SEARCH

Compliance often becomes a labyrinth of obligations, commitments, controls, audits, processes, and many other activities and artifacts that are built up over time which makes compliance more complicated and difficult to manage, operate, and maintain. In many ways, this not unlike the software domain that contends with legacy code, technical debt, and changing and new requirements. In compliance, obligations are the requirements, and promises are the specifications used to engineer systems and processes to deliver promises that will in turn achieve the outcome of compliance. What if there was a way to streamline compliance in the same way that software engineers refactor code resulting in a simpler, more effective program? Lean Obligation Management for Compliance This approach focuses on simplifying the compliance burden by systematically removing unnecessary elements (i.e. compliance waste). Imagine it as de-cluttering or refactoring your management program by removing old obligations, restructuring poorly define promises, and addressing obligation debt. To understand how this can be accomplished we need to understand the nature of obligations and promises. Obligations: These are the requirements for each internal or external obligation. They define what your organization is expected to achieve in terms of compliance (adherence to rules, conformity to standard practices, achievement of performance targets, or the advancement of compliance outcomes: the benefits of being in compliance. Promises: These are the commitments, the specifications, your organization identifies to fulfill all their obligations. They detail how and to what degree you'll meet the requirements (e.g., designated data security officer role, mandatory annual compliance training, improving net zero targets, realizing better safety and security). Lean Obligation Management in Action This approach focuses on systematically removing unnecessary elements from your program, resulting in a simpler and more effective system. 1. Remove outdated or no longer applicable obligations. Obligations evolve and change over time. Regularly audit your management program to identify and remove obligations (internal or external) that are no longer applicable or have been superseded. This frees your organization from the weight of outdated compliance measures. 2. Remove duplicate promises. Duplication can bloat your program and introduce inconsistencies. Identify and remove any redundant compliance promises within your program. This ensures a single, clear commitment for each obligation, simplifying program management and reducing the risk of errors. 3. Remove promises that are no longer connected to an obligation (zombies). Sometimes, promises are made within an organization that no longer serve a purpose. These "compliance zombies” add to the overall cost without delivering any value. Lean Obligation Management encourages you to remove them along with the controls, workflows and processes that are no longer needed. 4. Consolidate promises within promise fulfillment systems based on common capabilities. Identify commonalities in how your organizations fulfills its compliance promises. Group similar promises together and consolidate them within dedicated promise fulfillment systems. These systems can be specific tools, processes, or workflows designed to efficiently address multiple compliance requirements. This reduces redundancy and streamlines your overall compliance efforts. 5. Integrate New Obligations and Promises Strategically. When new regulations or stakeholder expectations introduce fresh compliance requirements, don't simply add them on top of your existing program. Instead, use the knowledge gained from Step 1 to strategically integrate them. This can be achieved through three key approaches: Leveraging Existing Fulfillment Systems: Look for opportunities to fulfill the new obligations using existing compliance systems you already have in place. These systems might be designed for similar purposes or share some overlapping functionalities. This approach reduces redundancy and streamlines the implementation of the new requirements. Adapting Existing Systems: If the new obligations have some overlap with existing compliance areas, consider modifying your current fulfillment systems to accommodate the additional requirements. This can be a cost-effective solution if the changes needed are minor. Developing New Fulfillment Systems: For entirely new compliance needs that don't align with existing systems, you may need to develop dedicated fulfillment systems. These systems should be designed to be efficient and effective in meeting the specific requirements of the new obligations. If you find yourself unable to follow these steps, it's a strong signal that your compliance program has become overly complex and you may have lost control of your compliance. Lean Obligation Management provides an approach to gain control back by promoting compliance simplicity. By actively managing the promises your organization makes to meet obligations, you gain a clear understanding of your compliance efforts and ensure they remain effective and easy to understand for everyone involved. Benefits of Lean Obligation Management: By actively reducing unnecessary elements and ensuring clear promises meet specific obligations, you can achieve a simpler, more effective program capable of meeting all your compliance needs. This will help create the following benefits: Reduced Program Complexity: A leaner management program with clear promises for each obligation is easier to maintain, implement, and understand for all stakeholders. Improved Efficiency: By focusing on essential compliance elements, your program operates more efficiently, saving time and resources. Enhanced Agility: A streamlined program allows you to adapt to changing external and internal obligations more readily. Proactive Management of New Obligations: Evaluating the true nature of new obligations before integrating them allows for a more strategic approach to compliance.

When it comes to operationalizing obligations, compliance must understand how operations and organizational structures work together to turn strategy into total value. This will look different across industry sectors, but each will have an operational model that must be understood to know where promises must be kept to meet external and internal obligations. The following maps are helpful to identify where these places are: Total Value Chain Map Organizational Model Locations / Facility Map IT / Data Map Supplier Matrix Stakeholder Map Decision Rights Map Program / Systems Map Management Calendar SIPOC Capability Map Obligation / Promise Owner Map along with several others. The Operating Model Canvas book is a good place to start understanding operating models from which you can identify where compliance needs to fit. If you need help to update your compliance map, consider joining The Proactive Certainty Program. This program helps you transform your compliance to achieve higher levels of operability and effectiveness.

The following outline should help you build a persuasive business case for improving compliance to protect and ensure total value for your organization. Remember to adapt it to your specific context and provide data-driven evidence to support your claims. I. Executive Summary Briefly state the problem of inadequate compliance. Highlight the importance of total value (safety, security, sustainability, legal, quality, profit, trust). Briefly summarize the proposed solution and its expected benefits. II. Current State Assessment Identify specific compliance areas with weaknesses. Quantify the current cost of non-compliance (e.g., fines, reputational damage, lost productivity, inadequate safety, security, sustainability, quality, trust). Describe the current compliance processes and limitations. III. Opportunity: Total Value through Improved Compliance Define "total value" for your organization (safety, security, etc.). Explain how improved compliance will contribute to each aspect of total value. Use data or examples to illustrate the positive impact. IV. Proposed Solution: Improving Compliance Framework Describe the proposed solution (e.g., improved management programs, compliance software, standard adoption, accountability frameworks, data monitoring, digital twin, golden pipeline, golden thread, etc.). Explain how the solution addresses weaknesses identified in Section II. Outline the implementation timeline and resource requirements. V. Financial Analysis: Investment vs. Return Estimate the initial cost of implementing the solution. Project the long-term cost savings and revenue gains from improved compliance. Utilize a cost-benefit analysis or ROI (Return on Investment) calculation to quantify the return. VI. Risk Assessment and Mitigation Identify potential risks associated with implementing the solution. Develop mitigation strategies for each identified risk. VII. Conclusion and Recommendations Summarize the key points of the business case. Reiterate the value proposition of improved compliance for total value creation. Recommend approval of the proposed solution and next steps. VIII. Appendix Include detailed data, reports, or calculations supporting your claims. Additional Considerations: Tailor the outline to your specific industry, regulations, and compliance needs. Highlight success stories of companies that improved compliance and total value. Address potential concerns of stakeholders who may resist change. Quantify the impact whenever possible to present a compelling case. Tool Considerations: The following tools help to identify value contributions, uncertainty and risk, and help with decision making with respect to options: DSM (Dependency Structure Matrix) Business / Systems Mapping Bow-tie Analysis Total Value Chain Analysis (includes compliance chain) Monte Carlo Analysis Obligations / Promise Register Analytic Hierarchy Process (AHP) Five Principles of Compliance Program Success A Simplified Example The details and tools used in this example will vary depending on your organization and the complexity of the compliance program. However, it demonstrates how to structure a business case that utilizes data analysis, uncertainty estimation, and a focus on total value creation to present a compelling argument for improved compliance. Business Case: Improving Data Security Compliance for Total Value Creation Executive Summary: Our current data security practices expose us to potential data breaches, regulatory fines, and reputational damage. This business case proposes implementing a comprehensive data security compliance program. This program will enhance data security, reduce compliance risks, and contribute to achieving total value for our organization, encompassing aspects like security, trust, legal compliance, and potential cost savings. Current State Assessment: Recent internal audits identified vulnerabilities in data access controls and employee training on data security protocols. We have experienced two minor data breaches in the past year, resulting in customer notification costs and reputational damage. Upcoming industry regulations will impose stricter data security requirements. The estimated cost of non-compliance includes: Potential regulatory fines: $1 million (based on industry benchmarks) Data breach notification and remediation costs: $500,000 per incident (historical average) Reputational damage: Difficult to quantify, but can lead to customer churn and lost revenue. Opportunity: Total Value through Improved Compliance Total value in this context includes: Security: Improved data security posture reduces the risk of breaches and protects sensitive customer data. Trust: Strong data security practices build trust with customers, partners, and investors. Legal Compliance: Meeting industry regulations avoids hefty fines and potential legal repercussions. Cost Savings: Reduced risk of data breaches minimizes notification and remediation costs. Proposed Solution: Data Security Compliance Program The program includes: Data Security Policy and Procedures: Develop a comprehensive policy outlining data handling protocols, access controls, and incident response procedures. Employee Training: Implement mandatory data security training programs to educate employees on best practices. Includes training for leadership and management on governance and risk processes. Technology Investments: Upgrade data security software and infrastructure to strengthen data encryption and access controls. Compliance Management Software: Utilize software to automate compliance tasks, track progress, and identify potential vulnerabilities. Financial Analysis: Investment vs. Return Initial Investment: Development and implementation of data security policy and procedures: $200,000 Employee training: $100,000 Technology upgrades: $500,000 Compliance management software: $100,000 Total Initial Investment: $900,000 Projected Returns: Avoided regulatory fines: $500,000 (annualized) Reduced data breach costs: $750,000 per year (based on risk mitigation estimates) Estimated value in increased stakeholder trust: $1 million (annualized) Return on Investment (ROI): Using a simple ROI calculation, the projected payback period is less than one year. However, a more comprehensive analysis using Monte Carlo simulation will be conducted to account for uncertainties in cost-saving estimates. Risk Assessment and Mitigation: Risk: Difficulty in changing employee behavior regarding data security practices. Mitigation: Develop a communication and change management plan to emphasize the importance of data security and the benefits of the program. Risk: Unexpected costs associated with technology upgrades. Mitigation: Conduct thorough vendor research and obtain multiple quotes before finalizing technology purchases. Conclusion and Recommendations: Investing in a comprehensive data security compliance program offers a significant return on investment. It enhances data security, strengthens customer trust, ensures compliance with regulations, and potentially reduces costs associated with data breaches. Based on the positive financial outlook and risk mitigation strategies, we strongly recommend approval of this program. Appendix: Detailed cost breakdown for program implementation. Historical data on data breach incidents and associated costs. Detailed benefits analysis including gains to total value. Monte Carlo simulation results for ROI analysis with uncertainty ranges.

Compliance is often seen as a necessary evil – a set of rules and regulations that stifle innovation and bog down operations. But what if, instead, it was a necessary good – a program to ensure and protect value creation – Compliance with Benefits. Uncover the Benefits By elevating compliance, you're not just following the law; you're establishing effective measures to deliver on all your obligations and commitments made. Effective Safety and Security: Compliance with safety regulations and stakeholder commitments protects your employees and reduces the risk of accidents and injuries. Strong data security practices, embedded in the value chain safeguard sensitive information and ensure privacy rights are protected. Sustainability at the Core: Environmental regulations guide responsible resource management and waste reduction. Embracing these practices not only demonstrates environmental commitment but also fosters cost savings and brand reputation. Unwavering Quality: Commitment to deliver customer satisfaction ensures consistent product and service quality. This builds customer trust and loyalty, leading to a competitive edge. Integrity Above All: Following ethical business practices, as mandated by compliance regulations and expected by all your stakeholders fosters a culture of honesty and transparency. This builds stakeholder trust, which is critical for long-term mission success. The 5 Pillars of a Benefits-Driven Compliance Program To fully reap the benefits of compliance, these five core principles are essential: Ownership: Take full responsibility for understanding and meeting all your obligations. Empower your organization to be accountable for compliance within their roles. Promises Made, Commitments Delivered: When designing compliance programs, keep the outcomes in mind. Ensure you have the capabilities you need to deliver on all your promises associated with both external and internal obligations. Real-Time Monitoring: Proactive monitoring and risk measures help identify and contend with potential issues before they escalate. Regularly review processes, evaluate control effectiveness, and assess your overall capacity to meet obligations. Continuous Compliance: Continuous delivery of value requires continuous compliance to protect and ensure value is created. Actively seek ways to improve your practices, stay updated on changing regulations, and adapt effectively to deliver better outcomes. Learning and Proactive Culture: Foster open communication and encourage your organization to learn from compliance challenges. Invest in training and empower open dialog and partnerships with all your stakeholders. Building Compliance as Competitive Advantage By embracing these principles, you cultivate a proactive, learning environment around compliance. This translates to a safer, more secure, and sustainable organization. It fosters trust with stakeholders, enhances your reputation, and ultimately propels your business towards long-term success. Remember, compliance isn't a roadblock; it's a program that helps deliver benefits – the outcomes from always being in compliance and ahead of risk.

A critique is going around that process management needs to be more holistic. I couldn’t agree more. Unfortunately, for many this means adopting a process-centric view of the organization. The rationale is since organizations are made up of processes the key to success is to identify, catalogue, manage, and improve all our processes. This approach takes everything that is essential and reduces it to a process – a part of the whole but not the whole itself. To accomplish this many things need to be conflated in order to fit into a process-centric view of the world. Ironically, this ends up being more reductive and far from the holistic approach that many are looking for. This obsession with processes creates a problem that many struggle to overcome which is a lack of effectiveness. Many organizations have all the processes they believe they need yet still fail to deliver the goods. They have plenty of trees but not enough forest. How this impacts compliance The process-centric approach pervades compliance, particularly management systems. Even with using a robust framework designed with strong architectural principles you can still fail to achieve the purpose for having compliance in the first place. In fact, all too often when I review an organization’s compliance what I find is scaffolding, and partial framing that are insufficient to create something that is operational. They have many of the parts, many of the processes, but lack the essential capabilities needed to achieve compliance operability – compliance that is fit for purpose, able to achieve compliance, and capable of realizing the intended benefits. To make matters worse, if asked when they might start delivering benefits the answer is always: we don't reach effectiveness until step 5 of our maturity process, but don’t worry we will get there in the end. Unfortunately, many never do, and those that do arrive too late. Need for something that works Many organizations would be better off with compliance that is working – that is operational –even if the capability was that of a scooter, rather than having a garage full of car parts that maybe – one day – will finally become a car that works. Without an operational perspective you can never fully know how to improve a process or even what processes you actually need until you understand its purpose and how it fits into the overall system. For compliance, establishing processes and building frames may help you pass an audit. However, it will only be when they work together to form an operational system that you will finally start to realize benefits. Instead of being busy building frames and processes, compliance needs to be busy experiencing the benefits that come from being in compliance. This is necessary for all organizations that intend to deliver total value.

Compliance 1 life in a Compliance 2 world Edwin A. Abbott published a book in 1883 called, “Flatland" where he explores a two- dimensional world with A. Square as the narrator. Imagine a vast sheet of paper on which straight Lines, Triangles, Squares, Pentagons, Hexagons, and other figures, instead of remaining fixed in their places, move freely about, on or in the surface, but without the power of rising above or sinking below it, very much like shadows - only hard and with luminous edges - and you will then have a pretty correct notion of my country and countrymen. Alas, a few years ago, I should have said "my universe": but now my mind has been opened to higher views of things. In such a country, you will perceive at once that it is impossible that there should be anything of what you call a "solid" kind; but I dare say you will suppose that we could at least distinguish by sight the Triangles, Squares, and other figures, moving about as I have described them. On the contrary, we could see nothing of the kind, not at least so as to distinguish one figure from another. Nothing was visible, nor could be visible, to us, except Straight Lines; and the necessity of this I will speedily demonstrate. A. Square's world gets flipped upside down (well, sideways?) by encounters with higher dimensions. First, a being from a one-dimensional world (Lineland) confuses A. Square. Then, a Sphere from a three-dimensional world (Spaceland) changes his perspective forever. A. Square tries to explain this new reality to his Flatland friends, but they can't grasp the concept. This satirical twist turns Flatland into a story about the difficulty of accepting new ideas and the dangers of a rigid, unchanging society. Complianceland: Compliance 1 Life in a Compliance 2 World Those who work in Compliance and who have come to understand other dimensions may find it's very much like living in Flatland. They will find their counterparts, as they themselves once were, without the necessary perspective, context, and holistic thinking. And why should they? After years under the tutelage of prescriptive regulations they will not know what it’s like for compliance to be anything other than rules driven by audits and inspections, and reinforced by reactive behaviours and reductive practices. They will remind you that life in Complianceland is a state of in or out. And if anyone cares to ask – we are always in. The idea of continuous improvement would seem very strange when you are already in compliance. What’s there to improve? The notion of elevating compliance to higher standards would sound fantastical. What do you mean by higher? Meeting obligations and keeping promises would be considered as nonsense, something made up from Thoughtland. Can you describe this in terms we understand using rules and audits? These were the same questions that our friend the Square from Flatland was asked after visiting Spaceland: After I had concluded my defence, the President, perhaps perceiving that some of the junior Circles had been moved by my evident earnestness, asked me two questions: 1. Whether I could indicate the direction which I meant when I used the words "Upward, not Northward"? 2. Whether I could by any diagrams or descriptions (other than the enumeration of imaginary sides and angles) indicate the Figure I was pleased to call a Cube? Complianceworld Being a compliance leader requires convincing others to travel to other dimensions as A. Square attempted in Flatland. However, unlike A. Square who was left to hope for brighter moments having nothing more to say, my hope is for better outcomes for compliance and I still have very much that needs to be said. There are more dimensions to compliance than many can see. That's why I have spent the last several years creating diagrams and illustrations to help describe Complianceworld – a world where compliance has sufficient dimensions to protect and ensure Total Value. It takes time to understand something new and then to change. It will always seem easier to just go along with what many others are doing and stay in Compianceland. However, with all that's at stake, can we afford to continue to live in Complianceland – a place where compliance has insufficient dimensions to protect all that is valued?

Following these principles has and will increase the probability of compliance success across all domains (safety, security, sustainability, quality, regulatory, cyber, environmental, and so on) by helping organizations develop and execute credible program plans. To achieve compliance success we recommend you work through these principles with your team to come up with compelling answers for each question. If you need help, we adapted the Lean practice of Kaizen (improvement interventions) to support safety, security, sustainability, quality, environmental, ESG, regulatory, and other managed programs. Kaizen is the Japanese word for "Good Change" or "Change for the Better" The following is one our Program Kaizens focused on developing a plan for success based on the five principles. Contact us to learn more on how you can include Kaizens into your planning process.

We are launching something new! Elevating Compliance Community of Practice The purpose of this initiative is to bring together compliance practitioners, professionals and obligation owners across all domains and sectors to advance the state of compliance to better contend with always staying between the lines and ahead of risk. Why are we doing this? Unless compliance learns to work together within and across silos it will never fulfill its purpose to protect and ensure value creation. There are many specialized compliance groups and associations but few, if any, that focus on the entire domain of compliance and how it needs to work holistically, proactively, and in an integrative manner. Compliance started off with meeting prescriptive, regulatory requirements. Over time, these requirements expanded in scope, scale, and design. Organizations now need more than procedures and paper compliance, they need capable programs and systems to advance performance and outcome obligations. We are now in the world of: Operational Compliance something I have written about in well over 400 articles which will form part of my upcoming book. So stay tuned for that. What's new and what will change? Along with our monthly webinars, we started weekly Elevate Compliance Huddles earlier this year. These will continue and expand to cover more topics and areas of interest. Our weekly newsletter will also evolve to include a Community of Practice section which may in time become it's own thing. Looking Forward We are very excited about this initiative which very much aligns with Lean Compliance's goals and objectives. Compliance needs to change and for the better. And this initiative will help with that. I am thrilled to be bringing together folks from around the world. Frankly, we can't do it alone and I need your help. If you are interested in being part of our Community of Practice please make sure you sign up for our newsletter. In addition, if you haven't registered for our weekly huddles or monthly webinars please do so. This initiative could not happen without you; all our subscribers, members, and those that engage us in helping them achieve compliance success. Thank you, Ray. Raimund Laqua, PMP, P.Eng. Founder, Chief Compliance Engineer Lean Compliance The Operational Compliance Experts

As a young engineer in the 1990s, I took on the role of IT Manager, my first management position. Now, for those that can remember, IT at that time was exploding on the scene. Communication, information and computing were expanding in capabilities, scope, and scale across all businesses and sectors around the world. We were experiencing the beginning of the digital era and things were happening. The company I worked at was an Integrated Circuit (IC) manufacturer, one of only a few in Canada. As a business we too were shifting from analog to digital circuits. From an IT perspective, we had just started our journey away from mainframes to client-server topologies, local networking to the web, MRP to ERP, and PCs were being used at work and also in the home. On the design and engineering front, we were adopting advanced Computer Aided Design (CAD) technologies (Mentor and Silicon Graphics), we were developing software to support data collection and automation. We were building databases as fast as we could manage, along with implementing Commercial-Off-The-Shelf (COTS) document and records management solutions. At the same time, we were adopting ISO standards for quality, SPC, six sigma, and what we now call LEAN. Imagine Khan-ban on the shop floor of an integrated circuits manufacturer! IT was involved in everything and in many ways leading the charge. It was common practice for managers to meet with their staff on Fridays to review the status of the week’s activities. So, that’s what I did as well, at least at the start. It didn’t take too long for me to realize this was not working. Our weekly meetings were spent discussing what we did rather than what was needed for the week ahead. We had too much to do to focus only on the past. When we finally came to "Next Steps" we almost always ran out of time. At this point, physiologically, we were also thinking more about the weekend. This all made sense, but something needed to change. As a young manager and wanting to prove myself I decided to make a bold move. We shifted our staff meeting to Monday. This practice, was against the norm. However, what I would later find out, this shift changed everything for the better. We still spent time talking about the activities of the prior week. However, our gaze was clearing set on the week ahead and what we needed to do as a team to succeed. We started to change from reactive thinking, focused on what was or wasn’t done to proactive thinking, focusing on what's needed to meet our objectives going forward. We were also in a better mindset. Having come back refreshed from the weekend we were now ready psychologically to face the future. The morale of my team picked up, instead of feeling always behind we started to get ahead. We felt we had more agency to negotiate the obstacles and exploit the opportunities that were in front of us. We felt we could succeed, and we did. Years have passed since my early days as a manager. IT has moved onto the cloud, managing outsourced services, integrating dev-ops, deploying mobile, internet-of-things and platforms, adopting cybersecurity, and AI among other things. Businesses also use far more management standards across almost every domain. What has not changed is: Uncertainty and risk are still knocking on our front door. Just like back when I was a young manager, we need to be proactive. Unfortunately, the common practice for management still has not changed. For many it's still reactive and focused on the past. In fact, the majority of management standards call out the need for management review which is very much like meeting with staff on Fridays. It's time to make a bold move. Change your management reviews to management previews. Meet with your staff on Mondays when your mindset is on the future and when you can still do something to improve your probability of success. Take it from me, it will change everything for the better.

When it comes to compliance a lack of clarity and alignment often leads to program failure. This manifests in many ways that include discontent, negative attitudes, lack of motivation, and a lack of engagement from obligation owners along with those responsible for the work of compliance. Ultimately, misalignment leads to obligations not being met, promises not kept, and an increase in overall compliance risk. Alignment is a measure of compliance integrity. Achieving and maintaining alignment is therefore an important performance objective for all compliance programs whether that is safety, security, sustainability, quality, regulatory, ethics, or other managed outcomes of the organization. Establishing alignment based on the five principles of program success is a good place to start and will help identify areas of improvement. Are we aligned on: Destination: the outcomes, our goals, where we are heading? Strategy: the plan and approach to getting to our destination? Capabilities: the resources, budget, talent, technologies, functions, and time needed to follow the strategy? Obstacles and Opportunities that need to be negotiated or exploited to improve the probability of success? Measures of Success: measures of effectiveness, performance, conformance, and assurance? Having conversations and dialog around these questions can be difficult particularly when existing answers are vague and ambiguous. You may need to clarify these first which when done in a participatory fashion will help also improve alignment as well. Sometimes having an outsider lead the discussion can help diffuse tensions, help identify important insights, and facilitate a successful outcome. We need to always remember that it's not the plan but the planning that is most important. These conversations should be held periodically and used to drive continual improvement towards program success. This contributes to the development of a virtuous cycle of conformance where things get better and the faster things get better over time. And It all begins with a conversation. Lean Compliance offers a "Plan for Success" kaizen (change for the better) engagement to help you and your team create a risk-based plan for program success: Facilitator led workshop to develop risked-based compliance plan for your program based on the 5 principles of program success. Engagement: 5 Sessions / 1.5 Hours Each / Teams of 4 or less Format: Facilitated, Online (Zoom) Outcome: Compliance Program Plan for Success Use this engagement to help facilitate greater team and program alignment.

When it comes to audits there is a popular meme that goes something like this: Before the audit: documents out of conformance During the audit: documents in conformance After the audit: documents out of conformance We like to laugh at this, and many just say it’s just human behaviour. When do we clean up our home? Right before our friends and family come over. It’s just what we all do. However, I believe the problem is much worse than waiting to tidy up our house. The problem has more to do with our behaviours throughout the year rather than the condition of what is being audited. So what’s going on? Why do we wait until people come over before we tidy things up when we could experience the benefits from having a place for everything and every thing in its place? In the case of our homes, we may value the approval of others more than experiencing the benefits of living in clean and tidy home. We may also not want or can not put in the effort to keep our homes clean. We need to be compelled by external forces more than our internal values. In some ways we are behaving like children having always to be told to clean our rooms. When it comes to audits we value a stamp of approval more than doing what we know is right all the time. This demonstrates a lack of integrity, and frankly also a lack of honesty. However, that’s not the worst of it. Companies hoping to act more like adults will conduct pre-audits to get ready for an internal audit to get ready for an external audit. If that sounds absurd – it is. This train of audits may improve the chances of passing an audit but it doesn’t address the problem of motivation. Henry Ford was right Henry Ford once said, “Quality is doing it right when no one is looking.” He was right. Not only is doing the right thing when no one is watching a measure of quality, it’s also a measure of integrity. And that's why ethical, forward-looking companies practice proactive compliance. Instead of waiting for an auditor to tell them if they were off-side they establish measures to make sure they never are. They always keep their rooms clean because they know it’s the right thing to do. They also know that it will deliver benefits. These organizations are able to say: “Audit us whenever you like. We already know the answer." They can also say: "The time we are saving by avoiding excessive audits we use to get ahead of our competition who spend their time getting ready for their many audits, performing corrective and preventive actions, and paying back for losses from not meeting their obligations throughout the year.” It's not about audit readiness The goal is not to always be ready for an audit as many suggest. That still focuses too much on external motivation. Instead, the goal is to behave with integrity. This means keeping the promises we made connected with our legal license to operate and stakeholders expectations. We need to become an organization that our stakeholders can trust not because we pass an audit once a year but because we are trustworthy, reliable, and keep all our promises everyday – all day. You can continue to practice reactive compliance and perhaps even reduce some of your losses. Or You can practice proactive compliance and avoid the losses altogether, and experience the benefits that come from always being between the lines and ahead of risk. So, clean up your documents and put in a process to keep them always evergreen. Do it not because you are told, but because you are keeping your promise to meet all your obligations.

Can you have a balanced scorecard without compliance? When it comes to navigating organizations many use a balanced scorecard (BSC) to keep their businesses in the air and on course. A balanced scorecard maps strategic measures and initiatives to appropriate aspects of the business. Along with value chain activities many only use one wing to keep them aloft — productivity programs. Productivity programs improve margin to contend with aleatory uncertainty (having to do with chance) to cover losses that cannot be avoided or reduced. However, there are other outcomes that a company needs to achieve such as: safety, security, sustainability, quality, regulatory, and more. It’s here that certainty programs are used to achieve compliance associated with buying-down risk that is reducible – those connected with epistemic uncertainty (lack of knowledge). Certainty programs create a second wing that truly balances corporate activities to keep businesses flying in the air and on course towards total value. Compliance failure means mission failure. To ensure mission success make sure compliance is part of your Balanced Scorecard.