Updated: Jul 28
The notion of debt or more specifically technical debt has proven to be a helpful metaphor when discussing financial costs with respect to short term payoffs versus the delaying of technical capabilities that bring with it long-term impacts.
In this blog post we explore how the notion of debt can be applied to compliance to help organizations better address their compliance obligations.
An Example from Software Development
When it comes to building software applications and systems technical debt has been used to refer to short cuts that developers take in order to meet urgent and usually time sensitive timelines. These short cuts will in turn incur future costs that include:
Addressing the effects of partially completed code
Developing the parts that were not completed
Managing the effects of changing the codebase (i.e. costs of regression testing).
At a basic level technical debt can be estimated by adding up the costs associated with these activities as well as the costs connected with the debt management process itself.
In many ways, taking short cuts is not unique to software development as this practice is observed in other endeavours including compliance. Companies may elect to delay activities associated with meeting certain or parts of obligations and leave others until some time in the future. This may be deliberate or a result of a lack of knowledge or expertise in identifying what their obligations are.
Just as in software, taking short cuts when meeting obligations comes at a cost which not only includes the future cost of meeting the obligation but also the risks associated by not having met them. When it comes to safety and environmental obligations these risks may result in much more than just a bug in an application but a loss of life.
The Nature of Obligation Debt
When we consider obligation debt we need to estimate:
Principal: what is the cost required to meet this obligation?
Interest Rate: What is the extra cost in the future if this obligation is not met now.
Interest Rate Probability: How likely is it that this obligation, if not met now, will cause extra cost in the future.
The problem with obligation debt is that the principal and its interest grow over time if not addressed. This has much to do with entropy, increasing regulations, as well as the nature of risks associated with obligations themselves.
The interest rate combined with its probability can be considered as a proxy for compliance risk. The resultant interest can significantly outweigh the cost of meeting the obligation in the first place, particularly when the consequences of non-conformance are severe.
The level of reactivity that a company experiences with respect to its obligations is also a measure of risk and a proxy for interest rate. This can manifest as the number of complaints, issues, injuries, reportable emissions, or other ways in which non-conformance is observed.
Not only will companies have paid for the partial conformance (i.e. the short cuts), they will now pay for the effects of non-conformance and the costs of preventing them from occurring in the future. When combined these costs can be two to three times the original cost.
This is similar to taking on a debt with a yearly interest rate of 200%. The only reason why we would do such a thing is if we believed that the probability of paying any interest is low. In other words, we never expect to pay any additional cost for taking short cuts now or perhaps someone else will be responsible for doing so.
What You Need To Know
For companies to get on top of their obligation debt they need to know:
What the total obligations are?
What the cost is to meet and maintain these obligations?
Which obligations are not being met now and when will they be met in the future?
What the risk is in not meeting these obligations?
What the cost is to service or buy down the organization's obligation debt?
Unfortunately, answers to these questions are in short supply starting with the first, knowing what obligations a company is responsible for.
The good news is that it doesn't have to be that way and it isn't for companies that take ownership of all their obligations. They will make sure that they take on only the obligations they can afford to keep and over time enhance their capabilities to take on more.