|Websites for Professionals
Take control of your online presence
with your own professional website!
Want to Cut Costs and Still Be Compliant?
If your company is doing over $1 billion in annual revenue, you’re part of an “elite” group of organizations that have been fined an average of $80 million for each and every compliance failure. That’s right, $80 million on average for every compliance failure! This incredible statistic is from a study conducted by META Group Research (now part of Gartner) for PriceWaterhouseCoopers.
Even if you’re the head of a smaller company, you may some day be handed a compliance remediation price tag in the millions.
Would your company be able to survive such a hit?
A large compliance remediation price tag could mean the demise of many companies. Yet most organizations are taking enormous risks and they don’t even realize it. What’s worse is that most of these high costs for compliance are completely unnecessary.
As the old saying goes, an ounce of prevention is worth a pound of cure, and it couldn’t be truer than in the world of compliance.
So, what should CEOs be doing to avoid becoming part of this statistic?
The Framework for Effective Compliance
To make compliance work, you need to have three things working in harmony: people, processes, and data systems. So your first step is determining your current strengths and weaknesses:
Organizations can be classified into one of three categories.
Companies that have efficient and conscientious people and good data systems, but no processes in place for compliance are what I call “The Outlaws.” These companies treat their people well and are well organized – probably with the help of IT – but they don’t comply with anything until they’re forced to, and then they stop as soon as the bleeding has stopped. These companies are highly exposed because all efforts happen in remediation mode – the most expensive and damaging way to approach compliance.
The Unruly Class
Companies that have good compliance processes and good data systems, but people that aren’t willing to follow the processes, are members of “The Unruly Class.” These companies are highly exposed because they will spend huge amounts of money on process development and IT engagement for data systems, but their uncooperative employees will keep them from surviving an audit.
The Innocent Prisoners
Companies that have good compliance processes and good people who follow the processes, but no data systems to prove that they’re doing the right thing, fall into the category of “Innocent Prisoners.” This is an unfortunate class of company, because everybody’s following the rules and staying in compliance. However, in the world of compliance, it’s not enough to do the right thing – you need to prove that you are doing the right thing, and weak data systems will compromise your ability to do this.
How would you classify your company? Where is your biggest deficiency? This initial assessment will give you a good idea of where to focus your resources next.
Assessing Your Processes
The Outlaws will either have undocumented processes or documented processes that don’t take into consideration compliance requirements. If you don’t have all your processes mapped out, then you probably don’t have good control over what’s going on in your company.
Documented processes that are driven solely by your strategic objectives, however, are not enough. Compliance requirements must also be taken into consideration.
Your process maps should call out what would be considered value-enabling activities – activities that are required for compliance.
In Lean Six Sigma, for example, value stream analysis stratifies the activities in any process by three classes:
Whether or not you embrace Lean Six Sigma, this type of analysis is valuable.
Assessing Your People
If you are part of the Unruly Class your people may be openly resisting compliance or doing so clandestinely. If the resistance is more clandestine, it will destroy your organization from the inside out. In other words, keeping track of who does what and when is not only good from an audit standpoint, but puts a spotlight on people who blatantly refuse to follow a process.
Whether the resistance is overt or covert, it’s important to enlist the aid of a change agent right away to determine the problem areas and offer remedial support. I’ve done both preemptive and reactive change acceptance efforts, and the skills are somewhat different so it’s important to know your own particular situation, what skills you need to hire and then find the right person for the fit.
The other place where the Unruly Class will have problems is in an audit report. When an auditor comes through to check your compliance and notices that your processes are well documented and your evidence is intact but you are still out of compliance, it’s because your staff is not following certain steps.
Assessing your Data Systems
The Innocent Prisoners are what I see the most, and here’s the reason. Process documentation is not really difficult, just tedious. In addition, people are generally good people. They like their jobs and they follow orders as long as it makes sense – and compliance usually makes sense to people.
I was recently in a General Services Administration (GSA) contract compliance effort at a large high-tech company and, like the typical Innocent Prisoner, they were doing everything right. The GSA didn’t believe this, however, and, when challenged to justify their position, my client initially couldn’t support the request. The part of the effort that I drove was to install a compliance data warehouse specifically for GSA reporting and auditing. After the effort, my client who was once sitting on the hot seat was praised for having one of the best practices around GSA audit support.
The immediate next step here is to build a compliance project charter (there’s a free template you can download at my website if you need one), and organize a team to get a compliance data system in place at your company. This will cost some money, but not the $80 million compliance-failure price tag we talked about earlier. In addition to my template, there are both free and very inexpensive resources at my website if you need a jumpstart.
Compliance is no small matter these days. The stakes are high and the need to be in compliance is not going away. With a few simple steps you can diagnose your situation and reduce your exposure with some quick and cost-effective immediate next steps. Take some time today to do a high-level assessment of your company. Are you a member of the Outlaws, Unruly Class, or Innocent Prisoners? The answer to that question will dictate your immediate next step.
Many more articles in The CFO Refresher in The CEO Refresher Archives