Not all obligations are the same or require the same capabilities or approaches to satisfy. Knowing the differences can help you better understand how best to allocate resources, invest in technologies, and prioritize management objectives to consistently meet them.
One way to understand obligations better is to consider them as a hierarchy of needs between commitments associated with accepting legal responsibility and those connected with accepting stakeholder responsibility. These levels create increasing but separate needs to:
Comply to minimum requirements
Conform consistently to procedures and practices
Improve performance to reach and sustain targets
Advance stakeholder outcomes
Each level builds on previous ones. However, the behaviours from one may not always apply to the next. For example, the behaviours at lower levels tend to be predominately reactive, waiting for incidents to happen. At the higher levels these behaviours will shift to be more proactive where goals are set and plans to achieve them are implemented.
There are other differences so let's consider each level in turn.
1. Need to comply to minimum requirements
Organizations most often begin their compliance journey by focusing on legal requirements associated with regulations.
These represent the basic or minimum requirements needed to satisfy the conditions by which a regulatory license is given for a company to operate. These tend to be prescriptive written in the form of “shall statements” and subject to external inspection and audits.
Compliance is addressed by closing gaps found in audits or when incidents arise.
2. Need to conform consistently to procedures and practices
When companies begin to internalize their external commitments they start to improve how they meet these basic requirements. They also have an increased desire to accept greater social responsibilities.
In a manner of speaking the more a company looks outwards at how they interact and affect others the more they internalize external obligations.
This introduces new obligations which requires taking on more ownership often manifested by adopting industry standards to improve the consistency of meeting basic obligations.
These standards will include both technical as well as management standards. Non-conformance in practices or outputs are identified and addressed through corrective and preventive actions.
3. Need to improve performance to achieve and sustain targeted goals
The next level of needs is often associated with Vision Zero requirements and involves accepting industry objectives towards zero incidents, zero harm, zero breaches, zero fatalities, zero emissions, and so on.
These obligations are aspirational goals that require organizations to continually improve their performance to achieve higher standards over time.
In the same way that pursuing zero defects helps to drive operational excellence, vision zero helps organizations improve other important aspects of their business.
To meet vision zero requirements an organization must be intentional, proactive, and consistently demonstrate progress. It also requires leadership and accountability at all levels within an organization.
4. Need to advance stakeholder outcomes
The highest level of the Obligation’s Hierarchy of Needs is directly connected with the vision and mandate of an organization with respect to stakeholder interests. These will no doubt include financial outcomes but increasingly will involve social interests such as ESG (environmental, social and corporate governance) requirements.
It is here that we see the use of GRC (governance, risk, and compliance) strategies to help ensure that an organization does what it has promised and is creating the desired outcomes for all stakeholders.
Stakeholders are not only “shareholders” but are also: workers, investors, suppliers, customers, and the communities that are impacted or have a stake in a company' success.
Effectiveness is best measured by the level of trust engendered needed to maintain a social license to operate. This is not something that an organization can apply for; it is granted not purchased. However, without it many companies could not operate even when they have a regulatory license to do so.
The Path Up the Mountain
Deciding to take the path up the mountain towards greater social responsibility is not easy as it brings with it more and different kinds of obligations as outlined above.
Organizations that are ethical and have a culture of compliance will find the decision easier to make. These are companies that in general are not harming the environment, exploiting its workforce, or producing products that are harmful or dangerous.
Ethical companies exhibit a high degree of integrity with respect to keeping the promises they have made. Integrity provides the motivation for climbing the mountain. Instead of being motivated by staying out of jail they are motivated by doing the right thing, the right way, all the time, every time.
For companies that do decide to climb the mountain and stay the course they will notice sign posts that mark the transition from:
Gap Closing to Goal Seeking
External to Internal Obligations
Reactive to Proactive Behaviours
Completing Actions to Optimizing Systems
Creating Outputs to Advancing Outcomes
Conducting Audits to Improving Performance
Executing Mitigative Procedures to Implementing Preventive Controls
Command & Control Structures to Resilience & Preparedness Structure
Shareholder focus to Stakeholder focus (i.e. accepting social responsibility)
With ever sign post they pass these companies will gain an increased measure of trust from their investors, shareholders, workers, and communities in which they operate. They will be the kind of business that customers want to buy from, workers want to work for, and communities want to have in their midst.
