Why Assess Human Rights Risks?
Identifying the human rights risks associated with business is the first critical step in preventing and mitigating harm to people due to business activity.
The UN Guiding Principles on Business and Human Rights (UNGPs) lay out the expectation that companies should avoid infringing on the human rights of others and should address adverse impacts with which they are involved.1 To achieve this, businesses should carry out human rights due diligence, which is a four-step process for identifying and assessing actual and potential impacts, implementing measures to prevent and mitigate impacts, tracking the effectiveness of these measures, and reporting on how impacts are being addressed.2 Human rights assessment is the first step in this process.
At its core, any human rights assessment should enable a company to identify and prioritize impacts on people based on the severity of the impact. The findings are then used to inform subsequent phases of human rights due diligence. Additional objectives may include soliciting input from affected stakeholders about effective prevention and mitigation measures or appropriate remedy,3 deepening stakeholder relationships through dialogue, building internal capacity in human rights management, and ensuring ongoing context monitoring to position the business for crisis management and response to evolving trends.
At BSR, we conduct human rights assessments to inform strategy and position companies to fulfill their responsibility to respect human rights. Our aim is to provide forward-looking, decision-useful information about salient human rights risks to guide companies in the design of measures to prevent, mitigate, and remedy actual and potential adverse human rights impacts.
BSR’s Approach to Human Rights Assessment
According to the UNGPs, a credible human rights assessment should:
- Assess impacts on people, not impacts on business;
- Assess impacts against all internationally recognized human rights;
- Draw on internal or independent external human rights expertise; and
- Highlight the concerns of affected stakeholders.
Within these parameters, there is flexibility to determine how to conduct the human rights assessment. This allows for adaptation to different industries, issues, and geographies while prioritizing attention to risks to people rather than risks to the business. This has permitted the proliferation of different methodologies,4 any one of which may be appropriate depending on the specific objectives of the assessment.
BSR’s approach to human rights assessment is grounded in the UNGPs, including a consideration of the human rights principles, standards, and methodologies upon which the UNGPs were built.
Our human rights assessment tool and accompanying methodology provide a structure to record information about human rights risks and guide analysis of salience and prioritization of risks. In our experience, the most effective human rights assessments harness the findings of the assessment to drive policies and programs to manage human rights risks. Our approach therefore goes beyond the identification and prioritization of human rights risks, actually assessing the company’s ability to manage such risks5 and to develop recommendations about appropriate actions6 to prevent and mitigate potential harm as well as to remedy actual harm.7 By grounding our approach in the UNGPs, we are able to ensure rigor and consistency across our assessments, even as we tailor our methodology to the industry, scope, and other contextual elements of the assessment.
BSR’s methodology identifies and prioritizes actual and potential human rights impacts, drawing from the full universe of international human rights instruments, and centering impacts on rightsholders.
Salience assessment: BSR assesses the severity of human rights impacts in alignment with criteria outlined by the UNGPs. Severity, as described in Guiding Principle 14 of the UNGPs, is a combination of three factors focused on impact on people, rather than impact on the business, including scope, which considers how many people may be impacted by a harm; scale, which assesses the gravity of the impact on the rightsholder; and remediability, which looks at the possibility of restoring the victims to their prior state of well-being. We also assess the likelihood of each risk to determine salience. Salience is the combination of severity and likelihood and is intended to help focus a company’s resources on managing human rights risks that have the potential to do severe harm or that are most likely, with the important caveat that severity trumps likelihood and that high-severity/low-likelihood risks should be prioritized for action.
The output of the salience assessment is a prioritized list of the company’s salient human rights risks, typically grouped into tiers denoting different levels of risk. This output can then be used to inform strategy, to function as a human rights risk register for the company, and to identify risks to enterprise value that may have been missed in the enterprise risk management (ERM) system.
Management assessment: BSR then conducts a management assessment to identify gaps in company human rights policies, procedures, and practices. Using factors contained in Principle 19 of the UNGPs, we assess the company’s ability to manage salient human rights risks. These factors include:
- Attribution considers how closely the company is connected to the human rights impact, assessing whether the company is causing or contributing to the impact; whether the impact is directly linked to its operations, products, or services through a business relationship; or whether the company is not linked to the impact. The assessment of attribution is highly contextual, case specific, and may evolve over time.
- Leverage considers the company’s ability to effect change in the wrongful practices leading to harm.
- Current management looks at how well the company is currently managing the risk through existing policies, procedures, and practices in order to identify gaps in human rights management and inform decision-making about action and resourcing to fill these gaps.
The output of the management assessment is a list of the salient human rights risks that the company should prioritize for action, based on both the salience of the risk and current management, and the risks are typically grouped into tiers denoting different levels of prioritization for action.
Following the management assessment, BSR develops recommendations for appropriate actions that the company should take to strengthen existing management systems or to develop new ones to effectively prevent and mitigate prioritized human rights risks; to remedy impacts that have already occurred; or to strengthen overall human rights governance and management, with a focus on integrating measures across relevant functions, business units, and/or operating companies. These actions are prioritized to guide allocation of resources to the most impactful prevention and mitigation measures.
Human rights assessments may be conducted either by companies themselves or by independent third-party experts. Our view is that capacity for internally led human rights assessment is critical to ongoing monitoring and management of human rights risks. We build awareness raising and capacity development into our approach in order to position company human rights leads to implement recommendations and to conduct future assessments, and we support company-led self assessments through development of tools (e.g., interview guides, analytical guidelines and frameworks), training for staff, and analysis of findings.