Why due diligence and assurance of human rights performance are essential tools to protect people and companies – Part 2

In my previous blog, I discussed the international influence the United Nations Guiding Principles on Business and Human Rights (UNGPs) has had, and continues to have, on ensuring companies respect human rights and the unparalleled support across states.

In 2015, Mazars and Shift launched the UNGP Reporting Framework after a two-year, multi-stakeholder consultation process. Companies such as Unilever, Nestle, Ericson, ABN Amro, Newmont and H&M are already publicly reporting using the Reporting Framework, whilst many others are using it to formulate internal behaviour change.

Professor John Ruggie, the author of the UNGPs, stated that this Reporting Framework sets out the process for companies to “operationalise the UNGPs”. In the last year it has already been included as recommended guidance by the Norwegian, UK and Swedish governments together with the United Nations. Even the US department that oversees all US federal procurement is recommending that its suppliers apply the Reporting Framework.

The key ethos behind the UNGPs is that of “know and show”,  i.e. understand your actual and potential impacts and report on the process that you have in place to mitigate and remedy them. However, only a handful are publicly reporting.

Is today’s lack of public reporting, as set out by the UNGPs, a problem?  Prima facie, given the current scarcity of public reporting, one could be forgiven for thinking it is.  However, it may be that companies are still grappling with the issue of what respect human rights means to them and that they are not yet in a position to publicly report.  This appears to be a common issue; the UNGPs want companies to report no matter where they are on the journey, even if it is just at the beginning.  Companies, not unreasonably, are nervous about reporting that they are only just taking initial steps to respect human rights, for fear that there may be negative publicity.

So whilst the EU and others are recommending that companies align with the UNGPs, until there is legislation requiring it with effective sanctions, my belief is that the trend is only likely to increase incrementally.

However, there is a catalyst for change in 2017; all listed companies in the EU with over 500 employees will be required to report on how they respect human rights (as well as environmental and anti-bribery and corruption matters) not only within their own operations but also their supply chains.  Whilst this is to be a common requirement throughout the EU, states are being given the freedom to decide how they implement and regulate this requirement.

One of the questions that was asked by the recent UK consultation process on the application of these EU requirements is whether the Government should “require that the non-financial statement be verified by an independent assurance service provider.”

Inherently, it feels like there should be a positive answer to this question.  Three reasons are as follows:

  1. There is a current statutory requirement for the audit of the financial statements.  This begs the question as to why the non-financial parts of annual report should be viewed as carrying less importance because of their lack of assurance.  The only current requirement of the financial auditor is to ensure the non-financial aspects reported are not inconsistent with the financial reporting;
  2. Financial information, by its very nature is historical, and may not be a good guide to future performance.  Non-financial information has the ability to provide a guide for future performance as it can give an insight to a company’s processes and controls and its overall strategy and culture.  Accordingly, such forward looking information could be said to be at least equal to if not more important than the backward looking financial information; and
  3. Much of the current quality of non-financial reporting is not viewed as being so fair and balanced by Regulators.  There are concerns that it is currently left in the hands of communication and marketing departments of companies who naturally want to portray the company in the best light.  Accordingly, in order to ensure a sea change in this view which leads to an increase in the confidence in the credibility of the reporting, there is a good argument for external assurance.

As part of the journey, companies are going to want to ensure that their management systems are up to date as regards human rights.  The key tool for this is through the use of internal audit, which, on the whole, should have the required autonomy to be objective and sufficiently independent from management so as to give them a clear view as to where the company is on its journey and to provide recommendations for improvement.  Where companies don’t have sufficiently skilled internal audit departments in the area of human rights, they should look to outsource this role to an external internal audit provider.

In conclusion, both internal audit and external assurance have a significant role to play in the improvement of corporate respect for human rights.  Companies need to engage with internal audit to track and report performance to those who can affect change.  Given that many companies are having to publicly report on how they respect human rights it is a natural step to have assurance on their reporting to enhance the confidence of the credibility of that reporting.  Only once the quantum of corporate reporting increases and assurance is included will the UNGPs have really delivered on all of our expectations.