About Wolters Kluwer
Wolters Kluwer is a global provider of professional information, software solutions, and services for clinicians, nurses, accountants, lawyers, and tax, finance, audit, risk, compliance, and regulatory sectors.
Select Language
Visit our global site, or select a location
Health
Trusted clinical technology and evidence-based solutions that drive effective decision-making and outcomes across healthcare. Specialized in clinical effectiveness, learning, research and safety.
Tax & Accounting
Enabling tax and accounting professionals and businesses of all sizes drive productivity, navigate change, and deliver better outcomes. With workflows optimized by technology and guided by deep domain expertise, we help organizations grow, manage, and protect their businesses and their client’s businesses.
Finance
Our solutions for regulated financial departments and institutions help customers meet their obligations to external regulators. We specialize in unifying and optimizing processes to deliver a real-time and accurate view of your financial position.
Compliance
Enabling organizations to ensure adherence with ever-changing regulatory obligations, manage risk, increase efficiency, and produce better business outcomes.
Legal
Serving legal professionals in law firms, General Counsel offices and corporate legal departments with data-driven decision-making tools. We streamline legal and regulatory research, analysis, and workflows to drive value to organizations, ensuring more transparent, just and safe societies.
Having considered how internal audit can address environmental risks in the first article in this series, this article turns to the second element of ESG, social risk. This can be a sensitive area, and many risks are hard to quantify. But over the last decade, expectations of organizations have evolved significantly, and internal audit has a key role in providing assurance over the risks that this presents.
Social risk can be viewed from several perspectives. While we traditionally look at business activities, here it can also be helpful to look through the lens of different stakeholders to ensure all risks are captured and completely understood. For example, consider impacts on the organization itself, staff, customers, suppliers, investors, other third parties, and the wider communities in which you operate. Below are some of the key risks – not an exhaustive list — but those that outline the main risk areas you will want to capture:
Typical impacts for the organization will be the same as for many other ESG risks – reputational, legal and regulatory, financial, operational, and ultimately strategic. Other than potentially using different stakeholder perspectives when considering risks, this fits well into your risk assessment process.
Your risk assessment should always be the starting point. In order to do this, you will first need to go through several steps to get sufficient background context:
With this background information, you can start to include social risks into your risk assessment, leveraging work done by the first and second lines, and begin to provide assurance over these key risks.
Clearly, we should be focusing on the biggest risks for the organization. However, we often need to consider the impact on stakeholder groups in aggregate, rather than just for each risk. Staff is a good example. We should certainly consider risks around compliance with labor laws but understanding the impacts on staff also requires the inclusion of wellbeing, health and safety, benefits, employee engagement, and EDI to assess the potential risk around staff as a group. Internal audit can add value by looking at risk in this way and provide more holistic assurance over risks relating to specific stakeholders.
Internal audit can also take a broader look at the organization’s approach to social risk. As I suggested earlier, it is often a distributed responsibility, but the risks do not exist in isolation. Some questions you can ask:
The subject of labor standards is broad, but if we consider it in two parts, it may help. First there are fundamental rights at a global level which most countries are adhering to as members of the International Labour Organization. These cover issues such as forced labor, child labor, maternity, working hours, discrimination, health and safety, and unionization rights. Second, there are expectations beyond this, which often vary by country and include benefits, well-being, and employee engagement. There are many ways for internal audit to make an impact here. I will address two very different audit examples:
Sales practices have been under the microscope at various points over the last century. Often it relates to providing dishonest or misleading information, or selling products or services are known not to be in the best interest of the buyer. The banking crisis of 2008 highlighted unethical practices which led to a significant shift to providing services based on the customer. Earlier examples are tobacco and baby formula, the health impacts of which were not accurately portrayed. In both cases, poor practices continued in parts of the developing world long after they were prohibited in the West.
Risks are primarily reputational, but often there are legal and regulatory considerations that can be substantial. Let’s look at two ways in which internal audit can make an impact in this area:
To summarize, we have shown the variety of social risks within ESG and how internal audit can use their skill set to make an impact by providing assurance over some of these key risks. There are good sources of information freely available to understand different issues in more detail to help assess how social risks may impact your organization and your audit response.
The third and final article in this series will focus on the “G” (Governance) in ESG which covers a broad range of corporate activities. It is important to understand these risks as they provide the foundation for effective ESG program management.
TeamMate+ Audit
Audit management
The world’s leading audit management software – empowering audit departments of all sizes.
When you have to be right
© 2022 Wolters Kluwer N.V. and/or its subsidiaries. All rights reserved.