Compliance Management Evolution

We live in an era where business strategy must be aligned with social impact. Most organizations today strive to be legally compliant through adherence to regulatory and safety laws and guidelines. This allows them to achieve the minimum requirement of the legal era.

But we also live in the media era and the social era and are no longer limited to the official newspapers and TV news that traditionally operate to journalistic standards. Today, everyone with a phone can be a reporter capturing video, photos and audio recordings. This captured information can be streamed live or simply uploaded to social media sites within seconds and distributed around the world. It matters little whether the information is true or not. Once it’s out there it becomes very difficult for an organization to defend its reputation.

We spend vast amounts of time and money on compliance. Regulation is growing. In a simple sense we can define it as “An organization’s adherence to laws, regulations, guidelines and specifications that are relevant to its business.”

Early quality models were highly prescriptive and placed a huge emphasis on adherence to, and verification of, quality processes. Stick to the rules, gather the evidence of your compliance, navigate your way through your accreditation audits and you become legally compliant.

Yet, many organizations who spent their valuable time and resources on legal compliance suffered major mishaps and incidents that resulted in significant loss of life, injuries, and catastrophic damage to their brands and commercial fortunes. Frequently the root causes of many of these incidents were simple issues that could have been anticipated. And if they could be anticipated then mitigation would have been possible that could potentially either reduce or eliminate the possibility of the event happening, or reduce or eliminate severity of the consequences from the event.

In recognition of this, many modern revisions of standards have evolved beyond the limited vision of Legal Compliance to embrace the world of Moral Authenticity. There is a core shift in emphasis from process regulation to risk regulation. In the old Legal Compliance world, quality management was primarily a function of the quality manager and the quality department. Prove you followed the rules and you proved you were a good corporate citizen abiding by the laws and regulations. The big switch to risk centric management of quality and compliance essentially acknowledged the limited effectiveness and applicability of process centric compliance.

Gone are the days where quality and compliance sits neatly in the sandbox of the quality department. Participation and accountability is required through all levels of the organization underpinned by roles that have the authority and autonomy to act. There is a push towards full risk profiling of the organization as a whole. Each risk has an associated likelihood of happening and a consequence of it happening. Simply multiplying these two factors together gives a number that can be used in a rating scale. Although this is an extremely useful way to profile and have some measure of risk, it needs more qualification. 

With every known risk we need to figure out what can be done to reduce the likelihood of it happening, or better still eliminate the likelihood of it happening at all. We also need to figure out what can be done to reduce the severity of the consequences should an adverse event happen. We must then determine whether the organization has the capacity to deliver on the ideal mitigation strategy. It may prove necessary to chip away at the challenge over time, and in the meantime use other tactics such as more frequent audits to keep a closer eye on the interim management of the hazards that make up the risk.

Sample Risk Register Topics

Moral Authenticity moves beyond box ticking and embraces the concept of continuous improvement at every level. Whilst there is no such thing as zero-risk, it is possible to operate in a manner that systematically improves the risk profile of the organization, and to do that in a way that is underpinned by verifiable evidence and transparent measurement. And just as importantly, provide clear evidence that senior management are active participants in both driving, monitoring and responding to risk trends.

Media Resilience is seldom considered when it comes to compliance and risk management. Yet, risk centric approaches to quality management that are underpinned by Moral Authenticity create obvious hooks for devising and building effective strategies and tactics for supporting media relations. It’s too late to start thinking about this when an adverse event happens, particularly when the consequences are severe. Ultimately every topic in the risk register that could result in severe consequences should have its own media plan. The objective of the plan is to allow the organization to rapidly bring its own narrative into play in response to an adverse event. That plan will ultimately have to rely on verificable statistics, verifiable trend information, and transparent moral compliance evidence. This data must be absolutely reliable and available and ready for use at a moment’s notice.

Social Responsiveness seeks to open the organization to engagement with their community. It provides a forum via which an organization can illustrate their transparency policies along with evidence of trends in continuous improvements of the most highly visible aspects of their operations. It seeks to integrate community feedback into risk management reviews and offers great potential to discover community attitude-trends that may influence their desire to do business with the organization. Consider, for example, an organization that consumes a considerable amount of fossil fuel sourced energy in their operations. Their risk register should have identified the risk of loss of customers who are sensitive to the environment. Ten years ago this might have been classified as a low-likelihood of happening. But everything has changed and today that risk would have to be reclassified as moderate to high likelihood of happening. Green conscious customers are likely to be concerned about the energy source and will want to see both a plan to move away from fossil fuels and evidence of implementation of the various phases of that plan. Early identification of important trend shifts creates opportunities for the organization to review its policies and practices and to legitimely position itself in the vanguard.