 and 1997. The liability incurred by these companies has saddled each of them with substantial financial obligations that
impact them to this day.
Major U.S. companies — including
Wal-Mart — have been pursued in court and potentially held liable for substantial back wages and other costs due to violations of labor and
human rights standards, either within their own organization or at vendors’ plants. Employers including Mohawk Industries have also been sued under the Racketeer Influenced and Corrupt Organizations (RICO) Act for knowingly
employing and exploiting undocumented workers.
How Can ERP Technology Help?
EAM, ERP and other enterprise software can help industry comply with ISO 26000 by formalizing best management practices affecting the four key
areas of the standard and centralizing related information for streamlined reporting, investigation and preventive and detective controls.
Labor and Human Rights: In the often-overlapping areas of labor relations and human rights, enterprise software needs to at a bare
minimum allow a company to document that they are not breaking local labor laws or regulations. But ISO 26000 entreats companies to go beyond the
requirements of local labor laws to protect the human rights of employees. Enterprise software needs to, at a bare minimum, document that employees are
of the requisite age required by child labor laws. Age requirements can be documented internally in the human resources component of an ERP package,
but also have an impact on supply chain management. ISO 26000 also requires companies ensure that they are not complicit in the human rights abuses of
their suppliers. While data on suppliers’ employees comes second hand as it is self-reported, it is still contingent on the ISO 26000-compliant company to
prove that they are performing due diligence.
An ERP system can document proper labor by recording the training and skill sets of each employee to help ensure that any differences in
compensation stem from justifiable causes rather, for instance, than race, gender or nationality.
But even prior to hiring, data must be captured on would-be employees. While most companies will have hiring policies that forbid discrimination by
the various categories of protected status, proving that those policies are followed is more difficult. That is why ERP software needs to include applicant
tracking that allows comparison of the qualifications of those applying for jobs with the qualifications of those who are hired. ERP can also track the
training of employees to prove they are investing in the workforce and helping better their situations.
The Environment: In the standard, businesses are asked to take a precautionary approach to protecting the environment, to promote greater
environmental responsibility and encourage environmentally-friendly technologies. Identifying and implementing enterprise technology that will allow for
efficient environmental management has been a challenge for many industrial companies because a vanishingly small number of ERP products offer
environmental footprint management functionality as a built-in module. Without this functionality, it becomes necessary to purchase third-party products
that typically deal only with carbon emissions rather than the full spectrum of air, water, landfill, product lifecycles and end-of-life impacts. These third
-party products must then be either integrated with an ERP package or run in stand-alone fashion — forcing a company to absorb often
unacceptable costs not only from the software licensing but systems integration and/or duplicate administrative effort resulting from maintaining information
in two separate systems.
Ideally, an ERP package should support ISO 26000 by providing, within the ERP suite itself, a configurable tool for capturing data on the entire
spectrum of environmental impacts. This would allow, for instance, a company doing substantial electronics business in Europe to focus on the substances
covered in Registration, Evaluation, Authorization of CHemicals (REACH), Waste Electrical and Electronic Equipment (WEEE) and Reduction of
Hazardous Substances (RoHS) regulations. A capital equipment manufacturer could focus on the lifecycle environmental impact of their long-lived
product, along with decommissioning costs. A company with an extensive supply chain could focus on decision support for selecting vendors based on
Environmental footprint management built into ERP also streamlines reporting, and provides for a more direct and credible source of information
because tampering is harder to accomplish given the preventive and detective controls within a modern ERP system.
Corruption Prevention: The mention of preventive and detective controls offers a convenient transition into the remaining area of best
practice dealt with in the standard — corruption.
To a certain extent, ERP products that include functionality for Sarbanes-Oxley compliance can help mitigate against certain corrupt practices.
Sarbanes-Oxley compliance typically involves rigid segregation of duties so that no single person can, for instance, create a vendor in the ERP system and
then approve checks to that vendor. This would prevent someone from either paying large sums to themselves or to another individual inside or outside of
the company for illicit purposes. At the very least, these preventive controls would mean that non-authorized funds cannot be paid without collusion
among various parties in the enterprise. Detective controls can also be built into an ERP package to ensure that any illicit payments that are made can be
recognized after the fact and tracked to their source. Combined with a formal corporate policy forbidding corruption, these preventive and detective
controls can be remarkably effective in deterring corruption.
Obviously, human rights, labor practices, environmental degradation and corruption are bigger problems in some companies and parts of the world
than they are in others. That is why a company should really look for, in ERP or other enterprise software, a way to assign and manage risk in its decision
-making. When, for instance, selecting suppliers, a vendor’s documented history of poor labor practices or a spotty environmental record can be taken
into consideration. The risk of corporate exposure to litigation, public opprobrium or other problems associated with a breach in the four areas of CSR
can be monetized and dealt with in an objective fashion.
Risk management functionality that is embedded directly in an enterprise application rather than a stand-alone solution will be preferable for one
simple reason; when risks are identified and a risk mitigation plan created, risk management that exists directly in an ERP system used widely throughout a
company will allow execution of that mitigation plan to be automated to a much greater degree. A separate risk management tool will really leave
executives guessing as to whether the risk mitigation plan they created is being followed, and that could lead to some very unpleasant surprises.
We all want to do well by doing good, but the devil is always in the details. And CSR management and reporting involves many, many details. While
there is no certification for ISO 26000, the right enterprise software platform can streamline and provide an authoritative, thorough view of actual
environmental, human rights, labor and ethics practices. Lacking an enterprise solution, it is hard to operationalize a CSR plan and even harder to prove
to the satisfaction of investors, customers and other stakeholders, that the plan is being followed.
Bill Leedale is responsible for knowledge transfer in North America for the manufacturing product suite within IFS Applications. He has over
20 years of hands-on experience in the manufacturing arena from leading large-scale implementation projects to managing business process reengineering
engagements for global companies. Leedale holds a B.A. in Business and Economics from Wittenberg University in Springfield, Ohio and an M.B.A.
from Ohio State University, Columbus, Ohio. He is an author of the current APICS body of knowledge and a contributor to APICS’ current LEAN
ENTERPRISE WORKSHOP. His certifications include Certified Fellow in Production and Inventory Management (CFPIM), and Certification in
Integrated Resource Management (CIRM).