SEARCH

Process and pipeline safety programs that manage change will include steps where engineering is required. To various degrees, these activities will include: engineering design, oversight, and technical support. Engineering, like any other function, can be susceptible to producing non-value added work that contribute to waste in engineering projects including design changes during management of change (MOC) processes. The book published by the Joint MIT-PMI-INCOSE Community of Practice on Lean in Program Management entitled, " The Guide to Lean Enablers for Managing Engineering Programs" calls out seven (7) sources of waste found in engineering processes: Each of these can be present during an MOC and can add up to a sizeable amount across hundreds of design changes. Reducing or eliminating these sources of waste will create more time for engineers to work on the changes that are most critical to achieving program outcomes. Plan -Do-Check-Act Questions: Which of these sources of waste is present in your engineering program? What impact would reducing or eliminating them have in achieving your engineering outcomes? Which source of waste can you start eliminating today and what step can you take towards achieving that goal?

Collecting evidence is an important aspect in providing assurance of compliance. This evidence often comes in the form of data and plenty of it. Companies measure, gather and store data of all kinds and in increasing amounts. In fact, as companies continue their digital transformation, the amount of data is expected to balloon creating even more opportunities for data mining. All this data will be analyzed and patterns will be discovered. This will help in updating our system models and processes to make them more efficient. Recent advancements in machine learning will take this to even higher levels and discover patterns that we currently cannot see, and this is good. However, even with these advancements, what this data will never be able to tell us is how things "ought" to be. There is an ethical chasm between the world of facts and the world of values (or ideas). This chasm divides the world of what "is" from the world of what "ought to be" and is known as the "Is-Ought Problem" or more commonly "Hume's Guillotine" named after the Scottish philosopher David Hume. Why is this important to compliance? There is always a tension between the world of ideas and the objective reality we observe. We are always making judgements as we update our understanding of how the world works. The question is, "which direction do these updates occur?" In a fashion, we construct a "model" for how we understand the world and then validate that model using our observations. This is the concept introduced by Immanuel Kant's (German philosopher) contribution to Hume's analysis called, "synthetic–a posteriori". In other words, we can deduce cause-and-effect relationships from the real world and use them to update our construction of how the world works that are based on statements of ideas. However, observations are not used to derive the ideas in a logical sense, they only describe them. And this is where the rub is. In the world of facts, we have statements like: Dogs bark. Apples taste good. These are things we can only know by observation. These do not directly add knowledge to our ideas of how the world works. They are facts that are true because we observed them. In the world of ideas, we have other statements like: All triangles have three sides. All bachelors are unmarried males. These are things we know by definition without observation. These are called tautological statements and are true because of reason not based on empirical facts. However, when we consider things like mathematics we have both. There are things we consider universally true like, 7 + 5 = 12, without observation based totally on our ideas of mathematics. However, at the same time we don't know for sure that it is true until we actually count and discover that it is true in reality. This is the foundation for scientific inquiry which as we know is always preceded by a hypothesis – an idea looking for a descriptive account. [ As an aside, this is how we think about management systems and validating outcomes. Management systems are based on models for how things get done. These are designed based on ideas, concepts, and categorizations of things in the real world that we are concerned about. How true a model is depends on several factors that include: resolution, fidelity, and effectiveness. This is why we need to apply the scientific method to update our models so that they become "truer" in the sense that they are more universally true. Validating outcomes is the act of proving our hypotheses. As an example, we can posit a hypothesis that increasing people's awareness of hazards reduces safety incidents. According to our models this is true and have evidence that has been true in the past under certain conditions for specific companies. However, what we don't know for certain is that this is true for all cases under all conditions. Verification on the other hand is the act of confirming that we followed the correct process for our experiment (so to speak). Many companies only spend time verifying procedures when they also need to prove (perhaps, continually) their hypotheses and update their models accordingly. ] Here's the point, the models we use to better understand the world are based on value judgments. Humans have the capacity or as Kant calls them, ontological categories, to understand our observations of the world. Now back to Hume, you cannot deduce these categories based on the world of facts; you cannot create an "ought" out of an "is". This may seem surprising particularly to those that believe that you can look at nature and derive moral imperatives. This thinking suffers from the "Naturalistic Fallacy" which argues that just because something is found in nature doesn't mean that it is good. No matter how much data analysis we do, we can never discover from data how things ought to be. In the words of Gandalf, from the Lord of the Rings, when it comes to crossing the ethical chasm between what is and what ought to be, "You shall not pass!" This is exactly why compliance needs to be careful. You can use data to verify that actions were taken to support moral values. However, you cannot do the opposite, and use data to determine what these moral values should be. Bridging the gap - some have tried John Searle (an American philosopher) argues that one way to cross the ethical gap is through promises. The act of promising by definition places the promiser under obligation. By speaking forth the words, "I promise to pay Mary 5 dollars" one creates an ought (moral action) from an "is". The most predominate argument given on how to cross the gap is to appeal to a goal or purpose (telos). The argument follows that If you have a goal A, then you should do B, which has been observed to lead to A. The should is created from the goal which is an "is". One problem. You first need to come up with the goal which requires an "ought." Also, if you have not yet observed a path that leads to your goal you never know what you "could" let alone "should" do. Neither of these approaches seem to be sufficient to cross the is-ought chasm as they both require ethical decisions either to make a promise or to set a goal. Take caution with how you use your data Big data, machine learning, and artificial intelligence will no doubt be applied in earnest to discover patterns and ways to improve, exploit, or even just understand what we observe. However, we need to take caution in using these insights to create normative statements on how things ought or should be. The latter belongs to the realm of values which is entirely reserved to humans not machines. Data can help us to achieve our goals but cannot tell us what these goals ought to be. That is why it is so important that the first step to improve compliance begin with taking ownership of obligations. This step involves deciding what your goals ought to be and from there everything else follows.

Are your risk and compliance controls capable to keep you between lines? The purpose of risk and compliance is to keep companies operating between the lines so that they do not fall in a ditch on their way to mission success. To ensure that this does not happen risk and management controls are put in place to act as guardrails (protect against loss) as well as to drive processes and practices towards targeted outcomes in response to stakeholder obligations. Stakeholders include: customers, suppliers, shareholders, employees, government, and the public at large. Requirements (mandatory) and commitments (voluntary) are derived from obligations contained within internal policies, guidelines and code of conduct; regulations and standards; contracts, and product and service specifications. Obligations include: conformance, performance, achievement, and outcome based specifications. Traditional approaches (1950-1970s) to organizational design are based on the notion of (1) "Organizations as Systems" comprised of: general systems theory and contingency theory, and (2) "Hard Systems Thinking" comprised of operations research, systems analysis, systems engineering and cybernetics. In the field of cybernetics (the science of communications and automatic control systems in both machines and living things) there are two models of the organization: management cybernetics and organizational cybernetics . Management Cybernetics : treats organizations like machines and organisms congruent with the philosophy of hard systems thinking. Organizational Cybernetics is concerned with management and organizations that break from the mechanistic and organistic thinking, and is able to make full use of the concept of variety (Stafford Beer). The concept of controls comes from these theories of systems. The most common form of a control process is the feedback control loop used to apply corrective actions in response to system output deviations from target values. The control loop serves to keep the system between acceptable operating limits (ex. constraints, performance levels, etc). We can use organizational cybernetics, specifically the Law of Requisite variety developed by Ross Ashby, to help understand what is required for a control loop to be effective. When the variety or complexity of the environment exceeds the capacity of a system the environment will dominate The larger the variety of actions available to a control system, the larger the variety it is able to compensate The capacity of the control system cannot exceed the capacity as a channel of communication The response time of the control system must meet or exceed the speed of change These principles provide important insights to improving the effectiveness of feedback control loops specified by many standards and regulatory bodies and used in the majority of management systems. There is one significant weakness of the feedback control loop which is that it requires outputs to be measured first. When it comes to risk and compliance objectives measuring outputs using a feedback-management-control is often too slow and too late specifically with respect to safety. In this case it is better to eliminate the possibility of deviation before it happens. This requires the use of feed-forward cybernetic control which will be the topic of a future article.

As regulatory frameworks become increasingly complex and technology continues to advance, the field of compliance faces unprecedented challenges. In this rapidly evolving landscape, cybernetics has emerged as a valuable tool for enhancing governance and ensuring adherence to regulatory requirements. However, it is not a new science it has been around since 1948. You most likely have been using elements of cybernetics for years, but now its time to take a closer look at how cybernetics is changing the field of regulation and compliance. Rooted in the fusion of information technology, control systems, and human behavior, cybernetics offers innovative solutions to navigate the complexities of compliance. This article explores the background and current state of cybernetics in the field of compliance and highlights its applications in improving monitoring, risk management, and regulatory compliance processes. Understanding Cybernetics: The term "cybernetics" was first coined by mathematician Norbert Wiener in the 1940s, deriving from the Greek word "kybernetes" meaning "steersman" or "governor." Wiener sought to establish a unified theory that explores the control and communication in both living organisms and machines. Cybernetics provides a framework for understanding complex systems, feedback mechanisms, and self-regulating processes. In the context of compliance, cybernetics leverages technological advancements and data-driven insights to establish effective control mechanisms, optimize decision-making, and ensure regulatory compliance. Key Concepts in Cybernetics for Compliance: Cybernetics incorporates several fields of science and includes the following key concepts: Feedback Loops: Feedback loops are a central concept in cybernetics. They involve the exchange of information between a system and its environment, allowing for self-regulation and adaptation. Feedback can be positive (amplifying a signal) or negative (corrective and stabilizing), and it plays a vital role in controlling and adjusting system behaviour. Feed-forward Processes : In addition to feedback loops, cybernetics recognizes the importance of feed-forward processes. Feed-forward involves predicting and anticipating future events or conditions based on available information, even before they occur. By utilizing feed-forward mechanisms, systems can proactively adjust their behaviour and responses, enhancing efficiency and reducing the need for reactive adjustments. Control Systems: Cybernetics emphasizes the design and implementation of control systems. These systems use feedback loops to monitor, evaluate, and adjust the functioning of a system to achieve desired goals or outcomes. Control mechanisms enable the regulation of variables and parameters within a system, maintaining stability and optimizing performance. Communication and Information: Cybernetics explores the role of communication and information flow in systems. It examines how information is transmitted, processed, and utilized by various elements within a system. Effective communication and information exchange are crucial for establishing feedback loops, enabling coordinated actions, and achieving desired outcomes. Self-Organization: Cybernetics acknowledges the ability of systems to self-organize and adapt. Systems can autonomously reconfigure themselves in response to changes in the environment or internal dynamics. This self-organization allows for flexible responses and improved performance in the face of uncertainties or disturbances. Complexity and Emergence : Cybernetics embraces the study of complex systems and the emergent properties that arise from their interactions. Complex systems exhibit non-linear behaviours and interconnectedness, leading to emergent phenomena that cannot be easily predicted or understood by examining individual components in isolation. Cybernetics provides insights into understanding and managing complexity in systems. Internal Regulation : Cybernetics emphasizes the importance of both feed-back and feed-forward regulation in achieving desired outcomes. While feedback loops provide corrective measures based on past information, feed-forward processes anticipate future events and enable proactive adjustments. The combination of feedback and feed-forward regulation enhances system adaptability and goal achievement. Adaptability and Learning: Cybernetics recognizes the importance of adaptability and learning in systems. Adaptive systems can modify their behaviors and responses based on feedback, environmental changes, or new information. Learning mechanisms, such as machine learning algorithms, enable systems to acquire knowledge, improve performance, and optimize outcomes over time. Applications of Cybernetics in Compliance: Cybernetics can be applied to several areas of compliance that include: Risk Identification and Assessment: Cybernetics can be applied to identify and assess risks in compliance processes. By utilizing feedback loops and data analytics, cybernetic systems can continuously monitor and analyze data to identify potential compliance risks. This helps organizations proactively identify and evaluate risks associated with regulatory non-compliance, enabling timely interventions and risk mitigation strategies. Real-Time Monitoring and Detection: Cybernetics enables real-time monitoring of compliance activities and data. By employing automated feedback mechanisms, organizations can monitor and detect deviations from compliance standards, regulatory changes, and anomalies in data. This allows for prompt action to address non-compliance issues, minimizing potential risks and ensuring adherence to regulatory requirements. Adaptive Compliance Frameworks: Cybernetics facilitates the development of adaptive compliance frameworks. These frameworks utilize feedback loops, machine learning algorithms, and intelligent automation to adapt to changing regulatory landscapes. By continuously learning from feedback and adjusting compliance processes accordingly, organizations can optimize their compliance efforts, reduce risks, and ensure ongoing adherence to evolving regulations. Predictive Analytics for Risk Management: Cybernetics leverages predictive analytics to assess and manage compliance risks. By analyzing historical data, patterns, and trends, cybernetic systems can predict potential compliance risks and provide insights for risk mitigation strategies. This helps organizations proactively address compliance challenges, improve decision-making, and allocate resources more effectively. Automated Compliance Reporting : Cybernetic systems streamline compliance reporting processes by automating data collection, analysis, and report generation. By integrating data sources and leveraging intelligent algorithms, organizations can generate accurate and timely compliance reports, reducing manual effort, and minimizing the risk of errors or inconsistencies. Ethical and Behavioral Compliance: Cybernetics can be applied to address ethical and behavioral compliance challenges. By understanding human behavior patterns, cybernetic systems can provide insights into potential compliance risks related to employee conduct, fraud, or unethical practices. This enables organizations to implement appropriate controls, training programs, and policies to foster a culture of compliance and mitigate behavioral risks. Compliance Auditing and Assurance: Cybernetics enhances compliance auditing processes by automating data analysis, anomaly detection, and trend identification. By leveraging machine learning algorithms, cybernetic systems can analyze large volumes of data to identify compliance gaps, detect fraudulent activities, and improve the efficiency and effectiveness of compliance audits. Continuous Improvement and Learning: Cybernetics enables continuous improvement and learning in compliance practices. By leveraging feedback loops and adaptive systems, organizations can learn from past experiences, identify areas of improvement, and implement changes to enhance compliance processes. This iterative approach allows organizations to continuously optimize their compliance efforts and adapt to evolving regulatory landscapes. Current State and Future Prospects: Cybernetics is not new. Organizations have been using elements of cybernetics for years but for many not knowing the roots of where these principles came from. This is changing, organizations are increasingly becoming aware of cybernetics and adopting technologies to enhance their compliance practices and achieve regulatory objectives more efficiently with greater effectiveness. The integration of artificial intelligence, natural language processing, and robotic process automation has further expanded the capabilities of cybernetic systems, allowing for enhanced monitoring, analysis, and decision-making. Looking ahead, cybernetics is poised to play an even more significant role in compliance. As technologies such as digital twins and smart contracts gain prominence, cybernetics can ensure the integrity, transparency, and immutability of compliance-related data and transactions. Moreover, the application of cybernetics in regulatory compliance will likely extend to areas such as anti-money laundering, data privacy, and cybersecurity, providing advanced tools for risk mitigation and enforcement. Summary: Cybernetics is how modern organizations do compliance, enabling organizations to navigate the complexities of regulatory landscapes in the digital age. By leveraging feed-forward / feed-back loops, control systems, and advanced technologies, cybernetics enhances risk management, decision-making, and regulatory compliance processes. The integration of cybernetics in compliance practices offers real-time monitoring, predictive analytics, and adaptive systems that help organizations stay ahead of evolving regulatory requirements. The current state of cybernetics in compliance is marked by the integration of artificial intelligence, machine learning, and automation technologies. These advancements enable organizations to analyze vast amounts of data, monitor regulatory changes, and streamline reporting processes. By automating compliance tasks, cybernetics reduces manual effort, minimizes human errors, and improves overall efficiency. Looking to the future, the application of cybernetics in compliance is expected to grow and evolve further. As regulatory landscapes become more complex, organizations will rely on cybernetic systems to navigate intricate requirements and ensure full compliance. Additionally, the integration of emerging technologies such as digital threads, Internet of Things (IoT), and predictive analytics will expand the scope of cybernetics in compliance, enabling more accurate monitoring, reporting, and risk management. However, it is essential to address the potential challenges associated with the adoption of cybernetics in compliance. Data privacy and security concerns must be adequately addressed to protect sensitive information from unauthorized access or manipulation. Moreover, organizations should ensure the transparency and explainability of the algorithms used in cybernetic systems to maintain trust and accountability. In summary, cybernetics offers significant potential in revolutionizing compliance practices. By leveraging advanced technologies, data-driven insights, and adaptive systems, organizations can navigate the complexities of regulatory environments more effectively. The integration of cybernetics in compliance processes empowers organizations to proactively manage risks, streamline reporting, and ensure adherence to regulatory obligations in the digital age. As the field continues to evolve, embracing cybernetics will be crucial for organizations seeking to achieve robust and efficient compliance frameworks. Register for our upcoming webinar on AI Ethics and Compliance as we explore the ethical implications of AI and its use in compliance.

Compliance in many circles is viewed as a solved problem. Organizations declare their compliance by attestation, verified by internal audits, and confirmed by external audits. Any gaps are quickly closed to sustain a status of “In Compliance.” What is there then left to do? However, for many organizations, the scope of obligations that determine “In Compliance” consist only of legal requirements. Obligations that fall under voluntary, ethical, social, or even what is beneficial to an organization are left out of consideration. These other obligations arise from commitments to sustainability, safety, security, quality, environmental, and other strategic outcomes. They have more to do with buying down risk, meeting industry targets, and advancing better outcomes than just adherence to prescriptive rules, legal or otherwise. To meet the broader set of obligations requires intentional and sustained effort where measures of performance and effectiveness define success rather than only measures of conformance. Unfortunately, the impetus to pursue an operational approach is hard to find when you believe you are already “In Compliance”, confirmed by audits and certified by standards organizations. For compliance to change it must raise its standard. That’s why we created Lean TCM (Total Compliance Management) to help organizations raise their compliance standards to meet all their obligations and keep all their promises connected with rules, standards, targets, and outcomes. From legal requirements to ESG commitments and everywhere in between. This transformation starts when you decide to raise your standards, which can begin today. The sooner you decide, the sooner you experience the benefits that come from always staying between the lines and ahead of risk.

An ongoing debate has persisted in the field of organizational dynamics pitting management against leadership. Many proponents argue that leadership is superior, suggesting that management is merely a relic of the past, destined to be replaced by the more dynamic and visionary concept of leadership. However, this perceived dichotomy is fundamentally flawed. In reality, management and leadership are not opposing forces but complementary elements that, when properly integrated, form a powerful framework for achieving organizational and compliance success. The Nature of Management and Leadership To understand the symbiotic relationship between management and leadership, we must first recognize their distinct roles and functions. Management, as a fundamental aspect of organizational structure, exists to address the operational risks and uncertainties that are inherent in any work environment. It provides the framework for overseeing day-to-day activities, coordinating resources, and ensuring the efficient execution of tasks. Without management, uncertainty would reign, and organizational goals would be jeopardized. Indeed, management theory, including the principles of scientific management or Taylorism, emphasizes the necessity of addressing uncertainty through structured processes and systems. Managers, armed with their knowledge and expertise, guide teams in navigating challenges, making informed decisions, and mitigating risks. They establish protocols, allocate resources, and monitor progress to ensure that operations run smoothly. In essence, management is the backbone that keeps an organization functioning effectively in the face of uncertainty. However, while management focuses on the operational aspects of an organization, leadership is responsible for setting the strategic direction and inspiring others to achieve a collective vision. Leaders possess a unique ability to motivate, inspire, and guide individuals and teams towards a common goal. They are visionaries who create a sense of purpose and empower others to reach their full potential. It is often argued that leadership is only required at the top level of an organization, reserved for executives and senior managers. However, this notion overlooks the crucial role that leadership plays at every level and in every function. Effective leadership is not confined to a particular position or title; it is a set of qualities and behaviours that can be cultivated by anyone within an organization. Bridging the Gap When management and leadership are integrated harmoniously, the true power of organizational success is unleashed. Managers become more than mere administrators; they become operational leaders who align the work of individuals and teams with the overarching organizational objectives. By combining their managerial skills with leadership acumen, they bridge the gap between targeted outcomes and operational realities. Operational leadership, within the context of management, involves inspiring and guiding teams towards achieving strategic goals. It entails fostering a culture of innovation, accountability, and collaboration, thereby enabling individuals to make decisions in line with the organization's broader vision. Operational leaders empower their teams by providing guidance, mentorship, and support, allowing them to take ownership of their work and contribute to the larger organizational objectives. Furthermore, by embracing both management and leadership, organizations can adapt more effectively to an ever-changing business landscape. The synergy between these two elements creates an environment where individuals are not only efficient in executing tasks but are also driven by a sense of purpose and inspired to think creatively. This integration allows organizations to navigate uncertainty with agility, make informed decisions, and capitalize on emerging opportunities. Steps to Combine Management and Leadership The prevailing notion of management versus leadership as an either-or choice is an oversimplification that fails to capture the true essence of organizational success. Rather than being mutually exclusive, management and leadership are complementary forces that, when combined, propel organizations towards their goals. While management addresses operational uncertainties and ensures the smooth functioning of an organization, leadership sets the strategic direction and inspires individuals to achieve a collective vision. The synthesis of management and leadership creates a powerful synergy that enables organizations to thrive in the face of uncertainty, bridging the gap between targeted outcomes and operational objectives. It is through the integration of these two elements that organizations can truly achieve their full potential. Integrating management and leadership within an organization requires a thoughtful and deliberate approach. Here are some key steps to consider when seeking to unite these two critical elements: Develop a Shared Vision : Start by aligning the management team and leaders around a common vision for the organization. This shared vision provides a clear direction and purpose that both managers and leaders can work towards together. It should be communicated effectively throughout the organization, ensuring everyone understands and embraces it. Foster Collaboration and Communication : Encourage open and transparent communication channels between management and leaders. Facilitate regular meetings, discussions, and forums where both parties can exchange ideas, share insights, and collaborate on decision-making processes. This creates an environment of trust and enables the integration of perspectives from both management and leadership. Encourage Leadership at All Levels: Recognize that leadership is not confined to top-level positions. Foster a culture that encourages leadership development at all levels of the organization. Provide opportunities for individuals to enhance their leadership skills, take initiative, and make meaningful contributions to the organization's objectives. Empower employees to lead in their respective roles, fostering a sense of ownership and accountability. Promote Cross-Functional Collaboration: Break down silos and encourage cross-functional collaboration. Management and leadership should work together across departments and functions to leverage diverse expertise, share knowledge, and promote synergy. This collaborative approach facilitates a holistic view of the organization and enables the integration of management and leadership perspectives. Develop Leadership Competencies in Managers: Invest in developing leadership competencies among managers. Provide training programs and workshops that focus on leadership skills such as strategic thinking, emotional intelligence, communication, and team building. Equip managers with the tools and knowledge they need to effectively bridge the gap between operational objectives and organizational outcomes. Create an Empowering Environment: Cultivate a supportive and empowering environment that encourages innovation, creativity, and continuous improvement. Managers should empower their teams by delegating authority, providing autonomy, and encouraging them to take ownership of their work. This empowers individuals to act as leaders within their roles, contributing to the organization's success. Recognize and Reward Leadership Behaviors: Implement performance evaluation and recognition systems that value and reward leadership behaviors. Recognize and celebrate individuals who demonstrate exceptional leadership skills, regardless of their position or title. This reinforces the importance of integrating management and leadership and encourages others to follow suit. Continuously Evaluate and Adapt: Regularly assess the effectiveness of the integration efforts and make adjustments as needed. Seek feedback from employees, monitor outcomes, and identify areas for improvement. Adapt the integration strategy based on lessons learned and evolving organizational needs. By following these steps, organizations can foster a harmonious integration of management and leadership. This synergy not only enhances operational efficiency but also drives innovation, inspires employees, and propels the organization towards sustainable success for compliance and for the organization overall.

Today’s businesses must navigate an intricate landscape of regulations, commitments, and evolving stakeholder expectations. Compliance encompasses responsibilities related to privacy, security, safety, sustainability, and quality, along with others categories of risk. These obligations comprise both a regulatory, and an increasingly influential non-regulatory component shaped by stakeholder demands. The latter, now coming into view as part of Environmental, Social & Governance (ESG) expectations. Operationalizing all these obligations in a cohesive manner is crucial for mitigating risks, driving performance, and securing the longevity of an enterprise. This requires integration but not with traditional legal, audit, and compliance functions as some may suggest. Instead, the role of meeting obligations is moving towards operational functions and in some cases creating their own where performance management and operational excellence can be applied to continuously deliver on promises associated with all organizational obligations. It is within this context that the concept of Operational Compliance has emerged as a keystone in ensuring both compliance and mission success. Navigating Beyond Regulatory Boundaries Compliance today must address a two-fold challenge. Regulatory mandates serve as a necessary bedrock, with legal obligations dictating the do's and don'ts for businesses associated with a legal license to operate. However, the landscape has evolved with the surge in non-regulatory obligations, moulded by stakeholder expectations associated with what could be called a social license to operate. These obligations are steadily nearing the magnitude of regulatory requirements and in some cases already have. Organizations are expected to shoulder the mantle of ethical stewardship, integrating considerations of social responsibility, environmental impact, and customer well-being into their operations. They must deliver on commitments made to advance outcomes and achieve and improve performance targets. The implications of this shift are profound. The traditional focus and attention predominately given to regulatory obligations is not enough and hasn't been for some time, highlighting the need for a different approach. Compliance is no longer just about adhering to the law; it's about operating within a complex nexus of obligations that intertwine with a company's purpose, values, identity and more so its operations. Performance-Based Paradigm The cornerstone of modern compliance lies in its performance-based orientation. It's not merely a checklist exercise; rather, it's a dynamic commitment to buying down risks and advancing outcomes associated with all organizational obligations. The emphasis on outcomes is pivotal – shifting the focus from ticking boxes to realizing tangible results. This shift has propelled compliance into a proactive sphere, where risk mitigation is interwoven with both strategic and operational decision-making and embedded as part of management programs and systems. Technical capabilities are essential in this endeavour. As the business landscape grows more intricate, organizations must harness cutting-edge technologies to fortify security, optimize sustainability, ensure safety, and elevate quality. But technical prowess alone is insufficient. What is also needed is operational excellence to transform organizational capabilities into real-world outcomes associated with compliance obligations. Beyond Audits Towards Operational Compliance Gone are the days when legal departments and compliance units were the sole custodians of compliance. The new paradigm demands a more integrated, holistic, and proactive approach – Operational Compliance . However, Operational Compliance is not confined or defined by periodic audits and mandatory reporting; it's a whole systems approach that encompasses the entirety of an organization's value chain. It's not unlike a symphony where each note, from procurement to production, and from distribution to customer service, resonates with the heartbeat of keeping promise associated with organizational obligations. In this new paradigm, management programs act as conductors of this symphony. They infuse value chain capabilities with the essence of promise-keeping and integrity, creating a harmonious rhythm that sustains the life of an organization. These programs help transcend traditional compliance roles into the domain of operational excellence. Adopting The New Paradigm The importance of Operational Compliance is unequivocal. In a world shaped by intricate regulations and dynamic stakeholder expectations, the traditional focus solely on legal obligations is diminishing. The essence of compliance lies now with its performance to transform obligations into opportunities and risks into rewards. Operational Compliance is the keystone of this new paradigm and is more than a function; it's a mindset, a commitment, and a strategic advantage. It leverages technical capabilities and management prowess to turn obligations into achievements, and compliance into a catalyst for better stakeholder outcomes. The integration of Operational Compliance within the value chain is critical to establish a resilient, adaptive, and ethically-grounded organization – one poised to navigate the complexities of today's regulatory and stakeholder landscape with assurance. More information on the topic of Operational Compliance: Steering Compliance: Three Imperatives for Operational Compliance Programs Traditional versus Operational Approach to Compliance Compliance Programs and Systems Why Organizations Are Ineffective at Compliance Compliance: the triple threat against mission failure

Eliyahu Goldratt's poignant quote, "You cannot implement a [holistic] system partially," resonates profoundly in the world of organizational transformations. Lean, often hailed as a revolutionary system for improving processes and creating value, faces its share of stumbling blocks in various contexts. As we delve into the intricacies of Lean transformation, it becomes evident that a piecemeal approach is not the key to success. In this article, we'll dissect the reasons behind Lean's failures and shed light on the crucial aspects often overlooked. Breaking Free from Taylorism The roots of many organizations lie in Taylorism , a reductionist methodology that dissects work into minute segments. While this approach was revolutionary during the early 20th century, it has inadvertently led to excessive specialization and siloed thinking. The very scientific management that birthed Taylorism has become a double-edged sword. Organizations are often caught up in managing individual trees, losing sight of the forest as a whole. This divide and conquer mentality impedes Lean's ability to flourish. Over the years, attempts to mitigate the adverse effects of Taylorism have been made with limited success. The band-aid solutions that emerged were often aimed at addressing symptoms rather than the root causes. Lean, however, demands a paradigm shift—a departure from the fragmented and mechanistic approach of Taylorism. Organizations must not be content with superficial adjustments; they must aspire to fundamentally transform their operations and culture. Missing the Essential Capabilities Lean, at its core, is not just a set of tools or techniques. It's a comprehensive system that hinges on the orchestration of functions, behaviors, and interactions. This intricate web of interdependencies requires a "whole system" approach. Dr. Russell Ackoff's insights from systems theory emphasize the importance of understanding the broader context and how all the components within an organization are interconnected. When we treat Lean as a mere checklist, focusing solely on isolated changes, we miss the essence of its transformative potential. One of the most common pitfalls organizations face is their eagerness to embrace Lean by addressing low-hanging fruit . This approach entails tackling easy wins that do not require the behavioural and systemic changes. By focusing low hanging fruit, essential behaviours are not developed resulting in organizations inadvertently missing out on the transformational benefits that Lean can offer. A key aspect of Lean transformation is the development of organizational capabilities. It's not enough to merely introduce Lean tools; organizations must cultivate a culture of continuous improvement among other things. This requires nurturing the skills, behaviors, and mindset that are fundamental to Lean thinking. Unfortunately, organizations often bypass this critical step, leading to a superficial an incomplete adoption of Lean principles that ultimately fall short of producing lasting value. At the heart of Lean's failures lies the inability of organizations to recognize and establish what is truly essential for value improvement. The pursuit of Lean cannot be confined to the optimization of individual parts; it must encompass the orchestration of the entire system. This is where Lean systems operability comes into play Lean Systems Operability – all essential functions, behaviors, and interactions working in harmony at levels of performance necessary to improve value. Organizations that fixate on isolated changes will never experience the true power of Lean. Agile and Lean Startup are not enough While Lean holds tremendous promise, it's crucial to acknowledge that it's not the only game in town. The concepts of Agile methodology and Lean Startup have gained prominence for their adaptive and iterative approaches. Agile emphasizes flexibility, collaboration, and responsiveness in software development, while Lean Startup promotes capability-based iteration and customer-centric product development. Both Agile and Lean Startup offer valuable tools for innovation, but like Lean, they can fall short when not implemented with a holistic mindset. Organizations might adopt Agile practices in pockets, leading to fragmentation rather than the intended collaboration. Similarly, Lean Startup's iterative development can become an exercise in isolation if not integrated into the larger organizational strategy. To truly succeed in transformation, organizations must weave these methodologies into the fabric of their culture, operations, and strategy. Agile, Lean Startup, and Lean principles should complement each other, creating a symphony of innovation, value creation, and customer satisfaction. However, relying solely on these methodologies, even in combination, might not be enough. The Missing Pieces Lean's allure and challenges persist. To harness its transformative power, organizations must transcend fragmented methodologies and embrace a holistic view. By dismantling the remnants of Taylorism, integrating Lean principles and infusing strong leadership and a culture of adaptability, organizations can break free from the obstacles that prevent success. However, that's not all, there's a need to achieve Lean Systems operability— all essential functions, behaviors, and interactions working in harmony at levels of performance necessary to improve value. This requires a "whole-system" approach and only then can the benefits of Lean be realized. In the end, Lean transformation isn't a one-size-fits-all formula, nor is it solely a checklist of methodologies. It's a journey of profound change, where the sum is truly greater than its parts. By embracing a whole-systems approach, organizations can truly realize the transformative potential they seek, and embark on a path toward sustainable success in a rapidly evolving world.

True leadership demands pro-activity—anticipating, planning, and actively steering an organization toward its desired goals. This distinction becomes particularly relevant when addressing organizational culture. In this article we explore the findings of a recent Auditboard report raising important issues related to organizational culture. It also calls for internal auditors to take proactive steps in managing culture-related issues. While culture profoundly influences an organization's values and behaviours, a critical question that was not asked is: Should the audit function be responsible for improving and assuring culture? Let's take a look... 2023 Organizational Culture and Ethics Report This report highlights the prevalence of organizational failures due to a troubled culture and emphasizes the importance of assessing and improving organizational culture. The report mentions that many organizations (4 in 5) are not effectively monitoring their culture, which can lead to significant problems. The role of internal audit in assessing and providing assurance on culture is discussed, with the report presenting insights from a survey of internal audit leaders. The challenges in this regard include executive behaviour as a critical indicator, a lack of understanding about culture's aspects and risks, reluctance to tackle culture, and a lack of prioritization of culture assessment. The report calls on internal auditors to take proactive steps in addressing culture-related issues and provides guidance and tools to do so effectively. Key findings from the report include: Organizational Failures : The report highlights that numerous organizations worldwide have experienced significant failures due to troubled cultures. Examples include Enron, WorldCom, Volkswagen, Carillion, WireCard, Theranos, and FTX. Culture's Vital Role: A troubled culture lacking the right tone at the top and a constructive environment is identified as a common factor in these failures. Such a culture can hinder an organization from achieving its strategic goals and objectives in an ethical and healthy manner, while also undervaluing key stakeholders. Devastating Impacts : These failures have had severe consequences, affecting various stakeholders such as employees, investors, customers, suppliers, and communities. Trust in capital markets is eroded, jobs and retirement savings are lost, reputations are damaged, and long-term sustainable success is compromised. Culture Risk Indicators : The report highlights that executive behaviour is a major indicator of culture risk. Poor tone at the top, profit-at-any-cost mentality, poor communication, and unethical/illegal conduct are identified as key risk indicators. Culture Assessment Gap : Despite increased attention and scrutiny, many organizations are still not assessing their culture effectively. A significant number of senior internal audit executives have not been asked by the board or audit committee to provide reports on culture, Reluctance to Address Culture : A significant percentage of organizations do not formally audit or assess culture, and some employ piecemeal, ad-hoc approaches or limited assessment methods. This reluctance to address culture may lead to significant problems. Lack of Understanding : Many organizations do not fully understand the various aspects of culture, including its benefits, risks, key elements, drivers, and principles of a healthy culture. They may focus on the benefits while overlooking critical risks. Importance of Culture Monitoring : The report emphasizes that organizations cannot manage their culture without monitoring it. Boards and executives need to assess the health of their culture continuously and ensure it aligns with expectations. Priority of Culture Assessment : Despite the impact of culture on organizational success, many organizations do not prioritize culture assessment. They may underestimate the risks or face resource constraints. The Right Assessment – The Wrong Conclusion? The report raises important issues concerning organizational culture and the impact that culture can have on mission success or rather mission failure. Undoubtedly, culture is a critical factor in staying between the lines and ahead of risks. The report extends an invitation to those in audit roles, urging them to break free from passivity and seize the opportunity to guide organizations in recognizing the urgent and far-reaching impact of culture. However, the report does not raise (but it should) the question of whether the audit function should be the driver of culture improvement and assurance. The problem is that the audit function typically operates as a reactive rather than a proactive force. It also lacks the inherent managerial accountability that would allow it to drive cultural change effectively, which even if it did, would undermine the role of those who should rightfully lead this effort. Culture emerges as a consequence of actions and serves to reinforce the values associated with those actions. Relying on management reviews, post-incident investigations, and audits reinforces a reactive approach the very thing that the report asks internal audit to change. This reactive behaviour focused on past events is not true leadership, but rather a form of management. It aligns with internal regulation (loop 1) focused on making course corrections and corrective actions, perpetuating a cycle of reactivity not pro-activity. True leadership, on the other hand, centres on pro-activity, involving the anticipation, planning, and action required to make substantial progress towards desired outcomes. This forward-looking approach is evident in setting goals, conducting management pre-views, pre-investigations, pre-mortems, capability assessments, as examples. Such practices align with internal regulation (loop 2) focused on operational governance, steering, and establishing the capabilities needed for mission success, representing a more strategic and forward-thinking approach to shaping organizational culture. In essence, managers manage loop 1 (stay on course) and leaders look after loop 2 (set the right course). To shape culture you need to steer from the front not from the back. The bottom line is this: leaders (those with managerial accountability) need to lead not manage. While audit can be responsible for aspects of this effort, they cannot be the ones to lead cultural change.

Companies face an increasing demand to not only meet regulatory compliance but also uphold their responsibility toward the broader set of corporate obligations. While compliance programs can be and often are limited to only ensure adherence to legal standards, embedding the concept of duty of care through promises can elevate these programs to a higher level resulting in increased stakeholder trust. This article delves into the innovative approach of integrating promises within compliance frameworks to promote a culture of care and responsibility. The Promise Paradigm According to Promise Theory, promises are powerful ethical constructs that convey commitments and obligations. They transcend mere legal requirements, embodying values that go beyond compliance. By embedding promises within compliance programs, companies can go the extra mile in demonstrating their dedication to safeguarding the interests of employees, customers, and the broader stakeholder community. Here are 5 ways that promises promote duty of care obligations: 1. Aligning Core Values Promises provide a platform to communicate and reinforce a company's core values. When promises are explicitly linked to these values, employees are more likely to internalize and uphold them. By weaving values such as integrity, safety, and respect into promises, companies can build a strong ethical foundation that guides decision-making at all levels. 2. Demonstrating Accountability Promises establish a clear line of accountability within an organization. By making commitments to safety, fairness, and transparency, companies signal their willingness to take responsibility for the consequences of their actions. This proactive stance not only enhances trust but also encourages employees to take ownership of their roles in ensuring compliance and safety. 3. Cultivating a Culture of Care Embedding promises within compliance programs nurtures a culture of care where employees understand that their well-being and the well-being of others are integral to the organization's success. When promises reflect a commitment to the highest safety standards, employees are more likely to be vigilant and proactive in identifying and addressing potential risks. 4. Elevating Employee Engagement A compliance program rooted in promises resonates with employees on a personal level. It transcends the abstract realm of regulations and connects with their innate sense of responsibility. This engagement leads to a workforce that actively seeks ways to improve safety and compliance measures, resulting in a collective effort to maintain a safe and ethical environment. 5. Enhancing Reputation and Trust Consumers and stakeholders value companies that prioritize their well-being. Promises within compliance programs serve as a testament to an organization's dedication to ethical conduct, fostering trust and loyalty. A company that takes duty of care seriously is more likely to be seen as socially responsible, which can positively impact its brand reputation. Implementing Promise-Embedded Compliance Programs By embedding promises within compliance programs, organizations can transform their compliance beyond regulatory requirements and embrace a higher sense of duty of care. This innovative approach nurtures a culture of responsibility, where employees and stakeholders actively contribute to a safer and more ethical environment. Ultimately, promise-embedded compliance programs not only ensure legal adherence but also enhance an organization's reputation, trustworthiness, and commitment to the well-being of all involved. The following steps will help you embed promises within your organization: Identify Key Areas: Determine the areas where embedding promises would have the greatest impact, such as workplace safety, data privacy, or product quality. Craft Meaningful Promises : Develop promises that reflect the organization's values and commitments to stakeholders. Make them actionable and measurable. Communicate Promises: Clearly communicate the promises to all employees and stakeholders. Reinforce the connection between promises and values. Training and Education: Provide training and education to employees to help them understand the significance of promises and their role in fulfilling them. Monitoring and Feedback: Regularly assess the organization's progress in keeping promises (i.e. a measure of integrity). Encourage feedback from employees and stakeholders to identify areas for improvement. Perhaps, the best aspect of embedding promises within compliance programs is it that it affords compliance with a meaningful measure of effectiveness by counting the promises kept compared with how many that were made: More information about obligations, promises, and their association with compliance can be found in the following articles: Should Compliance Manage Obligations or Promises - https://www.leancompliance.ca/post/should-compliance-manage-obligations-or-promises Considering Promises as Assets - https://www.leancompliance.ca/post/considering-promises-as-assets The Heartbeat of Compliance: Keeping Promises - https://www.leancompliance.ca/post/the-heartbeat-of-compliance-keeping-promises From Promises to Policy Deployment: Unlocking Organizational Accountability - https://www.leancompliance.ca/post/from-promises-to-policy-deployment-unlocking-organizational-accountability

In today’s world, where instant gratification often takes precedence, it's easy to fall into the trap of taking a short-term view of life and business. We yearn for immediate results and quick fixes, all while sometimes neglecting the true cost of our decisions. However, it's essential to recognize that success often requires a longer-term perspective, a willingness to make sacrifices in the present to secure something of greater value in the future. In this blog post, we will explore the need to shift from short-term thinking to a long-term view and the benefits it can bring to our lives, businesses, and compliance success. Living as a Teenager The desire (or rather impulse) for instant results is more prevalent today than ever. Whether it's in our personal lives, business endeavours, or even the domain of meeting obligations, we often seek immediate gratification. We want things now, today, or, at the very least, as soon as possible. This mindset can lead to hasty decisions and a lack of consideration for the long-term consequences of our actions. Our impulse for instant gratification plays a significant role in having a short-term view of the world. We've grown accustomed to the convenience of getting what we want when we want it, and this culture of immediacy can erode our patience and resilience. This is reinforced by the ubiquity of technology, the internet, social media, same-day delivery, along with other factors, perhaps more than any other generation. A common fallacy that accompanies this line of thinking is the belief that everything will somehow work out favourably in the end. We have heard that said from many including perhaps our parents. Who doesn’t want to believe that it will all work out for the good in the end? However this perspective tends to underestimate the real cost of our decisions, thinking either that their are no downsides or that someone else will bear the consequences, and that it won't be us. This mindset can lead to risky behaviour and a lack of accountability. In many ways, we are acting as teenagers driven solely by our passions (and hormones). While growing in maturity (adult-ing as some call it these days) is difficult, living forever as a teenager does not prepare us to handle the reality of how the world works. The Need to Look Up and Grow Up To break free from the shackles of instant gratification and short-term thinking, we must mature and adopt a longer-term view. This involves recognizing that success (including compliance success) often requires sacrifices in the present to attain something of greater value in the future. It means being willing to invest time, resources, and effort today for more substantial, enduring, and ultimately better outcomes tomorrow. Personally, this might mean investing in education, saving for retirement, or making responsible environmental choices, even when they don't yield immediate rewards. With respect to compliance this means taking ownership of obligations and keeping promises associated with them. However, I think it means more than this. We must learn to think beyond ourselves. Having a long term perspective is a mindset shift that enables us to make choices that are not just beneficial for us but also for our communities, the environment, and future generations. It’s the mindset of mature adults particularly those who are leaders. Some of us had the opportunity to witness that with our own parents who gave up much so that we (their children) might have a better life. This is a characteristic we value in people and businesses, and something we need to value with respect to compliance. Compliance Growth and Maturity In a world where short-term thinking often prevails, it's time to embrace the wisdom of the long-term view particularly when it comes to meeting obligations. This means sacrificing instant gratification and making choices to achieve more significant and enduring success. It's a path that requires maturity, patience, integrity, and a willingness to invest in a better tomorrow. We are often tempted by short-term thinking, which makes it easy to avoid responsibility and make empty commitments which negatively impacts both compliance and business success. However, a long-term perspective reminds us that embracing accountability and fulfilling promises (the heart of compliance) is an investment in our future. It means sacrificing immediate comfort, like setting standards, or admitting when we are wrong, to build trust and reliability over time. By doing so, we not only strengthen our relationships but also contribute to a more responsible and trustworthy world, paving the way for personal and corporate success in the long run. It’s time, and its always been time, to look up, grow up, and pave the way for a future that truly reflects our values and aspirations.

When it comes to practising compliance it often feels like driving a car, or more precisely a standard (small pun intended), one with a gear shift and a clutch. My first car was a standard, and I remember what it was like to use a clutch, watch where I was going, and steer the car to avoid hitting anyone – all at the same time. It was overwhelming, at least at first. You definitely wonder if it might be better to just focus on one thing, to make it simpler and less overwhelming. Perhaps, just focus on the brakes - that should be enough? But will it really be enough to get you from where you are now to where you want to go? The answer is no. You need to learn all that’s essential for you to drive, and that means learning how things work together not just on their own. And this can only be learned by practising them at the same time. This same question should be asked of compliance when it comes to meeting obligations. Is focusing on the parts of compliance really enough to get you from where you are now to where you need be with your obligations? For compliance to be successful, you also need to practice everything that’s needed – all at the same time. We need to master how to drive the whole compliance system – not just how to work the parts. And yes, it will feel like driving a standard. However, in time, driving compliance will become second nature and you will focus more on the journey and what destinations you might visit rather than on the different parts of the system and the dynamics of driving. You will start to experience the benefits of compliance. And this will feel very different. You will look forward with anticipation to the benefits you will experience because you have learned how to successfully drive compliance towards targeted outcomes. And you will be filled with assurance rather than anxiety knowing that you have what it takes to make it happen. This may sound like a luxury or a nice to have, but it is a necessity for those where compliance failure means mission failure. When it comes to getting to where we want to go we expect to use an entire car, and learn how to drive so that it delivers what’s promised. Not a luxury, but what’s expected. Why don’t we expect the same from our compliance? Why are we not expecting and using the entire program, and learn how to drive it so that it delivers what's promised – all the commitments we have made associated with all our obligations? We can feel differently about our compliance. We can feel assurance (confidence and certainty) rather than anxiety (unease and worry). But we first need to learn how to drive.