There have been many social responsibility debacles in the headlines of late. Volkswagen has racked up $30 billion in costs associated with the falsification of emission measurement systems in their diesel vehicles. Wells Fargo has admitted to creating 3.5 million fake customer credit card accounts in an internal bonus scheme. And perhaps, most egregiously, Takata, has not only been implicated in 20 deaths due to a faulty airbag design, three executives are now facing prison sentences for the cover up. It would appear that corporate accountability and transparency, the hallmarks of social responsibility, is at an all-time low. And so, in enters the International Standards Organization (ISO).
Quality Management System requires an understanding of the social environments and any issues that may be relevant to management systems outcomes
Most major corporations fly an ISO flag of some sort: ISO 9001 for Quality Management Systems, ISO 27001 for Information Security Management Systems, 14001 for Environmental Management Systems, ISO 26000 for Social Responsibility, IATF 16949 for Quality Management in the Automotive Industry, AS 9100 for Quality Management in the Aerospace Industry, and so on. As a reaction to the many corporate responsibility fiascos, ISO has begun to interject ethical statements into these standards. And thus, organizations are in need of modifying their management systems in consideration of new ethics clauses.
The global adoption of ISO 9001 has, in general, leveled the international playing field. It has brought standardization across the global supply chain. Factories in Bangladesh can be audited by trained and qualified independent auditors. This brings assurances of foundational management system aspects to customers in France. A common language is formed. “Major finding”, “clause”, “shall”, “objective evidence”, “certification” terms becomes globally understood. ISO has recognized that assurances for ethical behavior, transparency, and accountability can also become a part of standard corporate vocabulary. Changes to management system requirements may be able to bridge gaps in socially responsible behavior.
Let’s look at a couple of examples. The latest revision of ISO 9001 Quality Management Systems – Requirements states in Clause 4.1 Understanding the organization and its context that “the organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. The organization shall monitor and review information about these external and internal issues.” The standard specifically notes that this includes social and economic environments. Thus, the Quality Management System requires an understanding of the social environments and any issues that may be relevant to management systems outcomes.
More industry specific, is IATF 16949 a standard for Quality Management Systems for the Automotive Industry. Clause 18.104.22.168 Corporate Responsibility, states that “the organization shall define and implementcorporate responsibility policies, including at a minimum an anti-bribery policy, and employee code of conduct, and an ethics escalation policy (“whistle-blowing policy”)”. And so, every player in the automotive supply chain now must have verification systems that guard again bribery, ensure that their employees abide by a code of conduct, and prove mechanisms of the escalation of ethics concerns. With third party verification through certification, statements of policy and objective evidence of compliance to policy is required.
It is unlikely that this trend will reverse. It is highly likely that this trend will continue, and potentially increase if additional social responsibility breaches occur. But, how does this affect Information Systems functional leadership? There are two responsibilities implied. First, know the corporate responsibility requirements of the management system in which you operate, so that the Information Technology (IT) function does not become the “major finding” in a certification audit. And secondly, adopt Quality Management System requirements in the IT function such that your leadership is setting the expectation of ethical behavior, transparency, and accountability.
Conducting internal audits within IT function will ensure that mechanisms to test compliance to ethical behavior are in place. Test employees’ compliance to the code of conduct. Test supply chain compliance to anti-bribery policy. If the IT function oversees the ethical reporting hotline, build features of anonymity into the system to protect whistle-blowers. In other words, proactively enact social responsibility structures into the organization.
Additionally, be a model of socially responsible behavior. Behavior is a combination of motivation and ability. Creating the structures of social responsibility through the management system provides skill. Being a role model of ethical, transparent, and accountable behavior provides the motivation. As an executive leader, are you transparent in your decision-making methods? Do you hold yourself publicly accountable for performance gaps? Are you personally doing the right and fair thing, even when no one is looking? Any system is only as good as the parts of the system. Is the CIO an effective part of the management system when it comes to social responsibility?
Social responsibility might not appear to be at the top of the priority list for those in the IT function. It should be. Those in IT at Volkswagen, Wells Fargo, and Takata have suffered just as bad as everyone else in the organization. Take the lead on complying with, and preventing breaches to, the social responsibility requirements in your management system.