Over the years Iâ€™ve done a lot of work in the area of Regulatory Compliance and Information Quality. Whether it is Data Protection, Information Quality, Governance or Compliance, it is important to bear in mind that what we are dealing with a Quality Management System:
- Data Protection Compliance is the Quality System where by the obligations and expectations which arise under Data Protection/Privacy laws are met consistently
- Information Quality programmes involve, by definition, the implementation of a Quality Management System
- Information/Data Governanceâ€¦ well, thatâ€™s another form of Quality Management System
- Complying with other forms of industry or Governmental regulationâ€¦ well, the best way to achieve those objectives is through some form of systemic approach to meeting or exceeding expectations.
In my experience Compliance and Governance initiatives and strategies tend to fall into three camps:
- Documentation Driven by â€œRules Wizardsâ€, with extensive policy and procedure documentation, usually from the comfort of an Ivory Tower in the Business that is comfortably removed from GEMBA
- Technology Triggered by â€œTechno-Lordsâ€, usually from within the bowels of the organisationâ€™s IT department, which is also often at a distance from the place where the work is actually getting done.
- Awareness and Attitude Oriented: Driven by a â€œCoalition of the Willingâ€, with a focus on policy that is actually executed through the appropriate use of supporting technologies and a strong focus on the â€œHuman Factorsâ€ that lead to awareness and understanding of the required changes.
Often it is difficult to see which kind of initiative you are dealing with. In organisations that have a â€œDocument Drivenâ€ approach, management take comfort in the fact that they have documented procedures and policies for everything therefore everything is in control. In â€œTechnology Triggeredâ€ initiatives, the management of the organisation places a blind faith in the power of technology to protect, prevent, detect, and mitigate issues.
Both approaches are doomed to failure. Neither, no matter how sophisticated, can ever deliver anything other than â€œsmall â€˜câ€™â€ compliance. Because Quality Systems are about more than just documentation or technology. Real quality requires a sustainable change in attitudes and awareness. After all, Demingâ€™s 1st two points of Management Transformation are not â€œWrite documentsâ€ or â€œGet good technologyâ€: They is â€œCreate a Constancy of Purposeâ€ and â€œAdopt the New Philosophyâ€.
Purpose and Philosophy require that the organisation look at the attitudes that are there. It is as important to understand and articulate a Vision for the Quality Systemâ€¦ and to make sure that that Vision is embedded in the mind-sets and attitudes of the staff in the organisation.
At a conference in London in 2005 Joyce Orsini of Fordham University shared a story with me of a trip W.Edwards Deming (she was working with Deming at the time) took to an automobile manufacturer in the US in the mid 1980s. On this trip the plant manager took great pride in showing off the robots (technology) that they were using to manufacture the cars. Deming noticed that every time the robot arm swung over the car it dented the boot (trunk) lid of the car. He asked if this was part of the Quality Standard (Policies). The Plant Manager said no, it wasnâ€™t, but they had a man at the end of the production line with a hammer to knock the dent back out.
A lack of awareness about the operation and objectives of the Quality System and what it meant as a value system meant that no-one in the plant seems to have questioned the operation of the Quality System.
Without Awareness and Attitude the investment in Documentation and Technology that form part of the Quality System will ultimately have sub-optimal return.