SEARCH

Safety is changing and with it regulations, standards, and strategies. This is particularly the case in the area of people or worker safety. In recent years there has been a growing debate and criticism with respect to safety outcomes, performance and the role of: Prescriptive compliance Safety measurements Lagging indicators Checklists "ZERO" goals Can't measure what didn't happen Quantitative metrics / reductive / reactive Leading indicators Safety management systems Heinrich's Safety Pyramid and others This has generated much discussion and debate along with new approaches to safety under names such as: Safety I & II Behavioral Based Safety Safety Differently Human and Organizational Performance It is too early to tell if these will converge into one unified approach to safety.  However, what we can say is that they are heading towards viewing safety more holistically as a system that can be improved over time through learning and continuous improvement. This will require new skills that include: risk-based and systems thinking, scientific methods, analytics, and continuous improvement. To prime the pump, so to speak, I have included the following video clip from the American Society of Safety Professionals ASSP (formerly ASSE) Safety 2017 conference. You will hear from leading experts in the field of BBS (Dr. E. Scott Geller) and HOP (Dr. Todd Conklin) along with companies such as GE discuss the merits of BBS and HOP based safety. The world of safety is changing and as some have said, "it's about time!"

Non-conformance is not a thing, in fact it is actually nothing. Non-conformance is defined by what it is not (negation) against the backdrop of a standard. Non-conformance is also the lack of what is necessary (privation). However, although non-conformance is actually nothing, its effects are real and devastating. When you chose not to follow a given standard you activate forces that push away from the standard and create the lack of what is necessary resulting in a vicious cycle where the effects are real and get worse over time. Not a good place to be or a good way to live.

Compliance functions tend to be lightly resourced and often overwhelmed doing the best they can to help organizations meet all their obligations. So the idea of replacing what they currently do with "simpler" processes particularly when it means doing less is very appealing. In the pursuit of compliance improvement we often run into a dichotomy (false or otherwise) between simple and complex. Simple is often associated with doing less and having basic capabilities, while complex is associated with doing more and incorporating advanced capabilities. However, when it comes to compliance doing less maybe simpler, but rarely is it effective, at least when it comes to advancing outcomes. That being said it does appear to be a common approach. This poses a real problem for those that want to do both: improve capabilities and keep it simple. It seems you can't have it both ways. Simplifying Processes Technology, and specifically cloud based application platforms are seen as a way to simplify work and improve productivity. These platforms can provide more coverage but usually at the expense of giving up functionality in order to appeal to a larger group of users and organizations. The trade off for compliance is between addressing more prescriptive elements covering a larger set of compliance objectives (ex. QEHS) or having improved capabilities to buy down risk and advance outcomes. The latter if available tends to require more effort, seen as complex, and not conducive to early wins and low hanging fruit. Additionally, if the primary goal is to pass an audit then it makes sense to choose the path that is simple, quick, and easy. Companies may also adopt LEAN behaviors and practices to simplify their processes by identifying and removing waste. Waste is defined as any activity that doesn't contribute to the creation of value. This can produce remarkable results, however, not usually when compliance is concerned because of how value has been defined. Value is defined as profit or margin. Therefore, any activity that takes away from this value is considered as waste. LEAN considers compliance as necessary but fundamentally as a waste and something to reduce or eliminate. As a result, inexperienced LEAN practitioners can end up removing compliance activities often without any objection from process owners who either don't know what is critical to compliance or would rather not do them for a variety of reasons. What is often forgotten or ignored is that companies pursue other values (or outcomes) beyond profit. These include trust, reputation, quality, safety, sustainability, and many others. Effective compliance programs ensure the advancement of these values which contribute to top line growth while the risk of not achieving them affects bottom line results. Simpler does tend to mean doing less: less work, less capabilities, and ending up with less outcomes. Is this the best that can be done or is there another way to keep it simple and still improve capabilities? The answer is yes, and one of the ways is to consider the idea of "embedding" rather than "eliminating" capabilities. Embedding versus Eliminating Compliance activities tend to focus on the collection of evidentiary artifacts through the use of inspections, audits, and other forms of data collection. These are driven by prescriptive obligations reinforced by reactive management behaviors where improvement is done using an audit/fix cycle. For many years we have known that embedding: quality, safety, environmental, and other compliance objectives improves outcomes while at the same time avoids excessive audits, inspections, incidents and non-conformance, all of which are the real wastes in the value stream. However, embedding these objectives in value streams is seldom encouraged in the pursuit of cost reduction and greater efficiency which often lies behind process improvement. Compliance objectives require the creation of their own value streams. Compliance value streams are those responsible for buying down risk to increase the probability that obligations will be met. By embedding compliance objectives into product and service value steams it is possible to achieve a simpler governing process that hides the complexity that many would otherwise rather remove. At the same time advanced capabilities are available when needed according to the level of risk being addressed. In fact, the resultant stream makes it easier for companies to stay between the lines as you are no longer fighting the current but instead going with the flow. Having it Both Ways Embedding compliance capabilities into value streams was and still remains the best strategy to reduce risk and ensure outcomes. Keeping it simple does not need to mean the elimination of these capabilities. Instead, capabilities can be incorporated (and even advanced) by merging product and service with compliance value streams. You can have it both ways: simpler and capable rather than simpler and ineffective . Please visit our website at www.leancompliance.ca to learn more on how to improve the effectiveness of your compliance program.

API RP 1173 provides a framework for companies to evaluate their safety systems and processes to more effectively buy down risk and continuously improve safety. This recommended practice incorporates and anticipates changes in the way safety, quality, environmental, and regulatory legislation and standards have shifted over the last decade from a reactive approach, based on prescription and audits, to a proactive approach, based on continuous improvement and the management of risk. To benefit from this new approach a more holistic and systems view of safety must be adopted focusing on both the means to buy down risk as well as the outcomes achieved by doing so. This is accomplished through continuous improvement of capabilities over time. To stay on course it is essential to have a compass and this is what the Hoshin Kanri LEAN X-Matrix Compass offers. Many companies that adopt LEAN practices have benefited from this approach which can also be used for those in highly-regulated, high-risk industries who are adopting a holistic approach to supporting quality, occupational safety, process safety, and environmental objectives as is the case for those migrating to API RP 1173. Using the X-Matrix Compass for API RP 1173 We have used the X-Matrix Compass to provide improvement roadmaps for quality, safety, environmental, and regulatory systems to help companies adapt to performance and outcome-based requirements. As means of an example, the following describes how this might look like for those adopting API RP 1173 The X-Matrix Compass helps to align the long-term needs with strategic initiatives, identify the most important activities along the way and determine the metrics that you need to improve. The name comes from the X that divides the matrix into 4 key quadrants: Long-term goals (south) Annual objectives or initiatives (west) Top-level priorities and principles (north) Processes and Metrics to improve (east) The following figure shows how this works in the context of API RP 1173: TRUE NORTH The center represents the current condition of the safety program along with the next challenge which in this example is to achieve level 4 safety systems maturity necessary to advance to the next level of outcomes represented as goals: Outcomes (Goals): The outcomes of an API RP 1173 will be different for every organization according to the level of risk, and the type of operations. Here is an example set of outcomes: Increased stakeholder trust, legitimacy and credibility Decreased corporate, operational, environmental, and reputational risk Increased safety and compliance excellence Continuous improvement and continuous compliance Zero incidents These represent what are called, terminal goals, that will need to be achieved through continual advancement and achievement of instrumental goals. RP 1173 Initiatives: The initiatives (objectives) on the left have been identified as the steps in the roadmap needed to make progress towards the overall goals. Identify all safety and compliance obligations Define Measures of Effectiveness, Performance, Compliance Identify standards to be used as normative processes Identify what is needed to meet obligations Establish systems/processes to always stay in compliance Identify and evaluate risk Embed safety into processes Identify and implement proactive and defensive strategies RP 1173 Principles (True North): The top of the compass is your True North, which are the principles that are always true to guide initiatives to advance overall goals. The following RP 1173 principles are taken directly from the recommended practice: Commitment, leadership, and oversight from top management are vital to the overall success of a PSMS. A safety-oriented culture is essential to enable the effective implementation and continuous improvement of safety management system processes and procedures. Risk management is an integral part of the design, construction, operation and maintenance of a pipeline. Pipelines are designed, constructed, operated, and maintained in a manner that complies with Federal, state, and local regulations. Pipeline operators conform to applicable industry codes and consensus standards with the goal of reducing risk, preventing releases, and minimizing the occurrence of abnormal operations. Defined operational controls are essential to the safe design, construction, operation, and maintenance of pipelines. Prompt and effective incident response minimizes the adverse impacts to life, property, and the environment. The creation of a learning environment for continuous improvement is achieved by investigating incidents thoroughly, fostering non-punitive reporting systems, and communicating lessons learned. Periodic evaluation of risk management effectiveness and pipeline safety performance improvement, including audits, are essential to assure effective PSMS performance. Pipeline operating personnel throughout the organization must effectively communicate and collaborate with one another. Further, communicating with contractors to share information that supports decision making and completing planned tasks (processes and procedures) is essential. Managing changes that can affect pipeline safety is essential. RP 1173 Processes and Metrics to Improve: Finally, the processes (on the right) are reinforced by the True North principles and are the mechanisms (the means) by which goals are achieved. Proactive thinking turns the 10 RP 1173 elements into processes that anticipate, plan, and act to create a future impact (i.e. the advancement of better safety outcomes). Leadership and management commitment Stakeholder engagement Risk management Operational controls Incident investigation, evaluation and lessons learned Safety assurance Management review and continuous improvement Emergency response and continuous improvement Competence, awareness, and training Documentation and record keeping The corners of the compass represent the alignment of all four quadrants. The greater the alignment, the better your performance will be. Gaps in alignment represent areas of potential risk and opportunities for improvement. RP 1173 Continuous Improvement: Continuous improvement is managed by going clock-wise around the compass using a Plan-Do-Check- Act cycle governed by the management program. An example process that we use is: Companies looking to move beyond current silos and reactive approaches with their safety will benefit from adopting a more holistic, systems approach such as API RP 1173 for Pipeline Safety Management System, and others. The X-Matrix Compass can be an effective management and governance tool to guide improvement roadmaps so that the benefits of these new performance / outcome based standards and guidelines can be realized. The X-Matrix Compass also provides management with the means to visualize the roadmap, align strategic and tactical efforts, and always stay on course with their true north. As we understand from LEAN, if you can't see it you can't improve it. Similarly, if you don't have a map and compass you will not likely reach your destination. If you are looking to develop your improvement roadmap for API RP1173, or other compliance objective contact us about how you can develop yours in just 12 weeks.

Compliance is much more than checking boxes and addressing non-conformance when it is discovered. It is about experiencing the benefits of compliance outcomes: delighted customers, safe and meaningful work, trusted manufacturers and suppliers, growing and sustainable economy, and an environment that we all want to work and live in. This requires a proactive approach focused on outcomes instead of a reactive approach focused on prescriptive requirements. Proactivity describes a process of action that includes: anticipating, planning, and striving to create a future outcome that has an impact. If you were more proactive with your compliance what would your business and work be like? What would you experience?

Ethical and proactive organizations are those that invest in improving their compliance performance and see it as an advantage in competing in highly-regulated, high-risk industries. When it comes to performance and outcome based compliance there are three aspects that you must consider: your capability (culture, systems, people) to be in compliance, the effectiveness of your compliance programs to reduce risk, the advancement of compliance outcomes . The greater your capabilities and the more effective your programs are the better you are able to contend with the effects of uncertainty in buying down risks or assigning appropriate margins to be more certain of achieving your outcomes. Or saying it another way, the better your compliance performance the more certain your value creation.

Back when I was in high school I had a teacher that would always say, "problems are our friend." At the time I didn't get it, probably because I didn't want to do the homework. However, looking back I realize that he was right. Working though the problems at the end of each chapter did help me to know if I really understood the material and was on track. Problems would become very good friends as I continued my engineering studies and throughout my career. However, not everyone views problems as helpful and sometimes this attitude shows up when it comes to safety, quality, environmental, and regulatory objectives particularly with respect to compliance metrics and reporting. It is all too common to hear that management does not like to see "red" in charts, or discuss "risks", or talk about problems in general. There may even be pressure to change the goals, change the units, or even change the colors so things "look" better when in reality the problems still remain. Although, you wouldn't know it when you looked at the metrics and therein lies the rub. The purpose of using metrics is to highlight where the problems are so that they can be fixed and improvements can be made to achieve better results. For metrics to be useful we need to see problems as our friends that help us rather then as enemies to avoid. This is what LEAN has helped us best to understand. LEAN teaches that if we cannot visualize problems we cannot see our way to improvement. One of the ways we can visualize problems is to make sure our metrics move beyond measures of compliance to include measures of performance, and effectiveness . This will help us to see whether problems are connected to conformance, capability, or progress in achieving goals and outcomes. If our metrics are always showing green it might be because we have decided to hide our problems instead of allowing the "red" to show through. It's time to view the red not as a problem that we want to avoid but rather as friend to let us know when we are on track or not.

A compass helps you to stay on course as you head towards your destination provided the world is flat. However, a compass can never prevent you from losing your way when you have as many dimensions as there are compliance programs. To maintain your direction across multiple dimensions you need a gimbal rather than a compass. A gimbal is a pivoted support that allows rotation of an object about an axis. It is specifically designed to handle multiple dimensions and always let's you know which way is up no matter how much the world around you has changed its direction. In today's changing landscape knowing which way is up is what helps keep organizations from falling outside the lines and risking their businesses. When you have three of more gimbals you can turn in any direction and you will always know your orientation in relation to a particular direction (i.e. the direction you have targeted). And knowing this is precisely what you need to properly adjust your course to make sure that you reach your destination and why organizations need an effective navigational system. Each component of GRC (Governance, Risk, and Compliance) functions like a gimbal oriented across the dimensions of each compliance program: quality, safety, environmental, regulatory, and ethics. Each GRC gimbal works together with the others to always let you know where you are relative to your compliance obligations when the landscape is always changing. It might be time to upgrade your navigational system to one that can handle all the dimensions of your compliance obligations. #GRC #Compliance #Risk

The goal of a compliance program is to improve the level of compliance of an organization. This differs from the goal of a compliance system which is to maintain a certain level of compliance. If you want to improve your compliance there are 5 questions you must answer which apply to any endeavor from projects, to flying to Mars (pg 16 – Performance Based Project Management by Glen B. Alleman) and to establishing an effective compliance program. Where are we going? How are we going to get there? What threats or opportunities will we encounter? Do we have everything we need? How are we going to measure our progress?

This is the perfect time of year to evaluate your compliance programs and make adjustments so that you achieve your objectives. However, to make that assessment you need to know where you are heading and then you can consider what paths will help and which ones to avoid. To help with your assessment here is a list of characteristics of what an Ideal Compliance Program might or even should look like. An Ideal Compliance Program will: Focus on outcomes Define comprehensive, clear and concise obligations Specify unambiguous goals and objectives Utilize standards to ensure normative behaviors Embed compliance to always keep you out of danger Be friction-less (doesn't add drag to your work processes) Effectively meet all required and voluntary obligations Consistently perform to your higher standards Easily adapt to meet new compliance obligations Implement systems that always keep you in compliance Be ethical, transparent, and have a high-degree of integrity Always improve Compliance is not just what you do at the end of everything else. It is instead, a competency that you improve over time to ensure that you achieve your business outcomes. #IdealCompliance

Rule # 2 - Take Ownership of All Your Obligations Being proactive with your compliance begins with taking ownership of all your obligations and this includes defining program outcomes and objectives. You may argue or debate what compliance program outcomes and objectives could or should be. What you cannot be is uncertain as to what they are. If your program goal is zero incidents then you know what your commitment needs to be. If your goal is to achieve a higher standard of quality then you also know what you need to do to achieve that. The outcomes you choose will direct where you are aiming, the strategies to get you there, and the capabilities you need to make progress towards them. Research shows that companies who adopted ISO 9001 Quality Management System (QMS) standard for the purpose of certification achieved just that – certification. These companies rarely saw an improvement in their quality. However, companies that wanted to improve their quality and chose to implement ISO 9001 as a means to get there, not only achieved certification, but they also improved their quality. They got both. The difference with these two companies was where they aimed. Where are your quality, safety, environmental, or regulatory compliance programs aiming at this year?

This is a work of fiction. Names, characters, businesses, places, events, locales, and incidents are either the products of the author's imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental. We thought we were doing OK. We really did. I guess we were wrong. We consider ourselves an ethical company and take quality very seriously. We have someone assigned to all the typical compliance areas: quality, safety, environmental, and regulatory. We thought we had it all covered. We always conduct our periodic audits and pass all our certifications. However, auditors always found something, but that's normal. Auditors always need to find something, right? Nothing big mind you. Just little things for our people to work on; something to improve. The point is that by every measure we were doing just fine. We didn't expect that something would go this wrong. We had no idea, it was only a small change. We just needed to pass an emissions test. We had a timeline and time was running out. We had to do something. Some of the staff worked around the clock and came up with a software work-around that would fix the issue. Great! It was tested, it worked, and we were good to go. I guess we didn't expect that a small change would blow up in our faces. We never imagined this would expose a fault that was always there and something that we should have addressed long ago. What was that fault? Well, its not what you might think. It was a fault in our communication. When senior managers asked if the emissions issue was addressed, the answer given was yes. This was true (kind of). They were glad to hear that we could ship on time. That's all they cared about, at least that's what all their communication had indicated. Everyone who worked on the solution was considered a hero and were even given extra time off. I think in retrospect they would give all that time back if they could. It wasn't too long that this would blow up in our faces – big time. Hero to goat overnight. We are not sure if we will even survive this. You see, what happened was we took a short cut. Some might call it cheating although we didn't think of it that way at the time. The staff were just trying to solve a problem. They figured out they could adjust how our product works to lower the emissions while it was being tested. The product could ship on time and everything would be good – right? No, wrong! Once what we did was discovered, our reputation was in the toilet. Only a few people actually knew how the issue was solved. Frankly, nobody really cared how it was done. As long as we could ship, that's all that mattered. We were wrong about that. Apparently, it does matter – it matters a lot. Who was at fault? At one level it was the coders. However, that's the wrong way to think about it. It was the whole company's fault. We ask our staff too often to perform miracles so that production targets are met. We should have never asked them to do "whatever it takes" to solve problems like this, or any problem for that matter. I hope we get a chance to learn from what happened. However, our reputation is badly damaged that I am not sure if we will get the chance. It's going to take a long time to earn back the trust we lost with our customers. We could have done better. We should have done better and now we are paying for it.