Management control systems in response to social and environmental risk in large Nordic companies

This empirical study investigates the relationships between management control systems and social and environmental risks. Building on Simons’ Levers of Control conceptual framework, this study proposes that companies facing social and environmental risks will enhance the quality of their management control systems by integrating social and environmental elements into management control systems in order to manage the related risks. The study uses a longitudinal dataset of the 1179 largest listed Nordic companies for the period 2014–2018. The multivariate regression confirms a negative relationship between the social and environmental integration and social and environmental risks. The results indicate that the social and environmental integrated performance measurement system and strategy implementation are not congruent with the social and environmental risks that the companies face. Nordic companies have not adopted the social and environmental integrated measurement system and strategy in response to social and environmental risks. When the number of social and environmental incidents increase and companies meet high levels of social and environmental risks, their management control systems do not match the related risks. Such social and environmental integration should be improved in order to prevent wider negative implications of the incidents on the natural environment and society in large.


Introduction
In recent times, attention has been paid by academics and professionals to company management of social and environmental (SE) risks emerging from social norms, such as the United Nations Sustainable Development Goals and Global Compact principles on environmental, human, and labor rights, and anti-corruption matters (Arjalies & Mundy, 2013;Sands et al., 2016). However, company-related SE risks, such as injuries, loss of human life, child labor, strikes, exploration of natural resources, and unequal opportunities continue to occur and attract extensive media coverage and public interest.
The sustainability literature defines SE risk as a company's adherence to social norms that are integral parts of a social contract (Capelle-Blancard & Petit, 2019;Deegan, 2015;Dimson et al., 2015;Hoepner et al., 2018;Kruger, 2015;Kumarasiri & Gunasekarage, 2017;Schultze & Trommer, 2012). SE risks are often associated with incidents that are revealed through public disclosure within the news media when the company has found to be in breach of social norms. The consequences of incidents can be linked to failed internal SE risk management, a potential threat to a company's legitimacy and substantial and non-negligible costs imposed on a company by society (Aerts & Cormier, 2009;Deegan, 2015;Hoepner et al., 2018;Kruger, 2015).
This paper builds on literature that examines how internal management control systems (MCSs) comply Page 2 of 11 Semenova International Journal of Corporate Social Responsibility (2021) 6:13 with SE risks. An increasing number of researchers have introduced the perspective that MCSs have the potential to form business operations that support companies in managing SE risks (Arjalies & Mundy, 2013;Bouten & Hoozee, 2013;Lueg & Radlach, 2016). The use of MCSs focuses on corporate social responsibility (CSR) performance and strategy to analyze company activities and implement strategic management practices that can minimize or avoid SE risks (Bui & de Villiers, 2017a;Kumarasiri & Gunasekarage, 2017). Review studies report that performance measurement systems can be regarded as a common control for CSR (Gond et al., 2012;Lueg & Radlach, 2016). For example, the perspective of internal management control such as the sustainability balanced scorecard (SBSC) system encompasses the SE performance measures critical for achieving a company's CSR strategy (Blocher et al., 2016;de Villiers et al., 2016;Sands et al., 2016). Furthermore, researchers introduce the concepts of SE performance measurement systems, sustainable management controls, and CSR strategies, discuss the theoretical usefulness of these tools, and provide case study-based anecdotal evidence (Burritt & Schaltegger, 2010;Kerr et al., 2015;Schaltegger, 2011). Examples can be found on the integration of sustainability reporting into MCSs (de Villiers et al., 2016;Kerr et al., 2015), changes of business strategies in response to climate change risk (Bui & de Villiers, 2017a;Kumarasiri & Gunasekarage, 2017), companies' reactions to social incidents in the form of sustainability disclosure of managerial actions (Deegan et al., 2000), and the development of SE indicators within the performance measurement systems (Sands et al., 2016). However, skepticism exists that SE risk management is not an integrated part of sustainable MCSs and their regular control devices (Journeault et al., 2016). Companies tend to rely on reactive, short-term risk management to include low integration of MCSs with external social norms (Lueg & Radlach, 2016). Prior research does not specifically focus on the management of SE risk and is not able to provide broad-scale empirical evidence on the associations among SE risk incidents, CSR strategies, and performance measurement systems. Case descriptions result in few comparable consecutive studies (Lueg & Radlach, 2016) while providing solid theoretical underpinnings for the use of MCSs in driving strategic renewal and triggering organizational change (Arjalies & Mundy, 2013;Burritt et al., 2011;Kerr et al., 2015;Kumarasiri & Gunasekarage, 2017). Broadscale empirical studies that utilize this framework have received less attention in the literature (Lueg & Radlach, 2016). In sum, there is a literature gap when it comes to broad-scale empirical research on integrating SE-related components in the use of MCSs in managing SE risks.
The research question of this study is to examine whether integration of SE elements in MCSs is proportional to or congruent with the SE-related incidents and risks. The underlying rationale is that the integration of SE risk management with MCSs can protect companies from SE incidents (Hoepner et al., 2018). This study extends previous research theoretically by employing Simons' (1995) Levers of Control (LOC) theoretical perspective from Arjalies and Mundy (2013) and Kerr et al. (2015) to integrate SE risks and MCSs within a strategic management accounting framework. Simons' theoretical framework suggests that beliefs, boundaries, diagnostic, and interactive LOC can describe how companies combine risk management with internal MCSs. The empirical extension is to draw on the data collected from Thomson Reuters' Refinitiv Eikon database for 1179 Nordic listed companies between 2014 and 2018. Nordic companies have been increasingly involved in adopting and improving MCSs and performance measurement systems (Johanson et al., 1998). Kald and Nilsson (2000) quote evidence showing that the use of the balanced scorecard by Skandia AFS, a Swedish-based insurance company, attracted global attention. In the Nordic countries, performance measurement systems are considered welldeveloped and tend to improve in response to changes in the business environment (Kald & Nilsson, 2000). CSR is also high on the business agenda in the Nordic countries, which supports the importance of integrating SE risks into MCSs. The research objective of this study is formulated to empirically examine the impact of SE incidentrelated risks on the performance measurement systems and CSR strategy ratings of Nordic companies. The practical significance of the research objective is to explore company integration of SE elements into MCSs which should prevent negative implications of the incidents on the natural environment and society in large. The theoretical significance of the research objective is to examine systems-oriented accounting theories and the LOC theoretical framework which predict the integration of SE risks into company SE actions and MCSs. Companies facing higher risks are expected to show higher integration of SE elements in the measurement and strategy implementation. Finally, the paper incorporates the SE dimensions of social norms and their controls beyond the setting of prior research that very often relates to environmental elements (Durden, 2008;Lueg & Radlach, 2016).
The remainder of this study is organized as follows. Section 2 summarizes the theoretical framework of the study, reviews the prior research on MCSs used to manage SE matters. Sections 3 presents the methodology and Page 3 of 11 Semenova International Journal of Corporate Social Responsibility (2021) 6:13 describes the data and sample. Section 4 provides empirical evidence on the relationships between MCSs and SE risk. Section 5 concludes the study.

Theory and prior research
The levers of control framework The theoretical underpinnings for the role of MCSs in managing SE risks come from Simons' (1995) LOC framework. Prior research has adopted the LOC framework to theorize about the integration of MCSs with sustainability (Arjalies & Mundy, 2013;Gond et al., 2012;Journeault et al., 2016;Kerr et al., 2015). MCSs are defined as "systems, rules, practices, values and other activities management put in place in order to direct employee behavior" (Malmi & Brown, 2008, p. 290). The LOC framework focuses on the use of MCSs to implement strategy, exert control over strategic objectives, and respond to strategic risk changes (Arjalies & Mundy, 2013;Simons, 1995). This study adopts the LOC perspective to analyze whether companies can use MCSs for SE risk management to implement CSR business strategies and performance measurement systems. The LOC framework includes four components of MCSs, namely the beliefs, boundaries, diagnostic, and interactive components (Arjalies & Mundy, 2013;Tessier & Otley, 2012). Companies combine the four LOC to achieve strategic objectives, search for opportunities, and solve risk-related problems (Ahrens & Chapman, 2004;Arjalies & Mundy, 2013;Flow et al., 2005). The boundary and diagnostic components activate controlling features of MCSs. The belief and interactive components stimulate learning aspects in the form of debate and innovation. Business strategy is defined by beliefs, boundaries, diagnostic, and interactive control systems (Simons, 1995). A performance measurement system draws upon the diagnostic and interactive control components (Kaplan, 2010). The beliefs and boundaries components correspond to sustainability reporting integrated in MCSs (Kerr et al., 2015). The study discusses four controls with the specific perspective of SE risk management.
Based on Arjalies and Mundy (2013), the belief LOC is an explicit and formal set of statements that a company uses to communicate its values and strategies. It can also enable changes in social perceptions when companies introduce new priorities and values through such communication. MCSs that incorporate explicit information about the company's values and strategies can be leveraged as a belief component. Belief systems aim to check pre-set standards and foster inspiration. In this study, SE risks can trigger companies to provide external information and search for greater visibility of internal functioning of MCSs in compliance with social norms. Company communication can contain social-and environmental-risk-related priorities, values, changes, and performance measures of control systems. The belief LOC can support and mobilize together the other LOC used for SE risk management and enhance company transparency and accountability about company activities. Based on the belief LOC, the study argues that a company with well-developed SE risk management will become transparent and use its MCS to communicate the SE strategy and strategic tools undertaken to manage risks.
The boundary LOC is an explicit set of company definitions and parameters that support companies in the identification of risks to be avoided (Bouten & Hoozee, 2013;Tessier & Otley, 2012). Risk management serves as a boundary to achieve the strategic objectives of a company. Boundaries define the strategic activities that are acceptable and do not waste the resources of a company based on the regulations and norms of societies in which companies operate. As an important part of a company design, boundary management can influence the nature of the initial company response to social norms (Bouten & Hoozee, 2013). In this study, an unexpected SE incident reveals potential material risks associated with the company's lack of internal activities and control mechanisms to comply with the boundaries and norms set by society. Based on Hoepner et al. (2018), this study argues that careful management and control of SE activities can help companies to proactively identify risks and avoid SE incidents in the future. Drawing on the boundary LOC, this study suggests that SE risk management is a boundary element of MCSs.
The diagnostic LOC deals with feedback-based control models to compare company performance with targets in order to identify deviations from plans (Kerr et al., 2015). These diagnostic systems incorporate different practices such as the balanced scorecard to assess strategic actions based on performance measures including short-and long-term performance and financial and non-financial performance. Performance measures control strategic activities taken to manage SE risk and monitor compliance with social norms. Based on the diagnostic LOC, the study claims that risk management will entail the use of holistic performance measurement systems to monitor and control strategic business activities aimed at implementing CSR strategy.
The interactive LOC is used to manage strategic uncertainties and identify opportunities. Strategic uncertainties can threaten a company's strategy. Interactive controls make it possible to identify challenges and potential opportunities to present strategic activities. They can stimulate new initiatives that provide impetus for strategic change and actions. The aim of the interactive LOC is to encourage debate within and outside the company. Through adopting the interactive LOC, SE risk management will address strategic uncertainty by facilitating private negotiations with investors, non-governmental organizations, and the community. It can stimulate new strategic initiatives, enhance the features and design of MCSs, and extend external communication.

Social and environmental risk management
Systems-oriented accounting theories consider SE risk management as a key part of a company's reputation risk management and legitimacy (Deegan, 2015). Reputation risk perspective assumes that society allows a company to continue its operations to the extent that it complies with the social norms. Companies with poor SE risk management can increasingly find it difficult to obtain the necessary resources and support to continue operations. SE risk management aims to have and maintain company reputation by translating social norms into impacts on company operations. Bui and de Villiers (2017a) and Kumarasiri and Gunasekarage (2017) claim that social norms such as climate change policy and requirements carry reputation risk and legitimacy threats for companies. A stream of accounting literature on MCSs argues that social norms like the UN Sustainable Development Goals and society concerns about sustainability facilitate the use of management control mechanisms (Crutzen et al., 2017;Gond et al., 2012;Journeault et al., 2016). In this study, social norms are linked to SE risks. In particular, risk is a combination of the probability of violation of social norms and its consequences (Dobler et al., 2014). Bebbington et al. (2008) argue that SE incidents are reputation damaging events such as an oil spill; a chemical discharge that kills and injures people; poisoning of products which led to consumer deaths. Companies can undertake SE risk management when their reputation is deemed to be under public scrutiny around preventing damage to the physical environment, ensuring the health and safety of consumers, employees and communities and public perceptions of business role in society (Adams & Frost, 2008). MCSs are seen as a part of reputation risk management to ensure that a company's operations and strategies are perceived to comply with social norms (Bui & de Villiers, 2017a;Kumarasiri & Gunasekarage, 2017). The integration of SE risks in MCS can be critical to maintaining company reputation and legitimacy (Bui & de Villiers, 2017b).

Hypothesis development
This study builds on the emerging academic literature that examines the interface of MCSs with business sustainability (Arjalies & Mundy, 2013;Berry et al., 2009;Bouten & Hoozee, 2013;Crutzen et al., 2017;Durden, 2008;Gond et al., 2012;Kerr et al., 2015). In general, Crutzen et al. (2017) and Bouten and Hoozee (2013) illustrate the use of formal and informal management controls for sustainability. The focus of case-studybased literature has been on company strategy, sustainability reporting, and environmental performance. Arjalies and Mundy (2013) investigate the role of MCSs in managing CSR strategic processes. The data were collected through questionnaires that were sent to the heads of the CSR departments of the 40 largest French companies. The authors provide evidence on managers' perceived ability to identify and manage threats and opportunities associated with CSR strategy and to design risk management processes to support companies in their achievements of strategic objectives. The findings suggest that external requirements and risks are managed by using MCSs and generating CSR activities.
Using interviews with the senior managers of five electricity generators, Bui and de Villiers (2017a) show that companies' strategies change in response to climate change risk. Business strategies move from stable to a set of anticipatory, proactive, and creative strategies and then finally regress to reactive strategies. Carbon management accounting supports the new strategy adopted by companies in response to climate change risk. Specifically, the use of carbon management accounting in strategic planning and decision-making is observable in proactive business strategies but is limited in reactive strategies. Risk management strategy tends to involve a unique mixture of carbon accounts, indicators, and goals. Kerr et al. (2015) and de Villiers et al. (2016) find that MCSs such as balanced scorecard systems integrate external sustainability reporting. Kerr et al. (2015) employ a case study of three organizations. De Villiers et al. (2016) use an explorative and descriptive case study of one large company. MCSs provide advantages for companies to operationalize sustainability objectives, broaden stakeholder accountability, intensify interactions with stakeholders, formalize companies' beliefs, and improve internal communication of sustainability measures. A balanced scorecard framework helps in gathering disparate ideas and reformulating them into principles, objectives, and measures. Kerr et al. (2015) suggest that the integration of sustainability reporting into MCSs is likely to occur in companies that have significant social and environmental impacts and risks. In line with these studies, Adams and Frost (2008) show that environmental disclosure results in development of data collection systems and increased measurement and integration of SE performance indicators in strategic planning, performance management and risk management. Researchers find a diversity in the extent to which companies manage on their sustainability performance.  Durden (2008) document that the case manufacturing organization does not measure and control social responsibility aspects. Evidence suggests a preference for financial measures within the MCS. The lack of social goals and operationalization of meaning of social responsibility hinder the formal integration of social aspects into the MCS.
Prior research has in a best practice and more limited setting been able to establish that companies integrate SE elements in their MCSs in order to manage risks associated with SE issues (Adams & Frost, 2008;Bui & de Villiers, 2017a, 2017bGond et al., 2012;Kumarasiri & Gunasekarage, 2017). Kumarasiri and Gunasekarage (2017) show that use of management accounting in managing the environmental risk associated with climate change is driven by reputational pressure and legitimacy threats exerted by community. Lueg and Radlach (2016) identify diverse types of controls that companies use to address SE risks. Examples of controls include corporate performance management, balanced scorecard, strategic planning and objectives. Bui and de Villiers (2017b) document that company employ MCSs to achieve compliance and improve performance. Adams and Frost (2008) reveal the integration of SE performance information in risk management and performance measurement. Bui and de Villiers (2017a) find that environmental risks lead to the adoption of proactive CSR strategies. Arjalies and Mundy (2013) demonstrate that MCSs form the risk management processes and structures that are associated with CSR strategy and support companies in their attainment of strategic objectives.
The present study broadens the scope to a more diverse setting of companies to suggest that integration of SE elements of MCSs needs to be proportional and congruent with the SE incidents that the company faces in order to meet the expectations of stakehoders. The study consequently proposes the following hypothesis.
H: SE risk incidents influence on the integration of SE elements in MCSs.

Empirical model
In order to analyze the relation between SE risk and MCSs, the study employs a quantitative data analysis and a multivariate regression model. The empirical model is based on prior research that examines the relationships between company performance and SE elements (Guenster et al., 2011;Semenova & Hassel, 2008). Assuming additive linear relations, the study will estimate the following empirical model, which is based on one-way interactions between variables: The dependent variable, MCS it , denotes management control systems that are operationalized by two measures, namely performance measurement systems, PMS, and CSR strategy, CSRS. The model's independent variable, SER it , represents SE risk. CONTR it is a vector of control variables. The control variables are size and leverage. Size is important because smaller companies may have fewer resources for CSR behavior than larger companies. Risk tolerance defines a company's attitude toward spending on CSR activities by incurring a high level of current cost but with the potential for money savings in the long run. Based on a review of the literature, the following control variables were selected: the company's book value of assets that measure the company's size, SIZE, and the ratio of long-term debt to total assets as a proxy for the company's riskiness, LEVERAGE (Capon et al., 1990;Guenster et al., 2011;Waddock & Graves, 1997). The error term takes into account the influence of potentially omitted variables that are not explicitly present in the model. i is a randomly drawn cross-section observation (i = 1, 2,. .., 1179 companies), and t denotes the time period for each cross-section observation (t = 2014, 2015, 2016, 2017, 2018).
In examining the relationship between variables, the study uses pooled cross-section time-series data analysis. Pooling five time periods of data for each company requires the study to control for a correlation in the error term of the regression models over time for a given company (Cameron & Trivedi, 2005;Petersen, 2009). This panel data problem leads to underestimated standard errors and inflated p-statistics. In this study, the parameters of the model are computed by using the pooled ordinary least squares estimator with panel-robust standard errors that correct serial correlation and heteroskedasticity. The White heteroskedasticity-consistent estimator is applied to obtain the panel-robust standard errors adjusted for intra-cluster correlation (White, 1980). The short panels used do not require specification of the models for individual-specific effects, assuming independence and identical distribution over cross-sectional units and no fixed effects (Cameron & Trivedi, 2005). The study controls for correlation of the MCS across time by including time dummies. Including the industry dummies and company-specific controls makes it possible to capture unobserved industry and company-specific effects. Throughout the study, the number of observations varies depending on which variables have missing data points. Due to potential outliers in the data, the variable of size (SIZE) is transformed to the logarithm form and winsorized at the 10th and 90th percentiles (p = 0.1).

Variables and data Variables
The dependent variable of empirical analysis is management control systems.  Durden, 2008). The variable of performance measurement systems is measured by a SE performance rating that captures the key SE indicators communicated by a company in external reports. For example, social performance indicators include training hours, training costs, female-male ratio, equal opportunity, donations, protection of public health, quality management, product information and labeling, programs on health and safety, diversity, working hours and wages, exclusion of harmful products, and programs on human rights and supply chain. Environmental performance indicators consist of product performance, energy use, emissions, waste treatment, materials recycled, water recycled, environmental quality management, environmental research and development expenditures, noise reduction, and sustainable transportation. To arrive at an overall SE performance rating, key performance indicators are integrated into an equal-weighted data framework. The SE performance rating is based on a numerical scale ranging from 100 (good performance) to 0 (poor performance). The numerical scale of SE performance rating is developed by Refinitiv, and the rating is readily available for scholars. The SE performance rating is the sum of Refinitiv's environmental and social pillar scores. Refinitiv's environment pillar score is the weighted average relative rating of a company based on the reported environmental information and the resulting three environmental category scores such as resource reduction, emission reduction and product innovation. Refinitiv's social pillar score is the weighted average relative rating of a company based on the reported social information and the resulting four social category scores such as workforce, society and product responsibility. The rating can reveal the quality of performance measurement system and show how well a company mobilizes its levers of control through SE integrated performance measurement system. CSR strategy is an essential element of MCSs (Anthony et al., 2014;Arjalies & Mundy, 2013;Gond et al., 2012). MCSs attempt to integrate SE elements in line with company strategy (Anthony et al., 2014). CSR strategy is seen as a link between external SE risks, the goals of the company and MCSs. MCSs are typically tailored to the requirements of specific CSR strategies. The variable of CSR strategy is measured by a CSR strategy rating that reflects a company's capacity to show that it integrates SE elements into its decisionmaking processes. The rating is based on a numerical scale ranging from 100 (strong CSR strategy) to 0 (weak CSR strategy). The numerical scale of CSR strategy rating is developed by Refinitiv, and the rating is readily available for scholars. Refinitiv defines CSR strategy score as a company's practices to communicate that it integrates the economic (financial), social and environmental dimensions into its day-to-day decisionmaking processes. The rating can reveal the quality of SE integrated strategy and show how well a company mobilizes its levers of control through CSR strategy implementation.
The model's independent variable, SER it , represents SE risk. The variable is measured by a SE controversies rating that assesses a company's exposure to SE riskinducing incidents reflected in the global media. The variable is based on the analysis of SE incidents for a company. Social incidents include incidents published in the media linked to the company's relations with employees' wage disputes; occupational diseases or any disease caused by continued exposure to conditions inherent in a person's occupation; injuries and fatalities; discrimination; unequal opportunities; use of child labor. Environmental incidents are oil spills or leaks occurred from a company's operations; toxic water or waste let out by a company's operations and so on. The SE risk rating is based on a numerical scale ranging from 100 (high risk) to 0 (low risk). The numerical scale of SE risk rating is developed by Refinitiv, and the rating is readily available for scholars. Thomson Reuters defines the SE risk rating as it measures a company's exposure to environmental, social and governance controversies and negative events reflected in global media. The rating can show the level of SE incident-related risk.

Data
The dependent and independent variables used in this study come from Thomson Reuters' Refinitiv Eikon database. Thomson Reuters' Refinitiv Eikon environmental, social and governance (ESG) ratings are used in scholarly research (Aouadi & Marsat, 2018;Drempetic et al., 2020). Academic research adopts SE ratings to operationalize SE performance (Delemas & Blass, 2010;Drempetic et al., 2020) and examine company longterm strategies and policies (Semenova & Hassel, 2008). SE incidents are used to measure company wrongdoing, "bad" SE practices and risk (Capelle-Blancard & Petit, 2019;Fiaschi et al., 2020). Thomson Reuters' Refinitiv Eikon is established database that is said to provide transparent, objective, and auditable extra-financial information based on public disclosures from companies. The data provider supports transparency of the rating methodology and facilitates the understanding of how the data are aggregated from information sources. The universe includes about 4000 global public companies. The original ESG rating agency ASSET4 was founded in 2003 and acquired by Thomson Reuters in 2009. Refinitiv has a formal agreement to distribute Thomson Reuters' data.

Sample and descriptive statistics
The sample consists of 1179 Nordic companies from diverse industries over the period of 2014-2018. Nordic companies are large publicly traded companies from geographically close Nordic countries, such as Denmark, Finland, Norway and Sweden. The companies are listed on Copenhagen, Helsinki, Oslo and Stockholm stock exchanges, included in the global MSCI World Index and provided in the Thomson Reuter's Refinitiv Eikon database that is used to obtain the variables. As suggested in the literature, Nordic companies possess a common business context, including a stakeholderoriented governance system, regulatory setting, management culture, and advanced MCSs (Kald & Nilsson, 2000;Thomsen & Conyon, 2012). Since Denmark, Finland, Norway and Sweden share common institutional, regulatory and business elements, the companies of four Nordic countries are included in the sample. The period 2014-2018 is the 5 year period of the latest available social and environmental data in the Thomson Reuter's Refinitiv Eikon database. The time span enables us to take into account unexpected SE incident-related risks, use the short panel data approach, which consistently estimates company-specific effects and make generally applicable conclusions (Cameron & Trivedi, 2005;Hair et al., 2014). Moreover, the period 2014-2018 had a favourable business cycle in which companies were likely to enhance the quality of their MCSs in order to manage SE risks. Table 1 lists the industries and countries of the companies in the sample. Table 2 provides the descriptive statistics for the MCSs, SE risk, and control variables. Panel A in Table 2 shows the average values over the research period. Panel B in Table 2 provides the Pearson correlation coefficients between the explanatory variables using the pooled sample of 1179 Nordic companies between 2014 and 2018. Table 3 presents the results of the regression model based on Eq. (1) for the MCS scores of performance measurement systems and CSR strategy. The columns report the coefficients of depended variables, performance measurement systems, PMS, and CSR strategy, CSRS and their two-tailed tests of significance. Note that the coefficients estimated for company-specific control variables are consistent with those reported by Guenster et al. (2011) and Semenova and Hassel (2008). Industry and time dummy  Page 8 of 11 Semenova International Journal of Corporate Social Responsibility (2021) 6:13 controls are included in the empirical estimations of regression parameters but suppressed in Table 3. As shown in the first column of Table 3, performance measurement systems, PMS, is significantly and negatively related to SE risk (− 0.13, p = 0.00). The results indicate that a high risk of SE incidents is associated with low quality of SE integrated performance scores. This may indicate that companies facing high SE risks have limited integration of SE elements in performance measurement systems and low transparency about SE integrated performance measures. When the CSR strategy, CSRS, is a dependent variable, it has a significant and negative relation to SE risk (− 0.23, p = 0.00). The findings reveal that a high risk of SE incidents is associated with a low quality of CSR strategy. This may indicate that companies facing high levels of SE risks carry out limited integration of SE elements within the company strategy and limited communication on its SE integration into decision-making processes. Overall, the results do not provide empirical support for the notion that Nordic firms meeting high SE risks would tailor their MCS with specific SE elements to manage SE incidents' risks. The study concludes that companies with high SE incident-related risk use weaker MCSs to manage these risks. The SE integrated performance measurement and strategy implementation are not congruent with the SE risks that the companies face.

Discussion
Drawing on the LOC framework, the findings of the study provide insights into whether the SE integrated MCSs are used by companies to manage the high SE risks that they face in order to meet explicit societal expectations. This empirical study does not support prior case study research by Arjalies and Mundy (2013), Crutzen et al. (2017), Kumarasiri and Gunasekarage (2017), Adams and Frost (2008) and Bui and de Villiers (2017a, b) when companies facing high SE risks are taken into consideration. The study shows that, on average, companies do not tend to enhance the quality of their MCS by integrating SE elements into their performance measurement systems and strategies when it is most needed or when they meet high levels of SE risks induced by incidents. A negative association between SE risks and the quality of MCSs reveals that the sample companies with high SE risks do not mobilize the levers of control through the integration of SE elements in MCSs and are unlikely to integrate SE elements in their boundary, diagnostic, interactive and beliefs control systems. On the other hand, companies with low risks of SE incidents have been able to integrate SE elements in their MCSs. Such companies tend to mobilize their CSR strategy through their beliefs and interactive control systems because companies tend to use external communication to make their CSR strategy to be visible to stakeholders. Companies are likely to employ CSR strategy to communicate its SE integration in decision-making process to employees in order to motivate employees in their implementation of CSR initiatives. They are likely to integrate SE performance measures in their diagnostic systems and are likely to be transparent about their SE-related measurement through interactive systems. This study extends the outcomes of Bui and de Villiers (2017a) by showing that some companies can successfully integrate SE elements in MCSs while the majority of sample companies cannot match SE risks with their MCSs. The study highlights that companies facing high levels of SE incidents need some specific academic attention to examine the barriers for SE integrated MCSs and the role of MCSs in risk management.
Furthermore, the results of broad-scale analysis indicate that the sample companies have space to enhance the integration of SE elements in MCSs by improving quality and breadth of performance measurement systems, increasing relative level of key performance indicators, making better integration of SE risk into decision-making processes, and reinforcing communication policy. There is diversity across sample companies in their approaches to performance measurement systems and CSR strategy implementation. The diversity and average quality of MCSs can reflect the fact that the sample companies manage SE risks for the reasons primarily steaming from a business case and company-specific circumstances.
The focus of this study has been on large listed companies in the Nordic countries. Individual Nordic companies have been known for their successful employment of business strategies and performance measurement tools (Kald & Nilsson, 2000;Nilsson & Rapp, 1999). However, Nordic research is relatively limited and tends to take into account individual companies which have made substantial progress in the development of their MCSs. The results of this cross-sectional study indicate that Nordic companies facing SE risks do not, on average, adopt an  (Romberg, 2020).

Conclusion
The study uses Simons' (1995) LOC theoretical framework to examine the association between MCSs and SE risks. Based on the LOC framework, the study argues that companies can be expected to integrate SE risks into MCSs because they operate within the bounds and norms of societies (the boundary LOC). Under these circumstances companies use performance measurement systems to monitor and control SE risks (the diagnostic LOC) and facilitate CSR strategy implementation for SE change (the interactive LOC). MCSs can enhance explicit communication about SE risk management (the belief LOC). The study examines the integration of SE elements in the devices of MCSs such as performance measurement system and CSR strategy in response to facing SE risk-inducing incidents. The focus is on how well a company mobilizes its LOC through SE integrated elements of MCSs in relation to the level of SE incident-related risk the company faces.
The study makes two important contributions to the academic literature. First, it contributes by answering the call for research into the use of MCSs in SErelated activities that companies implement by focusing on whether external SE risks can be integrated into the internal tools of MCSs. Second, from broad-scale empirical evidence, the study shows the lack of integrating SE elements into MCSs and a relatively high exposure of companies to SE incidents and financial risks. Previous studies have been restricted to the integration of climate change risk, regulatory uncertainty, and sustainability reporting into MCSs based on case study examinations with limited scope and may be tuned to the best practice (Bouten & Hoozee, 2013;Bui & de Villiers, 2017a, b;De Villiers et al., 2016;Kerr et al., 2015). The findings of this study may encourage company managers to give greater consideration to MCSs that they can use to manage and avoid material SE risks and severe SE incidents. Company management can reinforce the importance of risk management in relation to SE elements and company reputation. Such practices can promote the commitment of companies to a broader agenda of developing a social purpose in business for SE progress in communities and countries. Finally, the study argues for the importance of integrating SE elements into MCS. Successful integration can mitigate the occurrence of SE incidents and bad news from the company.
The study has limitations. The data include only large Nordic companies during the period of 2014-2018. The results of the study cannot be extended beyond this type of company or to other time periods. The selection of proxy variables and measurement scales limited to the data set that was provided by Thomson Reuters' Refinitiv Eikon. The strength of this database is that it has been used in prior research and has provided valid assessments of company SE performance and risks (Semenova & Hassel, 2015). The multiple regression model was restricted by specified explanatory variables that were derived from contemporary research in the area. Although the study controls for several apparently relevant factors, the relationship between MCSs and SE risks is likely to be more complex and contingent. With this in mind, it would be interesting to conduct the same study in different countries, with formal and informal strategic control tools, and among different companies such as small and medium-sized enterprises. Further research can also consider the factors that determine SE risk management.