Whenever speaking publicly on business and human rights, I usually preface my words with the caveat that I am not a lawyer, but a public accountant who audits international groups on behalf of the large international audit, tax, and consulting firm Mazars. At this point, I occasionally see confusion in the eyes of participants regarding why they have to come to listen to an accountant talk about human rights; surely this is the sole domain of lawyers. Wrong!

Of course, there is much human rights–related law (there should be more) and it is generally at law school where one is taught about human rights, not at accounting college. Quite rightly, it should be lawyers who provide the legal advice to business regarding the legal implications of business activities negatively impacting people. But which group of professionals is best placed to help organizations implement, monitor, and review internal controls that help mitigate against the risk of these organizations causing harm to people? The answer is: accountants!

As CPAs, it is in our DNA to understand the importance of internal controls, particularly around the creation of monthly management accounts and annual reports. We understand the appropriateness and effectiveness of such controls, and we know how to review them.

CPAs, especially those involved in financial audits, are privy to significant amounts of corporate data. It is not such a great leap in logic to suggest that the audit team, already trained in auditing techniques, could also review other data produced by an organization, such as that arising from its human rights performance. Of course, there should be a team member who understands how business can negatively impact human rights. As accountants, we just need to move our audit crosshairs slightly, from financial data to other forms of data.

The UN Guiding Principles on Business and Human Rights

On the financial side, the Sarbanes-Oxley (SOX) regime has been in place for several years, together with various GAAPs that help companies determine the controls that need to be put in place to help them report on their financial results. With regard to an organization’s human rights performance, there is also a framework: the globally authoritative United Nations Guiding Principles on Business and Human Rights (UNGP) and its related UNGP Reporting Framework and Assurance Guidance (for which I was the co-author). This guidance sets out how companies can better understand how to prioritize the salient issues, put the necessary controls in place, and monitor the effectiveness of such controls.

The UNGPs, authored by Harvard Professor John Ruggie and his team, were unanimously endorsed by the UN Human Rights Council in 2011. They clarify the responsibility of governments and businesses with regard to the impacts businesses can—and do—have on people and how business should provide or enable remedy to those who have been harmed. The UNGPs are the most authoritative guidance for embedding human rights practices in business. Since 2011, the European Union has required all of its 28 member states to prepare National Action Plans setting out how businesses need to align with the UNGPs. Many other countries around the world have also produced their national action plans—including the United States, which published its National Action Plan on Responsible Business Conduct in December 2016.

In order to manage their respect for human rights, the UNGPs recommend that companies undertake continual due diligence. The UNGPs define due diligence on human rights performance as:

An ongoing management process that a reasonable and prudent enterprise needs to undertake, in the light of its circumstances (including sector, operating context, size, and similar factors) to meet its responsibility to respect human rights.


The Interpretative Guide to the UNGPs further expands on the due diligence process, stating it will:

Enable an enterprise to identify its actual and potential human rights impact, to act on the findings, and to track how effectively it is responding. These processes and their results provide the body of information an enterprise needs to have available to it in order to communicate as and when appropriate. Accountants well understand management processes and how to evaluate them.


The UNGP process of managing these human rights risks (due diligence) can be broken into five steps:

  • Embed the responsibility to respect human rights into an organization’s culture, knowledge, and practices;
  • Identify and understand the entity’s salient, or most severe, risks to human rights;
  • Systematically address the entity’s salient human right risks and provide for remedy when needed;
  • Engage with stakeholders to inform the approach to addressing human rights risks;
  • Report on salient human rights risks in order to meet regulatory reporting requirements.

The cost of integrating these practices is minimal compared to the cost of addressing issues when they go wrong.

Why Accountants Need to Be Aware of Human Rights Issues

Why is an organization’s human rights performance important to CPAs?

First, in today’s interconnected world, wherever people are harmed by business, some form of media is likely to have reported the event. Therefore, it seems inconceivable that companies which can spend billions of dollars on building up their brands and reputation would pursue and conduct business practices without putting in place processes to protect people, be they customers, their employees, workers at suppliers, or the wider communities in which their factories operate, to name a few.

One of the key philosophies behind the UNGPs is “know and show.” Companies need to 1) understand how they can potentially harm people and put processes in place to mitigate against those risks happening in practice (know) and 2) report on what those risks are and what they are doing about them (show).

When considering the value of any acquired brands or intangible assets on the balance sheet, how can auditors really opine if they haven’t considered whether such brands are susceptible to negative news arising from harm caused to any stakeholder, be they employees, customers, local communities, even the environment? Auditors must consider the effectiveness of the controls in place to mitigate against such negative impacts arising and whether any existed in the past year.

Second, in the planning of an audit, my personal view is that the majority of audits don’t consider the risks of how the business can harm people and the potential impact they may have on the values being reported. How can auditors say they have properly planned an audit without having considered these risks?

Third, on the consulting side, a CPA that has been trained on the UNGPs is perfectly positioned to use their financial skills to help companies not only understand how their activities could potentially negatively impact people, but also design and implement appropriate and effective procedures to mitigate against those risks arising in practice.

The UN’s Sustainable Development Goals and Accountants

Many companies around the world are reporting on their sustainability performance through the UN’s Sustainable Development Goals (SDG). These essentially provide companies with a framework to report on how they are embedding their environmental and social (including human rights) strategies into their overall business model. This is not easy. When reading the majority of companies’ reports in this area, one may be mistaken in thinking that companies are fully on top of the subject. This is because many organizations are fearful about saying anything negative about themselves in their sustainability reports.

In my experience, you have a part of the business that wants to be transparent and publicly report the challenges of addressing these complex areas, and another part of the business—usually led by the general counsel—whose view is “if we say anything negative, somebody is going to come and sue us.” This is why sustainability reporting is currently viewed in some quarters as not being entirely helpful; it can be more spin than hard truth. It is an overriding principle that companies should report in a way that presents fairly the financial data in all material respects. For sustainability reporting, it could be argued that this principle is often overlooked. It is not that the data being reported is necessarily inaccurate; it just may not portray the whole reality and various challenges that sustainability can bring.

Some organizations prefer to report principally on their philanthropic aspects within their sustainability reports. Addressing sustainability is not about how companies spend their profits, however—it is about how they earn them. Indeed, several financial regulators in Europe have picked up on this, and they don’t want to see the front end of annual reports being solely prepared by marketing departments. Changing legislation would require that they be a faithful representation of how the company has performed. Should it therefore be the role of the CPA to advise on better balanced reports?

In December 2019, a recent U.K. government–backed report (the Brydon Review) has challenged what the future of the auditing profession could look like. One area mentioned was that of the auditors’ role to ESG data. The Brydon Review states:

It is self-evidently desirable that the published data in this area is trustworthy. To achieve such trust, a framework of audit could be established to validate how the relevant data have been developed and the extent to which a professional eye views them as sufficiently fairly stated as to engender trust in the information they communicate.


As the experts in monitoring corporate performance and reporting, CPAs are being drawn in whether they like it or not.

The institutional investor community is also beginning to ask more questions about nonfinancial reporting. Why? 1) Audited financial data is, by definition, an indicator of past results, and 2) nonfinancial data can provide a helpful guide as to a company’s future success. One of the causes of the global financial crisis was deemed to be the negative culture that existed within key financial institutions. Certain influential institutional investors are seeing that this nonfinancial data can act as a proxy for understanding the culture of their investee. This is not so difficult to understand, as studies show that when companies report properly on nonfinancial data, they have, on average, more positive financial results. The reason is that they have better management, which is more aware of the wider risks of the markets in which they are operating and therefore have taken steps to monitor them and react accordingly.

New Work for CPAs

With a great global focus on sustainability and the challenges that it is bringing to society, companies are having to meet these challenges as functioning organs of society. There is a greater focus on companies’ sustainability performance, as well as the substance of their reporting. Consequently, as the experts in monitoring corporate performance and reporting, CPAs are being drawn in whether they like it or not: the CFO’s role usually includes taking overall responsibility for annual reports; accounting departments are looking at the cost implications of how businesses can produce more with less; internal auditors are monitoring both environmental and human rights performance; and independent auditors will have to provide assurance on the company’s reporting of this information. Although I didn’t learn anything about business and human rights during my accounting studies, these were covered during my recent MBA. However, more and more accounting qualifications are also looking at, if not including, sustainability issues within their modules. Already qualified CPAs ignore human rights, and the rest of the sustainability field, at their peril.

Richard Karmel, FCA, is the managing partner of Mazars’ London, U.K., office. He was the co-lead of the team that authored the UN Guiding Principles Reporting Framework and Assurance Guidance.