by Eugene A. Razzetti
Corporate responsibility management (CRM), by whatever name, determines the manner in which an organization achieves its goals and how its culture influences stakeholder well-being and quality of life. Always important but only now beginning to be measured effectively, CRM is more visible now than ever. Until recently, managing environmental “aspects” (as described in ISO 14001) was often the only metric for whether an organization was a good neighbor, and that was primarily because noncompliance exacted heavy penalties.
Today, organizations are measured by the ethical as well as the environmental correctness of their operations. Company personnel, boards, customers, consumer organizations, investors, environmental groups, and regulatory bodies persistently scrutinize the activities of today’s companies. Reputations earned for ethics have become as important as those earned for efficiency and profitability. Conducting operations responsibly means balancing efficiency and profitability with corporate, community, and environmental accountability. More than ever, we expect responsible (i.e., ethical) companies to suspend business with unscrupulous suppliers, maintain a safe and intimidation-free working environment, and practice effective safety and environmental management.
The CRM audit process is much like those of its better-known counterparts: quality, environment, and security. Organizations conduct consistent and replicable audits, benchmark and document their findings, take preventive or corrective actions as required, reassess, and bring about a program of continuous improvement. Also like the others, CRM audits demonstrate the value of self-auditing, and not relying solely on external auditors, however expert, certified, or unbiased they may be. Interestingly, an argument could be made that CRM audits focus on an organization’s character rather than its product. You can decide that for yourselves.
Several years ago, while ISO 26000 was still in committee, I co-created what became MVO 8000, an international corporate responsibility management standard. The sections that follow outline a CRM Audit approach based on that standard and on a book that I wrote subsequently on CRM. I apologize for the excessive number of bullets, but it was the fastest and easiest technique.
Ten ways to audit company character
Here are ten ways in which auditors, internal or external, can identify and assess CRM in any organization:
-
Organizational character and corporate ethics
CRM audits, because they focus on character rather than product, establish and continually enhance the total organization and the way that it does business. Specifically, CRM audits assess the organization’s ability to:
- Create a corporate culture that promotes ethical conduct and makes it a way of life.
- Make a promise and keep it.
- Pledge to a compliance requirement and meet it (or surpass it).
- Be open and honest in all its dealings, with no trade-offs or cut corners.
- Show the greatest possible respect to employees, suppliers, and customers.
- Take seriously its responsibility to the community—however large or small.
- Practice environmental husbandry and conservation.
- Practice responsible risk management and narrowly define acceptable risk.
- Develop meaningful metrics and performance indicators.
- “Bullet-proof” customer relationships.
- Effectively self-audit and not rely on outsiders.
- Apply its singular organizational character to the future in both strategic planning and the selection and development of its next generation of its leadership.
-
Decision making and accountability
Many excellent textbooks provide managers with tools and techniques to make competent, informed decisions. That said, how good an organization’s past decisions were—even if they could all be reviewed and evaluated—might be interesting in hindsight but not predictive of the success of future decisions. CRM auditors validate an organization’s decision-making mindset, confirming that decision makers at all levels in an organization:
- Know when a decision must be made.
- Know that decisions must be made within specific periods of time.
- Confront a small number of well-defined options.
- Know what is needed to make good decisions.
- Accept responsibility for their decisions.
- Consider the effect of the decision on an entire project.
Moreover, CRM auditors need to assess the responses of other personnel involved in the decisions (perhaps with only incomplete or tangential knowledge and involvement) to determine their sensitivity and awareness to irresponsible or unethical practices, and decide whether or not to take appropriate action if/when they discover such practices.
-
Integrity and disclosure
Auditing to a CRM standard addresses requirements dealing with:
- Internal controls
- Enhanced disclosure
- Collection and communication of information
- Risk identification and mitigation
- Gap analyses and corrective actions
Organizations need to identify procedural gaps and voids and then develop strong, cost-effective, and auditable internal controls. They must define (as applicable) all processes dealing with:
- Financial integrity and accurate disclosure
- Key performance indicators and reporting of deviations
- Management responsibilities and oversight
- Safeguards (e.g., periodic inventories, reconciliations)
- Record keeping and retention
- Recording and disbursement of funds
- Risk analysis and mitigation
- Conflicts of interests, outside interests, and related transactions
- Time sheet and travel claim preparation, to include time recording, labor charging/rate determination, and customer billing
- Copyrighted or licensed materials
- Accurate representation of data and credentials
- Reporting adverse personnel information
-
Code of ethics and standards of conduct
Organizations need to develop and state categorically what they consider to be ethical (and unethical) conduct by employees, inside and outside the organization. Top management cannot expect compliance with a CRM system if the governing principles of that system are not fully stated and understood by all assigned personnel, or if it does not set a worthy and unambiguous model of conformity itself.
Toward that end, organizations should develop comprehensive, auditable, codes of ethics and standards of conduct, capable of audit. Here is the applicable clause from the MVO 8000 standard:
Management will create a Code of Ethics and Standards of Conduct, to include (as applicable):
a) The Corporate Responsibility System
b) Statutory and regulatory requirements
c) Financial integrity and accurate disclosure
d) Formal standards of performance and expectations
e) Harassment
f) Staffing policies
g) The organization’s approach to personnel customers, competitors, suppliers, and community
h) Unacceptable ethical behavior as it applies to the organization
i) Legal obligations of the organization and its members
j) Intellectual property
k) Physical and environmental security
l) Access control
m) Proper recording or and disbursement of funds or other assets
n) Use of company and customer property
o) Internet usage
p) Drug and substance abuse policy
q) Public communication
r) Working from home
s) Internal auditing processes
t) Political contributions
u) Preparation of resumes
v) Wage determinations and gifts and gratuities.
Moreover, the procedure by which the principles are imparted on organization personnel must be structured to include an auditable process in which personnel receive training and attest in writing to their understanding and willingness to comply.
-
The CRM program
Just as with quality and environmental management, organizations should ensure that CRM systems contain the means to measure and analyze ethical performance within the organization, identify deficiencies, and identify actionable improvements.
Examples of methods from which shortcomings can be identified and remedied include:
- Satisfaction surveys
- Internal reviews and audits
- Organizational metrics
- Self-assessment
Management should ensure the establishment of effective and efficient internal review processes to assess the strengths and weaknesses of their CRM systems. Internal audits and reviews provide an independent tool for obtaining objective evidence about organizational operations.
-
Communication and participation
Effective corporate responsibility management requires the involvement and support of all personnel in the organization. This is best done by:
- Ongoing training and career planning
- Defining all responsibilities and authorities
- Establishing individual and team objectives
- Recognition and reward
- Encouraging open, two-way communication
- Continually monitoring the needs of the employees and measuring satisfaction
- Encouraging effective teamwork
- Reviewing reasons for joining or leaving the organization
-
Community responsibility
An organization must first fully identify its community and then define its roles, responsibilities, and authorities as a member of that community, to include:
- Identification of environmental aspects of its operations
- Assignment of monitoring duties (e.g., to a management representative)
- Periodically evaluating performance of community responsibilities as part of a management involvement and review process
- Execution of policies and objectives for adequacy, timeliness, and execution
- Development of recommendations for improvement and appropriate feedback mechanisms, to include normal and emergency lines of communication
-
Quality of life
Management should recognize its influence (positive or negative) on the quality of life of its personnel and identify and allocate resources as necessary. This can include:
- An initial benchmarking, as with a climate survey
- Open meetings and communication
- Assessing the effect of audit nonconformities (from whatever sources) in terms of personnel and community quality of life, and including those assessments in scheduled management reviews
-
Pollution prevention and energy conservation
Organizations should implement processes and practices that prevent or minimize the creation, emission, or discharge of any type of pollutant or waste, to preclude adverse effects on the environment.
Additionally, it makes economic as well as moral sense to develop and implement documented and measurable energy conservation programs. Conservation and recycling programs are responsible organizational and community actions. They also improve bottom-line profitability through cost avoidance.
-
Key performance indicators
Most organizations can identify an overabundance of key performance indicators and should routinely monitor as many of them as practicable, in order to ensure that variances from expected performance are investigated and resolved. Here is an abbreviated list of key performance indicators, sorted by category:
Operational metrics
- Throughput as a percent of capacity
- Defects as a percent of throughput
- Number of order deliveries past due
- Rush order percent
- On-time delivery percent
- Customer satisfaction rating
- Number of complaints
- Number of complaints to revenue
- Returns as a percent of units delivered
- Ration of support staff to number of employees
- Days of inventory outstanding
- Inventory turns
- Market share
- Number of outstanding audit issues
- Book-to-bill ratio
- Days sales outstanding
- Overtime percent
- Days without workplace injury
- Number of hours that production is off-line
- Personnel/material requisitions open past threshold or benchmark
Exception reporting
- Audit reports
- Assets assigned to employees in excess of threshold or benchmark
- Unauthorized system access attempts
- General ledger accounts without assigned owners
- Assets without assigned owners
- Unreconciled accounts
- Inventory aged over threshold
- Wires/checks issued over budget threshold
- Deliveries overdue/past-due over threshold
- Sales to unapproved customers
- Sales to customers over established limits
- Suspense accounts (or other accounts that should have a zero balance) that still have a balance
- Unavailable materials report
- Inventory count differences
- Purchase orders aged over threshold
- Unmatched receipts
- Unsigned management representation of financial results
Financial metrics
- Cost per unit
- Revenue per full time equivalent
- Employee expenses
- Accounts receivable turnover
- Write-offs as a percent of sales
- Reserves as a percent of assets
- Reserves as a percent of accounts receivable over 90 days past due
- Budget to actual variances
- Value at risk
- Market value to contract value of financial interests
- Unreconciled accounts exposure
- Accounts payable aging
- Financial costs as a percent of revenue
- Margin percent
- Regulatory capital charges
- Working capital
- Interest coverage
- Sales, general, and administrative expenses as a percent of revenue
- Earnings per share
- Risk-adjusted return on capital
- Debt/equity trend
Monitoring
- Internal threat analysis of competitor control incidents
- Evaluation of proposed or pending legislation effects on current operations
- Periodic threat analysis of extremist groups on current operations
- Camera surveillance of key areas to identify illegal activity
Auditing CRM–Summary
The need for CRM has never been more urgent, but the ability to successfully audit it against a replicable set of standards has never been greater.
About the author
Eugene A. Razzetti, CMC, retired from the U.S. Navy as a captain in 1992, a Vietnam veteran, and having had two at-sea and two major shore commands. Since then, he has been an independent management consultant, project manager, and ISO auditor. He became an adjunct military analyst with the Center for Naval Analyses after September 11, 2001. He has authored two management books and co-authored MVO 8000, a CRM standard, and is an adjunct lecturer on strategic management and ethics at Argosy University. He is a certified management consultant with the Institute of Management Consultants and has served on boards and committees dealing with ethics and professionalism in the practice of management consulting. He is a senior member of the American Society for Quality and recently assisted the government of Guatemala with the ISO 28000 certification of its two principal commercial port facilities. He can be reached at www.corprespmgmt.com or generazz@aol.com.