Is ERP Ready for Corporate Social Responsibility?

We are entering an era where corporate social responsibility (CSR) is of central concern to executives of almost every enterprise. With the publication of ISO 26000, a standard for CSR based on the UN Global Compact, executives now have a reliable blueprint for action. But to what extent is enterprise technology up to the task of documenting CSR initiatives?

Enterprise Resources Planning (ERP) can currently address some elements of ISO 26000, but with few exceptions has a ways to go to address challenging areas like the environmental requirements of this critical new standard.

The new standard focuses on four key domains:

• Human Rights

• Labor Relations

• The Environment

• Corruption

The importance of documenting and managing CSR practices becomes eminently clear when we consider the tragedy surrounding the 2010 explosion of the BP Deepwater Horizon offshore oil rig. BP's reputation as a good corporate citizen has been diminished and they may be held liable for damages due to their actions, particularly if they cannot document that they had been following accepted practices for two of the key areas dealt with ISO 26000...environmental protection and labor relations.

Not Just Altruism

BP is only the latest example of how social responsibility is of critical importance to an enterprise from not only the standpoint of public perception, but for protecting the interests of investors and other stakeholders. There are a number of examples of environmental or other crises stemming from CSR impacting the value of the company. Consider earlier examples like Union Carbide and the disastrous chemical leak in Bhopal, India -- which not only claimed the lives of thousands and continues to affect the regional ecosystem, but immediately led to a 12-point drop in Union Carbide Stock.

Other corporate liabilities can result not just from catastrophic events but from day-to-day practices that have not been well-documented from a social responsibility standpoint. Consider the situation faced by a number of Wisconsin paper mills charged with cleanup of polychlorinated biphenyls (PCBs) from carbonless copy papers after depositing them in the Fox River between 1973 and 1997. The liability incurred by these companies has saddled each of them with substantial financial obligations that impact them to this day.

Major U.S. companies -- including Wal-Mart -- have been pursued in court and potentially held liable for substantial back wages and other costs due to violations of labor and human rights standards, either within their own organization or at vendors' plants. Employers including Mohawk Industries have also been sued under the Racketeer Influenced and Corrupt Organizations (RICO) Act for knowingly employing and exploiting undocumented workers.

How Can ERP Technology Help?

EAM, ERP and other enterprise software can help industry comply with ISO 26000 by formalizing best management practices affecting the four key areas of the standard and centralizing related information for streamlined reporting, investigation and preventive and detective controls.

Labor and Human Rights: In the often-overlapping areas of labor relations and human rights, enterprise software needs to at a bare minimum allow a company to document that they are not breaking local labor laws or regulations. But ISO 26000 entreats companies to go beyond the requirements of local labor laws to protect the human rights of employees. Enterprise software needs to, at a bare minimum, document that employees are of the requisite age required by child labor laws. Age requirements can be documented internally in the human resources component of an ERP package, but also have an impact on supply chain management. ISO 26000 also requires companies ensure that they are not complicit in the human rights abuses of their suppliers. While data on suppliers' employees comes second hand as it is self-reported, it is still contingent on the ISO 26000-compliant company to prove that they are performing due diligence.

An ERP system can document proper labor by recording the training and skill sets of each employee to help ensure that any differences in compensation stem from justifiable causes rather, for instance, than race, gender or nationality.

But even prior to hiring, data must be captured on would-be employees. While most companies will have hiring policies that forbid discrimination by the various categories of protected status, proving that those policies are followed is more difficult. That is why ERP software needs to include applicant tracking that allows comparison of the qualifications of those applying for jobs with the qualifications of those who are hired. ERP can also track the training of employees to prove they are investing in the workforce and helping better their situations.

The Environment: In the standard, businesses are asked to take a precautionary approach to protecting the environment, to promote greater environmental responsibility and encourage environmentally-friendly technologies. Identifying and implementing enterprise technology that will allow for efficient environmental management has been a challenge for many industrial companies because a vanishingly small number of ERP products offer environmental footprint management functionality as a built-in module. Without this functionality, it becomes necessary to purchase third-party products that typically deal only with carbon emissions rather than the full spectrum of air, water, landfill, product lifecycles and end-of-life impacts. These third -party products must then be either integrated with an ERP package or run in stand-alone fashion -- forcing a company to absorb often unacceptable costs not only from the software licensing but systems integration and/or duplicate administrative effort resulting from maintaining information in two separate systems.

Ideally, an ERP package should support ISO 26000 by providing, within the ERP suite itself, a configurable tool for capturing data on the entire spectrum of environmental impacts. This would allow, for instance, a company doing substantial electronics business in Europe to focus on the substances covered in Registration, Evaluation, Authorization of CHemicals (REACH), Waste Electrical and Electronic Equipment (WEEE) and Reduction of Hazardous Substances (RoHS) regulations. A capital equipment manufacturer could focus on the lifecycle environmental impact of their long-lived product, along with decommissioning costs. A company with an extensive supply chain could focus on decision support for selecting vendors based on proximity.

Environmental footprint management built into ERP also streamlines reporting, and provides for a more direct and credible source of information because tampering is harder to accomplish given the preventive and detective controls within a modern ERP system.

Corruption Prevention: The mention of preventive and detective controls offers a convenient transition into the remaining area of best practice dealt with in the standard -- corruption.

To a certain extent, ERP products that include functionality for Sarbanes-Oxley compliance can help mitigate against certain corrupt practices. Sarbanes-Oxley compliance typically involves rigid segregation of duties so that no single person can, for instance, create a vendor in the ERP system and then approve checks to that vendor. This would prevent someone from either paying large sums to themselves or to another individual inside or outside of the company for illicit purposes. At the very least, these preventive controls would mean that non-authorized funds cannot be paid without collusion among various parties in the enterprise. Detective controls can also be built into an ERP package to ensure that any illicit payments that are made can be recognized after the fact and tracked to their source. Combined with a formal corporate policy forbidding corruption, these preventive and detective controls can be remarkably effective in deterring corruption.

Obviously, human rights, labor practices, environmental degradation and corruption are bigger problems in some companies and parts of the world than they are in others. That is why a company should really look for, in ERP or other enterprise software, a way to assign and manage risk in its decision -making. When, for instance, selecting suppliers, a vendor's documented history of poor labor practices or a spotty environmental record can be taken into consideration. The risk of corporate exposure to litigation, public opprobrium or other problems associated with a breach in the four areas of CSR can be monetized and dealt with in an objective fashion.

Risk management functionality that is embedded directly in an enterprise application rather than a stand-alone solution will be preferable for one simple reason; when risks are identified and a risk mitigation plan created, risk management that exists directly in an ERP system used widely throughout a company will allow execution of that mitigation plan to be automated to a much greater degree. A separate risk management tool will really leave executives guessing as to whether the risk mitigation plan they created is being followed, and that could lead to some very unpleasant surprises.

We all want to do well by doing good, but the devil is always in the details. And CSR management and reporting involves many, many details. While there is no certification for ISO 26000, the right enterprise software platform can streamline and provide an authoritative, thorough view of actual environmental, human rights, labor and ethics practices. Lacking an enterprise solution, it is hard to operationalize a CSR plan and even harder to prove to the satisfaction of investors, customers and other stakeholders, that the plan is being followed.

Bill Leedale is responsible for knowledge transfer in North America for the manufacturing product suite within IFS Applications. He has over 20 years of hands-on experience in the manufacturing arena from leading large-scale implementation projects to managing business process reengineering engagements for global companies. Leedale holds a B.A. in Business and Economics from Wittenberg University in Springfield, Ohio and an M.B.A. from Ohio State University, Columbus, Ohio. He is an author of the current APICS body of knowledge and a contributor to APICS' current LEAN ENTERPRISE WORKSHOP. His certifications include Certified Fellow in Production and Inventory Management (CFPIM), and Certification in Integrated Resource Management (CIRM).

This story, "Is ERP Ready for Corporate Social Responsibility?" was originally published by CIO.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies