7 laws of Compliance Planning

Those who have seen me speak publicly or read some of my previous work may know how much I tip Compliance Resource Planning as being the next big thing not just in water, where it is now prevalent but in other sectors where it is emerging. I am often asked what are the core principles when in comes to CRP implementations in Water so I have decided to write down what I see as the seven universal principles of CRP systems. The beauty of the internet is I get to revise and add to these rather than committing to ink so please do input with your thoughts and experience!

1. Compliance is your North Star

This doesn't mean every regulation you are forced to adhere to is right, correct, practical or a good idea. Very, very far from it. I would never suggest such a thing! But the spirit of the regulation and your corporate objectives must be tightly aligned.

A great example of this is the water sector. The Safe Drinking Water in the US aims to do exactly what it says, make drinking water safe for human consumption. Is its interpretation or how it manifests in permits always right? No but the core objective of a water utility and the regulation is the exact same. Compare this with a mining operation whose core objective is profit first and foremost. It operates in a space with a variety of regulation which is at odds to this core purpose. Therefore implementing CRP would not work as it isn't aligned to the companies North Star. If it was a triple bottom line company or a certified B corp then CRP would work but not a strict profit only entity.

You must be intellectually honest with yourself and your colleagues to truly ask if your organizations mission & culture is the same as the regulation which dominates your space.

2. Compliance Team versus Compliance Organization

In nearly every water utility I have seen worldwide, a compliance team or some variant of it exists. I imagine this came to pass when business consultants started designing utility hierarchy's and took their inspiration from manufacturing. I know that's what I did in a early stage of my career. The fact of the matter is this won't work. It must be many peoples responsibility across your organization to do their job in a way which bubbles compliances up rather than retrospectively patching it.

Take the example above of a water utility versus a profit driven mining company. In the later, there would most likely be a Health and Safety or Compliance Team isolated from the rest of the operation. They would spend their time chasing data, enforcing processes and applying/maintaining permits so the rest of the team can get on with their day to day job. Unfortunately, as too often is the case, their peers don't give them the respect they deserve and they are see as just another line item on their requirements list.

In a progressive water utility there will be an executive responsible for compliance and will work closely with the CEO/General Manager/Director. Their job is not to 'do compliance' but instead work it into the organization as a cultural and mission driven focus. CRP is the tool that does this and moves data & jobs around so that it is everyones responsibility

3. It is a stand alone system

If I had a nickel for every time I heard someone say 'Sure we can just get our existing Asset/CRM/Operations/Legal (delete as appropriate) system to do that with some customization' I would be the largest commodity owner of nickel-copper in the world. No one would dare suggest using the same pipes for sewerage and drinking water. Or to use a less extreme example, you wouldn't use Excel to manage a cash register. Just because a system can use a feature for many use cases doesn't mean it should. I often urge users to get the root of why this approach is suggested and in almost all cases it is because a huge budget was blown on implementing one of these systems that never quite worked. The sponsor (or someone ordained by them) is furiously trying to find a use for what they were mis sold.

A good CRP system promoter will say explicitly what it does do (manage X, Y & Z process) but also explicitly tell you what it doesn't do. A simple test can weed out the bad system by asking can you put a process/area into it that has nothing to do with Compliance. For example, if you ask can you manage HR or Assets in the system and they say 'Of course, YES!' then run a mile.

4. Remove human error, not the human element

There is a great example of an AI competition that takes place annually pitting humans against computers. In one example, a AI system to detect cancer in mammograms was set against experienced radiologists. A computer has never beaten a human at this challenge and can detect cancerous cells correctly around 91% of the time. The human radiologist gets it right about 97% of the time. But the interesting thing is if your build a platform that 'suggests' detecting to radiologists which they then review, the accuracy goes to about 99.9%. This might only sound like a few percentage points increase but for anyone who has had the pleasure of learning about statistical distribution, this level of improvement is extremely impressive.

This is a very critical element of CRP and one that is particularly important in water. CRP will never serve to cut jobs. Instead it will free up your existing team that have incredible talents to more optimally and economically manage compliance. CRP will augment your users to make the best decisions more of the time rather than have them focus on cleansing data or reformatting excel sheets.

5. The system must continually iterate

A CRP system should be a system to records insights. That may sound extremely nebulous but if you critically challenge any proposed system and ask ‘Will this exponentially over time automatically reduce effort expended on work that doesn’t affect compliance?’ you will have a very good gut instinct. But what does this mean in practice?

With the modern tools available at low cost to software designers today every system should facilitate prediction of what tasks make a difference. This should be represented in a closed feedback look of Data->Decision->Outcome->Check. In one over simplified example, say you are receiving telemetry from a sensor and you make a decision to do something because of an undesired elevated reading, the system should record if the desired outcome was achieved through data (such as the reading being reduced on the telemetry system). If it did then the task should be auto suggested to users and if it didn’t then the system should learn that this course of action doesn’t work.

6. Very few barriers to adoption

A successful CRP implementation requires many users both internal and external to an organization providing data at different points of time. Some users spend every minute in the system and some see it once in their career and never again. If any element of this ecosystem breaks or is prevented from engaging then the CRP implementation will fail. The three most common barriers to entry I have see are:

Prohibitive licensing requirements. For example every user is required to have an expensive licence which proves impractical and cost prohibitive.

People need to adapt to the system rather than the system adapt to them. Of course some change is always required but fundamentally changing processes because of system limitations is a big red flag.

An extension of the previous point is extremely well thought out user experience. The system must be user obsessed and allow a variety of users (from technophobes using it once off, to expert super admins using it daily) extract maximum value with minimal effort.

7. Explicit, aligned success criteria

In almost all cases you should be using a vendor with specific domain and system expertise. This vendor’s success must be heavily driven off what you deem success and no more. Driving them down on pricing will mean they will be forced to recoup on consulting or change requests. Similarly if their measure of success is the amount of consulting days sold every year after implementation then it is a misfit.

Setting out what success looks like for you and your users early and often makes sure everyone is continually aligned. You should draw confidence from how they describe the approach they will take to meet your success criteria. If it is constantly pushed back as ancillary then they are not the right partner for you.