The future of compliance management
For those who have had to manage traditional compliance systems — whether safety, quality or environmentally based — the challenges are well known. Regardless of diligence, knowing that an auditor is scheduled can be an uncomfortable experience. Due to the manual nature and human dependence of these traditional systems, the margin for error is considerable — control of the system and processes is all human based and therefore naturally flawed.
That being said, the reason many businesses take on ISO and other compliance-based requirements like HACCP is to grow, improve and show the outside world they are at a higher standard. So, if it can be difficult just to meet the standards required in a traditional system, then how can organisations manage to continuously improve and achieve greater value from their compliance system? The answer for many is that they aren’t. For many, compliance management becomes a chore; it’s difficult and seems to have no reward. It’s all reactive, the reporting is not good and everyone starts wondering why they are bothering.
This article will explore how technology can change the playing field and make compliance a simpler process.
It is well known that paper-based systems suffer from these and many other issues:
- Control: organisations have no control over a print version, or how it is used.
- Transparency: trust is required for the person who filled out the paper form.
- Automation: or lack thereof.
- Workflow: not possible.
- Adaptability: not offered by static forms.
- Integration: nothing available to plug into other systems.
The future is now
So, how can technology solve these problems? What should organisations be looking for in a piece of software to make their compliance management simple? The below checklist gives an idea of what to look for.
Control is a key piece of the puzzle when looking for a system to manage compliance. Not only is it a critical component of things such as ISO, but it will make management of any system easier. To clarify, this refers to control of the system, version, information and access. It is important to be able to limit who can do what, and what people can see, across the organisation to a very granular level. This might include aspects such as the role of a person, their location, their involvement in an incident or inspection — there are a variety of ways in which access must be controlled.
Knowing the truth of a document is key. When collecting information and making decisions on that information, it’s vital to know that the information is true in essence. It came from the right place and the right person, and was completed in the right way. This provides confidence to build on the information and make decisions for the future.
When looking for a solution to manage compliance, having an audit trail and transparency across the system is key.
Many people believe that digitising a paper system can be just that — using a program like iAuditor and getting people to complete an online version instead of the paper version. While this may solve some minor issues, it doesn’t really change the abilities of the form. It looks nicer, the data is better in some ways, but it is still just information that is now also in the cloud.
What is needed is for the information to trigger something. If an audit is conducted and there is a non-conformance that needs to be triggered automatically, then it is important to notify the right people, and that automation drives action in the system. Otherwise, organisations are returned to the initial problem of paper that is static and does not drive action in itself.
In the ideal world, the goal is to build an entire workflow. When step A is done, then do step B — only move to step C when actions from step B are complete, and then move to step D where management sign off. Organisations already have a system in place — what they need is a way to build this process into their management tool. This way, it is clear that it will be done the same way each time, which links back to control.
The other huge advantage of being able to adapt the workflow to the business is that no changes to the system are required, because the software does it automatically. This is common through software today and it allows businesses to leverage existing knowledge and systems using powerful technology.
Adaptability can be viewed in many ways, but the focus here is industry-based adaptability. What works for one industry doesn’t always work for another, and this can make it very hard to find great software for a specific industry. What organisations should be looking for is non-industry-specific software that can adapt to the requirements of the system, rather than trying to predetermine what is needed.
Most users have looked at software and thought, “Wow, that’s great — except it can’t do this or that, or it won’t allow changes to this one part.” Trying to use systems like this leads to inefficiencies and user dissatisfaction.
Following on from adaptability, the ability to customise is vital. Making something look and feel right for the business is more important than most people realise. This can be as simple as changing the name of an incident or a form, or something more complex like the dashboard seen upon first log-in. Being able to adapt to the business, and even to the person who is logging in, is important for many reasons — but perhaps the most underestimated is user acceptance.
Arguably, the only thing more important than the system itself is whether people will actually use it. A simple, clean user interface that adapts to the company and user needs is key. Organisations should always have the acceptance of the end user in mind when looking at software, because they are the ones who will complete the forms, inspections and audits.
Having the best management system software in the world might only get users part of the way if there are a variety of systems involved. It may not be needed today, but the ability to integrate the system into other software is important. It could be as simple as flagging in the finance system that a contractor is not compliant.
An open API architecture is key here, as organisations may not know what software they will need to connect with in the future. An open architecture allows the development of the connection that is needed, rather than accepting some other basic connection that may not do what is required.
- Don’t settle for a paper system — take the step into technology and make compliance work for the business.
- Figure out what is needed before going to market. Make a shopping list of required outcomes.
- Research, research, research. Don’t simply buy the first tool on offer — there are many options and it’s important to find the right fit for the business.
How the fundamentals of data collection in OHS still matter in the age of digitalisation and...
There's one thing that's always guaranteed to happen when icare speaker Kahi Puru visits...
Compliance with health, safety and environmental (HSE) regulations requires a lot of resources,...