It is unlikely that organizations will be able to meet all their stakeholder obligations without the benefits of engineering.
However, this engineering must extend beyond individual disciplines to consider a broader set of knowledge, skills, and competencies to keep businesses operating between the lines, the public safe, and proactively meet environmental challenges.
In this article we consider how both compliance and engineering have changed and why a new kind of engineering is emerging – one focused on compliance.
The Nature of Compliance
The compliance landscape has changed. Obligations are numerous, growing, and far reaching covering mandatory and voluntary commitments, along with environmental, social, and governance (ESG) objectives.
In recent years we have also experienced a shift in regulation from prescriptive to performance and outcome-based designs. There are many reasons why this shift is happening. The primary being regulatory reform happening across the world as regulatory bodies have begun to modernize the function of regulation, its processes and practices, and how regulation itself is regulated (meta-regulation).
These changes both to regulation and compliance itself are having profound effects on organizations that operate under regulation.
Organizations that want to take greater ownership of their obligations are finding the traditional audit / fix cycles they have used in the past are not enough to keep their promises and stay ahead of risk.
As a countermeasure organizations are directing their efforts towards internalizing obligations, managing and improving compliance performance, and making progress on compliance outcomes.
This will involve the application of scientific principles from multiple domains covering management theories, regulatory designs, system dynamics, organizational behaviours, information technologies, accountability frameworks, risk and uncertainty, to name a few.
However, what has been missing which is now needed is an engineering approach. In essence, compliance needs to be engineered rather than just audited. What we need are Compliance Engineers.
The Nature of Engineering
At a basic level engineers design and build things by applying scientific principles and technology. Professional engineering is defined in the Professional Engineers Act in Ontario, Canada where I practice as:
Any act of planning, designing, composing, evaluating, advising, reporting, directing or supervising (or the managing of any such act);
That requires the application of engineering principles; and
Concerns the safeguarding of life, health, property, economic interests, the public welfare or the environment, or the managing of any such act.
Over the years the scope and nature of engineering problems has changed in a similar way as the compliance landscape. Engineering solutions have increasingly required cross functional considerations.
This broader approach is particularly the case with respect to the safeguarding of life, health, property, economic interests, and the welfare of the environment.
Engineering in these cases often cross sociology-technical boundaries which requires a more holistic and systems approach and one that focuses on risk.
This is not unlike the problems that compliance has also tried to address.
The Compliance Engineering Nexus
Compliance has become an operational function within organizations that involves technical, management, and social components to work together as a system to achieve compliance outcomes such as: safety, resilience, security, quality, and others.
Compliance is effective when it improves the probability of mission success which it does by guarding against and buying down risk. These measures form risk & compliance controls (risk treatments if you like) that prevent and mitigate the effects of incidents, violations, defects, emissions, and so on.
This requires an operational model that is engineered to advance outcomes over time, contends with uncertainty, and performs efficiently. This model must have measures of effectiveness, measures of performance, and measures of conformance to properly identify capabilities and scale resources to always meet obligations.
Those familiar with compliance will know that many organizations focus only on measures of conformance and to a far lesser degree performance and effectiveness.
Many view their effectiveness only in terms of not being fined rather than on advancing outcomes. Failure to focus on outcomes will eventually lead to mission failure.
Nature of a Compliance Engineer
Compliance needs to be engineered. This will require engineers who are multi-disciplinary and can cross the technical-social divide. They also need to be educated and trained in compliance to effectively build systems and processes that are able to reduce risk and advance compliance outcomes.
In my estimation we need Compliance Engineers who should have knowledge, skills, and competencies that focus on:
Theories related to Regulatory Designs, Promises & Obligations, Cybernetics, Uncertainty & Risk, Management Accountability & Trust Frameworks, Organizational Behaviours and Dynamics, Ethics, Policies Designs, Change Management, etc.
Engineering principles related to safety, security, climate change, environmental, etc.
Management programs and standards: quality, safety, environmental, sustainability, security, IT, etc.
Systems Engineering (goal-seeking, purposeful, full stack systems)
Computer Engineering (algorithms, machine learning, automation, digitalization, etc.)
Lean Engineering (performance improvement, interventions, lean enablers, etc.)
Data Management and Statistics
Risk-based Thinking and Practices
Design and Problem Solving Skills
With this capability Compliance Engineers could help organizations build effective and robust compliance systems, processes, and practices.
Compliance Engineers would also lead by example by upholding the values that compliance is striving towards.
The following is a excerpt from the Code of Ethics of Canadian Professional Engineers which aligns well with ethical organizations:
Professional engineers shall conduct themselves in an honourable and ethical manner. Professional engineers shall uphold the values of truth, honesty and trustworthiness and safeguard human life and welfare and the environment. In keeping with these basic tenets, professional engineers shall:
Hold paramount the safety, health and welfare of the public and the protection of the environment and promote health and safety within the workplace;
Offer services, advise on or undertake engineering assignments only in areas of their competence and practise in a careful and diligent manner;
Act as faithful agents of their clients or employers, maintain confidentiality and avoid conflicts of interest;
Keep themselves informed in order to maintain their competence, strive to advance the body of knowledge within which they practise and provide opportunities for the professional development of their subordinates;
Conduct themselves with equity, fairness, courtesy and good faith towards clients, colleagues and others, give credit where it is due, and accept, as well as give, honest and fair professional criticism;
Present clearly to employers and clients the possible consequences if engineering decisions or judgments are overruled or disregarded;
Report to their association or other appropriate agencies any illegal or unethical engineering decisions or practices by engineers or others;
Be aware of and ensure that clients and employers are made aware of societal and environmental consequences of actions or projects and endeavour to interpret engineering issues to the public in an objective and truthful manner; and
Treat equitably and promote the equitable treatment of all clients, colleagues and coworkers, regardless of race, religion, gender, sexual orientation, age, physical or mental ability, marital or family status, and national origin.
Traditional risk & compliance functions operating in silos on their own cannot meet the demands imposed by new regulatory frameworks and designs. Neither will adopting management standards or new information technologies if they are not designed or implemented to work together.
Engineers have for years used scientific principles and the ability to consider multiple constraints to design efficient and effective systems. This is precisely what is needed for organizations to meet outcome and performance-based compliance objectives that drive towards zero emissions, zero incidents, zero violations, zero defects, and other industry targets.
We need to engineer our compliance not just audit our conformance. We need Compliance Engineers.