Why due diligence and assurance of human rights performance are essential tools to protect people and companies – Part 2

Tue 17 May 2016

In my previous blog, I discussed the international influence the United Nations Guiding Principles on Business and Human Rights (UNGPs) has had, and continues to have, on ensuring companies respect human rights and the unparalleled support across nations.

In 2015, Mazars and Shift launched the UNGP Reporting Framework after a two-year, multi-stakeholder consultation process. Companies such as Unilever, Nestle, Ericson and H&M are already publicly reporting using the Reporting Framework, whilst many others are using it to formulate internal behaviour change.

Professor John Ruggie, the author of the UNGPs, stated that this Reporting Framework sets out the process for companies to “operationalise the UNGPs”. In the last year it has already been included as recommended guidance by the Norwegian, UK and Swedish governments as well as the United Nations. Even the US department that oversees all US federal procurement is recommending that its suppliers apply the Reporting Framework.

The key ethos behind the UNGPs is that of “know and show”,  i.e. understand your actual and potential impacts and report on the process that you have in place to mitigate and remedy them. However, only a handful are publicly reporting.

Is this lack of public reporting as set out by the UNGPs a problem?  Prima facie, given the current scarcity of public reporting, one could be forgiven for thinking that it is a problem.  However, it may be that companies are still grappling with the issue of what respect human rights means to them and that they are not yet in a position to publicly report.  This appears to be a common issue; the UNGPs want companies to report no matter where they are on the journey, even if it is just at the beginning.  Companies, not unreasonably, are nervous about reporting that they are only just taking initial steps to respect human rights, for fear that they will be jumped on by activist NGOs. 

So whilst the EU and others are recommending that companies align with the UNGPs, until there is legislation requiring it with effective sanctions, the trend is only likely to increase incrementally.

However, there is a catalyst for change in 2017; all listed companies in the EU with over 500 employees will be required to report on how they respect human rights not only within their own operations but also their supply chains.  Whilst this is to be a common requirement throughout the EU, national states are being given the freedom to decide how they implement and regulate this requirement.

One of the questions that was asked by the recent UK consultation process on the application of these EU requirements is whether the Government should ““require that the non-financial statement be verified by an independent assurance service provider.”

Inherently, the answer to this question feels like an unequivocal ‘yes’!  The reasons for this are several:

1. There is a current statutory requirement for audit of the financial statements.  This begs the question as to why the non-financial parts of annual report should be viewed as carrying less importance because of their lack of assurance;
2. Financial information, by its very nature is historical, and may not be a good guide to future performance.  Non-financial information has the ability to provide a guide for future performance as it can give an insight to a company’s processes and controls and its overall strategy and culture.  Accordingly, such forward looking information could be said to be at least equal to if not more important than the backward looking financial information; and
3. Much of the current quality of non-financial reporting is not viewed as being fair and balanced by Regulators.  There are concerns that it is currently left in the hands of communication and marketing departments of companies who naturally want to portray the company in the best light.  Accordingly, in order to ensure a sea change in this view which leads to an increase in the confidence in the credibility of the reporting, external assurance should be provided.

As part of the journey, companies are going to want to ensure that their management systems are up to date as regards human rights.  The key tool for this is through the use of internal audit, which, on the whole, should have the required autonomy to be objective and sufficiently independent from management so as to give them a clear view as to where the company is on its journey and to provide recommendations for improvement.  Where companies don’t have sufficiently skilled internal audit departments in the area of human rights, they should look to outsource this role to an external internal audit provider.

In conclusion, both internal audit and external assurance have a significant role to play in the improvement of corporate respect for human rights.  Companies need to engage with internal audit to track their performance.  Given that many companies will have to publicly report on how they respect human rights it is a natural step to have assurance on their reporting to enhance the confidence of the credibility of that reporting.  Only once the quantum of corporate reporting increases and there is assurance thereon will the UNGPs have delivered on the expectation of many.