Internal Audit

Social Risks: Defining the “S” in ESG

Wole Segun|
Social Risks: Defining the “S” in ESG

Many people expect organizations to reflect their own values. Conversations are being amplified around making mindful choices regarding the products people select, the places they work, and the organizations they support. 

The business world recognizes that it impacts society and social equality through its power and influence as well, and many investors are looking into the social policies of the companies they choose for investments. ESG risks  related to social equity include a company’s ability to fulfill commitments to support the community and social equity programs for its internal and external stakeholders. Stakeholder expectations that are included in a business strategy and understood through an organizational risk assessment are more likely to reduce the risk to the company. This article will further define social risk and the reputational impact of failing to meet ever-changing expectations, with a list of sample questions to assess the risk related to your organization’s social commitments.

Who Is Impacted by Social Risk?

Generally speaking, the social aspect of ESG includes internal and external stakeholders. These groups include employees, customers, vendors and suppliers, the nearby community, and possibly the global community.

Employees

Social impact on employees begins before they are even hired. A company’s hiring practices should be fair and unbiased, which means recognizing unconscious bias. Unconscious bias is difficult to overcome. For example, a qualified applicant with Autism Spectrum Disorder (ASD) may be a perfect candidate for a position, but an in-person interview could be too overwhelming. The interviewer may write the person off when they are unable to maintain eye contact. The social risk extends to the treatment of employees by managers and peers, the processes to determine raises and promotions, and how terminations are conducted.

Customers

Companies should treat customers fairly and equally. An example of unfair treatment could include targeted marketing that exploits a specific demographic, such as predatory lending to military members and their families.

Vendors and Suppliers

Vendors and suppliers pose many potential social risks since your company could knowingly or unknowingly contract with unethical suppliers. Nike infamously used sweatshops from the 1970s through the 1990s, which it discontinued after an expose was published in 1992. On the other hand, Apple has absorbed the cost of restructuring its supply chain to address unethical practices by suppliers.

Community and Beyond

In past years, companies focused on giving back to the local community. With the expanding global market, the concept of a “local community” expands to include a global perspective. Investment, support, and lobbying for local, national, or international policy changes and action should be based on organizational goals. As an example, Starbucks provides grants to local nonprofits and the areas that produce the coffee they sell.

How Is Reputational Risk Tied to Social Risk?

Reputations are fragile, and in the area of social media, reputational risk impact can be devastating. In line with its reputation as a company that takes care of its employees, Salesforce has made pay equity a corporate standard. After conducting a pay equity audit, retroactive adjustments were made, and continue to be made as they onboard new employees through acquisition. By taking proactive steps to gain and maintain pay equality, Salesforce is also reducing its reputational risk. Companies that fail to take the steps toward social equity increase the risk of reputational damage, disgruntled employees, and losing customers. 

How Can I Start Assessing Social Risks? 

To mitigate reputational risk, we should identify controls to ensure commitments are met and reporting related to these efforts is accurate. Include reputational risk related to ESG programs in your risk assessment and treat this area seriously. For many companies, an eye-opening exercise is conducting a pay equality audit. Performing this audit can highlight several potential areas of concern. Pay disparity may be prevalent in job offers, raises, or promotions. It could be pervasive or concentrated to a particular job code as it was Google’s case. Of course, pay is just one aspect of social risks that can impact any organization.

Since social risk is a complex topic, we have provided a list of example questions you can ask to assess the risk related to your organization’s social commitments.

  1. Does your company report on hiring statistics? Are employee demographics skewed related to gender, race, educational background, schools attended, or disability status?
  2. What programs are in place to monitor hiring, termination, pay increase, and promotion trends?
  3. How are marketing programs assessed for discriminatory messaging?
  4. How are vendors vetted for adherence to company goals and values? How are they monitored after onboarding?
  5. Does the company engage in community programs that relate to social initiatives?
  6. How is reporting on social programs validated for accuracy and completeness before publishing?

The questions above will help you start the conversation about social risks and related reputational risks. Since your company is unique, you will need to follow the conversation through to your specific risks. Understanding your company’s ability to impact and influence social issues occurring around the world will help you assess your potential risk exposure and control any possible reputational damage.

Wole Segun

Wole Segun is Senior Manager of Solutions Advisory Services at AuditBoard. Wole joined AuditBoard from EY, where he spent 10 years providing business consulting services around Internal Audit, SOX compliance, and Enterprise Risk Management to clients across multiple industry segments.

You Might Like

Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.