Companies around the world are increasingly taking action to examine, monitor, and report on how their operations may impact the human rights of stakeholders both at home and abroad. Now new guidance has been published that will allow compliance functions—as well as internal and external audit—to check that their organisations are honouring the spirit of the world’s gold standard on human rights reporting and that the impact that their activities have on human rights issues is being properly monitored, disclosed, and managed.

The bedrock of how companies worldwide should give regard to human rights is set out in the United Nations’ Guiding Principles on Business and Human Rights, which were unanimously endorsed by the UN Human Rights Council in 2011.

The 31 principles, each with detailed commentary, rest on three pillars of “protect, respect, and remedy” and provide a duty for the state to protect against human rights abuses by third parties (including business), as well as a corporate responsibility to respect human rights. They also provide for greater access by victims to effective remedy—both judicial and non-judicial. These principles have become widely accepted as “soft law,” meaning that while they are legally unenforceable, they have become the basis for the expected norms upon which companies operate. Many high-profile multinational companies, such as Unilever, Marks & Spencer, and Microsoft, have publicly stated that they intend to honour the principles’ spirit.

“Compliance professionals will have a big role to play in ensuring that companies review how their actions, and those of their supply chains, may impact human rights in different countries and that corporate reporting on these issues needs to be transparent, comprehensive, and accurate. We hope that the assurance guidance helps companies identify where their procedures and reporting may be improved.”
Richard Karmel, Business and Human Rights Partner, Mazars

Approximately 15 countries, including the United Kingdom, have published National Action Plans to implement the Guiding Principles, and another 25 are in the works. Earlier this year a joint U.K. Parliamentary report recommended that legislation should be adopted that requires all companies (including parent companies which may be located or registered outside of the United Kingdom) to prevent human rights abuses, or face civil and criminal penalties similar to those imposed for bribery offences. 

To help companies report on how they are implementing the principles, the United Nations endorsed the publication of the UN Guiding Principles Reporting Framework in 2015.

Now, Shift, the leading centre of expertise on the UN Guiding Principles, and accountancy firm Mazars have issued assurance guidance so that functions like internal audit, external audit, and compliance can check how effectively their organisations are living up to the spirit of the Guiding Principles, and that they are reporting properly on what they are doing.

“Business needs to catch up with how society’s expectations have changed, as well as how legislation has changed,” says Richard Karmel, business and human rights partner at accountancy firm Mazars and co-author of the guidance.

“Conduct that may have previously been deemed accepted business practice is now frowned upon, and companies need to review the way they act, and in whose wider interests they are operating: their actions have impacts on stakeholders, and not just shareholders.”


British retailer Marks & Spencer (M&S) is one of the first U.K. organisations to report against the UN Guiding Principles on Business and Human Rights Reporting Framework. The company published its inaugural human rights report in June 2016, which outlines the steps it is taking to support and respect human rights, and has an external human rights stakeholder advisory group which challenges it on best practice and on how well M&S lives up to the guiding principles.
The company says it is committed to tracking and reporting annually and will disclose its progress in future human rights reports on its Website and in its “Plan A” reports which chart the company’s sustainable business goals.
Louise Nicholls, corporate head of human rights for the company’s food sustainability & food packaging division, says that compliance has played a strong role in the assurance process, as have external benchmarks.
“Over the last couple of years, we have seen a greater demand for transparency,” says Nicholls, who points out that investor-led initiatives such as the Worker Disclosure Initiative and the Corporate Human Rights Benchmark have sought to gain greater corporate disclosure on employee and human rights issues in particular.
“The assurance guidance helps connect the strong process skills of our compliance colleagues with the particular subject matter of human rights, where practices and outcomes are harder to quantify than in many other areas of our performance and require close attention to the perspectives of our stakeholders,” she says.
“Reporting on corporate responsibility issues adds rigor to the assurance process to ensure consistency in disclosure to enable effective board review year-on-year,” she adds.
— Neil Hodge

The assurance guidance makes clear that companies need to prioritise their efforts to address human rights risks by focussing on those that will have the most severe impacts—and not necessarily on those that the company may wish to focus on for the sake of public disclosure.

It also says that in circumstances where local laws and international standards on human rights become “conflicted,” companies should try to follow international standards to the best of their ability.

The assurance guidance is published alongside three practical publications: one aimed at internal auditors, one for external auditors, and the third—a set of “indicators” that highlight the questions that organisations should be asking to evaluate their understanding of human rights issues and reporting—is aimed at any assurance provider that is involved in managing human rights issues, including compliance functions.

The indicators are meant to provide assurance about the appropriateness of the policies and processes that an organisation might have in place, as well as their effectiveness. They cover the governance of respect for human rights; how an organisation defines the focus of its human rights reporting; and how human rights issues are managed. They are presented in three “tiers”—“tier one” being the simplest to comply with, and “tier three” being the hardest.

The information required for “tier one” can be readily assured based on written information available through the company or bilateral interviews with internal staff or is foundational to any human rights assurance process (notably, an assessment of the appropriateness of the salient/priority human rights issues identified by the company).

The information required for “tier two” assurance requires more extensive research or interviews with internal staff and/or an increased level of professional judgment. It may also require a limited number of external interviews on a foundational issue for human rights assurance, such as regarding perceptions of the appropriateness of the human rights issues identified as salient/priorities. “Tier three” information requires more complex research, a high level of professional judgment, and/or broader engagement with external stakeholders.

Indicators outlined in the document include what the company says publicly about its commitment to human rights, how this information is disseminated both publicly and internally, and what kinds of human rights issues are discussed by senior management and the board (and why). In terms of how an organisation determines which aspects of human rights reporting it should focus on, the indicators explore what decision-making processes underpin which human rights the company should prioritise, as well as the geographic areas that might lend themselves to closer scrutiny.

Indicators that focus on how human rights issues are managed include looking at what policies the company has to address such issues and how concerns are escalated and reported; what involvement (if any) the company has with external stakeholders; what measures it has in place to quantify the impact of human rights issues on the business; and how the company’s policies and procedures have both measured and mitigated these risks. There are also indicators that examine what steps organisations have taken to modify their decision-making approaches if a human rights issue occurs, and what remedies they have put in place to prevent such conduct/abuses happening again.

“Compliance professionals will have a big role to play in ensuring that companies review how their actions, and those of their supply chains, may impact human rights in different countries, and that corporate reporting on these issues needs to be transparent, comprehensive, and accurate,” says Karmel. “We hope that the assurance guidance helps companies identify where their procedures and reporting may be improved.”

To access the documents, visit