Companies often say that compliance is a "necessary evil." They feel that they are forced to comply with arbitrary rules that have little correlation with the outcomes they are trying to achieve.
When committees use excessive audits and controls, no wonder, these are viewed with contempt much like when police use speed traps to enforce speed limits.
Instead of functioning like a GPS that guides a driver to its destination, compliance has become, for these companies, a tyrant – pulling the strings to enforce the behaviors it wants.
Why is compliance necessary?
Compliance, at its fundamental level, is about keeping promises to obligations that we have made. These obligations may be in the form of agreements to follow such things as: engineering standards, building codes, traffic laws, quality standards, or internal policies and procedures.
Regulations and standards set a benchmark for normative behavior. Without them we would all be doing our own thing. While this may have its benefits, it breaks down when we try to work and live together.
As an engineer, I have always had to follow rules (i.e. requirements) of all kinds such as: laws of physics, mathematical theorems, laws of cybernetics, engineering standards, time and budget constraints, and the list goes on. Professional engineers in Canada (and other parts of the world) are also constrained by law to protect public safety and this adds additional obligations.
All of these are a form of constraint, and to an engineer these are seen as challenges and not problems. Engineering at its core is about creating solutions that optimize constraints along with contingencies to make certain system objectives are met. Constraints are not hindrances to innovation, but rather the source of creativity.
Compliance with standards and regulations in many ways is no different than an engineer designing a system to meet requirements. However, what is different is the way in which these are done and there in lies the rub.
We know that it is best to design safety and quality into our products, services, and manufacturing, instead of inspecting and auditing compliance afterwards. The former makes compliance an engineering problem, while the latter makes it a policing and enforcement problem. Compliance when seen as enforcement contributes to why many consider it as a "necessary evil".
Why is compliance evil?
There are other reasons why compliance is held with contempt.
We know that too much order (or control) removes autonomy from both individuals and organizations. At some point this loss of autonomy creates resentment that results in companies only doing the minimum of what is asked of them. This unfortunately has been the case for many who are under significant government regulation.
Companies also do not differentiate between compliance to a standard and compliance to a regulatory statute. For example, when complying with tax regulations, companies do not want to pay more taxes than necessary. While this is reasonable, this same thinking is, unfortunately, used to address all forms of compliance. Taking a minimalist approach to tax compliance is one thing, however, taking this same minimalist approach to safety and quality could be considered as unethical.
Sometimes, regulations and standards are not well designed which further contributes to a negative view of compliance. This can be seen with earlier versions of the quality management standard ISO 9001. These versions were very prescriptive and subject to much interpretation. Recent revisions have attempted to address this by moving to a management-based approach. This affords organizations with a greater degree of autonomy. However, this comes with the requirement that organizations develop their own means by which they establish the necessary processes.
With greater autonomy there is also greater responsibility. This is something that those who have implemented 9001:2015 risk-based thinking are beginning to realize. Auditors can no longer tell them what to do and neither should they. Each company must figure out for themselves how best to manage risk to prevent defects as well as achieve their quality outcomes.
Changing compliance from a tyrant to a respected leader
Finding the right balance that creates enough order without sacrificing too much autonomy is difficult. However, this is precisely the role that managers must take.
Management should not give up responsibility for compliance by blindly following standards and regulations as if these were tyrants. Instead, they should take back responsibility and own their commitment. This involves deciding what strategies are best for their company to meet their obligations. This might take the form of minimal compliance as in the case of tax regulations. However, when it comes to: safety, quality or the environment, it may well exceed the prescribed minimum.
Compliance would then become a respected leader instead of the tyrant that everyone avoids.