Increasingly standards and regulatory bodies are promoting a holistic approach to compliance. However, many companies still implement compliance programs using an element-by-element approach that reinforces silo-ed behaviours and practices. This reductive and specialized approach, left to itself, will greatly diminish the effectiveness of the measures used to protect and ensure delivery of total value.
In this article, we will explore why silos are still used, what new compliance standards and regulations require, and how organizations can overcome the effects of compliance silos to improve overall effectiveness.
Organizational Structures
In many asset intensive companies accountability tends to be aligned to mirror the structure of the assets themselves. Many companies adopt a hierarchical management structure centred around operations and maintenance functions. This organization provides a single point of accountability for performance of process functions along with providing effective resourcing of specialist skills to keep a plant or facility operational.
A challenge for these kinds of organizations is how best to organize the management of systems and processes that are cross-functional. Compliance programs tend to be distributed across functional groups such as: quality, process safety, occupational safety, regulatory compliance, environment, and so on. Managers for these processes tend not to report to the same director or vice president.
It's no wonder why it's difficult to find a single point of accountability for a scope large enough to oversee the entire breadth that new regulations and standards require. This is perhaps one of the greatest obstacles to adopting holistic and programmatic compliance.
Evolution of Compliance Strategies
Regulations and standards have evolved over the years to respond to new challenges and learn from prior approaches. However, these changes have not always been adopted to the degree that many had hoped. This has left companies lagging behind often resorting to using old behaviours to address new requirements.
In the book entitled, "Guidelines for Risk Based Process Safety" published by the Center for Chemical Process Safety, Chapter 2 provides an excellent overview of how strategies have changed over the decades. While this is in the context of process safety, much of the history is shared with other compliance regulations and standards.
The following diagram (my annotations in RED) from this book presents the progression beginning with the focus on standards:
Standards and compliance based approaches tended towards prescriptive specifications which afforded consistency and could be verified easily by checklists.
However, the new compliance strategies are performance based requiring cross-functional processes. In order to apply continuous improvement and risk based thinking companies need to go beyond simple compliance towards the use of systems so that overall outcomes can be achieved and risks can be managed.
In recent years, this systems focus has increased the scope of several regulations and standards extending them beyond what is done by existing functional groups. Many companies are struggling to find a place in the organization to own the elements along with the system itself.
It's not uncommon to find many companies using existing practices and behaviours to meet new demands while keeping existing management structures mostly intact. However, this results in companies falling further behind when it comes to the adopting the practices that are needed to achieve overall system effectiveness.
Why This Matters – It's all about risk
A systems-based approach allows companies to take advantage of synergies across processes, practices, and behaviours along with eliminating duplication. However, this is not the only reason why systems are used.
A systems-based program provides the means to achieve outcomes and contend with risk. In fact, that's the purpose behind compliance programs.
James Reason introduced the Swiss Cheese model to illustrate how even small holes in safety barriers can lead to adverse effects. This model, adapted below for ISO 9000:2015, shows each component as layers that have their own processes and practices. These layers work together to produce the overall outcomes of the quality program.
As shown in the following diagram, latent or active failures even small can allow threats to materialize. It is by understanding how these breaches connect with each other that the overall system can be adequately protected.
To further this idea, the API Recommended Practice 1173 for Pipeline Safety Management System introduced in 2015, rightly states in their introduction:
"Major accidents with high consequences rarely occur due to a safety breakdown of a single activity but instead occur because of an alignment of weaknesses across multiple activities. While safety efforts may be applied individually to each activity more effective safety performance is achieved when viewing the linked activities as processes"
This holds true not only for safety but for all compliance programs. It is necessary to look across all programs to effectively manage risk. This is difficult to do when implementing processes in isolation within functional silos and when there is no clear accountability for the entire system.
Overcoming Compliance Silos
This brings us to the question of what can companies do to benefit from the new holistic compliance strategies when they are predominately organized in hierarchies.
A common approach used to support cross-functional processes is the matrix structure. This is used for projectized work which while different than management systems can offer some insights into similar issues and approaches.
With respect to projects, asset-based organizations tend to have a "weak" matrix organization as defined in the PMBOK®. Functional managers have stronger authority relative to project managers which makes sense given that ultimate accountability for such things as quality, safety and risk lies with those that own the assets.
In a previous blog, I introduced the concept of programs and systems. The role of a management program is similar to the use of programs used to manage related projects. Programs ensure system-wide outcomes and introduce changes to ensure alignment with program priorities and objectives.
Introducing a program role to oversee multiple compliance systems would help in the same way that programs help co-ordinate related projects. However, to fully benefit from this approach it's important to give that role greater accountability than that typically found in "weak" matrix organizations. The program role must have accountability at the same level as functional directors to ensure program outcomes. This creates a "strong" matrix organization at least with regards to compliance programs.
A program role would be accountable for:
The outcomes of the compliance system and related processes
Aligning corporate strategies and initiatives to program goals and objectives
Providing resources to operate, manage, and improve underlying systems
Identifying and managing program risks
Co-coordinating cross-functional responsibilities to deliver system outcomes