top of page

SEARCH

Find what you need

608 results found with an empty search

  • Certainty and Compliance

    Risk management has for many years focused mostly on identifying possible losses and working out those probabilities. As beneficial as that might be it does not capture the full nature of uncertainty. ISO 31000 (and others) have tried to expand the definition but only go half way. They focus on the effects or better the symptoms and not the cause or the disease itself. Unfortunately, the lack of holistic approach and the negative connotations associated with the word risk, "Risk Management" is getting in the way of effectively contending with uncertainty. It's time for a change and why we no longer should only use risk. Historically compliance is considered as a means to keep risk at bay. When organizations are in compliance (i.e. operating consistently between the lines) they will in turn reduce the possibility of loss. This places compliance programs along side of the value chain with risk reduction as the goal. We have used this model in the past and in some cases it still make sense to do so. However, what we have found is that this approach tends to focus compliance mostly on conformance to rules attested by surveys and monitored by occasional audits. The goals seems to be only on "staying between the lines" and not staying ahead of risk. The lack of focus on the latter results in risk programs paying too much attention on risk identification and registers (staying between the lines) and not enough on contending with risk itself. In a sense, both risk & compliance suffer from too many check boxes and not enough action. A Need for Change Operationally, compliance at its core is the practice of meeting obligations in the presence of uncertainty. Risk management is a means to that end and more specifically, this should be the focus of operational risk management. This places the majority of risk programs: safety, sustainability, environmental, health, security, privacy, asset management, and so on, along side of the value chain with compliance as the outcome. However, compliance here does not mean check boxes. Instead, it means meeting all your obligations (conformance, performance, and outcome-based) in the presence of uncertainty. This change however is not enough in our estimation. To reflect the shift to improve the certainty of meeting obligations we have elected to call these certainty rather than risk programs. This aligns better with the ISO 31000 definition and the purpose of these programs which is - make certain (ensure) that objectives across the business are achieved. That is why we propose using the labels Certainty & Compliance rather than Risk & Compliance . There will still be a role for enterprise risk management but this should result in the creation of operational objectives that fall within certainty and compliance functions. The purpose of Certainty Programs is to keep organizations between the lines while increasing the probability of targeted outcomes and decreasing the probability of undesirable outcomes. These objectives should become part of certainty-based balanced scorecards instead of risk-based. This is more than semantics, it is a change in mindset, strategy, and focus.

  • Abandoning Risk Matrices: A Critical Step for Risk Management

    The world is changing, and with it, so are the risks that businesses and organizations face. Over the last year, there has been much discussion in the domain of risk management, with many experts raising concerns about the use of risk matrices. In fact, some are even calling for their abandonment altogether, citing the dangers of relying on them to make critical decisions. The best advice, it seems, is to do nothing rather than use a risk matrix – but is that really the best course of action? The first step in understanding and managing risk is to recognize that it is a complex, multifaceted issue. It cannot be reduced to a simple, one-dimensional matrix or a set of numbers. Rather, it requires a nuanced understanding of the qualitative nature of the risk or hazard at hand. This means taking the time to thoroughly evaluate the specific risks faced by your organization and developing a comprehensive plan to address them. While quantitative analysis using tools like Monte Carlo simulations can be helpful when data is available, the reality is that many risks are difficult to quantify. In these cases, a more qualitative approach is necessary. This might involve conducting interviews with subject matter experts, analyzing historical data and trends, and engaging in scenario planning exercises to develop a more complete picture of the risks involved. The question then becomes, where is the middle ground between qualitative and quantitative analysis? How can organizations strike a balance between the two to effectively manage risk? The answer lies in a holistic approach that considers all available data and insights. Rather than relying solely on a risk matrix or other semi-qualitative/quantitative tools, organizations must adopt a more comprehensive approach to risk management. This might involve developing a risk management framework that includes a range of qualitative and quantitative techniques, such as scenario planning, risk mapping, and probabilistic risk assessments. By taking a more holistic view of risk, organizations can develop a more nuanced understanding of the threats they face and develop strategies to mitigate them. By discarding risk matrices and not having a replacement plan, organizations run the risk of being exposed to various risks that cannot be easily categorized and analyzed quantitatively. It is not enough to simply avoid using risk matrices – organizations must be proactive in identifying and managing risk.This requires a commitment to ongoing risk management efforts, including regular assessments, monitoring, and updating of risk management plans. The debate around risk matrices and their use is an important one, but it is just one piece of the larger puzzle of risk management. To effectively manage risk, organizations must take a comprehensive, holistic approach that considers all available data and insights. The stakes are too high to simply do nothing – the future of organizations depends on it.

  • The Environmental Golden Thread

    An effective program results in changed outcomes. Therefore, for an environmental program to be effective it must perform in such a way so that outcomes are continually advanced towards the overall goal – community sustainability in the case of municipalities. For that to happen each pillar and the system as-a-whole must be operational. This means all essential parts working together to produce what no part can create on its own. We need a golden thread so to speak that runs through each environmental pillar that holds them altogether and defines what is essential for the pillar and the entire program to be operational and effective. As a current reference, The UK last year passed regulation requiring a golden information thread for building safety. This is a digital thread that will provide assurance during a buildings life-cycle that what should have been done was done. The environmental golden thread approach is an extension of this same thinking. It will provide leadership and management with the status of the environmental program, level of risk, and where investments might or need to be made across and through each pillar of their environmental program. Many do not have these tools but they are needed to advance environmental outcomes. As Elihayu Goldratt (father of Theory of Constraints) has said: "Partial implementation of a holistic approach is an oxymoron" An environmental golden thread can help ensure your environmental efforts produce more than the sum of your action plans. You can download a copy of our presentation from our recent webinar on the Environmental Golden Thread using the following link: If you are interested in learning more about how Lean Compliance can help you with your environmental efforts please book a 30 minute call with us:

  • The Nature of Environmental Obligations - Part 2

    In our previous blog post we considered the nature of environmental obligations from the perspective of their compliance approach and the shift from rules and audit-based regimes to performance and risk-based strategies. This week we continue our look at the nature of environmental obligations through the lens of regulatory, social, and government licenses to operate. Private and public sector obligations come from multiple sources that can be mapped to the following three type of licenses: Obligations arising from a regulatory license to operate. These come from accepting public responsibilities to behave in line with the conditions of an operating license. They tend to be mandatory and prescriptive in nature. They are often referred to as external obligations as they are imposed on organizations from external authorities. Obligations arising from a social license to operate . These come from accepting stakeholder responsibilities where stakeholder is defined in the broadest sense: employees, shareholders, communities, suppliers, customers, residence, the public at large – anyone who has a stake in what the organization is doing. These tend to be voluntary and more performance and outcome-based. They are referred to as internal obligations since organizations choose to impose these on themselves. Obligations arising from the authority to govern . These obligations are a result of accepting government responsibilities to contend with public risk. In the case of local governments they will have obligations from the previous two categories along with obligations associated with their role as regulator to inspect, enforce, monitor, and implement regulatory acts. In recent years internal obligations have approached parity and in some cases exceeded external obligations in many organizations driven to a large extent by the adoption of environmental, social, and governance (ESG) objectives. At the same time environmental obligations have increased across all categories in response to climate change. Unfortunately, compliance for many organizations focuses mostly on external obligations associated with a regulatory license to operate. This leaves a significant number of obligations, many of which are environmental, under-resourced, un-managed and at-risk. For compliance to be effective it must adapt to the changing landscape by expanding beyond mandatory and regulatory obligations to include obligations from all sources. This requires knowledge of the nature of obligations and strategies needed to meet them. Does compliance in your organization cover all your obligations?

  • The Nature of Environmental Obligations

    Recently the province of Ontario experienced a thunderstorm leaving 10 dead and hundreds of thousands without power for several weeks. Waiting to act until an incident has occurred is never the best option when it comes to environmental risk. This tends to result in significant disruption and other adverse effects that might otherwise have been avoided. However, this is the approach when compliance is based on the traditional operating principles of audits and corrective actions. To get ahead of environmental risk will require a change in mindset and behaviors of the kind that we have talked about in recent years. Just as we have seen quality and safety become more performance and risk-based the same shift is happening for environmental obligations with increasing measure. This shift will require an operational model that is more than training, audits and corrective actions. It will more akin to Total Quality Management (TQM) where better environmental outcomes are designed into products and services – Environmental By Design. Organizations will need to set goals and objectives, contend with uncertainty, continuously improve performance, and make progress in the advancement of environmental outcomes. The good news is the same principles applied to TQM and Operational Excellence can be used to meet environmental obligations. It's time for environmental compliance to become operational in the full sense of the word. Are environmental objectives included in your operational plans?

  • 3 Ways to Strengthen Your Defences

    There are 3 ways that we talk about strengthening defences: Reliability Resiliency Anti-fragility Reliability has to do we preventing disruption and most often by preventing failure of equipment, processes, systems, and other measures to prevent risk from becoming a reality. When reliability fails, we need Resilience to recover from the disruption created when that happens. In a storm trees need to bend and snap back and so do businesses. Anti-fragile is about getting stronger, better at what we do, as a result of disruption. This has much to do about learning and improving our defences to make them more robust. The airline industry has a strong safety record partly because after every incident they took a deep dive and learned from what happened. They became stronger at preventing accidents over time. They did not waste any knowledge that could be learned from disasters. All of this applies to meeting all our obligations and keeping our promises. We need to prevent non-conformance, recover from them should they occur, and get stronger when we learn from our experiences. What strategies have you adopted so that you endure in the presence of uncertainty? Are you abilities at keeping commitments to all your obligations getting stronger or weaker? Are you extracting all you can from your incidents?

  • A Failure in Cybersecurity – Lack of Intention

    When we hear the phrase cybersecurity many things may come to mind. You might think of such things as: Viruses and malware Email spam Phishing attacks Ransomware You might also think of things more technically in terms of: Internet, Internet of Things (IoT) Networks Firewalls VPNs Antivirus Software Passwords You might also think of things in terms of what is at stake, such as: Financial loss Loss of identity Loss of reputation Loss of business or the loss of your business Each of these groups represent the kinds of things that need to managed holistically, together, as a system, and pardon the pun, without any holes or as they say in the cybersecurity world, vulnerabilities. But what happens when vulnerabilities are exposed and what is valued is not protected? The LifeLabs Breach To explore the concept of cybersecurity and to bring the topic closer to home I thought it helpful to look at the LifeLabs breach that happened in Canada in 2019. Here are some of the key facts surrounding the event: This was the largest breach in Canada resulting from a ransomware attack 15 million people across Canada were affected by the theft of their private data. LifeLabs is reportedly facing lawsuits (in the billions) and certainly a loss in reputation and perhaps, maybe more. In recent weeks, I received an email from LifeLabs which was also sent to others affected by the breach. This latest communication outlines LifeLabs latest response in the wake of the ransomware attack. In the letter we read that LifeLabs has now: Appointed CISO (Chief information and Security Officer) Added CPO (Chief Protection Officer) and CIO (Chief Information Officer) Investing $50M to achieve ISO 27001 certification (international standard for information security management) Engaged third-party to evaluate their cybersecurity program Established an information security council Strengthened their detection technology Implemented yearly security awareness and training This certainly sounds substantial and it is. However, what this list of actions also tells me is that they had very little in place prior to the breach in terms of management accountability, oversight, standards, or anything that would let them know how well they were doing with respect to protecting patient data. It is good to see that they are addressing these now, perhaps, too little too late; time will tell. What we do know is that it will take time before these changes will significantly impact the improvement of their defences which they should have started to do years ago. Cybersecurity Risk Landscape When we look across the cybersecurity landscape one can make the following observations with respect to risk: Threats to people and things we care about are all around us and perhaps always will be. The risks that matter are connected with what is valued, and there are plenty of bad actors who are interested in what we value. The conditions for cybersecurity risk are also increasing, specifically now as more employees are working from home than ever before. Every company has a cybersecurity program, some are more effective than others. Cybersecurity is not only a technical problem; it is a business problem that requires a business solution. It is the last one that needs to be highlighted, underscored, and acted on the most. Cyber risk is a real threat, involves technical measures to address but is foremost a business problem that requires a business solution. LifeLabs' failure to prevent a breach was a failure in leadership and management which they are now attempting to address, and not necessarily a failure in their technology. Leadership intention and management commitment are needed for companies to keep the dragon of uncertainty from penetrating their defences and stealing their gold in whatever ways that is defined. Lack of Intention It used to be said that: There are two kinds of companies: those that have suffered a cyber-attack, and those that will. But now, we say it this way: There are two kinds of companies: those that have suffered a cyber-attack and those that don't know that they have. When they do find out it is often too late, and the effects too severe for many companies to survive its effects. Waiting until you have been breached to improve your cybersecurity defences is probably not the best business or technical strategy. However, many companies still take the wait and see approach. So what might motivate organizations to be more proactive with respect to improving their defences? Companies might consider a legal motivation. Regulations do exist and are expanding to compel organizations to establish adequate programs and measures. However, they are have not kept and fall short to adequately contend with cyber safety. Waiting for regulations to tell you what you must do will mostly likely also be too late. Improving cybersecurity defences is beneficial to reduce insurance costs, improve efficiencies if done correctly, and prevent disruptions which contributes to greater resiliency for your business. While these are all valuable outcomes, they are often considered as goals that are worked on after all other objectives have been met. Keeping what you value safe and protecting against lost can also be a power motivator particularly when it involves the safety of people and their livelihoods. But what lies behind all our motivations, is our intention. It is a company's intention that ultimately determines the effectiveness of their cybersecurity program and motivates improvement that are made. Research has shown that intention significantly determines what is accomplished. If your intention is to achieve ISO 27001 certification, for example, then that's what you will get, most likely, but you will most likely not improve your cyber security. However, if you want to improve your cyber security and choose ISO 27001 as the means to do that, then you will not only receive your certification, you will most likely improve your cybersecurity as well. You will get both. Where you aim determines what you achieve. Which is why organizations need to choose their goals well including those to improve cyber safety. In our next blog article we will look at various standards, guidelines, and strategies companies are using to address cybersecurity risk. #managedcybersafety

  • The Power of AI

    One of the powers of technology is its ability to externalize the means to achieve our ends. This is one way to evaluate what is happening with AI. It is externalizing the means by which we learn to the point that we don’t need to learn ourselves. What if meaning is found not by having the goal of our desire but instead by our participation in the means to make it happen. This makes the ends even more worthwhile because it is something we accomplished by our own agency, effort, and courage. Something to think about.

  • Value Stream Mapping - Just Don't Adopt the Tool, Exploit It!

    Value Stream Mapping (VSM) is a widely recognized and adopted lean management method used in various industries and domains including compliance. While many organizations focus on the tool itself, the true power of VSM lies in its ability to address complex problems and drive transformational improvements. In this blog post, we delve deeper into the essence of VSM and why it's crucial to move beyond the surface-level application of the tool to unlock its full potential. Understanding Value Stream Mapping Value Stream Mapping is a systematic approach to analyzing the current state of a process and designing a future state to deliver a product or service from its inception to the customer. It visualizes the flow of materials, information, and activities, highlighting value-adding and non-value-adding steps. By mapping the entire value stream, organizations gain a holistic view of the process, enabling them to identify bottlenecks, and waste but also areas of risk and compliance improvement. Beyond the Tool: Problem Solving with VSM VSM is not merely a visual representation of a process; it is a problem-solving tool. The true power of VSM lies in the subsequent steps after mapping the current state. While understanding the problem is the first step, it is through effective problem-solving that organizations can leverage VSM to drive significant improvements. Many organizations tend to focus on easily solvable issues or low-hanging fruit , resulting in incremental benefits. While these improvements are of some value, they do not maximize the potential of VSM. To truly exploit the power of VSM, organizations must have the courage and determination to address the hard problems that lie beneath the surface. Transformational Outcomes Organizations that choose to tackle challenging problems more likely will experience better outcomes. By focusing on the problems that really matter, they can initiate transformational changes in their value streams that go beyond eliminating waste and reducing lead times. They will also improve outcomes associated with quality, safety, security, sustainability, and ultimately stakeholder trust. Taking a proactive and comprehensive approach to problem-solving with VSM allows organizations to identify and eliminate root causes rather than simply treating symptoms. This will promote a culture of continuous improvement, fostering innovation, and driving sustainable change. Using VSM Strategically To extract the maximum value from VSM, organizations should adopt a strategic approach. Here are a few key considerations: Problem Prioritization : Identify the critical problems that have the most significant impact on the value stream and prioritize them accordingly. By focusing resources on these areas, organizations can achieve substantial improvements. Cross-Functional Collaboration : VSM involves multiple stakeholders from different departments and levels within the organization. Collaborative problem-solving encourages diverse perspectives, enabling the identification of comprehensive solutions and the alignment of goals. Continuous Improvement : VSM is not a one-time exercise; it is an ongoing journey. Regularly revisit and update the value stream maps as new challenges emerge, and continuously seek opportunities for improvement and risk reduction. Value Stream Mapping is a powerful tool that goes beyond its visual representation. To truly harness its potential, organizations must shift their focus from the tool itself to the problem-solving aspect. By addressing the hard problems, organizations can drive transformative improvements, eliminate waste, reduce risk, and achieve better outcomes associated with safety, security, sustainability, quality, and ultimately stakeholder trust. Strategic utilization of VSM, combined with a culture of continuous improvement, can pave the way for sustained success in any industry or domain. So, let's not just adopt VSM as a tool, but let's exploit its full potential to improve the probability of mission success.

  • Compliance: the triple threat against mission failure

    The creation of stakeholder value is an essential obligation that successful organizations willingly accept. Contrary to common misconceptions, compliance does not hinder the creation of stakeholder value; instead, it safeguards the value creation process and ensures its effectiveness. Compliance is not solely about adhering to rules but encompasses integrity, alignment, and operational excellence—a triple threat against mission failure. Compliance as defined by ISO is the outcome of meeting obligations and therefore plays a vital role in ensuring that organizations fulfill their responsibility to create stakeholder value along with other targeted outcomes. Stakeholders, including customers, employees, shareholders, and the community, have legitimate expectations from organizations. These expectations revolve around the delivery of quality products and services, ethical practices, fair treatment, and contributions to the community's well-being. For organizations to be considered compliant, they must meet all their obligations. Compliance and Stakeholder Value Compliance and the creation of stakeholder value are two interconnected aspects that play a crucial role in the success and sustainability of organizations. Compliance refers to adherence to legal, regulatory and internal obligations, industry standards, and ethical practices. It ensures that companies operate within the boundaries set by society and mitigate risks associated with non-compliance. On the other hand, creating stakeholder value involves considering the interests and needs of all stakeholders, including employees, customers, shareholders, communities, and the environment, and actively working towards fulfilling those expectations. These two elements are not mutually exclusive; rather, they are mutually reinforcing. Compliance provides a foundation for building trust and credibility with stakeholders. When companies prioritize compliance, they demonstrate their commitment to upholding ethical standards and responsible business practices. This, in turn, fosters stakeholder confidence and enhances the organization's reputation. Compliance also helps mitigate legal and reputational risks that could negatively impact stakeholder value. By adhering to regulations and standards, companies can avoid costly fines, legal disputes, and reputational damage, thus preserving stakeholder value and ensuring long-term sustainability. Integrity, Alignment, and Operational Excellence However, compliance goes beyond the mere adherence to prescriptive rules and regulations. It encompasses a broader set of principles that govern an organization's conduct. At its core, compliance is about upholding promises associated with all organizational obligations. This requires organizations to act with integrity, align their activities with their stated values and goals, and strive for operational excellence. Integrity ensures that organizations are transparent, honest, and accountable for their actions. It establishes trust among stakeholders, fosters long-term relationships, and safeguards the organization's reputation. Alignment refers to the consistent integration of compliance principles throughout an organization's structure, policies, and practices. It ensures that compliance is embedded in all decision-making processes, preventing conflicts and promoting a unified approach. Compliance helps align organizational values with operational objectives. Operational excellence is achieved through efficient and effective practices that meet compliance requirements while driving organizational success. By implementing robust compliance management systems, organizations can streamline processes, identify areas for improvement, and enhance overall performance. Operational excellence bolsters stakeholder confidence, reinforces trust, and creates a competitive advantage. Conclusion Compliance is not a separate entity from stakeholder value creation; rather, it is intertwined with it. Organizations must meet their obligation to create stakeholder value, and compliance ensures that this obligation is fulfilled effectively and ethically. Compliance encourages innovation by providing a framework within which organizations can explore new ideas while safeguarding stakeholder interests. Compliance is rooted in integrity, alignment, and operational excellence, serving as a triple threat against mission failure. By embracing compliance as an integral part of their operations, organizations can cultivate a culture of responsible and sustainable practices. This not only enhances stakeholder relationships but also paves the way for long-term success, growth, and positive societal impact. Compliance, therefore, should be viewed as an ally rather than a hindrance—an essential driver of stakeholder value creation in the modern business landscape.

  • When it comes to compliance, not only is it ok to load the dice, it's necessary.

    In the realm of gambling, loading the dice is unequivocally seen as cheating, a violation of both legal and moral principles. Whether it is the house or an individual player who engages in such tactics, the act itself undermines the fairness of the game. We expect the dice to be impartial, providing us with an equal chance of winning or losing. However, the landscape changes drastically when we shift our focus to compliance in organizations. In this context, loading the dice, or stacking the deck, becomes not only acceptable but necessary. Before you think I have gone off the deep end, keep reading. Loading the compliance dice does not imply evading or bypassing regulations. Instead, it involves taking proactive steps to understand, interpret, and implement the requirements effectively. It is about staying one step ahead, anticipating potential compliance challenges, and mitigating risks through diligent preparation and execution. It is about loading the dice to improve the probability of staying within the boundaries of laws, regulations, and ethical standards. If you are going to gamble with your compliance at least load the dice in your favour. Let's look at how this is done. Loading The Compliance Dice Compliance is the outcome of meeting obligations associated with laws, regulations, industry standards, and internal policies that govern the conduct of businesses and organizations. The complexity and ever-evolving nature of these requirements can present significant challenges. Non-compliance can lead to severe consequences, such as legal penalties, reputational damage, loss of trust, and even the demise of the organization itself. With so much at stake, it becomes imperative for organizations to employ strategies that maximize their chances of compliance success. Loading the compliance dice involves proactively taking steps to minimize the risks of non-compliance. It entails implementing systems, processes, and controls that ensure adherence to the relevant regulations and standards. Just as a card player (but for different reasons) might stack the deck in their favour to increase their chances of winning, organizations must strategically position themselves to navigate the intricate compliance landscape. One of the ways organizations load the compliance dice is by establishing robust internal compliance programs. These programs typically include policies, procedures, training initiatives, and monitoring mechanisms to ensure obligations are met across all levels of the organization. By investing in compliance infrastructure, organizations create an environment where employees understand their obligations, are equipped with the necessary knowledge and tools, and are incentivized to keep promises associated with obligations. Additionally, organizations may leverage technology to load the compliance dice in their favor. Automation and data analytics play a crucial role in enhancing compliance efforts. Advanced software solutions can help monitor and track compliance-related activities, identify potential risks, and detect anomalies or deviations from established protocols. By leveraging technology, organizations can proactively identify areas of concern and take corrective measures before they escalate into compliance breaches. Partnerships and collaborations can also contribute to loading the compliance dice. Organizations can engage with industry associations, regulatory bodies, and other stakeholders to stay updated on the latest regulatory changes and best practices. These partnerships can provide valuable insights, guidance, and support, enabling organizations to align their practices with evolving compliance requirements effectively. Risk Management The concept of loading the compliance dice closely connected to effective risk management for organizations. By strategically taking steps to minimize risks and enhance compliance efforts, organizations can stack the deck in their favor and increase their chances of staying within the boundaries of laws, regulations, and ethical standards. Loading the compliance dice emphasizes the importance of risk assessment and mitigation as integral parts of compliance strategies. Organizations need to identify and evaluate potential compliance risks, assess their impact, and implement appropriate controls and measures to manage those risks effectively. This proactive approach allows organizations to align their risk management practices with compliance requirements and safeguard their stakeholders. This involves implementing robust risk programs, leveraging technology, and fostering partnerships. These measures not only enable organizations to proactively identify and address potential risks but also enhance their ability to detect anomalies and deviations from established protocols. By doing so, organizations can mitigate risks before they escalate into compliance breaches and potential legal consequences. The practice of loading the dice can help develop a culture of proactivity. Organizations can strive to anticipate and address compliance challenges, protecting their reputation and ensuring the long-term viability of the business. Ultimately, by embracing effective risk management practices, organizations can enhance their ability to navigate the complex compliance landscape and achieve sustainable compliance success. It's time to load the compliance dice in favour of staying between the lines and head of risk. What do you think? It you are interested in learning how to improve the probability of compliance success for your program register for our upcoming Foundations course on the topic of Operational Risk :

  • If There Is Care You Will Find Quality

    Recently I spoke with a retired CEO of a successful semiconductor manufacturer who said to me when I asked him about quality, "if there is care you will find quality." If a company really cares about its customers it will invest in quality. That is what he has experienced over the years. It is the object of our care that is important. Quality cares about customers. This goes beyond respect as important as that is. Care includes: the provision of what is necessary for the health, welfare, maintenance, and protection of someone or something. serious attention or consideration applied to doing something correctly or to avoid damage or risk. Many people talk about the importance of a strong culture for a company to succeed at what it does. A strong culture can reinforce values, help provide direction to employees, and fill in the gaps between what is written in policies and procedures and how things are actually done. That is why alignment of culture with strategy is so important. If your culture is at odds with your strategy it is impossible to advance outcomes. However, trying to come up with a consistent culture that supports the values and strategies of an organization is not easy. Companies consist of different kinds of activities that require their own approach and have there own culture. Geoffrey Moore in his book, "Zone to Win" suggests four zones: performance, productivity, incubation, and transformation. Each of these is managed differently, has different strategies, and ultimately have their own cultures. In fact, one could go further and suggest that there are even subcultures beyond the ones for each zone. One could imagine a culture for each value that a company has: a safety culture, a quality culture, a risk culture, a learning culture and so on. Now add to this each person's own culture and no wonder companies have a difficult time bringing everyone onto the same page. This is where having a culture of care helps. Companies that care pursue excellence, work on doing things right, and strive to make sure that they look after their workers, customers, and environment. A culture like this would go along way to bringing everyone on the same page. If there is care you will find excellence If there is care you will find safety if there is care you will find quality if there is care you will find loyalty if there is care you will find integrity The great part of working in compliance is working with people who do care about things that really matter. If "C" in compliance stands for anything it stands for "Care"

bottom of page