CSR RISK MANAGEMENT

Maciej Wiśniewski

[email protected]

Poznań University of Economics, Poland

Abstract
The purpose of the paper is to present risk connected with corporate social
responsibility, to show its role and a model of management. The author is
going to present the meaning of CSR for an organization and the way it is
handled. Connections between traditionally understood CSR and a process
of risk management are going to be presented. Moreover, the author is going
to show a model of CSR risk management with its stages, i.e. risk analysis,
risk assessment, strategy and monitoring of risk management. Such model
is going to let us understand the influence of CSR and its implementation to
the strategy and process of risk management in an organization.
Key words: Corporate Social Responsibility, risk management, social risk,
organization image.

Introduction
Corporate Social Responsibility has been present in business environ-
ment for a long time, but is still perceived particularly as a group of activ-
ities taken to improve a company’s image, as extended Public Relations
activities. Moreover, it seems that an interest in CSR has still rather cyclical
and marginal character and CSR itself is an instrument to improve impaired
image of an organization or an extension to its marketing activities. That is
why it is difficult to show decisively that CSR is a significant element of or-
ganization management, especially its strategy, and influences organization
functioning considerably.
However, mutual relations between CSR and risk management are un-
disputed. CSR shows how to avoid risk (or minimize it), which is subject
matter of risk management process (Gladys 2008: 2). That is why it needs to
be stated that CSR means not only activities connected with reducing like-
lihood of risk (e.g. reputation loss, sales drop) or its consequences. CSR has
been observed more and more frequently as a crucial element of risk man-
 Forum Scientiae Oeconomia Volume 3 (2015) No. 4

agement in a company. It is certainly connected with the fact that CSR is no

longer perceived as a reaction to a specific situation, but as an instrument
to mitigate risk, which is a significant element of company management.
CSR is a crucial part of the process of risk management, which involves
identifying appropriate risks, defining their influence and showing means
of reducing the likelihood of risk and its consequences.

1. The concept of CSR

Corporate social responsibility is basically responsibility for an impact
on the society. Its main goal is to maximize positive impact and minimize
negative one. It refers to environmental, social and political aspects (Wisser
2010: 2). For these areas we should pay attention especially to the values
common for organization and society (Porter, Kramer 2006: 6).
Among many CSR definitions, there is one that catches attention –it has
its place in the strategy “Europe 2020”, which replaces Lisbon Strategy.
According to it, CSR is “A concept, according to which businesses freely
accept social and environmental issues among their activities; responsibil-
ity of business for its influence on the society”. According to this approach
CSR activities are voluntary and depend on a company’s will. The fact that
introducing and keeping CSR is “voluntary” is controversial. It is said that
it can be a result of pressure from specific stakeholders, especially local
communities (Wisser 2010: 2). This is one of the reasons why in reformed
Strategy we can find a new definition, according to which CSR is “com-
panies’ responsibility for their influence on society”. Apart from leaving
voluntary aspect, CSR is perceived not only in connection with business but
also other organizations which can influence society. Such an approach is in
accordance with ISO26000 regarding social responsibility.
Increase in CSR importance and its perception results in bigger integrat-
ing with company’s activities when it comes to building its strategy.

2. CSR and risk management

Trying to find connections and dependences between CSR and risk
management without deeper analysis, it may seem that these concepts are
remote and do not have much in common. However, as it was presented
earlier, one of CSR goals is to minimize negative influence, which may be
perceived in the light of risk, using means used in a process of risk man-
agement. Risk management itself is not a unified process. Its construction
largely depends on the risk it refers to. Similarly, CSR risk must be managed
using appropriate instruments. These are usually the methods of operation-
al risk management or more definite nonfinancial, reputational risk (Husted

18
CSR risk anagement

2005: 181). Reasons why companies decide to manage risk in the area of
CSR are connected with wanting to improve the image and maintain good
reputation (Bebbington 2004).
On the basis of areas of social responsibility identified in ISO 26000, we
can show risks they refer to. These areas include (PKN 2010):
– organizational order,
– human rights,
– work relationships,
– protection of nature,
– honest market practices,
– relations with clients,
– social commitment.
CSR risk is a consequence of many factors which influence business
activity on following basis (Rubicka 2011: 404):
– economic – e.g. the way of managing the value of business, invest-
ment policy, remuneration policy, managing relations with sup-
pliers and clients,
– environmental – e.g. availability of resources, ecological catastro-
phes, changes in protection of nature legal regulations, failures,
production methods, length of supply chain,
– legal – e.g. presence of regulations and legal system tightness,
– cultural – e.g. system of values and behavior of members of an
organization,
– personal – e.g. individual approach regarding organizational matters.
Analyzing CSR risk we need to pay special attention to a dialogue with
the most important stakeholders, which makes this process different from
processes of managing other types of risks. Properly created strategy of
dialogue, which includes areas of dialogue, its form and appropriate assess-
ment of expectations, makes it possible to support risk management process
and increase its efficiency. When it comes to CSR, stakeholders are “risk
bearers” and they can appear as voluntary stakeholders (e.g. investors) or
forced stakeholders, who are in relation with organization not necessarily
by their own choice (Clarkson 1994).
Summing up connections and dependences between CSR and risk man-
agement it is worth to try to define the role of risk management within CSR.
With reference to CSR, risk management needs to be understood as strategy,
policy and processes, whose goal is to address potential ethical, social and
environmental factors. These factors, by influencing stakeholders, are to
organization’s disadvantage (Wisser 2007: 15). In such context, CSR is one
of the main means of managing risk of social factors and their influence on
financial aspect of an organization.

19
 Forum Scientiae Oeconomia Volume 3 (2015) No. 4

Each process of risk management is based on set framework, established

methodology. CSR risk management in a greater part can be efficiently im-
plemented in already existing in a company process of risk management.
This will not only influence on minimizing likelihood of risk but will also
be a positive signal for all stakeholders (Gladys 2008: 6).
Creating a model of CSR risk management we can adopt two approach-
es: top-down and bottom-up. In top-down approach international contracts
(especially on the area of human rights and natural environment protection),
national law and other regulations which organization must comply with,
are factors which decide on paying attention to CSR in risk management.
Such an approach is particularly advisable for organizations whose activ-
ities are in close relations with these factors. Bottom-up approach is more
adequate for organizations, where the main factor is commitment of stake-
holders (Gladys 2008: 7).
In the further part of this paper, bottom-up approach is going to be dis-
cussed, as it is most frequently used and adapted for business organizations
and local non-profit organizations. Thus the process of CSR risk manage-
ment will include conventional elements:
– risk identification,
– evaluation (risk assessment),
– description and application of risk management methods,
– risk evaluation and monitoring.

3. Risk identification
The first stage is risk identification. Information about potential risks
can be found in risk registers, annual reports and governance documents.
Nonmaterial risks must be carefully looked at. Prepared list of risks should
be looked through regarding gaps and lacks and completed with results of
analysis, which will reduce the chance of overlooking significant risk.
The next step should be risk mapping, based on expert knowledge and
external data, such as benchmarks or available risk classifications. On this
stage attention should be paid especially to risks characteristic for areas
where an organization operates and to influence of risks on reputation capi-
tal (Gasiński, Pijanowski 2011: 38).
CSR risk identification should be made on the basis of efficient and com-
plete procedures, which must be documented and familiar to everybody in-
volved in the process.

20
CSR risk anagement

4. Risk assessment
Risk is a combination of likelihood and consequence of appearance,
which is a threat for an organization. Thus risk assessment is subjective
and depends on its perception. Perception of risk by stakeholders may sig-
nificantly differ from organization one. It may be said that subject matter of
CSR is to take actions so that stakeholders perceive threats properly.
CSR risk evaluation, which is mostly composed of assessing likelihood
of risk realization and its influence on organization, should be taken re-
garding an event carrying risk and its influence on stakeholders and their
perception of this event. It may happen that risk manager’s evaluation of
likelihood of risk and its influence will be much lower than evaluation done
by stakeholders.
It is also advisable to prepare a few evaluations of the same risk for
each group of stakeholders, pointing to the right level of their importance.
To evaluate stakeholders we can use the scale of stakeholders commitment
(Figure 1).
Figure 1. Scale of stakeholders commitment

Source: Kythle, Ruggie 2005: 14.

CSR risk that refers to stakeholders whose scale of involvement is high

should be a matter of particular interest, because it may result in serious
losses. Apart from losses we need to remember about likelihood of its ap-
pearance and adequacy of control measures.

5. Control measures (risk management strategy)

Proper preparation of strategy to mitigate risk requires considering using
many control measures. That is why control measures, assessed regarding

21
 Forum Scientiae Oeconomia Volume 3 (2015) No. 4

their adequacy in relation to a goal reached, are used. Thus, adequacy of

control measures should be more significant than their number. It is crucial
(especially when it comes to stakeholders’ perception of strategy) to justify
appropriately and provide documentary evidence for the choices made. It
should show the power of approach used.
Identifying possible scenarios of risk realization should result in prepar-
ing appropriate strategy for each scenario or assessing funds needed to fi-
nance losses connected with realizing the scenario. While preparing for sce-
nario realization, one has to bear in mind its likelihood and mutual relations
between events. This is how it can be shown whether given scenarios can
happen simultaneously and to what extent (Gasiński, Pijanowski 2011: 44).

6. Evaluation and monitoring

To complete the process of CSR risk management it is necessary to eval-
uate it and monitor its level. It will allow us to check efficiency of strategy
we are using and risk control means. On this stage will be used CSR man-
agement means, particularly codes of ethics, whistle-blowing policy, proce-
dures or social audit (Rubicka 2011: 405). Proper evaluation of used means
is a crucial signal and has not only managing function but also has large
impact on reducing the level of risk and on stakeholders perception. Con-
stant monitoring of risk allows to react in a proper way, when the level of
risk approaches unacceptable level. On this stage key risk indicators (KRI)
and key performance indicators (KPI) are especially useful. They allow to
create means of reporting risk, which make it possible to show graphically
managing information (Gladys 2007: 6). To provide appropriate channel of
information flow it is crucial to establish the right format of reporting, pre-
senting goals and level of their realization.

Conclusions
CSR nowadays is perceived not only in the aspect of improving organ-
ization image but is actively used in the process of risk management. This
process is composed of a few stages. First of all, we need to identify issues
which are significant for stakeholders, to determine their importance whose
level justifies including in the process of risk management. This stage is
usually assigned to a department which is in charge of CSR and knows
stakeholders’ expectations best. The next step is risk evaluation, done by
a few departments like legal department, HR department or department
dealing with environmental issues. These departments identify means
which can help to avoid risk or reduce its consequences. After using pro-
posed methods there is a process of improving the system, with accordance

22
CSR risk anagement

to Demming cycle, which is Plan-Do-Check-Act. It allows to keep adequacy

of control means and control of the level of risk.
It is not easy to include CSR risk in the process of risk management, but
it seems that changes happening in society and stakeholders expectations
force organizations to take appropriate actions. It allows to have a broader
view on an organization and its impact on surroundings. Organization is not
only judged by its results but also as a part of environment, society and as
collective entity. Therefore CSR is becoming a part of organization strategy,
which is realized, among others, through process of risk management. This
process helps to reach goals and realize established strategy. Thus including
CSR in process of risk management is voluntary, but also forced by stake-
holders attitude, who are more and more aware, more reactive and more
efficiently influence organizations.
It seems that risk management is now the best means helping to cope
with changes happening in society. Including CSR in the process of risk
management and its popularizing is only a matter of time.

References
1. Bebbington, J. (2008), Corporate social reporting and reputation risk
management, Accounting, Auditing & Accountability Journal, Vol. 21,
No. 3.
2. Clarkson, M.B.E. (1994), A risk based model of stakeholder theory,
Proceeding of the Second Toronto Conference on Stakeholder Theory,
Toronto: Centre for Corporate Social Performance and Ethics, University
of Toronto, Toronto.
3. Gasiński, T., Pijanowski, S. (2011), Zarządzanie ryzykiem w procesie
zrównoważonego rozwoju biznesu, available at: http://www.mg.gov.pl/
files/upload/14666/Podrecznik_pl.pdf (accessed 1 June 2015).
4. Gladys, J. (2007), CSR, A risky business – risk management and CSR,
available at: http://www.wbs.ac.uk/downloads/news/2007/10/csr-a-risky-
business.pdf (accessed 1 June 2015).
5. Husted, B. (2005), Risk management. Real options, and Corporate Social
Responsibility, Journal of Business Ethics, Vol. 60, pp. 175-183.
6. Kythle, B., Ruggie, J. (2005), Corporate Social Responsibility as risk
management, John F. Kennedy School of Government, Harvard University.
7. PKN (2010), ISO 26000. Społeczna odpowiedzialność, available at: http://
www.pkn.pl/sites/default/files/discovering_iso_26000.pdf (accessed 20
May 2015).
8. Porter, M.E., Kramer, M.R. (2006), Strategy & society: the link between
competitive advantage and corporate social responsibility, Harvard
Business Review, Vol. 84, No. 12, pp. 78-92.

23
 Forum Scientiae Oeconomia Volume 3 (2015) No. 4

9. Rubicka, A. (2011), Rola społecznej odpowiedzialności w zarządzaniu

ryzykiem, Prace Naukowe Uniwersytetu Ekonomicznego we Wrocławiu,
Vol. 220, pp. 400-407.
10. Wisser, W. (2007), The A to Z of Corporate Social Responsibility, Wiley,
London.
11. Wisser, W. (2010), CSR na świecie – odrodzenie, Media Planet:
Kompendium CSR- Niezależny dodatek tematyczny dystrybuowany
z „Dziennikiem Gazeta Prawna”, No. 4.

24