top of page

SEARCH

Find what you need

609 results found with an empty search

  • The Trouble With Zero

    Over the years I have heard many voice their concerns about using zero as a goal or target. This voice seems loudest in the safety field. In a recent article from Energy Safety Canada, The National Safety Association’s for Canada’s Oil and Gas Industry, Murray Elliott (CEO) outlines their move away from using zero harm messaging. In this article he writes, “Zero harm concepts are a mindset in which all accidents and injuries are avoidable. These are often referred to as target zero, mission zero, beyond zero, or similar, with a common belief: if you’re not aiming for zero, you’re not making your best effort. At what point does striving to reach an improbable goal become more important than what’s actually happening?” He further writes: “Zero harm is a mindset in which all accidents and injuries are avoidable. The next step in the evolution of safety is to shift our view and create capacity in a system so that when humans make mistakes — and they will— the system can accommodate them.” For Elliott, safety is foremost about reducing risk and and increasing worker engagement: the foundation for continuous improvement. While I don’t disagree that safety is about risk and that continuous improvement involving workers is important I want to discuss the movement away from zero harm messaging. Lessons from Quality When quality started to gain traction the focus was on zero defects which created similar challenges to what we are experiencing with safety. Zero defects was the slogan and eliminating defects was the modus operandi. Was the focus on zero defects misguided? The problem was not so much with zero defects as a goal but rather it being the terminal or end goal. Zero defects was an instrumental goal towards achieving something better. What it did expose was that Inspections and audits were insufficient to drive down defects or improve quality. You can't inspect quality into your process! As a result organizations looked upstream to improving process capabilities specifically by reducing variation (a source of uncertainty and risk). The better the capabilities the better the output and the lower the defects. This moved management’s attention away from zero defects to contending with process variation with six sigma as the gold standard. Striving towards six sigma was now the modus operandi. However, this too was an instrumental goal and not the end goal. Contending with uncertainty at all levels of the organization would become the next challenge as part of Total Quality Management (TQM). The goal had changed from zero defects, to six-sigma, to delighting customers (the outcome of quality). To achieve this a holistic approach would be needed following these 8 principles (some of these are not very different from what Elliott is suggesting): Customer focused Total employee involvement Process centred Integrated system Strategic and systematic approach Continual improvement Fact-based decision making Communications Is striving towards zero defects still important? Yes. Is striving towards six sigma capabilities still important? Yes. However, what is also important is delighting customers — the actual test of quality and this required a holistic and integrated approach. Something that Safety is also noticing. What quality learned was striving towards instrumental goals (continuous improvement) was the secret sauce by which quality would be improved. The targets as important as there were are not the end but the way to the end — something that would never be fully reached but worthwhile nevertheless. Something that Safety is also realizing. Application for Safety In many ways, what Elliott along with others in the safety field have written aligns with the trajectory that quality followed. Is striving towards zero incidents important? Yes. But this is not the end goal. In the same way as quality, we need to look beyond and behind the numbers at sources of uncertainty and improve our capabilities to contend with them. Process safety management, functional safety, and occupational safety are becoming more risk-based and performance oriented. Perhaps, six-sigma process capabilities may not be possible but striving towards reduced variation (i.e. reduced uncertainty) is an important goal for safety as it is for quality. Elliott, is right on the nose with this. Elliott says that “Safety should not be about the number of incidents, but about outcomes and what we can learn from them.” I would argue that safety is still about the number of incidents but not only that. The goal should not be only about learning either. Safety must have a qualitative effect on actual safety in the workplace and zero harm while problematic for some is the best measure we have. What some are suggesting is something similar to TQM for safety – Total Safety Management (TSM). TSM could provide a holistic approach that might bring together both behaviors (Safety 1) and systems (Safety 2) to transform our approaches from safety management to actually managing safety. The outcome would be a safe environment for our workers, communities, and the environment. Who knows, this might delight as well. Is this realistic? Perhaps not. Is it worthwhile to strive for? Absolutely. That is worth restating. It is in striving towards ambitious targets that creates the motivation and the capabilities to achieve something better. That was and is true for quality and will also be true for safety. In the End If we move away from zero harm as some are suggesting we may end up making similar mistakes as some have made with quality. If you make process capability maturity (i.e. six-sigma) your goal that is what you will get. You will make products that are defect free but may not delight the customer (making the wrong product the right way). That doesn't mean you don't have it as a goal. It means it's not your only goal. In the same way, if Safety makes continuous improvement or work engagement its goal you will get just that. You will may end up with change for the sake of change and not experience the safety you need. You still need to have other goals. And that's the point. If zero harm is not your goal than you will not achieve it. You can hope for the best. You might be lucky. But that is not a strategy for risk. Is striving towards Zero Harm misguided? I think moving away from it is. What do you think?

  • Beyond Box-Ticking: Why Programmatic Trumps Procedural Compliance in Achieving Real Results

    In today's business environment, companies face a wide range of legal, regulatory, and stakeholder obligations. These obligations will fall into four primary categories : rules, prescriptive, performance and outcome-based specifications. Meeting these obligations can be a complex and challenging task. One way organizations can ensure they are complying with these obligations is through the adoption of procedural and programmatic compliance approaches. In this article, we will discuss the differences between these two approaches and explore which one is better suited to meeting each type of obligation. Procedural Compliance (Compliance 1) Procedural compliance refers to the processes, and procedures that a company puts in place to meet its compliance obligations. It provides assurance that the organization's is able to meet prescriptive aspects of obligations, focusing more on activities rather than the result. Procedural compliance typically involves documenting "as-is" processes and policies and ensuring employees follow them. This approach is often seen as a top-down approach, with management setting the rules and employees following them. The benefits of procedural compliance are that it establishes a clear framework for compliance and provides a record of compliance efforts which aids the audit function. This can be useful in demonstrating compliance to regulators or stakeholders. Additionally, it ensures that everyone within the organization is working towards the same goals. However, the downside of procedural compliance is that it can be inflexible and bureaucratic, leading to a lack of engagement and commitment among employees to meet the desired outcomes. Programmatic Compliance (Compliance 2) Programmatic compliance, on the other hand, focuses on outcomes and policies rather than activities. This approach involves setting goals and objectives for compliance and measuring progress towards these goals. It is more about ensuring capabilities are in place to meet desired outcomes and avoiding undesirable ones. Programmatic compliance is often seen as a bottom-up, or better, a participatory approach, with employees taking greater responsibility of compliance efforts along with the intended results through program and obligation ownership. The benefits of programmatic compliance are that it encourages agency, innovation and flexibility. Employees are empowered to find new and creative ways to meet compliance obligations, which can lead to better outcomes. Programmatic compliance also fosters a culture of compliance, where employees understand the importance of compliance and are committed to achieving compliance goals. However, the downside of programmatic compliance is that it can be more difficult to demonstrate compliance to regulators or stakeholders. It is easier to observe evidence of conformance rather then evaluate capabilities to effectively contend with uncertainty and risk. Which Approach is Better? So, which approach is better suited for each type of obligation? Procedural compliance can help assure that the organizations are following established processes and procedures to meet compliance obligations. This approach is particularly useful in industries where regulation is mostly prescriptive and rule-based. In such industries, procedural compliance can help ensure that all legal and regulatory requirements are met, and the organization can avoid the severe consequences of non-compliance such as the loss of their operating license. On the other hand, programmatic compliance may be more effective in industries where compliance obligations are focused on stakeholder expectations associated with outcomes such as customer privacy, security, sustainability, along with others. In these industries, a participatory approach that encourages innovation and flexibility may be more appropriate. Programmatic compliance allows employees to take ownership of compliance efforts and the results, which can lead to a more engaged and committed workforce. It also helps establish a social license by promoting a greater degree of loyalty, reputation, and trust . Summary Both procedural and programmatic compliance have their strengths and weaknesses, and the best approach will depend on the organization and its specific compliance obligations. While procedural compliance provides assurance that the organization is following compliance rules associated with obligations, it focuses more on activities rather than the result. Whereas, programmatic compliance provides assurance that the organizations is meeting its obligations to achieve performance targets and advancing stakeholder outcomes. Regardless of the approach or approaches taken, it is essential that organizations prioritize compliance and regularly assess their compliance efforts along with results to ensure they are meeting their obligations and contending with uncertainty. By doing so, organizations can minimize the risks associated with non-compliance and build a culture of compliance that promotes long-term success and greater stakeholder value.

  • Navigating Modern Risk: Embracing Uncertainty as the Key to Success

    In a world of constant change and unpredictability, our conventional understanding of risk management falls short of addressing the complex challenges that organizations face today. The old model of risk assessment, primarily focused on mitigating the consequences, no longer serves as a sufficient framework. Instead, a paradigm shift is required, one that emphasizes understanding and adapting to the root causes of risk: uncertainty. Traditionally, risk management was synonymous with damage control – identifying potential threats and minimizing their impact. However, this approach fails to consider that risks are deeply rooted in uncertainty. Today's risk management demands a shift from reacting to consequences to anticipating causes. This new perspective acknowledges that uncertainty is not just a factor to consider, but the very essence of risk itself. Types of Uncertainty: The Root Cause of All Risk Uncertainty is not something to be avoided or eliminated; it's a fundamental aspect of operating in a dynamic and interconnected world. Modern risk management entails learning to navigate this uncertainty rather than trying to eliminate it entirely. Uncertainty is not inherently negative; it also brings opportunities for growth, innovation, and competitive advantage. Organizations must shift their mindset from risk avoidance to risk optimization. To effectively manage risk arising from uncertainty, it's crucial to delve into its various types: Aleatory Uncertainty : This refers to inherent randomness or variability, often associated with natural events like earthquakes or market fluctuations. While not entirely controllable, these uncertainties can be better understood and factored into decision-making processes. Epistemic Uncertainty: This stems from lack of knowledge or information. Epistemic uncertainties can be addressed through research, analysis, and learning. As we gain more insight, they become less uncertain. Model Uncertainty : Often, risks are assessed using models that may not accurately reflect reality. Model uncertainty recognizes the limitations of these models and their potential deviations from actual events. Managing Uncertainty: Irreducible and Reducible Risks Uncertainty can manifest in both positive and negative ways, leading to either opportunities or threats. These can be broadly categorized into irreducible and reducible risks: Irreducible Risks: Some uncertainties are inherent and cannot be prevented. For these, organizations rely on margins, insurance and contingency reserves to buffer against potential losses (threats) and leveraged to pursue gains (opportunities). Reducible Risks: Other uncertainties can be handled through risk measures and controls. By actively seeking to reduce these uncertainties, organizations can lower the likelihood and impact of adverse events or improve the likelihood and impact of favourable events. Sources of Risk The effects of uncertainty may present themselves from a variety of sources that can be classified into three categories: Extrinsic Risk: These originate from external factors like economic shifts, geopolitical events, or technological advancements. Organizations must develop strategies to adapt to changes beyond their control. Intrinsic Risk: Internally generated uncertainties arise from variability within an organization's operations, systems, and processes. Addressing these requires building resilience and flexibility into the core of the organization. Emerging Risk : Complex systems and organizations are inherently dynamic, leading to uncertainties that emerge over time. Staying agile and ready to pivot is key to managing these emerging risks. Thriving in the Presence of Uncertainty Risk management is not about eliminating uncertainty but about embracing it as a fundamental reality. Organizations that excel in risk management understand that they always operate in the presence of uncertainty. By shifting the focus from only handling consequences to a focus on root causes organizations position themselves not only to survive but to thrive in dynamic and changing environments. It's time to rewrite the playbook of risk management and learn what it means to improve the probability of mission success in the presence of uncertainty.

  • Leveraging Talent for Effective Compliance: Moving Beyond Specialization

    Organizations are constantly seeking ways to eliminate waste and optimize their operations. One often overlooked source of waste is the untapped talent within their workforce. A key contributor to this waste is structuring roles around specialized activities, which inadvertently restricts the extent of contributions towards overall goals and outcomes. This issue becomes particularly evident when it comes to meeting compliance obligations. Despite assembling teams of specialists to address various aspects of compliance, organizations often struggle to achieve the desired outcomes. The root of the problem lies in managing individual tasks instead of focusing on the holistic success of compliance programs and systems. It is not a lack of talent that hinders progress; rather, it is the under-utilization of existing talent in key areas that hinders efforts to achieve better outcomes. Compliance efforts require a multifaceted approach that goes beyond individual tasks. While specialization has its advantages, such as developing expertise in specific areas, it can create silos that prevent collaboration and limit the impact of individual contributions. By broadening the scope of employee roles and encouraging cross-functional collaboration, organizations can tap into the diverse talents of their workforce. Breaking down the barriers of specialization allows for a broader understanding of compliance obligations and fosters collaboration towards achieving desired outcomes not just specific objectives. The following measures will help unlock available talent and help improve overall compliance effectiveness: 1. Aligning Talent with Compliance Programs: Organizations should align talent more effectively with compliance programs and systems. This involves identifying individuals and teams with the right skills and knowledge to contribute to compliance initiatives beyond their specialized areas. By actively involving these individuals in the design, implementation, and evaluation of compliance programs, organizations can leverage their collective expertise and experience. This approach ensures that compliance efforts are not fragmented but rather driven by a comprehensive understanding of the broader objectives. 2. Developing Integrative Compliance Strategies: Instead of solely focusing on managing individual tasks, organizations need to develop integrative compliance strategies. This entails considering the interconnectedness of compliance efforts and understanding how each task contributes to the overall success of the program. By taking a systems thinking approach, organizations can identify areas where the collective talent of their workforce can be harnessed to optimize compliance outcomes. This may involve restructuring roles or creating cross-functional teams dedicated to compliance, ensuring that the right talent is deployed where it can make the most impact. 3. Embracing Technology and Automation: Another way to unlock unused talent is through the strategic use of technology and automation. Routine and repetitive tasks can be automated, freeing up valuable human resources to focus on higher-value activities. By streamlining compliance processes through technology, organizations can optimize the utilization of their talent, enabling them to contribute meaningfully to more strategic aspects of compliance. This shift allows employees to apply their skills, knowledge, and critical thinking to address complex challenges and drive positive outcomes. 4. Fostering a Culture of Continuous Improvement: To fully leverage unused talent, organizations must foster a culture of continuous learning and improvement. This involves creating an environment where employees feel empowered to voice their ideas and suggestions for enhancing compliance efforts. Encouraging innovation, providing opportunities for professional development, and recognizing and rewarding collaborative achievements will motivate employees to actively contribute their talents towards maximizing compliance outcomes. Next Steps Underused talent is a waste and when comes to compliance this waste hinders staying between the lines and ahead of risk which leads to possible loss and missed opportunities. In the pursuit of effective compliance, organizations must recognize the importance of utilizing their existing talent. By moving beyond specialization, aligning talent with compliance programs, and adopting integrative strategies, organizations can unlock the potential of their workforce. Embracing technology and automation, along with fostering a culture of continuous improvement, are essential to create capacity and the opportunity for talent to be leveraged.

  • Is Compliance a Waste?

    The value stream is where value is created but also waste which erodes the value of the products and services we are delivering. At a fundamental level, LEAN is about satisfying customer requirements with the least amount of waste as possible. By applying LEAN principles and practices organizations protect value by reducing or eliminating this waste. There are many forms that waste manifests itself within a value stream. The most common include: Overproduction – production that is more than needed or before it is needed Inefficient processes – more work (or quality) required by the customer Mistakes / rework – efforts caused by rework, scrap, or incorrect information Waiting – wasted time waiting for the next step in the process Inventory – excess products and materials not being processed Transport – unnecessary movements of products and materials Motion – unnecessary movements by people Creativity – non-utilized talent However, this list doesn't end there. We know that customers are only willing to pay for the work that directly contributes to the creation of value. This is why many companies view compliance, particularly in the form of inspection, as a form of waste because it is seen as not directly contributing to satisfying customer requirements. Specifically, compliance adds to waiting, unnecessary movements, and to inefficient processes. These are indeed wastes when looked at in this way. But is this the best way to think about compliance – as a waste? Customers do expect that companies build their products in accordance with regulations and standards. They expect that the environment will not be harmed, employees not injured, and that companies operate according to the rule of law and within ethical guidelines. If you don't believe this then eliminate risk & compliance functions from your organization and see what happens. These expectations are as much customer requirements as are product or service requirements. Meeting compliance expectations creates legitimacy, trust and ultimately customer loyalty. These create value and without them it does not matter if you eliminate all the other forms of waste or reduce your cycle times to the lowest that they can possible go. As we know customers will only pay for those things that contribute to value and that includes the outcomes of compliance: safety, quality, environmental, privacy and other stakeholder expectations. Customers refuse to buy products or services or even work for companies that choose not to meet their compliance obligations. In fact, they value companies with higher standards over those that only conform to the minimum from a legal perspective. When companies consider compliance as a necessary evil they tend to use mostly inspections and audits which can contribute to waste in the value stream. However, when compliance is seen as a necessary good, it is included as part of customer requirements. When this happens companies design compliance into their products and services as well as the processes that create them. This not only eliminates "waste" but also creates added value that results in reduced risk, increased trust, and sustainable growth through increased customer loyalty.

  • Compliance: Obstacle or Opportunity?

    Let me start this by providing some context. I am a professional engineer who studied electrical / computer engineering back in the 80’s. You could say that I found compliance the long way around. As it turns out, compliance is not so different from engineering at least the way it is now. For most of my career I designed, built, and deployed systems to support compliance. In my early days, I developed systems for testing integrated circuits at both the wafer and packaged goods stages. You could say that this was dealing with a type of compliance: conformance to technical requirements and specifications. I then went on to implement quality management systems, document management, records management, data management, product life cycle management (PLM), DHF and DMR systems, ISO, and so on across multiple industries across North America. These had more to do with supporting compliance commitments instead of meeting compliance directly, but important, nonetheless. What I found, which brings us to the topic of this article, was that compliance was considered as an extra layer, an extra process, and extra program for many and most organizations and still is for the most part. Compliance you could say was all about meeting all the requirements over and above what was needed to get something to work such as quality, safety, security, sustainability, and so on. These are still requirements. But for some reason we didn’t, and we don’t treat them that way. We see these requirements instead as obstacles and in the way of getting something to market, a business launched, or a service delivered. And here's the thing – we still do. Compliance as Imagined Compliance as it was imagined, prescribed, and enforced was not welcomed and at most tolerated. And yet at a fundamental level was no different from designing systems to meet product, business or services requirements. So what is going on? If that wasn't enough of a question to answer, organizations decided that if these “other requirements” were going to be addressed it was going to happen at the end of the production process. Not earlier on as part of design. We don’t want to hinder innovation they would say. Now if you were in manufacturing, you were not happy with that approach as these extra steps would delay getting product out the door. This was a source of much of the push back and tension similar to what product engineers and designers are experiencing today when asked to consider "non-product" requirements int their design. After years of doing compliance this way no wonder people don’t like compliance. Not only that – they don’t want it. In fact, for those familiar with LEAN, you will know that it has a blind spot when it comes to compliance. LEAN views inspections, for example, as non-value add, a waste and something to eliminate. And guess what, lots of people view compliance this way. I knew there had to be a better way to do compliance where it was a value-add and not a waste which was the genesis for founding Lean Compliance – you could say – to correct this blind-spot. But this change could only happen if and only if there was a change in perspective. Back to the question: Compliance: Obstacle or Opportunity? If we are keeping score, I think compliance as an obstacle is winning. But let’s unpack this some more and see if we can discover the root cause of why this is the case. To help with that it is worthwhile looking at the tension between business and compliance which is not new thing and something we understand quite well. There have always been priority differences between what the business wants and what compliance wants. In fact, the way I stated these earlier telegraphs the cause of some and perhaps most of this tension. Business and compliance objectives for many are seen as mutually exclusive and not aligned to the same goals. At least, that’s how it looks to most. Back in the 90’s when ISO 9001 (the quality management standard) was introduced it was all about inspections and quality control. Compliance was measured by conformance with product specifications, which in turn would help identify defects, that would be corrected or at least measures put in place to prevent them from occurring again. We were contending with quality at the event horizon — the place where risk becomes a reality – and that is what a defect is. Defects are the effects of uncertainty in the production process or in the design itself that have been realized. Now, if you were a production manager how could you not see all the inspections and audits as getting in the way. The delays were not the real problem. It was what was discovered that was. Quality control was exposing what was hidden and made it visible. The Root Cause and Antidote The real problem you could say was that there was a misalignment of priorities that was made visible by the introduction in this case of a quality standard. For production the goal is to meet schedules and to ship product on time. All these other steps: inspection, quality control, corrective actions, etc. tacked on at the end of the process would and did cause delays and cancelled orders. So no wonder compliance was seen as a tax on production, an obstacle to getting on with the business. If we don’t ship on time we will lose customers which was a real concern. I don’t think this perspective and tension between production and compliance has changed over the years. In fact, I was recently had a conversation with a high-tech company in Europe, and this was exactly the problem. Competing priorities. Competing goals. Nothing has changed. But compliance has. Let me explain. Since the 90’s, and for all those that effectively manage quality, some would experience less defects, fewer delays and in fact shorter cycle times, and something else – they would experience customers who were more satisfied with their products. Imagine that! Instead of losing customers, they were gaining them. Even at the edge, at the event horizon, the last line of defence; compliance had an impact. But, how did this work? How was compliance able to do that? And now we get to the heart of the matter – the power of compliance. Compliance presents a process by which a standard could be used to evaluate the current level of conformance, in this case, with quality requirements not technical requirements. We already were doing technical requirements and accounted for it in our product designs. Compliance added a new benchmark – a new design objective for engineering. That’s what compliance does. It set’s an ideal for us to achieve: better quality, better safety, better security, better sustainability, you can call this drive – operational excellence – if you like. These standards, not the management standards, but the ideal of what we want, act as a measuring stick. They make what is invisible visible. However, that is only half of its power. Exposing gaps creates new problems to solve, new objectives to improve, and even new opportunities to innovate. Taiicho Ohno the father of Lean was known for saying, “without objectives there are no improvements”. Without a standard there are no gaps. When there are no gaps we have no problems to solve – no need to innovate. As it turns out: Compliance creates the opportunity for innovation. This is the real power of compliance. Compliance is not a set of check-boxes to tick off or to feel ticked off about. Instead, the purpose of compliance is to drive the organization towards better outcomes. Something we can and should all be aligned with. For that is what compliance is all about – alignment – staying on course, on-side, on target, and on mission. Moving Back from the Event Horizon This notion of alignment has been applied throughout the entire value chain. The body of knowledge has expanded to safety, security, sustainability, and many other fields. We now have a better understanding of the nature of obligations, how to contend with uncertainty, and how to regulate not only outputs but outcomes - the field of cybernetics of which control systems engineering is part of. Compliance has progressed and has moved away from the event horizon where – r isk becomes a reality – and has moved towards the source of risk itself. The place where – uncertainty creates the opportunity for risk. It is about being proactive and preventing non-conformance in all its shapes and sizes. Compliance is also still about regulating – something that is often forgotten. Compliance is now regulating how and what we do to increase the probability of the outcomes we want and decrease the probability of outcomes we don’t want. In fact, compliance helps us avoid obstacles and threats, and helps us now to enable and exploit opportunities to achieve mission success. This is why requirements are no longer just technical. They have expanded to include all the other requirements associated with risk. That is why compliance needed to change and so should the way we do engineering. Engineering needs to learn to innovate across all requirements not just the technical ones if we want to stay ahead of risk. This requires thinking in engineering terms such as: Design Thinking, Systems Engineering, Model Based Engineering, Digital Twins and Threads, Risk-based Thinking, and so on. What do you think now? Is Compliance an Obstacle or an Opportunity?

  • The Problem with Assessments

    Assessments are the fuel that power both step-wise and continuous improvement engines and this is no different when it comes to risk & compliance programs. Assessments help to identify the gap between where you are now compared to where you intend or need to be. The problem is that not all assessments are the same, and many do not assess the things that really matter. The Assessment Construction The purpose of an assessment is to answer the question, "Are we there yet?" so that adjustments (i.e. improvements) can be made to successfully get to there . What there means may manifest itself in many ways, for example: The distance between where we are compared to our destination . The speed we are travelling compared with what is needed to arrive at our destination on time. The amount of fuel remaining compared with what is needed to get to our destination . For an assessment to be effective we must have a stated goal that defines what we want to achieve along with a way to measure our progress towards that goal. In our previous example there are several goals: Zero distance from our destination – this is a Measure of Effectiveness (MoE) The trip will not be successful if we don't reach our destination defined as a distance of zero between were we are and where we want to be. Minimum speed to reach our destination on time – this is a Measure of Performance (MoP). We need to have the capability to travel at or above the minimum speed limit to reach our destination on time. We also need to sustain that level during the trip. Non-zero fuel level for the duration of the trip – this is a Measure of Conformance (MoC). To be successful we must ensure that we do not run out of fuel. This may require extra fuel (i.e. margin) to address uncertainty along the way. An effective travel plan will include a gap assessment conducted as often as needed to make certain that sufficient progress is made towards the desired destination, sustainment of the minimum speed, and that the fuel tank never reaches empty. The Assessment Conflation Taiichii Ohno (the father of LEAN) is known to have said, "without objectives there is no improvement," or in other words you need to have a gap, but not just any gap. The gaps you need to assess are the ones connected with your goals. Every management system standard connected with quality, safety & security, environmental and regulatory programs requires the establishment of objectives. These are instrumental goals towards ultimate goals such as zero incidents, zero harm, zero emissions, zero pollution, zero violations, and so on. To make progress against these objectives each company must perform at targeted levels often described in internal procedures and guidelines. A full evaluation of a management system will therefore include: Conformance Assessments (i.e. audits) are conducted to assess work-as-prescribed against work-as-done demonstrated by evidentiary artifacts which may include intermediate or final outputs of critical to compliance processes covering: quality, safety & security, environmental,and regulatory objectives. Conformance assessments answer the question, "Is the system following the standard?" Performance Assessments are conducted to verify actual performance against planned performance of critical to compliance capabilities. Performance assessments answer the question, "Does the system have the capability, competency, and capacity to advance objectives?" Effectiveness Assessments are conducted to validate progress against stated compliance outcomes (ex. zero violations, zero harm, zero incidents, etc.) Effectiveness assessments measure the results of a compliance system by answering the question, "Is the system having an impact on our compliance outcomes?" Audits are traditionally used to perform conformance assessments evaluated against a given standard. These standards are often externally defined with some requiring third-party certification. The purpose of the audit is to identify gaps against the standard that will need to remediated to achieve third-party certification or quality control criteria. This assessment focuses on confirming the existence of policies, procedures, and practices along with process outputs. However, what audits do not do is tell you whether or not your compliance system is performing or effective at advancing your goals and objectives. The latter requires a contextual evaluation against a company's targeted outcomes of their quality, safety & security, environmental, and regulatory systems. The Assessment Uncertainty There is one place where most of have experienced the impact (good or bad) of assessments and that is in the context of education and training. As part of making the grade a teacher will conduct tests throughout the year to measure a students progress culminating in a final exam to determine the grade. Performance in the final exam is often the largest contributor to the final grade which can be considered an outcome of a student's effort during the year. I remember during my university days sitting down for a final math exam. I felt good about this course. I had attended all of the classes, completed all the term exercises, and as a result felt ready for the final. On the day of the exam, I sat down, took a deep breath and waited for the start signal to begin the three-hour exam. Two hours went by and I had managed to work through all the questions on the exam page. Having completed the questions comfortably, I thought that all my preparations were paying off. I decided to use the remaining time to go over my answers and check my work. 50 minutes left. Everything was going as planned. I needed some scrap paper to verify some of my calculations and decided to use the back side of the exam paper. 45 minutes left. As I turned over the paper, my heart sank and then started to race. I saw another set of questions on the back side. How could I have I missed this? My performance on the previous questions would not be enough to pass the course let alone make a reasonable grade to advance the achievement of my engineering degree. Many organizations find themselves in a similar situation with respect to their risk & compliance programs. They do all the work to pass an audit, the front-side of the exam, but fail to turn the page over to work on performance and effectiveness. Unfortunately, when it comes to compliance obligations such as safety, it is too late to work on these after an incident or harm has been done. As for my exam, it was almost too late for me. I raced through the rest of the questions and barely achieved a passing grade. I promised to never let that happen again. The Assessment Conclusion Gap assessments are necessary to know what to improve provided you are measuring what really matters. While conformance assessments can tell you that you are missing a procedure and need to create one, they don't tell you how good a procedure is at achieving intended objectives. For this you will need to conduct performance and effectiveness assessments. These require contextualized comparisons between where you are now and the destination you have targeted which will be different for every organization. Of course, closing the gaps will not be as simple as creating a procedure. Closing gaps will require improving performance and effectiveness which need the application of problem solving, risk analysis, and change management, among other skills and capabilities. Progress towards risk & compliance objectives can only begin when companies turn the page to answer the other half of the questions. And remember, you still need to show your work! It's time to do more than just pass the course, it's time to make the grade.

  • Which Problem Should Compliance Be Solving?

    The question that compliance should be asking is not how do we move from spreadsheets to automation but rather how do achieve better outcomes form being in compliance. The former is a data-first mindset. Replacing spreadsheets with automated tools has some utility but it is not enough to stay ahead of risk and staying between the lines. This mindset turns the question into a data capture, storage, manipulation, and reporting problem. The latter is an outcome-first mindset. This turns the question into a benefits realization problem. It looks at what capabilities do we need to achieve targeted outcomes from our compliance, what resources do we need to achieve those outcomes, what obstacles are in the way, and how do we measure our progress. An outcome-first approach enables transformational change whereas a data-first approach will only at best produce the same results you currently have faster or at worst create a lot more work.

  • How to Support Your CCO

    A Chief Compliance Officer (CCO) is responsible for ensuring that an organization complies with relevant laws, regulations and to a broader sense – all stakeholder obligations associated with safety, security, sustainability, quality, environmental and internal commitments. The role of a CCO is crucial in ensuring that a company operates ethically and responsibly while minimizing the risk of legal, financial penalties, and loss of stakeholder trust. While a CCO has significant responsibility, they cannot fulfill their duties alone. They need help from other members of the organization to ensure alignment with organizational values and compliance with policies and procedures. This is because the outcome of compliance requires a collaborative effort that involves everyone in the organization working together. Additionally, a CCO needs help to fulfill their duties due to the complexity of compliance regulations and the constant changes to these regulations. Staying current with regulations and industry best practices requires constant monitoring and adaptation. Therefore, a CCO relies on other professionals within the organization to provide insights, identify risks, and recommend corrective and proactive actions. A CCO also needs assistance in implementing and enforcing policies and procedures. They may need to work with other departments such as human resources, legal, finance, and IT to ensure that compliance requirements are integrated into daily operations. However, for too long, many organizations have been managing their compliance in isolated siloes, only addressing issues after they've already occurred. This outdated approach is not only making the job of the CCO more difficult but also less successful. It's time to embrace a more proactive and integrative approach that takes a holistic view of your organization's capabilities. By doing so, you can stay ahead of the curve and ensure success in today's fast-paced business environment. A Proactive and Integrative Strategy For Compliance This approach involves several key elements, including integrating compliance into the organization's culture, taking a proactive rather than reactive approach to compliance, providing the necessary resources to enforce compliance, establishing clear communication channels, and adopting a culture of continuous improvement. First , the organization must integrate compliance into its culture. Meeting obligations and keeping promises must be a core value that guides the behaviour of everyone in the organization. Each person must understand their compliance obligations and take responsibility for adhering to the rules and regulations. By integrating promise keeping into the organization's culture, the organization minimizes the risk of non-compliance, reducing gaps in conformance and ensures sufficient performance to advance the outcomes of compliance: better safety, security, sustainability, quality, and stakeholder trust. Second , the organization must take a proactive approach to compliance. Instead of waiting for issues to arise, the organization should anticipate potential risks and take steps to mitigate them. This involves identifying areas of the organization that are particularly vulnerable to compliance issues and developing strategies to address those vulnerabilities. By taking a proactive approach to compliance, the organization can prevent risk as well as mitigate their effects ensuring the organization always stays between the lines. Third , the organization must provide the CCO with the necessary resources to enforce compliance effectively. This includes budget, technology, personnel, and training. The CCO should have access to the necessary tools and resources to monitor and enforce that obligations are met and promises kept. The organization must also provide training and education to employees to understand their compliance obligations and how to meet them. By providing the necessary resources, the organization supports the CCO in meeting their responsibilities which in turn helps the entire company keep all their promises. Fourth , clear communication channels between the CCO and other departments can support compliance. The CCO should be involved in all major decisions that could impact compliance, and other departments should consult with the CCO before making any decisions that could affect compliance. This ensures that compliance is considered in all decision-making processes and helps to minimize the risk of non-compliance. Finally , the organization must adopt a culture of continuous improvement. Compliance is not a one-time event but a continuous process. The organization should regularly review and assess its compliance program to identify areas for improvement. The CCO should work with other departments to develop and implement strategies to improve compliance continuously. By adopting a culture of continuous improvement, the organization provide the assurance that stakeholders require. Summary Compliance is crucial for the success of any organization, and the CCO plays a critical role in ensuring that the organization meets its obligations. However, they cannot do this alone or as an isolated part of the organization brought into the discussion after the fact. To support the CCO, the organization must adopt a proactive and integrative approach to compliance. This involves integrating compliance into the organization's culture, taking a proactive approach to compliance, providing the necessary resources, establishing clear communication channels, and adopting a culture of continuous improvement. By doing so, organizations minimize the risk of non-compliance and ensure it is able to continually stay between the lines and ahead of risk protecting value creation and engendering greater stakeholder trust.

  • Sustainable Development and Environmental Stewardship - Part 1

    This week we launched our “Learn with Me” program were we take a course together. The course we decided to start with is Sustainable Development (SD) and Environmental Stewardship (ES) provided for free by Polytechnique Montreal. This 4-week course introduces the topic and walks through 10 guidelines of sustainable development and environmental stewardship for Professional Engineers created by Engineers Canada in 2016. The first session began with us hearing from a variety of engineers, city planners, and others involved in sustainable engineering efforts. This provided the context of why this topic is so important. It also introduced us to important definitions: Sustainable Development - “development that meets the needs of the present without compromising the ability of future generations to meet their own needs” (Brundtland Commission) Environmental Stewardship - “the wisest use of the finite resources in nature to produce the greatest benefit while maintaining a healthy environment for the foreseeable future” (The World Federation of Engineering Organizations) Together, environmental stewardship is about keeping what we have, whereas sustainable development is about getting what we need. These definitions are intended to be practical and operational. They shape an objective to maintain a healthy environment at a cost but not at all costs recognizing that the environment will adapt and evolve. Sustainable engineering defines an approach to engineering to meet the challenges of sustainable development and environmental stewardship. Sustainable engineering assumes a broadened responsibility across the pillars of environmental, social and economic development. These pillars must be balanced to achieve a world that is livable, viable, and fair. The technical challenges alone that face sustainable engineering are immense. We learned using the IPAT equation that technologies will have to improve their efficiencies and emit up to 87% less green house gas for each unit of goods and service produced to achieve greenhouse emission targets. Clearly, there is much work to be done and considered. In many ways, in Canada, we have not done as much engineering as we used to. However, we now have an opportunity for that to change. Engineering needs to take on a more significant, broader, and intentional role if we are to achieve sustainable development and environmental stewardship objectives. To put all this into practice the national guideline on sustainable development and environmental stewardship for professional engineers outlines 10 guidelines for engineers: Engineers: Should maintain and continuously improve awareness and understanding of environmental stewardship, sustainability principles and issues related to their field of practice. Should use expertise of others to adequately address environmental and sustainability issues and enhance understanding and improve practices. Should incorporate global, regional and local societal values applicable to their work. Should establish mutually agreed sustainability indicators and criteria for environmental stewardship at the earliest possible stage in projects, and evaluate these periodically against performance targets. Should assess the costs and benefits of environmental protection, eco-system components, and sustainability in evaluating the economic viability of the work. Should integrate environmental stewardship and sustainability planning into the life- cycle planning and management of activities that impact the environment, and should implement efficient, sustainable solutions. Should seek and disseminate innovations that achieve a balance between environmental, social and economic factors while contributing to healthy surroundings in the built and natural environment. Should become engaged in a leadership role in the ongoing discussion of sustainability and environmental stewardship and solicit input from stakeholders and accredited experts in an open and transparent manner. Should assure that projects comply with regulatory and legal requirements by the application of best available, economically viable technologies and procedures. Should implement risk mitigation measures in time to minimize environmental degradation where there are threats of serious or irreversible damage but a lack of scientific certainty. Today these are voluntary for the most part. However, it is conceivable that in the near future “should” may be replaced with “shall” as governments strengthen their environmental commitment. Accepting responsibility is alway better when done voluntarily so now is the time for engineers to do just that. This after all is what engineers have always been good at –accepting responsibility – which is embedded in our code of ethics: The primary duty of engineers is to hold paramount the protection of public safety and welfare with due regard for the environment and societal values - Engineers Canada Code of Ethics I look forward to the weeks ahead as we continue to explore the topic of sustainable development (SD) and environmental stewardship (ES).

  • Compliance Compass To Make Certain You Are Always in Compliance

    The Hoshin Kanri method is a popular LEAN approach used to align strategy with outcomes. It uses what is called an X-Matrix that functions as a compass to ensure that all planned effort is working towards long term priorities and principles. The X-matrix is oriented in the following way: North : guiding principles, priorities or goals South : long term outcomes, results, or breakthrough objectives West : short term objectives, initiatives, or actions East : processes or metrics to improve The corners are used to map the correlation or contribution between each component of the matrix starting at the bottom and working your way around clock-wise. This is a great time of the year to get out your compliance compass and make sure that your plans are working towards better compliance. To help you do just that we created the following X-Matrix using The 10 Principles of Effective Compliance as the basis to guide initiatives towards better compliance outcomes: This compliance compass is available in XLS formats here . May it guide your path and help you make certain that you are always in compliance.

  • Risk-based Continuous Improvement

    Does your improvement process properly contend with uncertainty and risk? Continuous improvement in the form of Deming's wheel (plan-do-check-act) has helped organizations in recent decades significantly improve their business and manufacturing processes. Traditional PDCA is an iterative process based on four (sometimes more) stages: Plan: establish objectives and processes required to deliver the desired result Do: perform the previously defined plan. Check (study): data and results are gathered and evaluated against targeted goals, objectives, and outcomes. Act (adjust): actions are identified to address non-conformities, issues, and opportunities for improvement. Variations of this process exist and include: DMAIC, A3, Lean Improvement Kata, and others. Each one serves a slightly different purpose but what they have in common is that they focus on problems after they have manifested themselves. This makes continuous improvement a reactive process triggered by the presence of problems, non-conformance, or other issues. Risk-based continuous improvement is a proactive process that helps you anticipate, plan, and act to make certain that outcomes are advanced in the presence of uncertainty. The focus is on anticipating problems before they become a reality and is triggered not by the presence of issues but by the presence of uncertainty. Problem solving skills and capabilities used with traditional PDCA processes, for example root cause analysis, can also be used with risk-based continuous improvement. However, what makes the process proactive is the identification and assessment of uncertainty (the root cause of risk) along with the implementation of effective risk controls which are essential. It is the effectiveness of these processes that determine how well problems are prevented and opportunities are realized. It is with these that continuous improvement is most needed. Risk-based continuous improvement proactively contends with uncertainty and its effects on goal-directed endeavors. It is triggered not by the presence of a problem but by the presence of uncertainty. It is applied to each process affected by uncertainty along with the processes that anticipate, assess, and treat risk (i.e. risk controls) to improve their effectiveness.

bottom of page