Updated: Nov 13, 2020
The notion of debt or more specifically technical debt has proven to be a helpful metaphor when discussing financial costs with respect to short term payoffs versus the delaying of technical capabilities that bring with it long-term impacts.
In this blog post we explore how the notion of debt can be applied to compliance to help organizations better address their compliance obligations.
An Example from Software Development
When it comes to building software applications and systems technical debt has been used to refer to short cuts that developers take in order to meet urgent and usually time sensitive timelines. These short cuts will in turn incur future costs that include:
Addressing the effects of partially completed code
Developing the parts that were not completed
Managing the effects of changing the codebase (i.e. costs of regression testing).
At a basic level technical debt can be estimated by adding up the costs associated with these activities as well as the costs connected with the debt management process itself.
In many ways, taking short cuts is not unique to software development as this practice is observed in other endeavours including compliance. Companies may elect to delay activities associated with meeting certain or parts of obligations and leave others until some time in the future. This may be deliberate or a result of a lack of knowledge or expertise in identifying what their obligations are.
Just as in software, taking short cuts when meeting obligations comes at a cost which not only includes the future cost of meeting the obligation but also the risks associated by not having met them. When it comes to safety and environmental obligations these risks may result in much more than just a bug in an application but a loss of life.
The Nature of Obligation Debt
When we consider obligation debt we need to estimate:
Principal: what is the cost required to meet this obligation?
Interest Rate: What is the extra cost in the future if this obligation is not met now.
Interest Rate Probability: How likely is it that this obligation, if not met now, will cause extra cost in the future.
The problem with obligation debt is that the principal and its interest grow over time if not addressed. This has much to do with entropy, increasing regulations, as well as the nature of risks associated with obligations themselves.
The interest rate combined with its probability can be considered as a proxy for compliance risk. The resultant interest can significantly outweigh the cost of meeting the obligation in the first place, particularly when the consequences of non-conformance are severe.
The level of reactivity that a company experiences with respect to its obligations is also a measure of risk and a proxy for interest rate. This can manifest as the number of complaints, issues, injuries, reportable emissions, or other ways in which non-conformance is observed.
Not only will companies have paid for the partial conformance (i.e. the short cuts), they will now pay for the effects of non-conformance and the costs of preventing them from occurring in the future. Combined these costs can be two to three times the original cost.
This is similar to taking on a debt with a yearly interest rate of 200%. The only reason why we would do such a thing is if we believed that the probability of paying any interest is low. In other words, we never expect to pay any additional cost for taking short cuts now or perhaps someone else will be responsible for doing so.
The Cost of Obligations
For companies to get on top of their obligation debt they need to know:
What the total obligations are?
What the cost is to meet and maintain these obligations?
Which obligations are not being met now and when will they be met in the future?
What the risk is in not meeting these obligations?
What the cost is to service or buy down the organization's obligation debt?
Unfortunately, answers to these questions are in short supply starting with the first, knowing what obligations they are responsible to meet. To help with this we are conducting a webinar in collaboration with Nimonik on October 28th on the topic of "Knowing Your Obligations."
In this webinar we will unpack section 4.5 of the ISO standard 19600 Compliance Management Systems Guidelines which provides guidance on identifying and maintaining obligations along with assessing and evaluating compliance risk based on an organization's level of risk tolerance. This information is necessary for companies to properly estimate the cost of their obligation debt so they can make better informed decisions on how best to achieve mission success.
You can register for this webinar here.