Adrian Bowles discusses his point of view regarding How GRC, sustainability and CSR relate to one another in this IT Compliance article. I found the arguments of interest but in need of clarification.
In recent years, I’ve described my research area as sustainability — with a focus on how IT can help an enterprise become more durable to economic and ecological pressures. I’ve written previously about IT governance and the role of IT in enterprise risk management, governance and regulatory compliance (GRC). The progression of interests seemed natural to me, but I’ve seen confusion among IT management about the relationships among GRC, sustainability and corporate social responsibility (CSR).
Clearly there exist inter-relationships and multiple functional stakeholders in any sustainability conversation. Compliance, HR, procurement, operations and IT all have unique views on what sustainability and CSR are and are not based on their mission inside the organization. These elements may or may not be compliance-driven, that is a not-for-profit organization may desire to do good by the environment and invoke green purchasing laws but unlike a manufacturer they do not have green laws governing substances used to make their products.
In one case, a manager told me unequivocally that GRC is part of sustainability, and drew a chart to prove his point. Another drew a similar chart but showed sustainability as part of a GRC program. CSR was dismissed in both of these discussions.
Unfortunately our software industry friends do little to alleviate this conversation. Since so much of the reporting aspect of sustainability deals with regulatory requirements, sustainability is often “boxed in” with other compliance applications in the IT ecosystem that this manager has a case for believing that view. I would argue though that properly approached, sustainability and CSR are much more strategic than compliance driven and should be treated so in the organization.
Read the full article on searchCompliance.com here.