Compliance functions tend to be lightly resourced and often overwhelmed doing the best they can to help organizations meet all their obligations. So the idea of replacing what they currently do with "simpler" processes particularly when it means doing less is very appealing.
In the pursuit of compliance improvement we often run into a dichotomy (false or otherwise) between simple and complex. Simple is often associated with doing less and having basic capabilities, while complex is associated with doing more and incorporating advanced capabilities.
However, when it comes to compliance doing less maybe simpler, but rarely is it effective, at least when it comes to advancing outcomes. That being said it does appear to be a common approach.
This poses a real problem for those that want to do both: improve capabilities and keep it simple. It seems you can't have it both ways.
Simplifying Processes
Technology, and specifically cloud based application platforms are seen as a way to simplify work and improve productivity. These platforms can provide more coverage but usually at the expense of giving up functionality in order to appeal to a larger group of users and organizations.
The trade off for compliance is between addressing more prescriptive elements covering a larger set of compliance objectives (ex. QEHS) or having improved capabilities to buy down risk and advance outcomes. The latter if available tends to require more effort, seen as complex, and not conducive to early wins and low hanging fruit. Additionally, if the primary goal is to pass an audit then it makes sense to choose the path that is simple, quick, and easy.
Companies may also adopt LEAN behaviors and practices to simplify their processes by identifying and removing waste. Waste is defined as any activity that doesn't contribute to the creation of value. This can produce remarkable results, however, not usually when compliance is concerned because of how value has been defined.
Value is defined as profit or margin. Therefore, any activity that takes away from this value is considered as waste. LEAN considers compliance as necessary but fundamentally as a waste and something to reduce or eliminate. As a result, inexperienced LEAN practitioners can end up removing compliance activities often without any objection from process owners who either don't know what is critical to compliance or would rather not do them for a variety of reasons.
What is often forgotten or ignored is that companies pursue other values (or outcomes) beyond profit. These include trust, reputation, quality, safety, sustainability, and many others. Effective compliance programs ensure the advancement of these values which contribute to top line growth while the risk of not achieving them affects bottom line results.
Simpler does tend to mean doing less: less work, less capabilities, and ending up with less outcomes.
Is this the best that can be done or is there another way to keep it simple and still improve capabilities? The answer is yes, and one of the ways is to consider the idea of "embedding" rather than "eliminating" capabilities.
Embedding versus Eliminating
Compliance activities tend to focus on the collection of evidentiary artifacts through the use of inspections, audits, and other forms of data collection. These are driven by prescriptive obligations reinforced by reactive management behaviors where improvement is done using an audit/fix cycle.
For many years we have known that embedding: quality, safety, environmental, and other compliance objectives improves outcomes while at the same time avoids excessive audits, inspections, incidents and non-conformance, all of which are the real wastes in the value stream. However, embedding these objectives in value streams is seldom encouraged in the pursuit of cost reduction and greater efficiency which often lies behind process improvement.
Compliance objectives require the creation of their own value streams. Compliance value streams are those responsible for buying down risk to increase the probability that obligations will be met.
By embedding compliance objectives into product and service value steams it is possible to achieve a simpler governing process that hides the complexity that many would otherwise rather remove. At the same time advanced capabilities are available when needed according to the level of risk being addressed.
In fact, the resultant stream makes it easier for companies to stay between the lines as you are no longer fighting the current but instead going with the flow.
Having it Both Ways
Embedding compliance capabilities into value streams was and still remains the best strategy to reduce risk and ensure outcomes.
Keeping it simple does not need to mean the elimination of these capabilities. Instead, capabilities can be incorporated (and even advanced) by merging product and service with compliance value streams.
You can have it both ways: simpler and capable rather than simpler and ineffective.
Please visit our website at www.leancompliance.ca to learn more on how to improve the effectiveness of your compliance program.