We are all familiar with the phrase, "Good Cop, Bad Cop!" In the world of business, this is often the relationship between the compliance folks and the conformance folks. Compliance professionals are fixated on "doing less of a bad thing." All of the sustainability indicators in the Global Reporting Initiative reflect the bad cop theme. The conformance professionals try to establish "systems" that seek compliance in a more proactive fashion. Conformance is at the heart of all of the management systems standards (e.g., ISO 9001, ISO 14001, OHSAS 18001, ISO 26000, SA 8000, etc.).
The problem with this comparison is that there are still a large number of companies that equate conformance with compliance. They have been told by a customer to have a certificate for one or more of these management system standards. Bolt-on programs are created to meet customer requirements. These programs are then enforced much the same way as the regulatory compliance issues are enforced.
Every company has a myriad of legal requirements. They are present for each of the responsibilities in a sustainability program. Environmental, health and safety requirements are obvious to most sustainability professionals that come from this field. The corporate social responsibility practitioners know about equal opportunity, harassment, and access for the physically challenged. On the economic side, there are a variety of requirements for financial reporting, especially for publicly traded companies. Failure to comply creates significant operational and financial risks to the organization. Such risks pose problems for the sustainability practitioners since they have learned to be more involved in continuity planning.
So, what does this have to do with sustainability? Most companies have created a separate silo for its sustainability program. Their annual reports casually mention their use of conformance systems but never suggest that these management systems are in any way related to the sustainability program. Oh, yes, the reports almost always say, "Compliance is a given!"
The International Organization for Standardization (ISO) clearly states that management systems are part of the way the business is operated. While this may not always be the case, it is the correct idea!
For sustainability to become part of the way business is operated, it might want to take on the form of an integrated management system (quality, environment, and health & safety). This would also conveniently link the sustainability effort with the compliance effort since management systems have sections for "legal and other requirements" and "assurance of compliance." The draft ISO 26000 should be addressing the social responsibility compliance issues that are usually found in the company's "Code of Conduct." ISO 14001 and OHSAS 18001 address the environment, health and safety compliance issues. Most of the financial compliance issues (e.g., Sarbanes-Oxley Section 404) can be integrated into the sustainability management system using the Australian risk management system – AS 4360.
Making compliance part of every worker's job at the activity level and helping assure that the workers' activities are in compliance provides the "good cop" side of management systems. Often the functional managers for environment, health and safety feel a bit threatened by this activity: "What's going to happen to me, if the workers stay in compliance?"
 |