SEARCH
Find what you need
609 results found with an empty search
- Finding Good Dragons
Compliance at its core is about contending with risk. For the most part this has taken the form of addressing the negative side to prevent such things as financial loss, but also the loss of life, quality, reputation or other things that we care about. However, this is only half the story and perhaps a result of only using half of our brain. In many ways we have focused on the bad dragons and failed to see and realize the benefits of the good ones. The way we think about risk is a significant factor to our effectiveness at contending with uncertainty. What we now know is that our brains are wired in such a way that we see threats easier and earlier than we see opportunities (Thinking, Fast and Slow - Daniel Kahneman). Finding and pursuing opportunities requires tapping into another part of brain which can only be accessed when we slow down and reflect on our situation. This is difficult to do when our lives are reactive, governed by the tyranny of the urgent. However if we do not pursue the positive effects of uncertainty we will not create value; and at most only protect the value we currently have, although that too may not last. The first step to finding good dragons is developing a habit to notice them. Our Brain is Teflon for the Positive and Velcro for the Negative Conor Neil in one of his videos posts talks about how we can take steps to improve our ability to see the positive side of life. This ability is essential for our own happiness and as it turns out also for our pursuit of opportunities. From his blog post Conner Neil writes: "There is a saying that I heard recently from Elsa Punset... "Our brain is teflon for the positive and velcro for the negative" It is a powerful metaphor. It is solidly grounded in psychological research. In good relationships the ratio of positive to negative comments is 7:1. 1 negative comment about a friend needs 7 positive statements to balance out... because our brain is so much more tuned into anything that risks our safety." I encourage you to watch his video (6 minutes) and try his 21 Day challenge. This may help you develop the habit of seeing good things in your life and who knows you might see a good dragon as well. You might even start to better see opportunities to improve your compliance. Here is a list of other articles dealing with the positive side of risk: The Pursuit of Opportunities in the Presence of Uncertainty Lord of the Risks - The Two Towers: Productivity and Compliance
- Building a Community of Trust
Are you simply complying to regulations or are you building a community of trust? In today’s climate there is much talk about group and to a lesser degree individual rights. However, what seems to be missing are discussions concerning obligations, duties, and responsibilities. Rights do rely heavily on obligations to effect the rights themselves. However, obligations go farther than rights can ever do. Rights are transactional in nature whereas obligations are relational. In fact, obligations are the glue that binds are relationships together. “Obligations arise as part of what it means to be in and to value particular relationships in themselves: being bound in these ways contributes to our growth, our sense of being and being together with others in the world. Obligations are central to this because they work by connecting, by tying us to others.” — Scott Veitch Stakeholders will have rights to be respected, but meeting obligations creates community, more specifically, a community of trust. Trust is a relational matter that is reinforced through obligations. Therefore paying attention to obligations is critical for those that want to build greater trust with their stakeholders.
- Stakeholder Trust: A New Destination for Risk and Compliance
Stakeholder obligations are promises made to those who have put their trust in your business, your products and in the services you provide. Stakeholders extends beyond shareholders and include employees, suppliers, customers, communities, and the public at large. What stakeholders expect is a measure of assurance that your organization will keep all its promises you have made to them. In return for this assurance, trust is engendered giving rise to the pursuit of shared values along with the acceptance of shared risk. In this blog post we look at what stakeholder trust looks like, the role that risk & compliance has to engender trust, and how you can improve the probability that you have the trust you need for your business. What is the value of trust? The benefit of having trust far exceeds financial returns and the exchange of money. Trust provides the fuel to sustain growth and the ability to thrive. Companies that have stakeholder trust find approval to pursue opportunities and create even more value. Companies without stakeholder trust discover they don’t have approval to operate in the communities they want to work in. Even regulatory approval will be conditional subject to significant scrutiny and inspection. Without stakeholder trust you will not have a business. How do you build trust? Businesses first gain trust by acquiring a regulatory license to operate which requires that specific conditions are met. Meeting regulatory obligations provides an initial level of legitimacy and the first boundary towards stakeholder trust. For companies to succeed they need to build on the legitimacy earned to achieve credibility which is another precursor to trust. Credibility is achieved by working towards social and corporate responsibilities. In some industries this is called a social license to operate demonstrated when stakeholders give their approval to proceed on business initiatives. These responsibilities are concerned with achieving quality, health, safety, environmental and overall sustainability objectives. Compliance and risk programs provide the means to achieve these objectives creating the conditions for trust to exist and to improve. Compliance programs protect against the erosion of value by keeping businesses operating between the lines. Risk programs make certain that obligations are met, promises kept, and values are respected. How do you measure trust? At a basic level it is possible to determine whether or not a company has met the regulatory conditions for it to operate. Regulators utilize reporting, inspectors or auditors to verify that companies have met license requirements and to lesser degree that they will continue to be met in the future. However, when it comes to meeting obligations associated with the broader scope of stakeholder expectations, measurement has been more qualitative than quantitative. A social license or perhaps better called a "stakeholder license" is really an agreement on shared values and shared risk. This contract while not formal includes expectations that shared values are respected, and mutual risk is handled. Trust will increase or be lost based on how well a company manages each. With growing concern on climate change, ESG (Environment, Social and Governance) is gaining more traction and is poised to become an important performance index which could be used to measure the conditions for greater trust to exist. We have all the trust we need. Trust is never static. Companies are either gaining trust or losing it. When risk & compliance programs are working together stakeholders will have the assurance needed for trust to exist and to improve. However, without effective risk & compliance programs, assurance will be lacking, credibility will erode and the company's legitimacy will be at risk. Companies that value stakeholder trust will not leave assurance to chance and will instead establish effective risk & compliance programs to provide the assurance needed for their business to operate and to grow. Perhaps, it is time for your risk & compliance to chart a new course to a new destination: Stakeholder Trust. Lean Compliance helps forward looking organizations improve stakeholder trust by improving the effectiveness of risk and compliance programs. If trust is valuable to you please reach out to us to learn more on how we can protect the trust and improve the trust you now have.
- Overlooked Benefits of an Effective Management of Change Program
Management of Change (MOC) is part of every effective process and pipeline safety program. Its purpose is to manage risk introduced by implementing planned changes to a facility, pipeline, process or to the organization itself. To accomplish this, the MOC process touches almost every aspect of an organization which provides additional benefits to those looking to get more from their safety program. An effective Management of Change (MOC) system provides: visibility of the quantity and type of changes visibility of the total level of risk being considered visibility of the level of work and where the bottlenecks are a mechanism to bring together the tools and practices across multiple disciplines a process for cross functional teams to work together on changes a place for all information about each change to be stored an audit trail of what happened during each change a collaborative behavior for working together to implement changes safely These benefits are available when companies consider their MOC process as a system rather than just a procedure that needs to be followed when changes are made. The MOC process is unique and one of only a few that crosses functional silos that are commonly found within organizations. In many ways, an MOC process measures the pulse of change, the level of risk, and amount of anticipated work across an organization. These measurements are invaluable to keeping people safe and companies profitable. Plan -Do-Check-Act Questions: In what way has your MOC program improved visibility of what is happening in your organization? Which benefits would most help your organization achieve your desired safety program outcomes? What obstacles are in the way of realizing greater benefits from your MOC program? What step can you take to remove one of these obstacles?
- What Benefit Does MOC Technology Provide?
Many organizations are required to have a Management of Change (MOC) procedure to manage risks introduced by planned changes to assets, processes, facilities and to the organization as a whole. However, for many, these procedures are based on previous paper based approaches. While these may meet the letter of the law and pass audits they often do not benefit from exploiting technology and best practices. Even when software is procured or developed they often result in "paving the cow path" instead of improving the process first. Dr. Eliyahu M. Goldratt, creator of the theory of constraints, in one of his lectures makes the following statement: "Technology can bring benefits if, and only if, it diminishes a limitation." Technology here is defined as the application of knowledge and does not need to be hardware or software. Dr. Goldratt's statement takes time to fully appreciate but is profound in its simplicity to describe why many technology projects fail. However, as importantly, it provides a way to understand how technology can be used, but rarely is, to provide significant benefits. Let's look at how this statement can be applied to deploying technology to support the MOC process. Dr. Goldratt suggests asking 4 questions: 1. What is the power of the technology? The power provided by an MOC application comes from its ability to connect related data and using it to drive risk activity: Provide the relevant data and tools to the change process Provide the steps that need to be followed based on related data Automatically track and record activity and work done 2. What limitation does the technology diminish? Using a paper based approach has several limitations with these as the primary ones: Not having relevant data readily available to make safe decisions Not knowing what work had been done or will be done as part of the change process. 3. What rules enabled us to manage this limitation? Rules to work around these limitations include: One process for all types of changes (i.e. only have one change form) Adding several gatekeeper roles (reviews and approvals) to verify work Using standard (and fixed) checklists to drive activity Redoing assessments and verifying drawings Audit afterwards to confirm compliance 4. What new rules will we need? With the removal of the limitations the workarounds can and should also be removed and new rules put in place to exploit the power of the new technology. These would include: Self evidencing process - eliminate QC / gatekeeper activities Replace local optimal rules with holistic optimal rules: dynamic check lists based on data instead of standard fixed checklists for functional sub-processes Use a risk based approach - tailor the level of rigor to the level of risk Consider the entire risk context - all planned changes, data stored in risk registers, HAZOPs, bow-tie assessments, and so on The power provided by using MOC technology is its ability to manage related data and using this information to drive processes based on the entire risk profile. This allows companies to move beyond just verifying that steps are completed to actively managing risk throughout the change process. This is something that paper-based approaches could never do and what is necessary to achieve safety objectives.
- Why ESG Will Be Difficult
The topic of Environmental, Social, and Governance (ESG) programs continues to be in the forefront of many conversations in recent months. Most of these discussions have focused on the investment and reporting side of ESG. However, few conversations have focused on how to advance ESG objectives and operationalize them within organizations. In recent studies we conducted, we explored how external and internal obligations were managed across an organization. In this context, external obligations were those associated with mandatory requirements (mostly regulatory) while internal obligations covered environmental, social, sustainability, and other voluntary commitments. What we learned was that for external obligations: most of the compliance resources are dedicated to regulatory obligations these are managed primarily by audits and inspections a fraction of the processes were controlled using a QMS or EMS roughly 50% of the obligations were identified and managed the level of certainty that internal obligations would be met was MODERATE For internal obligations we learned that: few resources were addressing these obligations these were not being managed most of the processes were uncontrolled or ad-hoc most of the obligations were not documented and did not have clear goals and objectives the level of certainty that internal obligations would be advanced was LOW Given that ESG goals and targets fell mostly under internal obligations and represent as much (and perhaps more) as external obligations, it was difficult for organizations to meet their obligations using traditional compliance functions that prioritized regulatory requirements. Advancing ESG objectives using current approaches, resources, and organizational structures was not enough. In some cases, ESG objectives sat along side of the value chain but not part of it. However, with others, ESG outcomes became part of the value created by an organization. In all cases, a greater degree of alignment and coordination (i.e. governance and operational integration) was needed for organizations to make progress and realize the benefits from ESG along with other compliance efforts. How to Improve the Probability of Success To succeed you must manage all your obligations (ESG, along with others), but more importantly you need to keep your promises connected to them. This requires several things working together to produce the outcome of compliance: Better safety, security, sustainability, quality, lower risk, and ultimately better stakeholder trust. Implementing a management program following as standard such as ISO 37301 can help you achieve those outcomes. But only if you intend to keep your promises. Otherwise, it will just be another standard among others that add more work, cost and deliver few benefits. In a recent webinar, we walked through this standard to better understand what ISO 37301 is all about, how it works, and how to use it to keep all your promises including those associated with ESG. Implementing this standard will help you realize more than just incremental improvements. You will experience transformational benefits that compound year over year which is needed to make progress towards ESG goals and outcomes. You can view this webinar here: Presentation slides are available here :
- Integrated Regulatory and Compliance Taxonomy
To effectively meet compliance obligations, it is essential to differentiate regulatory and compliance demand according to their designs. Regulations and standards are typically designed according to one of the following four types: prescriptive management-based performance-based general duty / liability Each type of design requires a different approach and can create different demands on organizations which can be categorized as: Persistent maintenance – needs to be true for all time. Persistent achievement – needs to be achieved by a deadline and then always true after that. Non-Persistence – they need to be true when a certain condition arises. Compliance obligations are the promises that organizations agree to keep with respect to compliance demand. Obligations have in the past been mostly prescriptive in nature. However, increasingly, they are better described as promises to achieve a certain capability of compliance maturity that is expected to improve over time. As such, they will each have their own set of goals, measures and risks. In the context of increasing and often overlapping compliance demand an integrated taxonomy enables companies to rationalize their obligations which can lead to an increase in efficiency and overall effectiveness. Adopting ISO 19600 (obligation management guideline) helps companies to organize and manage their obligations in a consistent manner which when combined with an integrated taxonomy afford organizations with the knowledge they need to help ensure that all their obligations are addressed.
- Why You Need a Compliance Architect
In a world of competing and overlapping compliance demands, siloed departments, and numerous stakeholders the role of an architect is needed more than ever. Whether you are building compliance programs, management systems, or actual buildings; lessons learned from architecture can provide helpful insights and approaches to address today's compliance challenges. An important role of an architect is to take multiple stakeholder concerns and achieve as much of the intended outcome as possible. "An architect is a generalist, not a specialist — the conductor of a symphony, not a virtuoso who plays every instrument perfectly. As a practitioner, an architect coordinates a team of professionals that include structural and mechanical engineers, interior designers, building-code consultants, landscape architects, specifications, writers, contractors and specialists from other disciplines. Typically, the interest of some team members will compete with the interest of others. An architect must know enough about each discipline to negotiate and synthesize competing demands while honoring the needs of the client and the integrity of the entire project." — 101 Things I Learned in Architecture School (Matthew Frederick) Architects find limitations and constraints as creative challenges. When building compliance platforms some of the creative tensions that arise include: prescriptive versus descriptive process versus content behavior versus systems do it now versus do it later top down versus bottom up audit-fix versus continuous improvement ease of use versus utility user experience versus functionality safety versus productivity quality versus performance one process versus multiple processes simple versus comprehensive immediate versus long term tactical versus strategic schedule versus cost And so on Architecture provides techniques and tools that are helpful to balance these kind of concerns. One powerful technique is to focus on the process and not on the end goal which seems counter-intuitive. Being process oriented means ( from 101 Things I learned in Architecture School ): seeking to understand a problem before chasing solutions not force-fitting solutions to old problems onto new problems removing yourself from prideful investment in your projects and being slow to fall in love with your ideas making design investigations and decisions holistically (that address several aspects of a design problem at once) rather than sequentially (that finalize one aspect of a solution before investigating the next) making design decisions conditionally — that is, with the awareness that they may or may not work out as you continue toward a final solution knowing when to change and when to stick with previous decisions accepting as normal the anxiety that comes from not knowing what to do working fluidly between concept-scale and detail-scale to see how each informs the other always asking "What if ...?" regardless of how satisfied you are with your solution Many of these ideas ares similar to those found in LEAN and Design Thinking to help solve problems and find solutions to the most difficult challenges that companies are now facing. Fixing compliance problems with short term tactical solutions is not enough. What is needed are more holistic approaches that deliver more value to all stakeholders and this is what architects do best. To find learn more on how Lean Compliance can help architect your compliance programs or management systems visit our website at www.leancompliance.ca
- System Dynamics
System dynamics (SD) according to the System Dynamics Society is a computer aided approach to policy analysis and design. It applies to dynamic problems arising in complex social, managerial, or ecological systems – literally any dynamic systems characterized by interdependence, mutual interaction, information feedback, and circular causality. The term "System Dynamics" was coined by Jay Forester at MIT in 1961. The aim was to explore dynamic responses to changes made either within or outside of a system to explain the past and predict the future. This makes System Dynamics useful for better understanding and improving sociology-technical problems in the domain of quality, safety, environmental, and regulatory programs and systems. When trying to understand systems we often start by taking a snapshot of the situation which creates a static and linear causality representation of reality. This is perhaps, a first order approximation which may provide useful initial insights. However, to more fully understand the past and predict the future a dynamic model is needed that represents the interdependence of system components. This is where causal loops are used. Causal loop diagrams (CLDs) were introduced by Jay Forester (1961) and developed further since. The purpose of a CLD's is to map out the structure and influences to system behavior. In theory, there are two kinds of causal loops: reinforcing or balancing. Negative reinforcing causal loops are called vicious cycles and have unfavourable outcomes. Positive reinforcing causal loops ware called virtuous cycles and have favourable results. Balancing loops keep the system at equilibrium. At a high-level managed quality, safety, environmental, and regulatory systems are designed to maintain consistency. The audit / fix cycle forms a negative feedback loop that uses corrective actions to adjust the system output back within control limits. This forms a balancing causal loop. However, the effect of these adjustments can destabilize a system when capabilities to restore equilibrium are inadequate. This is amplified when a system must achieve new levels of performance outside of its current capabilities. It is here that SD becomes an important tool to help policy makers better improve outcomes of their compliance programs. SD can help to evaluate policy changes made as part of performance-based obligations to ensure that underlying systems have the capabilities, capacity, and competencies to achieve and sustain new levels of performance. This assists the function of the program level of a managed system to: Introduce change by means of continuous improvement without destabilizing the underlying system Adjust system capabilities to meet increasing performance demand Evaluate and adjust outcomes to optimize overall system effectiveness
- Total Safety Management
Many companies will be familiar with the terms Total Quality Management (TQM), or Total Production System (TPS). They began initially to describe a Japanese-style management for quality improvement. TQM (and its variants) represent a philosophy of a broad and systemic approach to managing organizational quality which sets the context for a quality management system (QMS). It extends beyond the quality of products and services to the quality of all issues within an organization. When it comes to safety efforts the evolution towards using safety management systems (SMS) has become standard practice for industries that include aerospace, chemical industry, and now a matter of priority for others such as the pipeline industry in the US. However, in recent years, major incidents have made it clear that there is still a necessity for companies to improve their safety capabilities through the application of systematic and proactive approaches: "not as a stand-alone activity that is separate from the main activities and processes of the organization, but as an integrated part of total performance management" [2] Building on the success of TQM, in 1998, Geoetsh (1998), introduced the concept of Total Safety Management (TSM) as a performance-oriented approach. The fundamentals of this approach include: a strategic approach to safety, emphasis on performance assessment, employee empowerment, reliance upon robust methods of risk analysis, and continual improvement. More specific organizational processes have been proposed since by various organizations. Integration of safety with quality, environment and productivity have also been proposed by means of: Strategic and cultural integration in order to enhance learning, continuous performance, stakeholder involvement and participative management. Coordination of common business processes between safety, quality, environment. Correspondence of different standards (ex. ISO 9001, 14000, 31000, etc.) with cross-references and possibly a common information system. However, while there is utility in these approaches they do not get to the heart of the matter which is a need for a systematic methodology that is risk-based, performance-oriented with a focus on continuous improvement. TOSCA Approach to TSM A European project under the name of TOSCA (Total Operations Management of Safety Critical Activities) has proposed the following five principles for TSM based on effective risk management (RM) principles derived from ISO 31000: RM should be part of all decision making and organizational processes and provide a capability for creating value for business; RM should be based on best available risk information to create a common operational picture about risks; Participative risk management must ensure that all the needs of stakeholders are taken into account while their knowledge about risks is brought into play; Knowledge management should be part of risk management so that all knowledge about risks is managed effectively and all RM techniques are better integrated; Performance monitoring and operational feedback is necessary for making RM dynamic, iterative, and responsive to change. At the same time, this will facilitate continual improvement of the organization Each of these principles are defined and elaborated in their proposed methodology. However, it is the second principle that I believe communicates where the fundamental paradigm shift needs to occur. It is common for safety management systems to focus their attention on correcting safety problems to return to normal operations. This is the same focus that quality has in the use of corrective and preventive actions (CAPA) processes. As I have discussed in previous blog posts, this is known as feed-back control which is reactive in nature. There is no predictive or anticipatory capabilities to foresee future states or events. This is why a feed-forward process is needed using a model-driven control. It is the model that provides predictive capabilities that can help to address the effects of uncertainty before they happen. It is important to note that performance indicators can now be measured not in terms of outcomes (lagging indicators) but instead as antecedents (leading indicators) so that changes are made before undesired outcomes are produced. Adopting Total Safety Management (TSM) will require that existing safety management systems change from reactive to proactive behaviors. Effective risk management is at the core of this change and it is here that continuous improvement is needed. More information about TSM can be found in the following reference materials: References: [1] Total Safety Management: Principles, processes and methods, 2016, T. Kontogiannis, M.C. Leva & N. Balfe [2] Total Safety Management: What are the Main Areas of Concern int he Integration of Best Available Methods and Tools, 2014, Maria Chiara Leva, Nora Balfe, Tom Kontogiannis, Emmanuel Plot, Micaela De Michela [3] TOSCA (Total Operations Management for Safety Critical Activities) project
- Why You Need Compliance Engineers
It is unlikely that organizations will be able to meet all their stakeholder obligations without the benefits of engineering. However, this engineering must extend beyond individual disciplines to consider a broader set of knowledge, skills, and competencies to keep businesses operating between the lines, the public safe, and proactively meet environmental challenges. In this article we consider how both compliance and engineering have changed and why a new kind of engineering is emerging – one focused on compliance. The Nature of Compliance The compliance landscape has changed. Obligations are numerous, growing, and far reaching covering mandatory and voluntary commitments, along with environmental, social, and governance (ESG) objectives. In recent years we have also experienced a shift in regulation from prescriptive to performance and outcome-based designs. There are many reasons why this shift is happening. The primary being regulatory reform happening across the world as regulatory bodies have begun to modernize the function of regulation, its processes and practices, and how regulation itself is regulated (meta-regulation). These changes both to regulation and compliance itself are having profound effects on organizations that operate under regulation. Organizations that want to take greater ownership of their obligations are finding the traditional audit / fix cycles they have used in the past are not enough to keep their promises and stay ahead of risk. As a countermeasure organizations are directing their efforts towards internalizing obligations, managing and improving compliance performance, and making progress on compliance outcomes. This will involve the application of scientific principles from multiple domains covering management theories, regulatory designs, system dynamics, organizational behaviours, information technologies, accountability frameworks, risk and uncertainty, to name a few. However, what has been missing which is now needed is an engineering approach. In essence, compliance needs to be engineered rather than just audited. What we need are Compliance Engineers . The Nature of Engineering At a basic level engineers design and build things by applying scientific principles and technology. Professional engineering is defined in the Professional Engineers Act in Ontario, Canada where I practice as: Any act of planning, designing, composing, evaluating, advising, reporting, directing or supervising (or the managing of any such act); That requires the application of engineering principles; and Concerns the safeguarding of life, health, property, economic interests, the public welfare or the environment, or the managing of any such act. Over the years the scope and nature of engineering problems has changed in a similar way as the compliance landscape. Engineering solutions have increasingly required cross functional considerations. This broader approach is particularly the case with respect to the safeguarding of life, health, property, economic interests, and the welfare of the environmen t. Engineering in these cases often cross sociology-technical boundaries which requires a more holistic and systems approach and one that focuses on risk. This is not unlike the problems that compliance has also tried to address. The Compliance Engineering Nexus Compliance has become an operational function within organizations that involves technical, management, and social components to work together as a system to achieve compliance outcomes such as: safety, resilience, security, quality, and others. Compliance is effective when it improves the probability of mission success which it does by guarding against and buying down risk. These measures form risk & compliance controls (risk treatments if you like) that prevent and mitigate the effects of incidents, violations, defects, emissions, and so on. This requires an operational model that is engineered to advance outcomes over time, contends with uncertainty, and performs efficiently. This model must have measures of effectiveness, measures of performance, and measures of conformance to properly identify capabilities and scale resources to always meet obligations. Those familiar with compliance will know that many organizations focus only on measures of conformance and to a far lesser degree performance and effectiveness. Many view their effectiveness only in terms of not being fined rather than on advancing outcomes. Failure to focus on outcomes will eventually lead to mission failure. Nature of a Compliance Engineer Compliance needs to be engineered. This will require engineers who are multi-disciplinary and can cross the technical-social divide. They also need to be educated and trained in compliance to effectively build systems and processes that are able to reduce risk and advance compliance outcomes. In my estimation we need Compliance Engineers who should have knowledge, skills, and competencies that focus on: Theories related to Regulatory Designs, Promises & Obligations, Cybernetics, Uncertainty & Risk, Management Accountability & Trust Frameworks, Organizational Behaviours and Dynamics, Ethics, Policies Designs, Change Management, etc. Engineering principles related to safety, security, climate change, environmental, etc. Management programs and standards: quality, safety, environmental, sustainability, security, IT, etc. Systems Engineering (goal-seeking, purposeful, full stack systems) Computer Engineering (algorithms, machine learning, automation, digitalization, etc.) Lean Engineering (performance improvement, interventions, lean enablers, etc.) Data Management and Statistics Risk-based Thinking and Practices Design and Problem Solving Skills Project Management With this capability Compliance Engineers could help organizations build effective and robust compliance systems, processes, and practices. Compliance Engineers would also lead by example by upholding the values that compliance is striving towards. The following is a excerpt from the Code of Ethics of Canadian Professional Engineers which aligns well with ethical organizations: Professional engineers shall conduct themselves in an honourable and ethical manner. Professional engineers shall uphold the values of truth, honesty and trustworthiness and safeguard human life and welfare and the environment. In keeping with these basic tenets, professional engineers shall: Hold paramount the safety, health and welfare of the public and the protection of the environment and promote health and safety within the workplace; Offer services, advise on or undertake engineering assignments only in areas of their competence and practise in a careful and diligent manner; Act as faithful agents of their clients or employers, maintain confidentiality and avoid conflicts of interest; Keep themselves informed in order to maintain their competence, strive to advance the body of knowledge within which they practise and provide opportunities for the professional development of their subordinates; Conduct themselves with equity, fairness, courtesy and good faith towards clients, colleagues and others, give credit where it is due, and accept, as well as give, honest and fair professional criticism; Present clearly to employers and clients the possible consequences if engineering decisions or judgments are overruled or disregarded; Report to their association or other appropriate agencies any illegal or unethical engineering decisions or practices by engineers or others; Be aware of and ensure that clients and employers are made aware of societal and environmental consequences of actions or projects and endeavour to interpret engineering issues to the public in an objective and truthful manner; and Treat equitably and promote the equitable treatment of all clients, colleagues and coworkers, regardless of race, religion, gender, sexual orientation, age, physical or mental ability, marital or family status, and national origin. Summary Traditional risk & compliance functions operating in silos on their own cannot meet the demands imposed by new regulatory frameworks and designs. Neither will adopting management standards or new information technologies if they are not designed or implemented to work together. Engineers have for years used scientific principles and the ability to consider multiple constraints to design efficient and effective systems. This is precisely what is needed for organizations to meet outcome and performance-based compliance objectives that drive towards zero emissions, zero incidents, zero violations, zero defects, and other industry targets. We need to engineer our compliance not just audit our conformance. We need Compliance Engineers.
- Four Corners of the Obligation Map
4 types of obligations 4 compliance functions 4 purposes 4 measures












