On the Frontlines: Internal Audit and Human Rights

In a hypothetical situation, society could be vulnerable if there are no mechanisms or forces that can prevent organizations with such power from discriminating against employees, manipulating consumers, being unreasonably involved in politics, and doing harm to communities. The commitment of nongovernmental organizations, governments, international organizations, management, shareholders, and the board to take measures to protect the environment and society is essential.

Organizations are responsible, in continuity, to respect human rights within their sphere of influence and ensure that their business activities do not infringe upon them, by protecting, respecting, remedying them, and reporting on human rights issues in line with their responsibilities.

Human rights encompass a wide range of basic entitlements, such as physical freedom, freedom from unfair punishment or discrimination, equal protection under the law, freedom of religion and employment, and access to adequate healthcare, food, clothing, housing, and education.

Performing a risk-based assessment and evaluation to help ensure the adequacy of an organization’s human rights reporting framework is a task that may fall under the responsibility of internal audit, depending on the organization. To include human rights considerations in the internal audit plan, internal audit performs a quantitative and qualitative risk assessment and identifies areas where human rights risk impacts are most severe. Internal audit can also link identified critical human rights risks to specific objectives and business processes. If assessing such a framework falls under the auspices of another assurance function, internal audit can act in an advisory capacity.

Internal audit can assess and evaluate the adequacy and effectiveness of the organization’s policies and procedures related to human rights. It should also identify, assess, and evaluate if the organization has a reporting framework that sets clear expectations for corporate disclosure and drives improved accountability in relation to human rights. Most organizations will not have their own framework but rather will adopt one of the existing frameworks, such as the United Nations Declaration of Human Rights. The framework can be used as a tool that:

• Guides the conversations that the organization should have with internal and external stakeholders to identify their rights, responsibilities, and their related risks to human rights.
• Measures the organization’s performance and drives improvement related to human rights.

To be effective, an organization’s human rights reporting framework should represent the most severe actual and potential impacts on human rights associated with its activities and business relationships. The framework should remain relevant and reflect human rights risks as the company’s activities, operating contexts, and business relationships change.

Furthermore, internal audit should evaluate if the organization’s reporting information is accurate, focused, and meaningful to shareholders and other stakeholders.

An organization’s sphere of influence extends beyond its payroll and includes stakeholders that include suppliers, partners, customers, and the communities affected by the organization’s physical presence.

Organizations that fail to address human rights risks can face legal battles and boycotts for not respecting the rights of workers, consumers, and members of the larger community.