The FIRM risk management scorecard approach, often used to categorize an organization's risk, treats social responsibility risk as a reputational risk that is managed within the corporate social responsibility (CSR) function. We argue that, within the resource extractive industry, social responsibility risk occurs at the operational level and as such needs to be managed locally as part of the operation itself. Our analysis shows that social responsibility risk is complex and can present financial, infrastructure, and marketplace risk characteristics. Furthermore, a far more informationally-connected and vocal global society has changed the lens through which operational issues are viewed. Relatively minor incidents can now quickly escalate and ‘go-viral’ with significant long-term economic and reputational impacts to the parent organization. In this paper, we present a standardized approach, based on validated research methods, to better identify and manage these social responsibility risks.

Our risk management methodology aligns closely with the ISO 31,000 Risk management - Principles and Guidelines where risks are identified and managed using a common identification-analysis-evaluation-treatment approach. Our methodology draws upon more than 50 years of qualitative and quantitative data from environmental, social and governance development work in more than 75 countries around the world. A stepwise approach (1) conducts a detailed assessment of the local societal concerns and issues, (2) identifies key performance indicators (KPIs) of these concerns that can be tracked, (3) defines and implements a longitudinal monitoring and evaluation (M&E) framework, and (4) ties the reporting of the local social responsibility risks and mitigation performance directly into accessible dashboards and impact reporting tools.

Through specific examples, we will show how the ‘pulse’ of local communities can be tracked and provide the critical feedback loop that provides early warnings of required adjustments and interventions that prevent minor issues escalating into performance damaging crises. We demonstrate how the cost of risk mitigation can be tied directly into the host project financials and how risk mitigation activities can be optimized to identify ‘risk opportunities’.

Our work indicates that organizations should not confuse core-business operational social responsibility with non-core-business ‘doing good’ activities. We show that not only is it possible to tie social responsibility activities into local operational management systems, it is a requirement for success.

You can access this article if you purchase or spend a download.