The past 20 years have seen businesses across all industries become increasingly active in the areas of compliance and/or risk management. These have been common requirements in the aerospace and healthcare sectors for a long time, while growing in number in areas like car manufacturing and banking in more recent years, adding ISO in the 1990s. Today, GDPR compliance is a legal requirement for any business, no matter its size.
Active business process management continues to be seen in most companies and industries. Indeed, recent reports by McKinsey and others reiterate its importance for any digital transformation. However, this begs the question of whether these programs, compliance/risk management and business process management should be integrated? We believe this should be the case.
There are four key reasons why compliance and risk management should be integrated with business process management:
- A lack of awareness is the biggest risk to any compliance program. As complete process awareness (instead of departmental focus) is the starting point of any business process management regime, compliance can tap into this awareness program. Within the process management framework, teams discuss what is happening, when it is happening and who is executing each task. They are discussing this in the context of the complete process, ensuring no element is missed, tasks are not being duplicated and positive handover moments are identified. Compliance issues should be integrated at each of these stages.
- Awareness and control of all exceptions is important. For compliance and risk management, it is exactly in these exceptions where lack of awareness is highest from both sides. The exceptions are often not known in the compliance office and, as the operations teams work to deal with exceptions swiftly, here lies the greatest risk for missing an important requirement. Where exceptions often require a different way of handling, it becomes essential for the compliance and risk handling to be managed correctly in these situations. Thus, when identifying and recording the special handling requirements in exceptional cases, the different compliance situations should be part of any discussion.
- The increased aware, ownership and empowerment of the team that results from business process management allows staff to deal with changes more effectively and without having to wait for instructions. Preferably, teams will even anticipate what is coming. Where this applies to the effectiveness of the process (including in price, quality and timing issues) this should also include any compliance and risk issue. Positive examples include a team anticipating an out-of-stock risk, a bodily injury risk situation or a data/GDPR breach.
- With more teams getting used to discussing their processes as part of the program, companies are becoming more flexible and agile. If compliance and risk are included in the team's business process management focus, these factors will sit alongside other priorities, such as costs, delivery time and quality. If compliance and risk are NOT included, the team will increasingly adjust to the growing urgency of demand within the business and compliance issues may be missed. This is not an option!
Compliance and risk management can be an integral part of business process management. When teams learn to accept the responsibility and accountability of the complete process, they will accept these topics to be part of that as well.
But, how can that we done? A good business process management tool will offer compliance and risk management functions that are integrated into its core functions. This will allow you to:
- Assign the responsibility with the process team in a natural way
- Get quicker and cheaper control over your compliance task
- Keep your compliance, GDPR and risk reports up to date - they will automatically tag along with any change in processes made
Key points to remember
- Risk management documentation is a legal requirement in many industries, as it demonstrates you have undertaken the due diligence required to properly safeguard staff from harm.
- Documenting the risk management process also ensures the smooth running of operations and delivers peace of mind to workers, stakeholders and company management that all steps are being taken to protect staff wellbeing and ensure operations are carried out as efficiently as possible, with a limited risk of downtime.
- A key element of this reassurance lies in making this information easily accessible to all, so ensure all risk management documentation is widely circulated and fully understood. It is essential to keep these documents up to date and stored in a central database.
Related content:
What is business process mapping?
A Guide To Business Process Management
Want to know more about how process management works in practice? Download our whitepaper 'Starting your Business Process Management from Scratch'.
You can also learn about the wide range of products we offer, which are tailored to enhance the ability of our partners to deliver clear benefits through a focus on business process management.