After almost thirty years in sourcing and procurement work, both in consulting and industry, I am frequently asked by leaders, "What makes procurement transformation, or any transformation work or not work?" My answer is always the same, "Two things: executive/leadership support and consistent compliance to the design over the long haul." The answer is the same whether the question is asked about success or failure. Let's talk about how to design, implement and maintain an effective compliance program.
First, let's start with the definition of compliance in this context. We are not talking about risk or regulatory compliance. Again, there are unlimited sources of articles, books and regulatory opinions to guide those areas. No, here we are talking about something much simpler: compliance to designed processes and controls. You might argue that the two areas of compliance overlap, and I would agree. In fact I have had many vigorous discussion with my friends and colleagues in risk, compliance and audit about where one begins and the other ends. Again, that is not a part of this discussion. We are going to focus here on process compliance, defined as "adherence to the processes and the controls in the design that make up the process portion of the overall transformation."
Splitting hairs? Maybe, but let's explore this further and maybe you'll see the distinction.
Compliance Development Overview
Developing a good, effective compliance program as part of a transformation initiative includes four phases: Design and Implementation, Monitoring, Training (re-Training), and Correcting/Adjusting. Let's look at each in more detail.
Note that I have organized this Checklist around four phases and twelve steps - not to be misconstrued with other twelve step programs. My intent is that you will have a checklist that you can take back to your organizations to assess your compliance program vs. this list.
Phase 1: Design and Implementation
Step 1: Develop the process compliance strategy and align it with corporate and department goals and objectives.
Considerations: Make sure you are clear about which corporate strategies you hope to address in the compliance program related to the new processes being developed. For example, are you trying to maximize spend savings? If so, you will want to develop controls that aid in reducing spend and increasing negotiating leverage like Spend with Preferred Suppliers.
Step 2: Design the compliance program.
Considerations: Keep the program as simple as possible. While 'what gets measure gets done' is true, too many measures and too complex a program will cause confusion. Design into your compliance program, metrics, procedures for monitoring and reporting, reasonable control parameters, steps to manage escalation when non-compliant behavior is discovered, and methods for adjusting the compliance program.
Step 3: Test the compliance program.
Considerations: There's never a way to test the program enough. Do the best you can to identify 'test cases' from across the enterprise to determine the effectiveness of the controls BEFORE you roll them out. And again, take any feedback you get from testing and adjust the controls.
Step 4: Train.
Considerations: Train extensively (cast a wide net - get everyone you can who will be touched by the new controls) and intensively. Use different techniques to reach different constituent groups and seek feedback during training to adjust the program.
Step 5: Go-Live and Adjust.
Considerations: Make sure you effectively and frequently communicate what's going on and plan to make adjustments as you roll out the program. It's almost impossible to get the design 100% right from the start. Remember that controls and compliance are "ever evolving" things.
Phase 2: Monitor
Step 6: Monitor and report.
Considerations: Phase in reporting within the organization. Work with leadership to evaluate what monitoring discovers and work with leaders to determine what to respond to and what to ignore, you won't want to address everything. For example, do you really care if someone made a one-time, small dollar purchase a non-preferred supplier by mistake? Probably not. Some of the controls are just good information for management to know. Finally, practice notification of non-compliant behaviors and stay positive. Monitoring will not only identify non-compliant behavior, it will also ensure that the company stays focused on the goals it identified as part of the original transformation - this will ensure consistency over the long haul.
Step 7: Listen and adjust the approach
Considerations: Once you begin reporting non-compliant behaviors, you will discover all of the reasons why the controls don't apply to specific situations. It happens. Plan to take a positive, collaborative approach and adjust the compliance program.
Considerations: When non-compliant behaviors are identified and validated with management that they should be addressed, remember to engage with the non-compliant party (division, business unit, department, location or employee) in the most positive and supportive ways.
Step 9: Train on the process and ensure understanding
Considerations: Remember that most non-compliant behavior is unintentional. Treat it that way and approach training and/or retraining in a positive way. But, also ensure that once training is complete the non-compliant parties understand what's expected of them.
Step 10: Listen and Adjust
Considerations: Again, when dealing with non-compliant behavior, listen, be positive and plan to adjust where necessary.
Phase 4: Correct/Adjust
Step 11: Take corrective action working with the non-compliant parties.
Considerations: When it comes to the point where all other efforts to get non-compliant parties to comply have failed, ensure that non-compliant behavior is addressed swiftly and appropriately. In this situation, it's good to have a good working relationship with business leaders, Human Resources, and Risk and Compliance. Remember earlier when I mentioned that executive/leadership support was critical to the success of any transformation? Here's a great example of where executive leadership can aid the compliance program and help ensure the people in the organization do what you want.
Step 12: Be consistent.
Considerations: The program will only be successful if it is applied consistently across the entire enterprise, regardless of who the non-compliant party is.
Things to Remember:
1: People are honest and want to do the right thing for the company and want to protect the company in everything they do. They are often non-compliant without even knowing - most people in the company are not paying attention to the purchasing process, they just want stuff when they want it.
2: Most people, when confronted in a good, positive way will work with others to do what they are asked - it's all in the attitude and approach of the profession who's reaching out to the non-compliant party.
3: The "carrot" always works better than the "stick" but don't be afraid to use the stick as a last resort. Process compliance is in place for a reason and with the right backing, using punitive measure can be the only way to align performance with management's desire for operational performance.