CSR Risk Management: Maciej Wiśniewski
CSR Risk Management: Maciej Wiśniewski
CSR Risk Management: Maciej Wiśniewski
Maciej Wiśniewski
Abstract
The purpose of the paper is to present risk connected with corporate social
responsibility, to show its role and a model of management. The author is
going to present the meaning of CSR for an organization and the way it is
handled. Connections between traditionally understood CSR and a process
of risk management are going to be presented. Moreover, the author is going
to show a model of CSR risk management with its stages, i.e. risk analysis,
risk assessment, strategy and monitoring of risk management. Such model
is going to let us understand the influence of CSR and its implementation to
the strategy and process of risk management in an organization.
Key words: Corporate Social Responsibility, risk management, social risk,
organization image.
Introduction
Corporate Social Responsibility has been present in business environ-
ment for a long time, but is still perceived particularly as a group of activ-
ities taken to improve a company’s image, as extended Public Relations
activities. Moreover, it seems that an interest in CSR has still rather cyclical
and marginal character and CSR itself is an instrument to improve impaired
image of an organization or an extension to its marketing activities. That is
why it is difficult to show decisively that CSR is a significant element of or-
ganization management, especially its strategy, and influences organization
functioning considerably.
However, mutual relations between CSR and risk management are un-
disputed. CSR shows how to avoid risk (or minimize it), which is subject
matter of risk management process (Gladys 2008: 2). That is why it needs to
be stated that CSR means not only activities connected with reducing like-
lihood of risk (e.g. reputation loss, sales drop) or its consequences. CSR has
been observed more and more frequently as a crucial element of risk man-
Forum Scientiae Oeconomia Volume 3 (2015) No. 4
18
CSR risk anagement
2005: 181). Reasons why companies decide to manage risk in the area of
CSR are connected with wanting to improve the image and maintain good
reputation (Bebbington 2004).
On the basis of areas of social responsibility identified in ISO 26000, we
can show risks they refer to. These areas include (PKN 2010):
– organizational order,
– human rights,
– work relationships,
– protection of nature,
– honest market practices,
– relations with clients,
– social commitment.
CSR risk is a consequence of many factors which influence business
activity on following basis (Rubicka 2011: 404):
– economic – e.g. the way of managing the value of business, invest-
ment policy, remuneration policy, managing relations with sup-
pliers and clients,
– environmental – e.g. availability of resources, ecological catastro-
phes, changes in protection of nature legal regulations, failures,
production methods, length of supply chain,
– legal – e.g. presence of regulations and legal system tightness,
– cultural – e.g. system of values and behavior of members of an
organization,
– personal – e.g. individual approach regarding organizational matters.
Analyzing CSR risk we need to pay special attention to a dialogue with
the most important stakeholders, which makes this process different from
processes of managing other types of risks. Properly created strategy of
dialogue, which includes areas of dialogue, its form and appropriate assess-
ment of expectations, makes it possible to support risk management process
and increase its efficiency. When it comes to CSR, stakeholders are “risk
bearers” and they can appear as voluntary stakeholders (e.g. investors) or
forced stakeholders, who are in relation with organization not necessarily
by their own choice (Clarkson 1994).
Summing up connections and dependences between CSR and risk man-
agement it is worth to try to define the role of risk management within CSR.
With reference to CSR, risk management needs to be understood as strategy,
policy and processes, whose goal is to address potential ethical, social and
environmental factors. These factors, by influencing stakeholders, are to
organization’s disadvantage (Wisser 2007: 15). In such context, CSR is one
of the main means of managing risk of social factors and their influence on
financial aspect of an organization.
19
Forum Scientiae Oeconomia Volume 3 (2015) No. 4
3. Risk identification
The first stage is risk identification. Information about potential risks
can be found in risk registers, annual reports and governance documents.
Nonmaterial risks must be carefully looked at. Prepared list of risks should
be looked through regarding gaps and lacks and completed with results of
analysis, which will reduce the chance of overlooking significant risk.
The next step should be risk mapping, based on expert knowledge and
external data, such as benchmarks or available risk classifications. On this
stage attention should be paid especially to risks characteristic for areas
where an organization operates and to influence of risks on reputation capi-
tal (Gasiński, Pijanowski 2011: 38).
CSR risk identification should be made on the basis of efficient and com-
plete procedures, which must be documented and familiar to everybody in-
volved in the process.
20
CSR risk anagement
4. Risk assessment
Risk is a combination of likelihood and consequence of appearance,
which is a threat for an organization. Thus risk assessment is subjective
and depends on its perception. Perception of risk by stakeholders may sig-
nificantly differ from organization one. It may be said that subject matter of
CSR is to take actions so that stakeholders perceive threats properly.
CSR risk evaluation, which is mostly composed of assessing likelihood
of risk realization and its influence on organization, should be taken re-
garding an event carrying risk and its influence on stakeholders and their
perception of this event. It may happen that risk manager’s evaluation of
likelihood of risk and its influence will be much lower than evaluation done
by stakeholders.
It is also advisable to prepare a few evaluations of the same risk for
each group of stakeholders, pointing to the right level of their importance.
To evaluate stakeholders we can use the scale of stakeholders commitment
(Figure 1).
Figure 1. Scale of stakeholders commitment
21
Forum Scientiae Oeconomia Volume 3 (2015) No. 4
Conclusions
CSR nowadays is perceived not only in the aspect of improving organ-
ization image but is actively used in the process of risk management. This
process is composed of a few stages. First of all, we need to identify issues
which are significant for stakeholders, to determine their importance whose
level justifies including in the process of risk management. This stage is
usually assigned to a department which is in charge of CSR and knows
stakeholders’ expectations best. The next step is risk evaluation, done by
a few departments like legal department, HR department or department
dealing with environmental issues. These departments identify means
which can help to avoid risk or reduce its consequences. After using pro-
posed methods there is a process of improving the system, with accordance
22
CSR risk anagement
References
1. Bebbington, J. (2008), Corporate social reporting and reputation risk
management, Accounting, Auditing & Accountability Journal, Vol. 21,
No. 3.
2. Clarkson, M.B.E. (1994), A risk based model of stakeholder theory,
Proceeding of the Second Toronto Conference on Stakeholder Theory,
Toronto: Centre for Corporate Social Performance and Ethics, University
of Toronto, Toronto.
3. Gasiński, T., Pijanowski, S. (2011), Zarządzanie ryzykiem w procesie
zrównoważonego rozwoju biznesu, available at: http://www.mg.gov.pl/
files/upload/14666/Podrecznik_pl.pdf (accessed 1 June 2015).
4. Gladys, J. (2007), CSR, A risky business – risk management and CSR,
available at: http://www.wbs.ac.uk/downloads/news/2007/10/csr-a-risky-
business.pdf (accessed 1 June 2015).
5. Husted, B. (2005), Risk management. Real options, and Corporate Social
Responsibility, Journal of Business Ethics, Vol. 60, pp. 175-183.
6. Kythle, B., Ruggie, J. (2005), Corporate Social Responsibility as risk
management, John F. Kennedy School of Government, Harvard University.
7. PKN (2010), ISO 26000. Społeczna odpowiedzialność, available at: http://
www.pkn.pl/sites/default/files/discovering_iso_26000.pdf (accessed 20
May 2015).
8. Porter, M.E., Kramer, M.R. (2006), Strategy & society: the link between
competitive advantage and corporate social responsibility, Harvard
Business Review, Vol. 84, No. 12, pp. 78-92.
23
Forum Scientiae Oeconomia Volume 3 (2015) No. 4
24