Compliance administration is a three-legged stool and if it breaks, it can destroy your business

Wooden three legged stool

After decades of working with our clients to improve compliance administration, we’ve realised compliance administration is a three legged stool. Everybody hates it; no-one wants to own it and you need all three legs and the seat for it to work…….and if it’s broken or when it breaks, it can be a very painful experience,

  • people can be injured and killed,
  • brands and reputations can be damaged or lost,
  • directors, managers and team leaders can be prosecuted, fined and jailed.

Ultimately bad compliance administration can destroy a business.

So how do you ensure your compliance administration is protecting you and your business by minimising your exposure to risk?

Don't ask the right people to do the wrong job!

The seat requires knowledge and wisdom. Don’t ask the seat to do the job of the legs, it’s a different set of skills.

DIKW pyramid with three legged stool

The Seat (of Learning)

The most important, but not the first thing you need to do is define the compliance rules for your business that meet

  • Regulations: at all levels of government; Federal, State and Local
  • Industry Standards: global standards like ISO, as well as regional and country-specific standards as well as standards from governmental and non-governmental industry bodies
  • Self-imposed rules: according to Deloitte, 62% of the total cost of compliance is self-imposed!

The trouble is that no single person or business can keep track of all these rules and regulations; it’s impossible. Every business needs subject matter experts to help.

The best solution is to use subject matter experts to help your business develop its policies and procedures and ask them to review them every 5 years to make sure they are still relevant.

The First Leg – A secure single source of truth (SSOT) for all documents

But before that, you need to collect all your compliance documents into a secure, single source of truth (SSOT). When documents are stored in multiple places across a business, you can’t apply your rules because you don’t know where the documents are or whether you have the latest document.

The best solution is a secure, centralised electronic database of all your documents. There is only ever one version of each document and it can be accessed by any relevant member of your staff, wherever they are.

The Second Leg – A picky person to examine every document and keep them up to datee

Even while you are collecting all your documents and building your SSOT, they are expiring. You need someone to keep your documents up to date.

This person has to be pedantic, picky and have the persistence of a bulldog. When a document expires, or is about to expire, they track down who issued the document so they can get it renewed. They check every new document to ensure it has “Passed”. If it has “Failed”, your business is non-compliant. This person has to keep chasing to get the non-compliance repaired, retested and re-certified.

The best solution is to outsource this to a group of people who love being picky, and pedantic. Let them work on your behalf to reduce your risk. [Update: Internal Audit are the right group of professionals for this and even as a small business, you can ger c-sourced internal auditors]

The Third Leg- Technology to apply the rules

Finally, this person, or group of people need to apply your rules every day to keep your business compliant at all times. Again, they have to be picky and pedantic. The certificate must follow the rules. Is the address correct? Have all the mandatory boxes been filled in? Has the technician added their name?

If something terrible does happen, you will need all your documentary evidence. Incorrectly completed compliance certificates will not help your case.

The best solution is a software program as part of your SSOT where you can set up your compliance matrices and apply them across your organisation. This exposes who or what is non-compliant and why, so you can fix it and correct any non-compliance.

So how you are managing your compliance administration?

  • Are you asking highly trained managers, hired to be creative or strategic, to deal with mind-numbingly dull document administration?
  • Are all your compliance documents in one place or are they scattered across the organisation?
  • Do you have a system to apply the rules you spent hours developing and putting into your policies and procedures?

Don’t worry, you are not alone. Most businesses are grappling with these issues.

If you need help and a methodology, please, get in touch.

Table of Contents

Nigel Dalton-Brown, GAICD, AMIIA, MBA

Managing Director, Chair, Speaker, Lecturer, Author

Nigel is the Founder of Strytex and has been presenting and writing on Goverence, Obligational Awarenss, Risk Management and Compliance administration (GORC) since 2010.

Leave a Comment