SEARCH

In a previous webinar I was asked this question with respect to compliance: Question: What would be the one area of an organization to start the focus on transitioning from reactive to proactive compliance? Short answer : the area where the obligations are most at risk. Longer answer: organizational designs based on "Taylor-ism" structure themselves around the specialization of work. Each level of work will have a different time horizon. The first level of work is concerned with the here and now; what will I do today, this hour, this moment. The next layer of work focuses on what needs to be done this week and so on up the organization. The level of reactivity will be the highest at the bottom of the organization and should become more proactive as you move up the organization. What we have observed is that the transition between reactive and proactive occurs most often at the director level of the organization; those that direct or lead managers. They are concerned more with effectiveness rather than efficiency. They will have a time horizon (1-3 years) that requires that they set goals, identify strategies, and anticipate and contend with risk which are all proactive activities. However, in many organizations directors are not proactive and instead manage managers rather than direct them. So I would begin with the directors of quality, safety, environmental, and regulatory programs. If they are not proactive the company can never be. Lean Compliance has a program to help directors become more proactive with their compliance. More information can be found here .

Many companies apply linear thinking and steps when attempting to improve their risk and compliance systems. As a result they never reach program effectiveness leaving organizations at risk which threatens their mission success. That's why we recommend companies simultaneously establish the following essential operational processes that work together as a whole to achieve, sustain, and advance compliance performance and outcomes. Maturity of each process can be advanced to achieve higher performance and better outcomes while remaining aligned with each other and overall business objectives.

Balanced scorecards help companies track performance. In today's marketplace characterized by digital disruption you need to make sure that you track more than just performance along the value chain. You need to include areas of your business that are responsible for innovation and growth. These will have different measures and different management approaches. However, what you need most of all is to track progress against outcomes. Are we increasing value in the eyes of our customers? Are margins improving? Are we mitigating risks to ensure outcomes are advanced? Make sure your scorecard covers your entire business model.

The causality model chosen to describe a system often leads to specific methods and tools to address uncertainty and risk.  This may create blind spots when the causality model does not adequately reflect reality.  Make sure that your continuous improvement programs improve system models as well as processes.

With the increases in the number and severity of security breaches, digital factories could benefit from risk-based process safety management to protect against unexpected releases of private data, information, and insights. Process Safety is a combination of engineering and management skills focused on preventing catastrophic accidents, particularly explosions, fires, and toxic releases, associated with the use of chemicals and petroleum products. Process safety practices have evolved over decades of experience and many lessons learned. Process Safety is focused on the identification of hazards and their effective removal and or mitigation. Safety barriers (i.e. risk controls) are put in place to guard against unexpected releases and are designed into the process and then maintained for the life of the facility. A Management of Change (MOC) process is used to preserve the design of the facility along with existing safety barriers. Either one can be modified provided that risk is managed. In the case of an incident an emergency response system is used to minimize consequences and to restore safe operations.

Many of us participate in consumer platforms that collect and use data to improve their products, operations, and ultimately profits. This is often without consent although that is beginning to change. Nevertheless, what is clear is that having this information is an advantage. However, when it comes to collecting and using compliance data the story is very different. Companies for the most part must voluntarily participate in information sharing programs which often do not exist and where the use of their information is unclear. No wonder they are less willing to share information even within their own sectors. However, this comes at the expense of making needed improvements. Given the proposed voluntary information safety sharing program being considered will pipeline operators voluntarily participate knowing that pipeline safety is at stake? Even if they did do they have the IT infrastructure in place to collect and provide the data and how will this information be protected against misuse or cyber attack? For those who would like to learn more about the proposed voluntary information sharing (VIS) program can find the working group report here .

Safety is changing and with it regulations, standards, and strategies. This is particularly the case in the area of people or worker safety. In recent years there has been a growing debate and criticism with respect to safety outcomes, performance and the role of: Prescriptive compliance Safety measurements Lagging indicators Checklists "ZERO" goals Can't measure what didn't happen Quantitative metrics / reductive / reactive Leading indicators Safety management systems Heinrich's Safety Pyramid and others This has generated much discussion and debate along with new approaches to safety under names such as: Safety I & II Behavioral Based Safety Safety Differently Human and Organizational Performance It is too early to tell if these will converge into one unified approach to safety.  However, what we can say is that they are heading towards viewing safety more holistically as a system that can be improved over time through learning and continuous improvement. This will require new skills that include: risk-based and systems thinking, scientific methods, analytics, and continuous improvement. To prime the pump, so to speak, I have included the following video clip from the American Society of Safety Professionals ASSP (formerly ASSE) Safety 2017 conference. You will hear from leading experts in the field of BBS (Dr. E. Scott Geller) and HOP (Dr. Todd Conklin) along with companies such as GE discuss the merits of BBS and HOP based safety. The world of safety is changing and as some have said, "it's about time!"

Non-conformance is not a thing, in fact it is actually nothing. Non-conformance is defined by what it is not (negation) against the backdrop of a standard. Non-conformance is also the lack of what is necessary (privation). However, although non-conformance is actually nothing, its effects are real and devastating. When you chose not to follow a given standard you activate forces that push away from the standard and create the lack of what is necessary resulting in a vicious cycle where the effects are real and get worse over time. Not a good place to be or a good way to live.

Compliance functions tend to be lightly resourced and often overwhelmed doing the best they can to help organizations meet all their obligations. So the idea of replacing what they currently do with "simpler" processes particularly when it means doing less is very appealing. In the pursuit of compliance improvement we often run into a dichotomy (false or otherwise) between simple and complex. Simple is often associated with doing less and having basic capabilities, while complex is associated with doing more and incorporating advanced capabilities. However, when it comes to compliance doing less maybe simpler, but rarely is it effective, at least when it comes to advancing outcomes. That being said it does appear to be a common approach. This poses a real problem for those that want to do both: improve capabilities and keep it simple. It seems you can't have it both ways. Simplifying Processes Technology, and specifically cloud based application platforms are seen as a way to simplify work and improve productivity. These platforms can provide more coverage but usually at the expense of giving up functionality in order to appeal to a larger group of users and organizations. The trade off for compliance is between addressing more prescriptive elements covering a larger set of compliance objectives (ex. QEHS) or having improved capabilities to buy down risk and advance outcomes. The latter if available tends to require more effort, seen as complex, and not conducive to early wins and low hanging fruit. Additionally, if the primary goal is to pass an audit then it makes sense to choose the path that is simple, quick, and easy. Companies may also adopt LEAN behaviors and practices to simplify their processes by identifying and removing waste. Waste is defined as any activity that doesn't contribute to the creation of value. This can produce remarkable results, however, not usually when compliance is concerned because of how value has been defined. Value is defined as profit or margin. Therefore, any activity that takes away from this value is considered as waste. LEAN considers compliance as necessary but fundamentally as a waste and something to reduce or eliminate. As a result, inexperienced LEAN practitioners can end up removing compliance activities often without any objection from process owners who either don't know what is critical to compliance or would rather not do them for a variety of reasons. What is often forgotten or ignored is that companies pursue other values (or outcomes) beyond profit. These include trust, reputation, quality, safety, sustainability, and many others. Effective compliance programs ensure the advancement of these values which contribute to top line growth while the risk of not achieving them affects bottom line results. Simpler does tend to mean doing less: less work, less capabilities, and ending up with less outcomes. Is this the best that can be done or is there another way to keep it simple and still improve capabilities? The answer is yes, and one of the ways is to consider the idea of "embedding" rather than "eliminating" capabilities. Embedding versus Eliminating Compliance activities tend to focus on the collection of evidentiary artifacts through the use of inspections, audits, and other forms of data collection. These are driven by prescriptive obligations reinforced by reactive management behaviors where improvement is done using an audit/fix cycle. For many years we have known that embedding: quality, safety, environmental, and other compliance objectives improves outcomes while at the same time avoids excessive audits, inspections, incidents and non-conformance, all of which are the real wastes in the value stream. However, embedding these objectives in value streams is seldom encouraged in the pursuit of cost reduction and greater efficiency which often lies behind process improvement. Compliance objectives require the creation of their own value streams. Compliance value streams are those responsible for buying down risk to increase the probability that obligations will be met. By embedding compliance objectives into product and service value steams it is possible to achieve a simpler governing process that hides the complexity that many would otherwise rather remove. At the same time advanced capabilities are available when needed according to the level of risk being addressed. In fact, the resultant stream makes it easier for companies to stay between the lines as you are no longer fighting the current but instead going with the flow. Having it Both Ways Embedding compliance capabilities into value streams was and still remains the best strategy to reduce risk and ensure outcomes. Keeping it simple does not need to mean the elimination of these capabilities. Instead, capabilities can be incorporated (and even advanced) by merging product and service with compliance value streams. You can have it both ways: simpler and capable rather than simpler and ineffective . Please visit our website at www.leancompliance.ca to learn more on how to improve the effectiveness of your compliance program.

API RP 1173 provides a framework for companies to evaluate their safety systems and processes to more effectively buy down risk and continuously improve safety. This recommended practice incorporates and anticipates changes in the way safety, quality, environmental, and regulatory legislation and standards have shifted over the last decade from a reactive approach, based on prescription and audits, to a proactive approach, based on continuous improvement and the management of risk. To benefit from this new approach a more holistic and systems view of safety must be adopted focusing on both the means to buy down risk as well as the outcomes achieved by doing so. This is accomplished through continuous improvement of capabilities over time. To stay on course it is essential to have a compass and this is what the Hoshin Kanri LEAN X-Matrix Compass offers. Many companies that adopt LEAN practices have benefited from this approach which can also be used for those in highly-regulated, high-risk industries who are adopting a holistic approach to supporting quality, occupational safety, process safety, and environmental objectives as is the case for those migrating to API RP 1173. Using the X-Matrix Compass for API RP 1173 We have used the X-Matrix Compass to provide improvement roadmaps for quality, safety, environmental, and regulatory systems to help companies adapt to performance and outcome-based requirements. As means of an example, the following describes how this might look like for those adopting API RP 1173 The X-Matrix Compass helps to align the long-term needs with strategic initiatives, identify the most important activities along the way and determine the metrics that you need to improve. The name comes from the X that divides the matrix into 4 key quadrants: Long-term goals (south) Annual objectives or initiatives (west) Top-level priorities and principles (north) Processes and Metrics to improve (east) The following figure shows how this works in the context of API RP 1173: TRUE NORTH The center represents the current condition of the safety program along with the next challenge which in this example is to achieve level 4 safety systems maturity necessary to advance to the next level of outcomes represented as goals: Outcomes (Goals): The outcomes of an API RP 1173 will be different for every organization according to the level of risk, and the type of operations. Here is an example set of outcomes: Increased stakeholder trust, legitimacy and credibility Decreased corporate, operational, environmental, and reputational risk Increased safety and compliance excellence Continuous improvement and continuous compliance Zero incidents These represent what are called, terminal goals, that will need to be achieved through continual advancement and achievement of instrumental goals. RP 1173 Initiatives: The initiatives (objectives) on the left have been identified as the steps in the roadmap needed to make progress towards the overall goals. Identify all safety and compliance obligations Define Measures of Effectiveness, Performance, Compliance Identify standards to be used as normative processes Identify what is needed to meet obligations Establish systems/processes to always stay in compliance Identify and evaluate risk Embed safety into processes Identify and implement proactive and defensive strategies RP 1173 Principles (True North): The top of the compass is your True North, which are the principles that are always true to guide initiatives to advance overall goals. The following RP 1173 principles are taken directly from the recommended practice: Commitment, leadership, and oversight from top management are vital to the overall success of a PSMS. A safety-oriented culture is essential to enable the effective implementation and continuous improvement of safety management system processes and procedures. Risk management is an integral part of the design, construction, operation and maintenance of a pipeline. Pipelines are designed, constructed, operated, and maintained in a manner that complies with Federal, state, and local regulations. Pipeline operators conform to applicable industry codes and consensus standards with the goal of reducing risk, preventing releases, and minimizing the occurrence of abnormal operations. Defined operational controls are essential to the safe design, construction, operation, and maintenance of pipelines. Prompt and effective incident response minimizes the adverse impacts to life, property, and the environment. The creation of a learning environment for continuous improvement is achieved by investigating incidents thoroughly, fostering non-punitive reporting systems, and communicating lessons learned. Periodic evaluation of risk management effectiveness and pipeline safety performance improvement, including audits, are essential to assure effective PSMS performance. Pipeline operating personnel throughout the organization must effectively communicate and collaborate with one another. Further, communicating with contractors to share information that supports decision making and completing planned tasks (processes and procedures) is essential. Managing changes that can affect pipeline safety is essential. RP 1173 Processes and Metrics to Improve: Finally, the processes (on the right) are reinforced by the True North principles and are the mechanisms (the means) by which goals are achieved. Proactive thinking turns the 10 RP 1173 elements into processes that anticipate, plan, and act to create a future impact (i.e. the advancement of better safety outcomes). Leadership and management commitment Stakeholder engagement Risk management Operational controls Incident investigation, evaluation and lessons learned Safety assurance Management review and continuous improvement Emergency response and continuous improvement Competence, awareness, and training Documentation and record keeping The corners of the compass represent the alignment of all four quadrants. The greater the alignment, the better your performance will be. Gaps in alignment represent areas of potential risk and opportunities for improvement. RP 1173 Continuous Improvement: Continuous improvement is managed by going clock-wise around the compass using a Plan-Do-Check- Act cycle governed by the management program. An example process that we use is: Companies looking to move beyond current silos and reactive approaches with their safety will benefit from adopting a more holistic, systems approach such as API RP 1173 for Pipeline Safety Management System, and others. The X-Matrix Compass can be an effective management and governance tool to guide improvement roadmaps so that the benefits of these new performance / outcome based standards and guidelines can be realized. The X-Matrix Compass also provides management with the means to visualize the roadmap, align strategic and tactical efforts, and always stay on course with their true north. As we understand from LEAN, if you can't see it you can't improve it. Similarly, if you don't have a map and compass you will not likely reach your destination. If you are looking to develop your improvement roadmap for API RP1173, or other compliance objective contact us about how you can develop yours in just 12 weeks.

Compliance is much more than checking boxes and addressing non-conformance when it is discovered. It is about experiencing the benefits of compliance outcomes: delighted customers, safe and meaningful work, trusted manufacturers and suppliers, growing and sustainable economy, and an environment that we all want to work and live in. This requires a proactive approach focused on outcomes instead of a reactive approach focused on prescriptive requirements. Proactivity describes a process of action that includes: anticipating, planning, and striving to create a future outcome that has an impact. If you were more proactive with your compliance what would your business and work be like? What would you experience?

Ethical and proactive organizations are those that invest in improving their compliance performance and see it as an advantage in competing in highly-regulated, high-risk industries. When it comes to performance and outcome based compliance there are three aspects that you must consider: your capability (culture, systems, people) to be in compliance, the effectiveness of your compliance programs to reduce risk, the advancement of compliance outcomes . The greater your capabilities and the more effective your programs are the better you are able to contend with the effects of uncertainty in buying down risks or assigning appropriate margins to be more certain of achieving your outcomes. Or saying it another way, the better your compliance performance the more certain your value creation.