Finding the balance between the public sector and the private sector in regards to Corporate Social Responsibility (CSR) and Governance, Risk and Compliance (GRC) is still a work in progress. Are we muddling through; or is the pot about to boil as trends converge in these areas? And how can the business world respond to it?
In addition to pursuing their own marketplace success, organizations are increasingly placing emphasis on the impact they are having on the community and the environment in which they operate. Corporate Social Responsibility, or the commitment made by the organizations to improve the quality of life of the local community at large, is the organization’s recognition of the responsibility it has to the world.
The relationship between the business and the society can be viewed from three different lenses: strategic, operational, and tactical. This relationship can be maintained by engaging in activities and business practices that contribute to the general well-being of the community as a whole.
CSR is becoming an attention grabbing strategy as it offers myriad opportunities throughout the spectrum of business activities. A dynamic CSR program entails rethinking short-term approaches and embedding long-term “ways of doing business”. Short term strategies that create limitations and unsustainability for the long term may become a threat to the organization’s survival. Therefore, by not letting short-term thinking create long-term absences, the organizations are able to identify opportunities that they would not otherwise have spotted.
Lack of risk awareness can trigger highly risky behaviors and give rise to uninformed decisions, which in turn may create severe results. Availability of information on potential risks forms the foundation of understanding risk, its consequences, and the means of properly managing it. Unfortunately, we have a very limited understanding of where risk is or where risk is going to materialize. When one analyzes risk, one begins to realize its complexity and address questions such as: How resilient and nimble is the risk management and/ or business continuity program? Are these programs based solely on compliance with regulations? Do we understand the risks identified during the risk assessment and/ or business impact analysis? Or have you created “False Positives” and vulnerabilities that are transparent?
Questions should be: what risks, business impacts, etc. have we mislabeled because we did not analyze them in sufficient depth? Do we assess the volatility of risk? And, how about velocity of risk? Most importantly do our programs provide us with early warning of risk realization?
The limitations of our knowledge will be exposed when we implement our CSR program initiatives. We cannot predict how people will react to those initiatives, and we tend to do less in-depth analysis as a result of the focus of our activities on CSR and pay less attention to resilience, risk management, and business continuity. We now find ourselves in the midst of global competition and the need to ensure resilience in the face of uncertainty. While implementing the CSR strategy, the following questions should be addressed: is this the right action to be taken? What if no action is taken? What are the outliers and variables that we need to track and take into consideration? Are we dealing with distorted maps of reality? How can we overcome biases and linear thinking?
We need to assess, not assume or, attempt to predict, or speculate on. We have to acknowledge that what is unknown will remain so until discovered and labeled.
Just because CSR is the right thing to do, doesn’t make it an easy thing to do. At least, the most successful organizations did not get to be where they are today by solely engaging in easy to perform activities; rather, their success was achieved by having the guts to do what other organizations were hesitant about.
Often we practice “tried” and “true” ways of doing things. This essentially leaves us in two camps: the first evolved out of information technology and disaster recovery, and the second evolved out of emergency preparedness (tactical planning), financial risk management (operational), and strategic planning (strategic). The first still retains a strong focus on systems continuity rather than true business continuity, but this is not a bad thing. The second, combining the varied practices at three levels (tactical, operational, and strategic), and renaming it Enterprise Risk Management (ERM).
As you assess, you have to start mapping the complexity that evolves out of the identification of a risk, threat, hazard, etc. You need to again think in three dimensions – strategic, operational, and tactical.
In treating CSR as a “way of doing business” you need to understand the commitments that your organization makes. The establishment and maintenance of an ongoing CSR program, along with strategic purpose and core processes, is essential for organization’s survival. The provision of information on materials, personnel, and capabilities is essential to CSR activities. CSR also means that you are responsible for what you know and for what you are expected to know.
It’s all about targeted flexibility, the art of being forward thinking and resilient, rather than reactive to short-term trends and events. The core of sustainability is the resilience of you as an individual, as an organization, and as a social context.
Our decisions need to be made with two important factors at hand and in mind: with a great amount of available information and understanding that decisions come with flaws and consequences because of our inability to know everything. This can be the case especially when we make decisions on our own, assuming that we know the whole lot, and are not aware of the ideas and perspectives of our stakeholders.
Ambiguous decisions lead to flawed CSR and GRC programs, misunderstandings and conflict with society’s perceptions of our actions. If we recognize the limitations of decision making under uncertainty, we may find that the decisions we make have more advantages than disadvantages and that our CSR and GRC programs facilitate the attainment of our strategy, goals, and objectives – both in the short and long term.