What is CSR risk management?

Customers, governments and civil society organisations expect that companies do business with respect for people and planet. Internationally this is laid down in the OECD Guidelines for Multinational Enterprises. Companies are demanded to identify, prevent and reduce CSR risks in their supply chain, upstream and downstream. This is also called ‘due diligence’ or ‘CSR risk management’.

How to implement CSR risk management?

CSR risk management consists of seven steps:

  1. Formulate a CSR policy
  2. Map your supply chain
  3. Perform a risk assessment
  4. Prioritise
  5. Collaborate with supply chain partners to address risks
  6. Integrate approach in business processes and monitor progress
  7. Communicate about policies and progress

1. Formulate a CSR policy

Before you start to manage your CSR risks it is advisable to formulate an overarching CSR policy. It explains what CSR means for your organisation and how to put this into practice. Key steps for drafting a CSR policy are:

  • Formulate your CSR vision and mission, and set your CSR targets.
  • Ensure that your CSR vision and mission are supported by the organisation.
  • Draft an implementation plan for your CSR strategy.
  • Integrate CSR in all business processes, including Human Resources, Procurement, Supply Chain Management and Compliance.
  • Review your CSR activities and improve your approach.

2. Map your supply chain

To make a good start with CSR risk management it is important to understand the nature and scale of your supply chain. Key steps:

  • List all products and services that you purchase, produce and export.
  • Identify for each product and service in which country it is manufactured.
  • Identify for each product and service that you purchase who the supplier(s) is.
  • Identify for each product and service that you produce and/or export what the downstream supply chain looks like (customers, countries, waste, etc.).
  • Determine for all composite products what the main raw materials and/or semi-finished products are, and where they come from.
  • Check -if possible- how and by whom products are transported.

Tip: The Value Chain Map is a practical tool for mapping your supply chain.

3. Perform a risk assessment

A risk assessment helps you to identify (potential) risks in your business and supply chain. Key steps:

  • Identify potential CSR risks for the countries and products in your supply chain based on available information (such as the CSR Risk Check and cited sources) and with the help of experts.
  • Determine which risks are relevant to your specific supply chain. Consult all relevant stakeholders on this (employees, customers, suppliers, governments, and civil society organisations).

Tip: The Step-by-step plan sustainable procurement by MVO Nederland explains in more detail how to perform a CSR risk assessment (Chapter 4).
Tip: This report by Shift summarises the key lessons learned from a multi-stakeholder workshop facilitated by Shift on identifying and prioritising human rights risks.

4. Prioritise

It is not possible to address all risks in your supply chain simultaneously, you will have to set priorities. Prioritise the identified risks based on potential impact on your company and potential impact on the environment and local communities. It is important that you involve your stakeholders in this step (employees, customers, suppliers, governments, and civil society organisations).

5. Collaborate with supply chain partners to address risks

Every company is a link in a long chain of suppliers and customers, where every link adds value. To make supply chains more sustainable it is necessary to collaborate. Key steps:

  • Join existing supply chain or industry initiatives. Are there no collaboration initiatives yet? In that case take the first step and talk to your suppliers, buyers, colleagues and industry association.
  • Draft an action plan for the most material risks in your supply chain together with your suppliers, buyers, colleagues, industry association and other supply chain partners. Also involve civil society organisation in this process.
  • Start a dialogue with parties who do not cooperate, possibly together with competitors and other stakeholders.
  • End the relationship if no improvements are made despite continuous support, or if serious misconduct occurred.
  • Remedy damage that has already occurred.

Tip: Join a supply chain or industry initiative, for example one of the sector initiatives within the Sustainable Trade Initiative (IDH).
Tip: The CSR Risk Check gives advice on how to address and reduce CSR risks.
Tip: ITC Standards Map provides information on over 150 standards, codes of conduct and audit protocols addressing sustainability hotspots in global supply chains.
Tip: Ecolabel Index is a global directory of ecolabels.

6. Integrate approach in business processes and monitor progress

A CSR risk assessment is valid for a limited time only. Therefore it is important to keep up-to-date on developments in the supply chain. Key steps:

  • Question your (in)direct suppliers and buyers about their CSR strategy, policies, and performance, and carefully explain why you do this.
  • Visit your (in)direct suppliers and customers, and assess them on social and environmental issues. You may also do this together with other buyers/suppliers, or have it done by an independent organisation.
  • Involve NGOs, trade unions, and other experts in the monitoring process, for example, to test the methodology or to set up joint fact-finding missions and audits.
  • Set up a grievance mechanism for individuals, communities and organisations who may be adversely impacted by your business operations in the supply chain.

Tip: Use the Supply chain influence checklist to increase your influence in the supply chain, and to take focused action towards suppliers.
Tip: This report by Shift includes tips and examples of audit processes.

7. Communicate about policies and progress

Transparency and communication to external parties is an important part of supply chain responsibility. Key steps:

  • Keep up the dialogue with individuals, communities and organisations who may be adversely impacted in your supply chain about your approach and progress.
  • Decide how you wish to publicly account for your actions, for example through your regular annual report, a separate sustainability report, information on your website, or a special brochure.
  • Consult your stakeholders on the reporting topics. What information and performance do they expect from your company?
  • Publish your information (online and/or in your annual report).

Tip: The GRI Sustainability Reporting Guidelines are internationally recognised standards on sustainability reporting for organisations (see part 6.3 for reporting directives specific to supply chain responsibility).