Compliance – A Driver for Business Process Management and Improvement?
Organizations that choose one-off solutions to react to regulatory and compliance requirements on a case-by-case basis, as they are impacted by them, will spend 10x as much as those who choose to design and implement business processes that have measurement, visibility, and proper controls built into them from the start .
I believe it was Gartner that made this assertion some years back, and it has proven to be true for many. Organizations with a solid process infrastructure already have much of what they need deal with compliance requirements. The fundamental tenets of good process management include measurement, visibility, predictability, consistency, and repeatability, and business practices implemented with these elements in place can easily be transferred into specific controls that can be measured and reported on a regular basis. Organizations that do not have a good process infrastructure in place may find themselves expending huge resources to redesign bad processes and systems when new requirements come down the line, as they always do. Ouch.
If your company is like most, you face growing regulatory and compliance demands that absorb time, money, and other valuable resources and, ultimately, sap your competitiveness. However painful, this is reality and faced with these realities, you want to find a way to meet compliance requirements that is objective, reliable, and efficient. Merely managing the issue by opinion can be very dangerous and expensive. Opinions, not matter how smart the opiner, have a tendency to not match reality. A better answer is to drive compliance to an objective, measurable specification. Management by fear can be even more expensive, inducing you to greatly overspend on compliance and to shy away from reasonably acceptable risks that could mean far better business results.
And, lets be clear, policies and procedures are not controls. A policy merely states an intention to do something; a control ensures that it is done, done repeatedly, and done up to standard. Moreover, policies have to be read, understood, and remembered, all of which opens many possible routes to failure.
Bottom line — work is accomplished through processes and in no other way. To reliably achieve compliance you must be able to improve those work processes or design new ones. In other words, the way in which you meet a requirement must be embedded in the work itself, not merely displayed on a policy document. In order to sustain compliance, you must be able to establish measurements and controls within those processes. Certainly, you may have policies that apply, but the way in which you build, operate, and control work processes constitutes how we meet a requirement.
Contact me if youd like to discuss how basic process management and improvement approaches might help with your compliance challenges.