Apps, SaaS, Microservices & Consulting

Can midsize organisations afford “compliance”?

Can midsize organisations afford “compliance”? is the title of a post (in German language) on the web site of an employer’s union.

Our interest for this information stems from aspects going beyond documenting practices in Germany. The material is useful for management because it refrains from quoting normative documents or using jargon, thereby isolating from details and complexity obscuring the topic. Using existing elements (what departments do and what regulation imposes) to scope compliance and performing management reviews of documents resonates well with PDCA and our practice of management systems. The described process could be ahead of the forthcoming ISO/DIS 19600 international standard. Morevover, the imperious necessity of involving responsible individuals reinforces our belief that delegating power is needed in every context where regulation does not require that a defined responsibility be carried by a particular role.

Besides answering a big yes to the title question for organizations employing 50 to 500 people, the post provides further analysis on an example of a manufacturer employing 300 people, performing their own manufacturing and exporting 40% of their turnover.

Instead of analyzing texts formalizing obligations that have to be met, relevant compliance missions are listed for the example midsize organization.

  • Quality insurance
  • Product stewardship
  • Environmental provisions
  • Data protection
  • Export control
  • Provisoins for purchasing
  • Supplier assessment
  • Work safety
  • Monetary transactions
  • Delegation of signatures*
  • Policy on presents
  • Prevention of corruption
  • Competition law abidance
  • Internal controls
  • Training
  • Hotline for whistleblowers / Ombudsman

… other missions specific to the company or to the industry.

After emphacizing that competencies necessary to fulfill these responsibilities cannot be found in a single individual, the author mentions that a single individual would not be practical nor productive, besides creating a cost most midsize organizations cannot bear. Some missions belong by nature to parts of the organization such as quality assurance in the vicinities of production and supplier assessment close to purchasing.

Reponsible roles defined in German law

Some missions are accomplished by mandated responsible individuals (Beauftragter) as stipulated in German law.

These eventually have to exist for waste (Abfall), for facility or site (Betrieb) to exercize employer’s responsibility, for dangerous goods (Gefahrgut) that get shipped, for immisions (pollutant transfer from the atmosphere to a target), safety (Sicherheit), for hazardous incidents (Störfall), for data protection (Datenschutz).

Missions not fulfiled by a department nor by a mandated responsible individual according to German law, will be fulfiled by addressing the following topics:

  • Formulate a compliance policy
  • Craft a code of conduct / code of ethics
  • Prepare training material, in particular about the code of conduct, about corruption prevention and about competition law
  • Benchmark a training platform on the intranet and in-class training
  • Eventually set up the training platform
  • Resource person to supprt sales personnel
  • Resource person to support customers in “mutual recognition of code of conducts”
  • Follow up and/or coordination of internal analysis of cases awakening suspicion
  • Other missions specific to the organization.

This effort represents 1/4 to 1/2 ful-time equivalent. Because management trust is essential to succeed in this function, the person must either be reporting close to management or enjoy unlimited trust from management.

In all cases, a compliance roundtable must convene every 3 months to sustain the momentum of compliance work. Regular exchanges foster shared understanding of current challenges and enable mutual support if a work overload happens in a mission. Minutes of this work provide input for a management review and provide a complete picture of risk factors in the organization.  This could be the basis for a compliance surveillance providing intelligence on compliance activities and visulaizing risk evolution over time.

This incremental implementationton to deploy compliance in the organization makes each midsize organization in Germany able to cope with every essential challenge of compliance. Creating the structure and associcated cost will be driven by efforts necessary to specifically statisfy needs of the organization.

Compared to the internal cost generated by the consequences of a case of medium starkness, the cost of a competent and available business partner for compliance is so immaterial it can be neglected.

 

* Delegation of signatures is an obligation in German-speaking countries. Regulation to incorporate organizations imposes that a structure of cadres (Mitglied des Kaders) exists to designate persons and amounts allowed to commit to paying on behalf of the organization, alone or in group. Signatures, powers and amounts are registered in the commercial register.

Native mobile apps are the new Flash

Native mobile apps are the new Flash

Native mobile apps are the new Flash is the title of this blog post. This post describes a state of HTML 5 technology in comparison with native application on the different mobile platforms. An analogy is drawn with  Flash technology and the legacy role it played in developing high end web sites. We fully share this analysis. We read with interest the story narrating the usage of their framework made by Sencha to generate the Fastbook application. This story is especially enlightning, even to the non-tecnical reader.

PDCAply’s technology strategy has anticipated the situation described in this post. We have therefore chosen HTML 5 as our target delivery platform for digital services such as PDCAware. Our front-end code rests mostly on HTML 5 and has been developed with Sencha Touch.

US importers have to delegate responsibilities

US importers have to delegate responsibilities on their way to complying to the Customs Modernization Act of 2010. Non-compliance exposes responsible people to legal liabilities. On top of civil penalties in section 592,  section 542 criminal penalties (up to 2 years imprisonment and a 5000 USD fine for each violation) apply to those presenting false information to customs officers.US importers have to delegate responsibilities

 

 

 

As US importers have to delegate responsibilities, this “modernized” text could have a number of sizeable impacts such as:

  • legal obligations of importers’ site at the port or airport of importation
  • responsibilities delegated to departments (possibly with heads of departments as delegatees)
  • obligation to have a living program for compliance documented with  written manuals making it for all practical purposes a management system
  • fullfiling this obligation puts emphasis on  information coming from computerized systems and their reliability if this information could be presented to customs officers. Extra care in validating application software and in assuring user proficiency in using systems can be expected. In case of delegation of authority for making updates to information, access to features of computerized systems will need to be controlled accordingly.
  • need for automation of internal controls to assure compliance

Systems thinking : how to see circles of influence rather than straignt lines

What is it?

Systems Thinking is a discipline for seeing the underlying structure of a system and understanding its dynamic complexities. This discipline has its own language based on three building blocks:

  • Reinforcing feedback: when a small change builds on itself
  • Balancing feedback: when a system is seeking status quo on a certain goal
  • Delays: when things happen eventually

The building blocks are meant to help us see the reality systematically: see circles of influence rather than straight lines; as well as discerning high from low leverage changes.

Systems Thinking within PDCAply

Using a systematic way of thinking enables us to assess and understand client contexts in their human, organisational and technical dimensions. Only after identifying the main circles of influence specific to a client and his environment can we do our best at providing an adequate and relevant solution.

Regulatory compliance and voluntary measures often entail change in business practices. Our consulting services use Systems Thinking to manage change of the management system (PDCAtune) and of the information system (PDCAdapt).

Continuity in compliance