Area Labor Practices and Decent Work Aspect Health and Safety

Core Indicator: Practices on recording and notification of occupational accidents and diseases, and how they relate to the ILO Code of Practice on Recording and Notification of Occupational Accidents and Diseases

22See Section 6.1, "Assessing Impacts: Indicators and Metrics."

23The GRI Core Indicators are defined in a hierarchy of category (highest level), aspect, and indicator (the most detailed level). The detail of the indicators for each of the listed aspects may be found in GRI's 2002 Sustainability Reporting Guidelines (GRI, 2002).

24The GRI Core Indicators are heavily weighted towards the social indicators, and less so towards environmental and economic indicators, respectively. Therefore, the GRI list of indicators may simply be a starting point for some organizations, and the environmental and economic indicators enhanced through the application of other indicators developed elsewhere.

Metric: Qualitative description Core Indicator: Description of formal joint health and safety committees comprising management and worker representatives and proportion of workforce covered by any such committees Metric: Qualitative description

Metric: Quantitative data - percent of workforce covered Core Indicator: Standard injury, lost day, and absentee rates and number of work-related fatalities (including subcontracted workers) Metric: Quantitative data Core Indicator: Description of policies or programs (for the workplace and beyond) on HIV/AIDS Metric: Qualitative description

Once the financial, environmental, and social indicators and associated metrics have been developed, they may be used to assess an organization's sustainability performance through a sustainability audit, either internally by the organization, or by external stakeholders such as shareholders or environmental nongovernmental organizations (NGOs).25 How and Why Are Sustainability Audits Different from Environmental, Health And Safety (EHS) Audits or Management System Audits? In the United States, professional environmental auditing had its beginnings nearly 25 years ago when in the late 1970s a handful of organizations began to review and assess their compliance with specific environmental regulatory programs such as the hazardous waste management requirements promulgated under the Resource Conservation and Recovery Act (RCRA). The continued growth of regulatory programs and other industry-specific initiatives led to numerous, independent, single-focus audits covering health and safety, environment and transportation, and Responsible Care®. In the 1990s, a transition began where the health and safety auditing function was integrated with the environmental auditing function, and was consolidated under one organizational EHS auditing entity in most corporations.

Dow Corning Corporation's audit history is illustrative of this process. "In the beginning, Dow Corning had corporate values but no auditing" (Kimball, 2002). Health and safety audits were begun in the early 1980s; environment and transportation audits in the late 1980s; and commitment to Responsible Care® in 1988. Integrated environmental, health, safety and transportation audits began in 19992000, and in 2002 Dow Corning began piloting integrated audits with Responsible Care® (which included EHS&T, Emergency Response, Community Awareness, Product Stewardship, Process Safety, Loss Prevention, and TSCA); business process (including financial); information technology; and quality (Kimball, 2002). This

25The impact of third-party auditors is addressed later in this section.

maturation process of an integrated internal audit function is characteristic of many organizations' internal audit programs today.

With the arrival of the ISO 14001 Environmental Management System Specification in 1996 (ISO, 1996), some corporate EHS auditing functions took on the additional responsibility of auditing management systems beyond those that may have already been developed under programs such as Responsible Care®. While organizations in Europe had traditionally approached EHS auditing primarily through a management systems approach under earlier-generation standards such as BS7750 (and not a regulatory focus, which developed later), this was a new slant for U.S.-based organizations. The audits were now based on a holistic systems viewpoint and not a single issue regulatory performance viewpoint. What in fact was occurring was "a gradual evolution from a regulation-based, compliance-driven regime to an environmental stewardship process [...]" (STP, 2004).

With the advent of the concept of sustainable development and integration of that concept into the core of an organization's business practices, internal and/or external assurance or verification (i.e., auditing) of implemented sustainability programs became an important task. Sustainability auditing is similar to EHS compliance and management systems auditing in that they are all part of an overarching approach of systematically managing the environmental, health, safety and social aspects and impacts of the organization. That is, they are part of a larger management system even where the specific sustainability aspects have not been labeled as such. A technical report by Det Norske Veritas (DNV) described this relationship well by reporting

Most companies already have at least one management system, and many companies have well defined activities which actually are CSR-activities but have not been systemized under a CSR perspective. Thus [the plan-do-check-act management system approach] must be adapted to the actual company and must be coordinated with other management systems in the companies.

Despite the similarities that sustainability audits have to compliance and EHS management systems verification processes, there are some important yet subtle distinctions to note. Those distinctions include: the scope or boundaries of the assurance/verification activities, standards of practice, assurance criteria and evidence, and content of the assurance report.

Boundaries or Scope. Compliance audits, management system audits, and early sustainability audits all generally measured activities based on the traditional

26There are many different ways of looking at the relationship between Corporate Social Responsibility (CSR) and Sustainable Development and the impact on the role of business and industry. However, there are, in our opinion, no major substantial differences between CSR as we have described it in this report and sustainable development as it originally was presented in Our Common Future. Or to put it another way: every aspect of CSR should already be covered by sustainable development' (DNV, 2002).

boundary criteria used in financial reporting. That is, the verification and reporting activities were focused on an organizational slice (facility, business unit or corporate), or on perspectives based on legal ownership and direct control. Perhaps due in part to the influence of environmental management systems developed under ISO 14001, companies began to look beyond the "fence line" and started expanding the definition of the organizational sphere of influence of the organization, activities, and/or products. Defining those boundaries in a sustainability context is a challenging exercise, and the GRI Sustainability Reporting Guidelines recommend extensive interaction with organizational stakeholders to help determine the appropriate boundaries.

Standards of Practice. For EHS compliance and management system audits, standards of professional practice have been developed by various EHS professional audit organizations. These have defined how to perform an EHS audit (The Auditing Roundtable, 1993; BEAC 1999), and also how to design and implement an EHS audit program (The Auditing Roundtable, 1997). For environmental management systems auditing under ISO 14001, ISO created a set of guidelines and audit procedures, initially in ISO 14011:1996, and then later as a unified guideline in ISO 19011:2002 for environmental and quality auditing (ISO, 2002). For sustainability auditing, the only standard currently in place for audit practices is AA1000S. This open, nonproprietary document is "a generally applicable standard for assessing, attesting to, and strengthening the credibility and quality of organizations' sustainability reporting, and their underlying processes, systems and competencies" (AccountAbility, 2003).

Assurance Criteria and Evidence. Assurance criteria and evidence refer to the "specific measures or requirements against which the auditor tests and evaluates the information collected as a part of the audit process" (The Auditing Roundtable, 1997). As outlined earlier in the discussion on guidelines and standards, the assurance criteria for an EHS compliance audit would include regulations or statutes. For a sustainability audit, it could include recognized performance indicator protocols or reporting guidelines. In either case, an objective and evidence-based approach should be used to gather information (either qualitative or quantitative) to determine whether the audit subject (system, organization, activity, event, condition, or information) conforms to the audit criteria. For sustainability audits, the information being evaluated may include more qualitative, than quantitative, evidence.

Content of Audit or Assurance Report. Compliance audit and management system reports are developed based on the standards of practice referenced earlier, and are directed to whoever is the audit client (defined as the organization commissioning the audit; STP, 2004). Sustainability assurance report content also varies depending on the audience for whom the report is intended. The entity conducting the assurance review must determine whether the report is intended for (1) the organization itself for internal use (such as using the indicators and targets in the audit report for strategic and operational decision-making tools and processes), or (2) external stakeholders of the organization for use in interpreting and using the information in a way that is relevant to their specific needs (such as comparing one organization's report with those from other organizations and against relevant standards) (AccountAbility, 2003). Finally, AA1000S outlines three important principles pertaining to report content. These are materiality, completeness, and responsiveness (AccountAbility, 2003). The levels in which these principles are applied are directly related to the degree of assurance being sought. What Are the Drivers for Conducting Sustainability Audits? Owing to the growing focus today on corporate governance,27 stakeholders representing a number of perspectives are requiring increased corporate accountability and transparency. Demands are coming from shareholders, employees, and financial institutions to "disclose and discuss a wider and deeper range of sustainable development issues related to [an organization's] activities, products and services" (WBCSD, 2003a). Additional stakeholder communities pressing for issuance of nonfinancial performance reports include competitors, peers, customers, potential investors, the media and lobby groups (AICPA, 2002).

Although organizations have released sustainability reports, "evidence suggests that information contained in sustainability reports is rarely used by either stakeholders (including investors) or by management to inform judgments and actions - the key test of credible and useful communication" (AccountAbility, 2003). There has been a credibility gap, and one way to narrow that gap is through sustain-ability audits conducted through the third-party assurance process. "Independent assurance is perceived as a key factor in building the quality and credibility of non-financial reporting" (PWC, 2004). The move towards independent verification has grown, precipitated both by requirements for such from Sarbanes-Oxley, as well as from the call from nongovernmental organizations for nonbiased, independent verification of corporate performance. There has been some movement in the marketplace to establish companies focused solely on provision of corporate performance verification without apparent conflict of interest from consulting activities. The degree of true separation varies, however, from firm to firm, and the client would be well advised to investigate the corporate structure and degree of independence. A few of these independent verification companies currently exist, such as CoVeris, Inc.,28 SmithOBrien, and ERM Certification and Verification Services (ERM CVS),29 and more may soon develop.

In addition to the factors discussed above, there is also a pull from the financial markets to conduct sustainability audits. The call to organizations to more fully provide information on their environmental and social performance is due to developing evidence that shows good performance in the environmental and social arenas often

27This movement is in reference to the recent United States corporate governance scandals and the resulting law addressed at curbing those abuses, the Sarbanes-Oxley Act of 2002. For full text of this act, see the following link: cong_bills&docid=f:h3763enr.txt.pdf.

28For contact information, see the link:

29For contact information, see the link:

means better financial performance. To illustrate this point, a review showed that the Dow Jones Sustainability Index outperformed the Dow Jones Global Index over a five-year period from January 1997 to April 2002 (WBCSD, 2003). "Over half of all companies listed in the German DAX-30 index view sustainable business practices as 'key to the long-term success of the company', according to a recent survey by Susanne Bergius, Sustainability Expert of the Handelsblatt" (WBCSD, 2003a).

A number of large institutional investment bodies also now take into account sustainability reports of organizations when making investment decisions. This comes from the demand for socially responsible investing from church groups as well as from the growing number of mutual funds formed around investments in companies screened for certain social responsibility criteria (AICPA, 2002). Calvert,30 a large mutual fund company leading the field in socially responsible investing, is seeking greater transparency and disclosure regarding environmental and social performance. It recently requested that a number of publicly traded companies issue a sustainability report based on GRI Guidelines (Calvert, 2004). A review of press releases suggests that this request is not limited to Calvert, and is in fact is a widely covered subject with numerous examples to cite.

For some organizations, the driver for implementing a sustainability program and related reporting comes from an internal management need. The drivers may be to manage business risk and opportunity, support internal decision-making, and/or build trust within various stakeholder communities. Lastly, although the concept of sustainability has largely been a voluntary corporate initiative, there is now a driver from a regulatory perspective. Mandatory requirements pertaining to aspects of sustainability have been implemented in France, Germany, and several Nordic countries (WBCSD, 2003). What Are the Impacts of the Sarbanes-Oxley Act of2002 and Corporate Governance Forces? The Public Company Accounting Reform and Investor Protection Act of 2002 (also known as the Sarbanes-Oxley Act, Public Law 107204) was passed after the well-publicized corporate governance failures starting in 2001.The intent of the act was to strengthen corporate governance and financial disclosure rules under the Security and Exchange Commission's (SEC) rules for publicly traded companies.

There are a number of sections in the Sarbanes-Oxley Act that may affect the general world of EHS auditing, including sustainability auditing. Although the legislation and the ensuing Securities and Exchange Commission's (SEC) regulations apply to publicly held companies in the United States, a number of other organizations have also been following these sweeping changes. The act changed what information must be disclosed, how that information must be developed and disclosed, and the consequences for not disclosing fully and properly (Wagner and Cannon, 2003). While the act made no substantive changes in the disclosure requirements that specifically address environmental reporting, it did add new requirements

30Calvert is the nation's largest family of socially responsible mutual funds, with over $9.7 billion in assets under management (Calvert, 2004).

for certification, attestation, and disclosure that will make EHS audit reports subject to new levels of scrutiny (Wagner and Cannon, 2003). In particular, the following sections of the Act are important to note:

• Section 404 on Management's Report on Internal Control over Financial Reporting. Management must provide a statement that they are responsible for establishing and maintaining adequate internal controls over financial reporting. In addition, there must be an annual assessment of the effectiveness of the company's internal control structure and procedures for financial reporting. This information must be certified by the top management of the company.

• Section 409 on Real Time Issuer Discloser. This requires disclosure to the public on an urgent basis of any "material" changes in the company's operations and/or financial condition. This information should be any thing that could affect a company's market valuation.

The practical effects of the Sarbanes-Oxley Act on companies are as follows (Wagner and Cannon, 2003):

• Ensure that adequate internal procedures exist to estimate and disclose environmental costs and liabilities;

• Identify and document events and emerging trends in environmental regulation or enforcement that could have a material financial impact on the company's operations;

• Implement an internal reporting system focused on reporting to appropriate personnel; and

• Establish procedures to evaluate and quantify potential environmental liabilities. What Is the Role of Third-Party Verifiers and How Does That Impact Companies with Implemented Sustainability Programs? The EHS assurance and audit function has matured into verification of a broader range of corporate performance and social responsibility criteria, with demands for assessment by independent and objective third parties. Stakeholder expectations further necessitate that there is no perceived conflict of interest between a third party's verification and other consulting assignments. In addition, with an increase in sustainability reporting, such as that outlined under GRI's Sustainability Reporting Guidelines, the need and demand for independent assurance of those reports has been growing. In order to provide independent, third-party assurance as to content, veracity, and accuracy of those reports, a growing industry has been developing providing those independent assurors. These assurors come from a wide range of firm types: consulting and engineering firms, public accounting firms, and certification organizations (AICPA, 2002). Some of those firms have established distinct and separate units dedicated to independent verification of an organization's performance in the areas of environmental compliance and stewardship, health, safety, and social responsibility.

Until very recently, there has been no standardized approach for conducting those assurance audits or for how to account for sustainability; however, several approaches for these have recently been issued. The approaches are very similar to the EHS audit process described earlier in this section. In addition to AA1000S, which was previously described, a second standardized approach to sustainability accounting was issued in September 2003 entitled "Sigma Guidelines - Toolkit, Sustainability Accounting Guide" (The Sigma Project, 2003). Targeted toward the finance function within an organization and sustainability practitioners, the guide provides "information on the variety of approaches that are known to be available for sustainability accounting; alternative frameworks to improve understanding of how these approaches may fit together; information on each approach and how organizations can start to use them; and suggestions of areas that require further development" (The Sigma Project, 2003). Although embryonic in their development, these two standardized approaches form the framework by which independent, third-party verifiers or interested stakeholders will view an organization's sustainability program.

The role of third-party verifiers, therefore, is to provide an independent, non-biased assessment of the content, veracity, and accuracy of an organization's sustainability report or sustainability program. Because stakeholders are requiring increased corporate accountability and transparency, an organization embracing the sustainability perspective should be prepared for scrutiny and assessment of where their sustainability program actually stands. Impacts on an organization from having a sustainability program may vary depending on the industry sector, spheres of operation, stakeholder communities, financial markets and/or geopolitical events; however, a few common impacts may include the following (GRI, 2002; WBCSD, 2004b):

• Having to provide forums for stakeholder consultation;

• Responding to specific stakeholder requests and expectations;

• Expanding, improving, and/or auditing data collection and information systems;

• Securing external expert witness testimony;

• Conducting issue-specific audits;

• Engaging suppliers;

• Deciding how "open" or transparent an organization should be with stakeholders and with competitors;

• Debating the future legal implications and potential for lawsuits for publicizing their adherence to codes of conduct;

• Incurring significant costs (both human and financial resources) to develop, implement, and report on sustainable development management systems.

Once a sustainability audit process has been established, either internally or externally, there is an additional important consideration for the reporting process and third party verifiers that GRI has outlined. This is regarding the auditability of the data. The auditability principle states: "Reported data and information should be recorded, compiled, analyzed, and disclosed in a way that would enable internal auditors or external assurance providers to attest to its reliability" (GRI, 2002). This principle relates to the degree to which data collection, information management and communication systems are able to be examined for accuracy, internally and externally. Is There a Professional Certification for Sustainability Auditors? There currently is no accredited, professional certification scheme specific to sustainability auditors. In the United States, the Board of Environmental, Health and Safety Auditor Certifications (BEAC)31 offers a Management Systems Certified Professional Environmental Auditor (CPEA) certification. This certification is not specific to sustainability, but does include the GRI Sustainability Reporting Guidelines in its exam for the Management Systems CPEA certification (BEAC, 2004).

There is also voluntary guidance that has been issued with respect to the desirable attributes for a sustainability assurance provider (auditor). In GRI's Sustainability Reporting Guidelines, a number of issues are recommended for consideration by organizations as they select their assurance provider (GRI, 2002):

• Degree of independence, and freedom from bias, influence, and conflicts of interest;

• Ability to balance the consideration of interests of various stakeholders;

• No involvement with the design, development or implementation of the organization's sustainability management system;

• No involvement with the organization's sustainability monitoring efforts or reporting;

• Due professional care, including sufficient time to effectively carry out the assurance process; and

• Competence, as demonstrated through an appropriate level of experience and professional judgment, to meet the objectives of the assurance process.

Finally, there is an accreditation process for social accountability audits under Social Accountability, Inc. This entity accredits organizations - known as certification bodies - to conduct audits, certifying workplaces as complying with SA8000. Accreditation must be earned before a firm can have its staff perform SA8000 certification audits (SAI, 2004).

This is currently an unmet need in the marketplace. Once developed, a universally accepted certification scheme for true sustainability auditors and assurance providers will greatly enhance the credibility and consistency of assurance efforts in the future.

31"BEAC is an independent, nonprofit corporation established in 1997 to issue professional certifications relating to environmental, health, and safety auditing and other scientific fields. BEAC was originally created as a joint venture between The Institute of Internal Auditors (The IIA) and The Auditing Roundtable (Roundtable). [...] BEAC is a member of the Council of Engineering and Scientific Specialty Boards (CESB), a third-party accreditation board. CESB has granted full accreditation to BEAC's Certified Professional Environmental Auditor (CPEA) certification" ( What Are the Steps to Implement a Sustainability Audit Process? "In 1987, the World Commission on Environment and Development (Brundtland Commission) called for the development of new ways to measure and assess progress towards sustainable development" (IISD, 1997). The refinement of a sustainable development audit process has been ongoing since that initial call to action from the Brundtland Commission; yet, to date, a fully mature audit process for assessing sustainable development has not yet emerged. Several notable efforts have been undertaken, however, which have provided a leap forward in the maturation process.

The earliest, notable effort in this area was the issuance of the "Bellagio Principles for Assessment" through the International Institute for Sustainable Development (IISD, 1997). The document provided a consensus review and synthesis of ideas and insights from then-current, ongoing efforts for undertaking and improving the sustainable development assessment process. Ten basic principles were issued and formed the "Bellagio Principles for Assessment," named after the site of where the meeting took place (Bellagio, Italy). The principles were intended to provide advice in selecting indicators, measuring progress, and interpreting and communicating results.

A white paper produced by the NGO Business for Social Responsibility provides another useful template for the implementation of a verification program (BSR, 2003). Based partially on SA8000 and the GRI Guidelines, it includes the following verification steps (which would be applicable towards the development of a verification process):

• Establish audit principles;

• Define the role of the verifier;

• Assist the verifier in understanding the company and its stakeholders;

• Facilitate data collection and information;

• Seek expert opinions due to the different spheres of activity and the complexity of measurements;

• Publish the verification statement from the assessor; and

• Request that the verifier provide a letter to management separate from the published verification statement.

Finally, a recommendation for implementing a sustainability audit process would be to incorporate or integrate the sustainability efforts into the existing EHS management system scheme. In this way, the sustainability audit process can dovetail into the existing EHS audit process and subsequent management review process. The DNV report entitled "CSR Management Systems"32 provides very useful guidance in Chapter 4 of that report on establishing a sustainability management system process based on the plan-do-check-act principle (DNV, 2002). In

32As noted earlier, the CSR term in the context of this report has the same meaning as sustainable development.

addressing the routines for the review of such management systems, the following excellent guidance is provided (DNV, 2002):

The intention of the review is for management with executive responsibility to confirm the continuing suitability and effectiveness of the system. The CSR Management System including the indicators and the corresponding targets should be evaluated and improved periodically. In addition the Value Statement, the Code of Conduct and the high level CSR goals need to be reviewed regularly. Typical inputs are monitoring records, measurement results, possible deviations and recommendations for improvement. Conclusions from these reviews should be followed up in action plans to ensure continual improvement of the system. Management reviews of the CSR Management System will typically be part of the management review of a complete management system if such exists (e.g. as required in ISO 9000/14000). In addition, the routines must ensure that conclusions from the management review are followed up in and linked to the existing management system activities where appropriate. Conclusion. Successful implementation of a sustainable development mindset in an organization requires true integration of the values and principles behind sustainability, and not a shallow, cursory, stand-alone "project." That is, sustainability is only one small piece of a larger approach to organizational responsibility in the global environment. The audit or assurance process is an important and valuable step in this approach that cannot and should not be overlooked.

0 0

Post a comment