SEARCH

API RP 1173 provides a framework for companies to evaluate their safety systems and processes to more effectively buy down risk and continuously improve safety. This recommended practice incorporates and anticipates changes in the way safety, quality, environmental, and regulatory legislation and standards have shifted over the last decade from a reactive approach, based on prescription and audits, to a proactive approach, based on continuous improvement and the management of risk. To benefit from this new approach a more holistic and systems view of safety must be adopted focusing on both the means to buy down risk as well as the outcomes achieved by doing so. This is accomplished through continuous improvement of capabilities over time. To stay on course it is essential to have a compass and this is what the Hoshin Kanri LEAN X-Matrix Compass offers. Many companies that adopt LEAN practices have benefited from this approach which can also be used for those in highly-regulated, high-risk industries who are adopting a holistic approach to supporting quality, occupational safety, process safety, and environmental objectives as is the case for those migrating to API RP 1173. Using the X-Matrix Compass for API RP 1173 We have used the X-Matrix Compass to provide improvement roadmaps for quality, safety, environmental, and regulatory systems to help companies adapt to performance and outcome-based requirements. As means of an example, the following describes how this might look like for those adopting API RP 1173 The X-Matrix Compass helps to align the long-term needs with strategic initiatives, identify the most important activities along the way and determine the metrics that you need to improve. The name comes from the X that divides the matrix into 4 key quadrants: Long-term goals (south) Annual objectives or initiatives (west) Top-level priorities and principles (north) Processes and Metrics to improve (east) The following figure shows how this works in the context of API RP 1173: TRUE NORTH The center represents the current condition of the safety program along with the next challenge which in this example is to achieve level 4 safety systems maturity necessary to advance to the next level of outcomes represented as goals: Outcomes (Goals): The outcomes of an API RP 1173 will be different for every organization according to the level of risk, and the type of operations. Here is an example set of outcomes: Increased stakeholder trust, legitimacy and credibility Decreased corporate, operational, environmental, and reputational risk Increased safety and compliance excellence Continuous improvement and continuous compliance Zero incidents These represent what are called, terminal goals, that will need to be achieved through continual advancement and achievement of instrumental goals. RP 1173 Initiatives: The initiatives (objectives) on the left have been identified as the steps in the roadmap needed to make progress towards the overall goals. Identify all safety and compliance obligations Define Measures of Effectiveness, Performance, Compliance Identify standards to be used as normative processes Identify what is needed to meet obligations Establish systems/processes to always stay in compliance Identify and evaluate risk Embed safety into processes Identify and implement proactive and defensive strategies RP 1173 Principles (True North): The top of the compass is your True North, which are the principles that are always true to guide initiatives to advance overall goals. The following RP 1173 principles are taken directly from the recommended practice: Commitment, leadership, and oversight from top management are vital to the overall success of a PSMS. A safety-oriented culture is essential to enable the effective implementation and continuous improvement of safety management system processes and procedures. Risk management is an integral part of the design, construction, operation and maintenance of a pipeline. Pipelines are designed, constructed, operated, and maintained in a manner that complies with Federal, state, and local regulations. Pipeline operators conform to applicable industry codes and consensus standards with the goal of reducing risk, preventing releases, and minimizing the occurrence of abnormal operations. Defined operational controls are essential to the safe design, construction, operation, and maintenance of pipelines. Prompt and effective incident response minimizes the adverse impacts to life, property, and the environment. The creation of a learning environment for continuous improvement is achieved by investigating incidents thoroughly, fostering non-punitive reporting systems, and communicating lessons learned. Periodic evaluation of risk management effectiveness and pipeline safety performance improvement, including audits, are essential to assure effective PSMS performance. Pipeline operating personnel throughout the organization must effectively communicate and collaborate with one another. Further, communicating with contractors to share information that supports decision making and completing planned tasks (processes and procedures) is essential. Managing changes that can affect pipeline safety is essential. RP 1173 Processes and Metrics to Improve: Finally, the processes (on the right) are reinforced by the True North principles and are the mechanisms (the means) by which goals are achieved. Proactive thinking turns the 10 RP 1173 elements into processes that anticipate, plan, and act to create a future impact (i.e. the advancement of better safety outcomes). Leadership and management commitment Stakeholder engagement Risk management Operational controls Incident investigation, evaluation and lessons learned Safety assurance Management review and continuous improvement Emergency response and continuous improvement Competence, awareness, and training Documentation and record keeping The corners of the compass represent the alignment of all four quadrants. The greater the alignment, the better your performance will be. Gaps in alignment represent areas of potential risk and opportunities for improvement. RP 1173 Continuous Improvement: Continuous improvement is managed by going clock-wise around the compass using a Plan-Do-Check- Act cycle governed by the management program. An example process that we use is: Companies looking to move beyond current silos and reactive approaches with their safety will benefit from adopting a more holistic, systems approach such as API RP 1173 for Pipeline Safety Management System, and others. The X-Matrix Compass can be an effective management and governance tool to guide improvement roadmaps so that the benefits of these new performance / outcome based standards and guidelines can be realized. The X-Matrix Compass also provides management with the means to visualize the roadmap, align strategic and tactical efforts, and always stay on course with their true north. As we understand from LEAN, if you can't see it you can't improve it. Similarly, if you don't have a map and compass you will not likely reach your destination. If you are looking to develop your improvement roadmap for API RP1173, or other compliance objective contact us about how you can develop yours in just 12 weeks.

Compliance is much more than checking boxes and addressing non-conformance when it is discovered. It is about experiencing the benefits of compliance outcomes: delighted customers, safe and meaningful work, trusted manufacturers and suppliers, growing and sustainable economy, and an environment that we all want to work and live in. This requires a proactive approach focused on outcomes instead of a reactive approach focused on prescriptive requirements. Proactivity describes a process of action that includes: anticipating, planning, and striving to create a future outcome that has an impact. If you were more proactive with your compliance what would your business and work be like? What would you experience?

Ethical and proactive organizations are those that invest in improving their compliance performance and see it as an advantage in competing in highly-regulated, high-risk industries. When it comes to performance and outcome based compliance there are three aspects that you must consider: your capability (culture, systems, people) to be in compliance, the effectiveness of your compliance programs to reduce risk, the advancement of compliance outcomes . The greater your capabilities and the more effective your programs are the better you are able to contend with the effects of uncertainty in buying down risks or assigning appropriate margins to be more certain of achieving your outcomes. Or saying it another way, the better your compliance performance the more certain your value creation.

Back when I was in high school I had a teacher that would always say, "problems are our friend." At the time I didn't get it, probably because I didn't want to do the homework. However, looking back I realize that he was right. Working though the problems at the end of each chapter did help me to know if I really understood the material and was on track. Problems would become very good friends as I continued my engineering studies and throughout my career. However, not everyone views problems as helpful and sometimes this attitude shows up when it comes to safety, quality, environmental, and regulatory objectives particularly with respect to compliance metrics and reporting. It is all too common to hear that management does not like to see "red" in charts, or discuss "risks", or talk about problems in general. There may even be pressure to change the goals, change the units, or even change the colors so things "look" better when in reality the problems still remain. Although, you wouldn't know it when you looked at the metrics and therein lies the rub. The purpose of using metrics is to highlight where the problems are so that they can be fixed and improvements can be made to achieve better results. For metrics to be useful we need to see problems as our friends that help us rather then as enemies to avoid. This is what LEAN has helped us best to understand. LEAN teaches that if we cannot visualize problems we cannot see our way to improvement. One of the ways we can visualize problems is to make sure our metrics move beyond measures of compliance to include measures of performance, and effectiveness . This will help us to see whether problems are connected to conformance, capability, or progress in achieving goals and outcomes. If our metrics are always showing green it might be because we have decided to hide our problems instead of allowing the "red" to show through. It's time to view the red not as a problem that we want to avoid but rather as friend to let us know when we are on track or not.

A compass helps you to stay on course as you head towards your destination provided the world is flat. However, a compass can never prevent you from losing your way when you have as many dimensions as there are compliance programs. To maintain your direction across multiple dimensions you need a gimbal rather than a compass. A gimbal is a pivoted support that allows rotation of an object about an axis. It is specifically designed to handle multiple dimensions and always let's you know which way is up no matter how much the world around you has changed its direction. In today's changing landscape knowing which way is up is what helps keep organizations from falling outside the lines and risking their businesses. When you have three of more gimbals you can turn in any direction and you will always know your orientation in relation to a particular direction (i.e. the direction you have targeted). And knowing this is precisely what you need to properly adjust your course to make sure that you reach your destination and why organizations need an effective navigational system. Each component of GRC (Governance, Risk, and Compliance) functions like a gimbal oriented across the dimensions of each compliance program: quality, safety, environmental, regulatory, and ethics. Each GRC gimbal works together with the others to always let you know where you are relative to your compliance obligations when the landscape is always changing. It might be time to upgrade your navigational system to one that can handle all the dimensions of your compliance obligations. #GRC #Compliance #Risk

The goal of a compliance program is to improve the level of compliance of an organization. This differs from the goal of a compliance system which is to maintain a certain level of compliance. If you want to improve your compliance there are 5 questions you must answer which apply to any endeavor from projects, to flying to Mars (pg 16 – Performance Based Project Management by Glen B. Alleman) and to establishing an effective compliance program. Where are we going? How are we going to get there? What threats or opportunities will we encounter? Do we have everything we need? How are we going to measure our progress?

This is the perfect time of year to evaluate your compliance programs and make adjustments so that you achieve your objectives. However, to make that assessment you need to know where you are heading and then you can consider what paths will help and which ones to avoid. To help with your assessment here is a list of characteristics of what an Ideal Compliance Program might or even should look like. An Ideal Compliance Program will: Focus on outcomes Define comprehensive, clear and concise obligations Specify unambiguous goals and objectives Utilize standards to ensure normative behaviors Embed compliance to always keep you out of danger Be friction-less (doesn't add drag to your work processes) Effectively meet all required and voluntary obligations Consistently perform to your higher standards Easily adapt to meet new compliance obligations Implement systems that always keep you in compliance Be ethical, transparent, and have a high-degree of integrity Always improve Compliance is not just what you do at the end of everything else. It is instead, a competency that you improve over time to ensure that you achieve your business outcomes. #IdealCompliance

Rule # 2 - Take Ownership of All Your Obligations Being proactive with your compliance begins with taking ownership of all your obligations and this includes defining program outcomes and objectives. You may argue or debate what compliance program outcomes and objectives could or should be. What you cannot be is uncertain as to what they are. If your program goal is zero incidents then you know what your commitment needs to be. If your goal is to achieve a higher standard of quality then you also know what you need to do to achieve that. The outcomes you choose will direct where you are aiming, the strategies to get you there, and the capabilities you need to make progress towards them. Research shows that companies who adopted ISO 9001 Quality Management System (QMS) standard for the purpose of certification achieved just that – certification. These companies rarely saw an improvement in their quality. However, companies that wanted to improve their quality and chose to implement ISO 9001 as a means to get there, not only achieved certification, but they also improved their quality. They got both. The difference with these two companies was where they aimed. Where are your quality, safety, environmental, or regulatory compliance programs aiming at this year?

This is a work of fiction. Names, characters, businesses, places, events, locales, and incidents are either the products of the author's imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental. We thought we were doing OK. We really did. I guess we were wrong. We consider ourselves an ethical company and take quality very seriously. We have someone assigned to all the typical compliance areas: quality, safety, environmental, and regulatory. We thought we had it all covered. We always conduct our periodic audits and pass all our certifications. However, auditors always found something, but that's normal. Auditors always need to find something, right? Nothing big mind you. Just little things for our people to work on; something to improve. The point is that by every measure we were doing just fine. We didn't expect that something would go this wrong. We had no idea, it was only a small change. We just needed to pass an emissions test. We had a timeline and time was running out. We had to do something. Some of the staff worked around the clock and came up with a software work-around that would fix the issue. Great! It was tested, it worked, and we were good to go. I guess we didn't expect that a small change would blow up in our faces. We never imagined this would expose a fault that was always there and something that we should have addressed long ago. What was that fault? Well, its not what you might think. It was a fault in our communication. When senior managers asked if the emissions issue was addressed, the answer given was yes. This was true (kind of). They were glad to hear that we could ship on time. That's all they cared about, at least that's what all their communication had indicated. Everyone who worked on the solution was considered a hero and were even given extra time off. I think in retrospect they would give all that time back if they could. It wasn't too long that this would blow up in our faces – big time. Hero to goat overnight. We are not sure if we will even survive this. You see, what happened was we took a short cut. Some might call it cheating although we didn't think of it that way at the time. The staff were just trying to solve a problem. They figured out they could adjust how our product works to lower the emissions while it was being tested. The product could ship on time and everything would be good – right? No, wrong! Once what we did was discovered, our reputation was in the toilet. Only a few people actually knew how the issue was solved. Frankly, nobody really cared how it was done. As long as we could ship, that's all that mattered. We were wrong about that. Apparently, it does matter – it matters a lot. Who was at fault? At one level it was the coders. However, that's the wrong way to think about it. It was the whole company's fault. We ask our staff too often to perform miracles so that production targets are met. We should have never asked them to do "whatever it takes" to solve problems like this, or any problem for that matter. I hope we get a chance to learn from what happened. However, our reputation is badly damaged that I am not sure if we will get the chance. It's going to take a long time to earn back the trust we lost with our customers. We could have done better. We should have done better and now we are paying for it.

Focusing on non-conformance is the first level of compliance. This involves meeting the prescriptive part of a regulation or industry standard. However, standards and regulations have changed and are now more performance-based focused on continuous improvement and risk. Instead of asking the question, "did we follow the procedure?" Compliance has evolved to answering a different question which is, "how well are we at achieving outcomes such as: zero injuries, zero defects, zero violations, zero environmental impacts, zero ethical misconducts?" The former is reactive, looking at the past. The latter is proactive, anticipating the future.

Turtle diagrams are often used to document processes in support of ISO standards and guidelines. However, they tend not to include compliance and risk as part of process definitions. That's why we created the Compliance Beetle so you can document compliance and risk considerations directly within each process. Download your template here . #RiskAssessment #ComplianceInsights #Complianceimprovement #RiskbasedThinking

The purpose given for companies is often stated as making profit. However, companies can exist for a greater purpose. They can exist to create opportunities for people to work so that their potential can be realized to some degree. The greater the degree, the more humanized the workplace becomes. However, when workers are used like “machinery” the work becomes dehumanizing. There is always a tendency (for the sake of efficiency) to separate humanity from the mechanics of business. Perhaps, when businesses are completely robotic (if that is even desirable) we can achieve total separation and no one needs to worry about values and ethics in the workplace anymore. In fact, we would not have workplace and I wonder if we could still call these businesses either. In a similar way, we can think of compliance in a dehumanizing fashion. Compliance for many companies is seen as a tax on productivity and something that should be reduced. This may lead to viewing compliance roles as something that we want to reduce and replace with technology. However, when taking a closer look we notice that compliance has more to do with managing risks than it does conformance to standards and following rules. Managing risk is a human-centric process that requires people to anticipate, plan and act to prevent or mitigate a threat or enable and exploit an opportunity. In fact, not only is risk management human-centric it is very much an ethical process. For example, safety involves making decisions that involve risk. Risk-based decisions due to their inherent uncertainty are in the category of ethical decisions that a company makes and cannot easily (or at all) be reduced to a set of rules or to a machine. If the risk can be completely eliminated by removing the hazard then rule-based decisions (the kinds that computers can do) might be appropriate. However, should the hazard remain and uncertainty persist then the decision to proceed becomes an ethical choice which is only something humans can do. #Ethicalcompliance #complianceandvalues